A game of smartcards

NHS Connecting for Health's smartcard-based identity management system is intended to enable clinicians to access its Care Records Service securely. However, some trusts have decided they need something more. Although the original goal was for iSoft's Lorenzo and Cerner's Millennium to provide an all-encompassing electronic patient records system, scaled-back ambitions and widespread implementation delays mean that trusts are now having to look at alternative means of securing access to the numerous supplementary applications that do not run against the national Spine database. The national smartcard system, which enforces role-based access control, is based on software that sits on top of centralised spine-compliant applications such as Choose and Book and the Electronic Prescription Service. Such packages can only be accessed using the smartcard, but the same is not true of local third party applications, which require staff to employ multiple user name and passwords. While this situation is less of an issue in locations such as GP surgeries where fewer applications are employed, it does present a challenge in hospitals where multiple systems are in use all of the time. "You see some hospital colleagues with eight cards around their neck as it's about getting the software converted," says Dr Grant Ingrams, chair of the British Medical Association's (BMA) IT committee. "There are also issues about how you use it and I don't think all of the problems have been sorted out yet around what you do in busy areas." The problem, he explains, is that smartcards are not the best mechanism to use in such environments as "they're slow". "So if it's me sitting down for 10 or 12 hours as a GP seeing patients, it's not an issue. But if you think about A&E where several clinicians are trying to use one machine, you end up seeing cards left in and people remaining logged on," Ingrams adds. He suggests that a quicker alternative might be to introduce the same kind of proximity dongles that are waved over readers in pubs and restaurants to provide access to systems. Another possible option would be installing enough computers so each clinician could have access to a machine at all times. "In most places, it works OK, but where things are more rushed and hurried and more staff are coming and going, it needs a workaround," Ingrams says. Showing persistence Some trusts have tried to at get around the challenge of staff having multiple identities by introducing single sign-on (SSO) systems. These enable personnel either to employ a single user name and password or the single identity held on the smartcard in order to access both local and national software. But the problem with this is that such systems neither provide session persistence nor are they aware of context. Paul Curley, consultant surgeon and clinical director at the Mid Yorkshire Hospitals NHS Trust, explains: "If you're working in application A to find blood results, but you want to look at X-ray results too, you can fire up application B, which may link to SSO so you won't have to remember your user name and password. But you'll still have to do another search on the same name as the system isn't context-aware." Session persistence refers to the concept of logging out of a session for security reasons when attention needs to be turned elsewhere, but being able to log back in and pick up exactly where one left off. "It would be perfect in a busy A&E," Curley says. To this end, Mid Yorkshire is currently trialling a mobile clinical computing system with Dell, Symantec and Trapeze Networks. The first part of the pilot involves evaluating a system that enables clinicians to roam "with an open profile across devices in the network without having to log off," Curley says. Users log onto the network using version 5 of the NHS smartcard, which is contactless and uses an a RFID chip. This means that, rather than have to place their card into a reader, which slows the log-in process down, clinicians simply wave it at a device. A session then becomes "locked" to them so that when they walk away, it cannot be accessed by a third party. "You don't have users leaving sessions open so it's a very important piece of the jigsaw," says Curley. Another possible approach, however, says Derek Stowe, technical network and security manager at Rotherham Primary Care Trust, is to have the smartcard registration authority set a time limit for sessions of access through the cards. "What you've got to remember is that, if someone puts their card in and logs onto the system but subsequently logs out, leaves their card in and someone else logs in in their place, it's all tracked," he explains. "In Rotherham, these things are taken very seriously and any misdemeanours are investigated thoroughly." The trust has just implemented a Quest Software system to enable it automatically to provision, re-provision and de-provision users through Microsoft's Active Directory. The software has been integrated with its Electronic Staff Record (ESR) system, which managers can currently access using their smartcard to undertake such activities as authorising annual leave. By the end of the year, however, all clinicians will be able to access their ESR using an NHS smartcard, letting them view their wage slips, register for continuing professional development and other job related activities. National service In terms of the national system, the Department of Health (DoH) says that more than 530,000 users have registered with the NHS Care Records Service Identity Management System to date. A total of 900,000 staff from across 600 NHS organisations are expected to have signed up by the end of June 2013. The system already meets the standards built into the pan-government Employee Authentication Service (EAS) that was recently approved by the CIO Council and positioned as a "champion asset for government". This means that all public authorities now have to justify their decision if they chose not to use it. "The EAS strategy permits organisations to implement their own internal identity management services according to their application and security needs," a DoH spokesperson said. While NHS organisations may need to use the EAS to access applications in other departments or in local government, SSO systems could be useful in managing these multiple identities, the spokesperson added. But the DoH is also "developing a long-term strategy to ensure the requirements of the NHS are built into any future (EAS) procurement". Although this more detailed national strategy is still a work in progress, in future the spokesperson expected that "all identity management systems will utilise a user's unique identity". This is because having a unique identity that "can be understood across all systems will make significant improvements in our ability to identify user activity across many systems and services, thereby improving information governance", the spokesperson added.