The Royal Liverpool and Broadgreen University Hospitals NHS Trust has cut its security costs by a quarter through its partnership with security supplier Symantec.
In the face of decreased public spending and increased cyber threats, the trust reviewed its legacy multivendor security strategy to improve data protection but reduce costs at the same time.
The review sought to consolidate suppliers, simplify processes and enable a more co-ordinated approach to data security.
The trust decided to deepen its relationship with Symantec, having already rolled out the firm’s enterprise vault storage and backup products.
The trust looked at several technologies, says James Norman, director of information management and technology at the trust.
“But the blend of potential cost savings, the quality of the integrated security technologies and Symantec’s excellent market reputation all pointed to the company being the right partner to work with,” he says.
To help the trust achieve its goals, Symantec suggested its business-led initiative aimed at helping public sector organisations reduce software expenditure by 25% while achieving a high level of security.
Read more about mobile device management (MDM)
- Mobile device management checklist
- Choosing and managing mobile devices
- Mobile devices could transform patient care
- Security Think Tank: MDM is no BYOD silver bullet
- Microsoft starts to push on MDM, cloud and BYOD
“Symantec was able to advise on the best way to cut costs without impacting services,” says Norman.
Protecting data and educating users
Under the Symantec 25 programme, the trust deployed Symantec’s Data Loss Prevention and Symantec Protection Suite.
As a healthcare provider, patient confidentiality is critical, says Norman.
“The recent high-profile media reports of both inadvertent data loss and malicious data leakage incidents further heightened the need to find a provider who could provide optimal protection against data theft or loss, while simultaneously enabling better data sharing and access to services,” he says.
Having cut IT security costs by a quarter, the project enabled the trust to improve its ability to identify, monitor and protect its data.
The project has also enabled the trust to educate its 4,500 users on the risks of unguarded technology and prevent staff from sending unencrypted sensitive information via email.
“Ultimately, improved IT security practice will provide enhanced IT compliance and avoid enforcement action by the Information Commissioner’s Office for any data breach,” says Norman.
Improved productivity with mobility
In addition to cutting costs and improving data protection, the trust wanted to improve productivity by enabling staff to access patient and clinical data when at the bedside.
However it was imperative to comply with legislative requirements for secure processing of patient data. It was also key for IT management to be streamlined, making it easier to use and administer as well as reducing the cost of managing IT security.
As a result, the trust implemented Symantec’s Mobile Management system (MMS) for secure mobile working.
Rolling out the MMS means 4,500 medical staff now have instant access to healthcare history, medical images, medical notes and more, at a patients’ bedside, says Norman.
“Staff can work more efficiently and productively, helping the trust save valuable time and money, and resources can be used more effectively and enables faster decision making,” he says.
The MMS also gives staff access to access to email, calendars and the electronic patient healthcare record, while securing the devices and data.
Data moves with consultants and patients
This includes enforcing access controls, maintaining a separation between healthcare data and personal data and providing a central point of control.
“We wanted our consultants to make immediate decisions aimed at enhancing the quality of patient care and improving outcomes, so our strategy was to allow the data to move with them,” says Norman.
“When a patient moves between wards the data goes with them, letting the medical staff work more efficiently, freeing up more time for consultative advice.”
Norman says the trust wanted to standardise its technology portfolio. “Symantec offered the best products and the seamless integration with our existing technology, to take the trust into the next dimension of healthcare data security: both mobile and static,” he says.
Andrew Rose, principal analyst security and risk at Forrester Research says Symantec's breadth of coverage and customer-focused strategy mean that it can make a good partner and provide real business benefit.