Get IT Right

30 September 2008 (Last Updated September 30th, 2008 18:30)

Addenbrooke's in Cambridge is the first UK hospital to integrate local access management with central applications. Dianne Nixon, the hospital's IT programme manager, explains the workings of the system.

Get IT Right

The introduction of modern information technology is at the heart of the Government's Modernisation Plan for the NHS.

The new NHS Care Records Service (NHS CRS) has been designed to support patient confidentiality and to restrict access only to those who need to see parts of the records in order to provide the relevant necessary care. However, the viability and usability of the NHS CRS smartcards, and the multiple passwords required to access patient data, have rightly been the cause of much controversy to date. Meanwhile, the need for clinicians to have faster access to real-time patient data is top of the agenda.

"Clinicians were incredibly frustrated by delays and were keen to be able to spend less time on entering credentials and more time on patient care."

Cambridge University Hospital (Addenbrooke's), one of the first Foundation Trusts, is a 1,100-bed teaching hospital and one of the Government's new biomedical research centres with a world-class research reputation. The Trust provides acute and specialist services for a local and regional population of more than 500,000 and employs more than 6,800 staff.

We believe IT is integral to modern healthcare provision and we are trying to encourage our clinicians to use IT more, increase the use of Trust-wide applications and promote wider usage of electronic ordering of diagnostic investigations (OCS) by clinical staff. Alongside this, we must protect patient confidentiality and information from a security perspective by putting in place appropriate processes, all the while allowing clinicians to concentrate on their primary role as providers of patient care.

Access to real-time data is also a priority as without it, patient care could suffer as a consequence. From a business perspective, the Trust needs real-time information to manage its resources effectively.

Log-in delays

Our clinicians have access to a number of different applications all of which contain clinical information, including diagnostics and all clinical correspondence. Access to this data and to our Trust's local area network (LAN) and hospital information systems (HIS) was previously managed by the issue and maintenance of multiple usernames and passwords. It is not uncommon for users to have several different usernames and passwords, the majority of which have to be changed on a regular basis, with the protocol for this change varying from application to application.

To access each of these systems the user was required to enter their user name and password for authentication purposes. The user was then required to search for a patient's individual CRN number for each of the applications logged into and was often presented with a prompt to reauthenticate at various control points – a process that could take in excess of 80 seconds.

Although a number of staff were static and only mildly inconvenienced by this log-in process, our clinicians were incredibly frustrated by the delays and were keen to be able to spend less time entering credentials into a number of different systems and more time on patient care. The 2004 introduction of the requirement to reauthenticate each time a pathology or radiology order was placed only compounded the situation; affecting clinical time to such an extent that many clinicians chose to switch to making paper requests.

The Trust became aware of technological advancements that have seen the introduction of single sign-on (SSO), a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates the need for further prompts when users switch between applications during a session.

SSO allows organisations to manage access to multiple applications. It can be deployed in a number of ways, including:

  • via the keyboard using control/alt/delete
  • via smartcard and associated PIN
  • via a proximity device that uses RFID technology.

Simplified sign-on

As a Trust we enlisted the help of integration experts, Enline, to implement Imprivata OneSign, an SSO tool to be used for 2,000 users across the Trust using one factor authentification of username and password. The SSO project included ten Trust applications in the first instance, with easy functionality for both development and support to add additional Trust and Connecting for Health (CfH) applications in the future.

The initial applications involved in the project were: picture archiving and communications systems (PACS), the joint clinical information system (JCIS), the electronic medical record system (EMR), the order communication system (OCS), HIS, Diamond (diabetic clinical information system) and the Theatreman and Renal databases. The intention was to roll out to 2,000 of the Trust's users within 2007 and 2008.

Our criterion for introducing SSO was primarily to free up the time of our clinicians. In addition, the solution had to be scalable so that it could be rolled out at our own pace, supportable in house and provide fast and efficient access to real-time data. OneSign offered us a solution that was effectively 'plug and play'. We could install it, do some internal training and then we were up and running, with a secure area network.

Our objectives as a Trust were first and foremost to increase the amount of time available to clinicians to address patient care and increase productivity within patient care. We also wanted to increase the effectiveness of care by providing secure, real-time access to patient data. We were keen to reduce the number of password-related calls to our helpdesk and requests for resets and changes and to encourage wider use of IT amongst clinicians, including increased use of OCS, with no loss of security.

Our clinicians work in highly stressful data-intensive environments and are under extreme time pressure as they move from exam room to hospital to office. It was therefore vital that the solution addressed our objectives but did not compromise their requirement for constant access to clinical patient information.

Positive results

The most important outcome for the Trust was that the implementation of OneSign enabled our clinicians to return to practising medicine, not computer literacy, and this was successfully achieved. Our clinicians now spend less time entering the required authentication for the multiple systems to which they require access, and are not required to use multiple usernames and passwords. We estimate that this has provided us with a huge reduction in time from 80 seconds per log-in to ten seconds.

The system has also significantly reduced the pressure on our IT helpdesk by reducing the number of requests for password reset. The new system provides clinicians with a self-service password reset function that removes this requirement. This faster access to patient data provides doctors with the convenience they want without making compromises to security. Doctors spend less time fighting with passwords and have more time available for delivering care.

"OneSign has allowed synchronisation between multiple applications at the point of patient care."

From a security perspective SSO has played a significant part in protecting patient privacy as we now have much greater control over who has access to what data. OneSign has given us the ability to audit the usage of all applications by custom 'user' and 'patient' reporting tools. The strong authentication OneSign provides ensures that compliance levels are increased and bad practices such as the sharing of passwords are eliminated.

In the health service, where consultants need to make accurate diagnoses and fast decisions, staff need immediate access to the latest patient records whether they are onsite or out on call. For managers, it may mean real-time data on resource use, demand from patients, policy and external factors to support management decisions, mitigate risk, and achieve targets. OneSign has supported us in this and allowed synchronisation between multiple applications at the point of patient care.

The implementation of SSO as an element of an identity access management strategy at Addenbrooke's Hospital in Cambridge has greatly improved the IT system. It has delivered substantial efficiency savings as internal helpdesk calls for password resets have been reduced. In addition to this, users can access their local and national applications and also gain entry to secure doors and car park facilities through the use of one smartcard. Above all, it has significantly tightened security, simplified the password process and given users faster access to patient information, allowing more time to focus on the patients themselves.