Doncaster & Bassetlaw NHS foundation trust

Company

  • Doncaster and Bassetlaw Hospitals NHS Foundation Trust
  • 5200+ Staff

Industry

  • Healthcare

Environment

  • MEDITECH Health Information Systems
  • VMware View 4.5

Challenges

  • Account/Password Sharing
  • High number of password lock-outs
  • Compliance reporting requirements

Results

  • Enhanced security and productivity
  • Strengthened compliance and auditing capability
  • Reduction of calls to IT helpdesk

Preventing password sharing between staff was a critical governance issue for Doncaster and Bassetlaw NHS Foundation Trust. A consistently top performing hospital, the Trust was determined to ensure patient data could only be accessed by authorized staff. Together with Imprivata, the Trust deployed a single sign-on and authentication management solution that made it easier for staff to use individual accounts, with the ability to reset and manage their own passwords.

Doncaster and Bassetlaw NHS Foundation Trust is comprised of three hospitals and two clinics, serving a population of over 410,000 across Doncaster. The hospitals are highly regarded and the Trust is one of only a few to achieve three stars every year since the introduction of the "star ratings" system, which also measures performance across a range of areas including waiting times, access to GPS, financial management and patient care.

Doncaster and Bassetlaw NHS Foundation Trust also features consistently in the list of the Top 40 UK Hospitals. The Trust employs more than 5230 staff who require access to a variety of healthcare applications and support systems.

The business challenge

Serving a population of over 410,000, the staff at Doncaster and Bassetlaw NHS Foundation Trust need daily access to over 40 healthcare applications. A fast-paced working environment meant that staff were prone to sharing passwords and even user accounts in order to achieve quick access to critical data, significantly reducing the effectiveness of these security measures. In addition, forgotten passwords became a common problem for staff and often resulted in lock outs, forcing staff to make time consuming and costly calls to the password reset helpdesk, causing lasses in productivity and efficiency. Working with a complex environment of legacy and web-based applications, Doncaster and Bassetlaw NHS Foundation Trust required an access management solution which could avoid lengthy log-in processes and be unobtrusively implemented into the organization’s complex network infrastructure, without requiring any changes to the Active Directory schemas. Additionally, it was important for staff to achieve simplified compliance reporting in order to maintain their high standards in the face of increasingly stringent data protection regulations.

The solution: Imprivata OneSign

Imprivata OneSign is an identity and access management appliance which provides secure authentication to applications. Imprivata OneSign provides care providers with simplified access to patient data and makes SSO and strong authentication management easy and affordable to implement. A key feature of Imprivata OneSign includes a Self-Service Password Reset function which allows users to take charge of their own password resets. In addition, built-in support for a broad range of strong authentication devices is provided, including the smart cards which not only give staff secure access to centrally provided applications such as the NHS Spine, but also allows them to be used as a factor for strong authentication into the Trust's local applications as well.

The results

The rollout of OneSign has strengthened user authentication, streamlined application access and simplified compliance reporting. The temptation for users to share passwords and accounts has been negated which has improved security, and the speed at which end-users can access patient data has increased, leading to productivity and patient care improvements.

Imprivata's Self Service Password Reset feature has also meant that password lock-outs are no longer an issue for staff working outside of IT helpdesk hours, further improving the efficiency of access across the hospital's multiple sites. Imprivata OneSign has been able to provide this flexibility whilst also supporting the hospital's choice of smart card devices for strong authentication.

"At Doncaster and Bassetlaw Hospitals, we are constantly looking for ways to improve operational procedures in order to enhance the standard of patient care that we are able to provide. Security and productivity benefits have been clearly visible since the project began, and we are now developing the roll-out to the next phase by actively engaging with the Accident & Emergency department," said Neil Racher, Senior IT Project Manager, Doncaster and Bassetlaw Hospitals.

"As well as improving data access from the end-user perspective, the OneSign platform also facilitates auditing capabilities which allow IT staff to track which users have accessed data and when. This provides huge governance benefits at a time when the NHS is making a concentrated effort at improving and securing access management."

 

PDF: