Liverpool Women’s NHS Trust heals password problems with Imprivata OneSign
- 1,600 employees
- 350 beds
- 40,000 patients admitted, 12,000 patients in ER and 100,000 in outpatient consults
- Password security compromised
- Helpdesk burdened with calls
- Different strong authentication methods required
- 10 applications SSO-enabled
- Flexible strong authentication methods
- Self-service password reset saves £20,000
Liverpool Women’s NHS Foundation Trust is one of the leading hospitals in the UK providing healthcare to women and babies. The Trust has about 1,600 employees, all devoted to supporting its mission to deliver the highest quality care in the fields of maternity, neonatology, gynaecology, and reproductive medicine. A 350-bed teaching hospital, the Trust admits 40,000 patients annually, while treating another 12,000 in the ER and 100,000 in outpatient consultation. Liverpool Women’s NHS Foundation Trust is a centre of excellence in the provision of undergraduate and post-graduate medical education and training, and it is also actively involved in the training of nurses, midwives, and other professional staff.
The business challenge
Across the Trust, both clinical and non-clinical staff required access to confidential information as part of their daily activities. Due to the sensitive nature of this data, employees were issued usernames and passwords for the applications they were authorised to use. However, remembering these logins was difficult for staff, who would either be locked out of applications or resort to writing their credentials down to remember them.
Aside from the security concerns, this issue also affected the Trust’s helpdesk: approximately 50 percent of all calls were related to password reset requests. This represented a substantial cost to the organisation, on top of the impact that forgotten login details were having on staff productivity. “The amount of time spent just on password resets was equivalent to one staff member of the IT support team— around £20,000 per year,” commented Dr. Zafar Chaudry, director of information management and technology at the Trust. “With the shortcuts that employees were taking to circumvent the issue, it was becoming a serious security risk for the Trust.”
The Imprivata OneSign solution
Dr. Chaudry decided that the best way to solve these problems would be through single sign-on (SSO)—linking all of a user’s application access to a single username and password, which are then used to automatically enter them into the applications they are authorised to use. However, this presented its own challenges to the Trust. “One of our key applications is the MEDITECH Health Information System, which has proven extremely difficult to enroll in SSO in the past. Any system we looked at had to be able to handle MEDITECH in order for us to consider it,”explained Dr. Chaudry.
Working with Trust partner BDS Solutions, Dr. Chaudry looked at the available SSO solutions on the market, and chose Imprivata OneSign® to meet the Trust’s needs. Imprivata OneSign is an identity and access management appliance providing strong authentication, SSO, and integration for physical security systems. “Imprivata OneSign could visibly demonstrate its support for enabling MEDITECH, which immediately put it in front of other solutions that we evaluated,” said Dr. Chaudry. “The fact that it is an appliance-based solution meant that it was easy to install and would be simple to manage in the future.”
Dr. Chaudry and his team began an initial pilot project, with 20 users across both clinical and non-clinical areas of the hospital using SSO, which progressed well. Following the completion of the pilot, Imprivata OneSign was implemented to 1,000 of the Trust’s employees. Currently, ten of the Trust’s applications are enabled for SSO, and the remaining five applications will be added as required.
As well as providing SSO for applications, Imprivata OneSign also supports a range of different strong authentication factors for users. In the neonatology and accident and emergency departments, clinical staff will use biometric fingerprint scanners and a PIN to authenticate themselves at their workstations, as this is most suitable for their working environments. For the remainder of the Trust’s staff, Imprivata OneSign supports their existing building access cards as a second factor. “Staff carry their HID physical access cards with them already, so using these cards for network access as well made a lot of sense. We can re-use our existing systems to provide additional value, while also providing staff with a system that suits their individual needs,” said Dr. Chaudry.
The Trust has also implemented self-service password reset for users: if a user forgets their initial login credentials, they can answer a series of questions and have their credentials sent to them. “By providing a self-service option, users are no longer reliant on the IT helpdesk to get their passwords reset,” explained Dr. Chaudry. “This also means that resets can be affected outside of normal work hours. Users are already benefiting from the Imprivata system: even during the pilot, password reset requests dropped by about ten percent. It also means that our IT helpdesk team can concentrate on providing real value to the Trust, rather than just resetting passwords.”
Imprivata OneSign is shipped as a minimum of two appliances that are then linked together to provide failover. At Liverpool Women’s Trust, these appliances have been split between the main data centre and a backup site. In the event of a failure with the primary appliance, service is automatically switched over to the secondary system. However, even if there is a complete network failure, the Imprivata OneSign agent is still able to provide SSO services to the user: it can work in an offline mode and restore details to the appliance when the connection is reestablished. Because it is appliance-based, it provides the Trust with a resilient solution that is easy to manage in the long-term.