NHS trust uses smart card system to free users from password pile up

Nottingham University Hospitals Trust gets smart to boost security

Nottingham University Hospitals Trust is eliminating the burden on staff of using multiple passwords to access different applications with a smart card-based system that provides single sign-on access to both the NHS and its own information systems.

The trust is using access management supplier Imprivata's Onesign Single Sign-on. Onesign is a smart card authentication and access management system designed to reduce the negative impact on productivity caused by the need for multiple passwords. It also provides secure access to applications, cutting the security problems of having staff manage different passwords for different systems.

Ben Halliday, head of technical support at the Nottingham University Hospitals Trust, said the system gives the trust's 8,000 staff strictly qualified access to patient records in 16 systems. These include radiology, theatre, the helpdesk and others. The trust plans to add seven more systems this year.

"One size does not fit all. As more systems are implemented via the NHS's National Programme for IT, the staff are relying more on IT systems. But they had to remember more and more passwords to access the different systems.

"It quickly becomes difficult to remember all the passwords, so to make life more tolerable for users we invested in the card-based single sign-on system," said Halliday.

Staff can now use their Windows log-on and smart card to gain access to the Imprivata system. This then uses pre-written scripts to connect the user to the NHS system and to the trust's own systems, where they can access the records they need.

Halliday said users were happy to be freed from the burden of remembering dozens of passwords, and that the effect on helpdesk activity had also been dramatic.

"Nearly 60% of calls to the helpdesk were to reset passwords. That has dropped to almost nothing, and we can now provide help out of hours. And it has freed the helpdesk staff to do higher value work and answer calls more quickly," he said.

Halliday said writing the scripts for the Imprivata system took about a month. "We have to add 28 systems as well as upgrade the system over the next year, but we expect any changes to be really quick as we will be doing the scripting ourselves."

According to Halliday, the trust uses the same authentication and revocation processes that the NHS uses to grant users access to the data spine, the main NHS network application.

"This means we are quite rigorous about how we grant access, and also about deactivating accounts when people leave," he said.

Trust steps ahead of NPfIT >>

Tony Collins blog
The latest news, analysis and opinion on project management

Comment on this article: [email protected]

Read more on Business applications