Private health firm rolls out PKI

Bupa, the private medical company, is pressing the NHS and the insurance industry to invest in public key infrastructure (PKI)...

Bupa, the private medical company, is pressing the NHS and the insurance industry to invest in public key infrastructure (PKI) technology to allow medical records and other confidential patient details to be exchanged securely over the Internet.

Bill Goodwin

Bupa is planning to roll out its own PKI system to its 36 hospitals in the UK but needs the co-operation of the NHS to begin transferring medical records electronically.

The NHS has been evaluating PKI systems for the past two years and is on the verge of deciding an nationwide encryption policy. But it is likely to be some time before PKI is in widespread use.

"There is little benefit for us at the moment but there will be once we are able to share patient information with the NHS and other insurance organisations," said Terry Skinner, business systems manager.

"Our main challenge is going to be getting the whole of the health industry to adopt PKI."

Bupa has invested about £300,000 in implementing and testing Baltimore's Unicert PKI system, which is hosted on HP servers at Bupa's operations centre in Staines and at a back-up centre in Manchester.

The system, which will be rolled out to hospitals next year, will allow Bupa to send medical information by secure e-mail, rather than through the post, dramatically reducing time spend on administration.

Bupa is also considering using the same technology to give its corporate customers secure access to details about their company's private health schemes held on Bupa's internal servers. Managers would be able to add new staff and remove job-leavers from the health scheme, for example.

The system will eventually enable Bupa, which provides insurance to UK citizens living overseas, to send insurance policy information securely to its 100 offices worldwide.

"Maintaining patient and consultant confidentiality is a high priority for Bupa. We need to ensure that not only are our systems secure against unauthorised access and hackers but that they are recognised as being safe by the health sector," said Skinner.

BUPA hired systems integrator Protek to develop a security policy and implement the PKI system 18 months ago.

The system, which went live in March, is undergoing trails at one Bupa hospital before a full roll-out.

Bupa has trained several hundred staff to use the new system in a series of workshops, but hundreds more will need to be trained once the system is introduced across the UK, said Protek.

Read more on IT risk management