There are 151 Primary Care Trusts (PCTs) in the UK and, together, they’re an intrinsic part of the National Health Service (NHS), providing healthcare services to more than 50 million patients.
Collectively, the PCTs are responsible for managing and allocating 80% of the overall NHS budget. Many of them operate very well-equipped IT infrastructures administered by highly-skilled professionals. However, with public sector budgets under close scrutiny and the quality of healthcare at the top of the Government agenda, all are under pressure to ensure that every penny spent on computing is focused on improving frontline services.
Established in 2001, the Barnet, Enfield & Haringey Health Informatics Service (BEHHIS) is a shared information and IT department that supports four NHS PCTs in North London.
The BEHHIS recognised that modern health workers need the IT systems and resources they rely upon to be agile in order to work effectively when moving around hospitals, GP surgeries, patient homes and even when working from their own home.
Improve remote access, enhance security
The challenge for the BEHHIS, then, was how to improve remote access while still ensuring that the security and integrity of the IT network remained intact and that the new solution was delivered on a cost-effective footing.
For BEHHIS the answer was provided by the Bracknell-based IT security infrastructure company Winfrasoft, developer of the innovative Health Access System (HAS).
The HAS is a web-based solution built on the Microsoft Forefront Edge Gateway server platform – a platform widely used in the NHS – which enables PCTs to simplify, secure and improve access to vital resources by using the considerable technology investment made by Government into the Connecting for Health smartcard.
These smartcards are available to all health workers within the NHS, and were originally conceived to help control access to the Care Records Service (CRS). However, Winfrasoft recognised that PCTs could derive even greater benefits by using the cards to improve user identity authentication and access to local PCT resources.
On top of that, the cards could be used for access to applications held centrally by the NHS (so-called ‘spine’-based applications) and, furthermore, give their IT networks an improved level of security that would be virtually impossible to replicate on the tight budgets on which they operate.
Implementing strong two-factor authentication
Senior project manager at NHS Enfield, Perry Meyer, told SMT Online: “Implementing such comprehensive and strong two-factor authentication from scratch using PKI (Public Key Infrastructure) or token-based access would simply not be feasible for our PCTs, as it’s expensive to implement and resource-intensive to maintain,” said Meyer by way of a back story.
The HAS unifies the identity of the health worker with the NHS smartcard to a locally managed Active Directory user account. This enables an existing and non-modified smartcard to be used for two-factor authenticated remote access, as well as single sign-on to the IT network.
The BEHHIS implementation began in October last year, and was completed in early 2010 by Winfrasoft and its technology partner, the identity and access management specialist that is the Oxford Computer Group.
Meyer went on to explain the simplicity of the system: “A PCT employee is issued with a smartcard and, when they require access to the IT network, whether on-site or working remotely, they simply place their card in the reader connected to their PC or laptop and login.”
Meyer added: “The system quickly authenticates the identity of the user, acknowledges their privileges and grants the appropriate level of system access. It’s the perfect example of true single sign-on security.”
Support from Connecting for Health
Projects such as the one untaken by the BEHHIS that take advantage of innovative uses for the NHS smartcard are backed up by Connecting for Health, which supports the NHS to deliver better, safer care to patients by bringing in new computer systems and services.
“The support we received from Winfrasoft and the Oxford Computer Group throughout this project was exemplary, and we are grateful for their help,” enthused Meyer. “They worked closely with us to ensure that the integration with our existing infrastructure was rolled out smoothly and successfully.”
He concluded: “‘In the HAS, Winfrasoft has delivered a solution that takes an existing investment made by the NHS and allows it to provide our PCTs with better resources and access to these resources in a pioneering and more secure way. It achieves real benefits for frontline healthcare workers and back office administration.”
For more information about Winfrasoft’s Health Access System visit the website (a dedicated link is provided on the right hand panel of this page)
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
