The NHS IT Security Specialists
Single Sign-On Application and McAfee Safeboot at Tameside & Glossop Acute Services NHS Trust
Download this Case Study as a PDF »
Tameside and Glossop Acute Services NHS Trust, located at the Tameside General Hospital in Ashton-Under-Lyne and situated at the foot of the Pennines, services an urban/rural population of over 278,000 and operates with 2000 plus staff, most of whom use a number of IT systems for performing their day-to-day duties. With the reliance on IT growing, and a wider range of applications available for staff to fulfil their roles, the Trust’s IT department began to identify a significant problem around password management.
Attendance at a BMS Seminar in 2007 pointed Trust IT staff members in the right direction. They learned about the ideal solution, Imprivata OneSign®. The IT team at Tameside chose BMS because of the focus upon IT security solutions to the NHS and the fact that BMS are an accredited Imprivata iPartner. “We were very impressed with BMS, their seminar addressed most of our current technical needs, they were a logical choice of supplier for us” said Chris Hutchinson, Technical Specialist.
The Business Challenge
To keep abreast of the demands of both national and local applications, the Trust were very keen to source and deliver a product which would provide :
- reduction in password management issues
- greater audit capabilities
- increased control and management over user credentials
Typically staff have to remember different passwords to access each of the Trusts’ core applications as well as numerous other passwords for different applications, such as Theatres, Pathology systems, A&E etc.
In addition to impacting on productivity, accessing so many different systems via passwords creates staff frustration. The sheer number of identities and passwords can also potentially cause security vulnerabilities.
The Solution
Imprivata OneSign® Single Sign-On solution is an identity and access management (IAM) appliance that is designed to meet the security needs of organisations of all sizes. OneSign® provides a unique way for NHS Trusts to integrate the NHS Connecting for Health smartcard to provide strong authentication support across all applications, local and national. The appliance also supports other forms of authentication including biometric readers, proximity cards, one-time password tokens and building access cards.
The evaluation set up by BMS was a huge success and led Chris Hutchinson to comment, “After using Single Sign-On for a month, on evaluation, and getting used to the ease of only having one password/PIN to remember, we simply had to buy it! It was immediately easy to see how beneficial this would be for our users, especially in busy areas like A&E. We found the evaluation of Imprivata OneSign® very valuable as we could see for ourselves, in our own environment, the benefits of Single Sign-On. Having a BMS Engineer with us on-site for a couple of days to get things going helped a lot—we were then left to our own devices to explore the product and realise its full potential!”
Following the successful pilot phase, the Trust has now begun the roll-out of Single Sign-On and strong authentication to its staff. The implementation covers both clinical and non-clinical employees, Nurses, Doctors and Consultants across the organisation using the NHS National Smart Card as their factor for strong authentication. Once they are logged in, employees will be securely and automatically signed in to all of their authorised applications.
The OneSign® appliance is already proving its worth to the Trust. Tameside has recently gone live with an electronic Picture Archiving and Communications System (PACS) in its Radiology department as part of the National Programme for IT. Whilst using digital images instead of traditional X-ray films was both more convenient and easier for staff, there was a problem due to the number of application passwords and change requests that were required to keep the system secure.
Geoff Berry, Assistant Director of IT for Tameside and Glossop Acute Services NHS Trust said, “The Trust was faced with a growing password management problem: staff had a large number of different log-ins to remember and this was becoming an issue for them. This was also a problem for our IT Services Desk: a significant amount of the calls being handled were specifically related to password reset requests. We wanted to solve this in a way that would also improve our ability to audit user activity and prove that security policies are being followed.”
“To view images, staff would have to access four different systems as part of the workflow, each with its own user-name and password. Logging into these separate applications could be time-consuming, and one forgotten log-in would prevent access to the whole system. Using OneSign®, the Trust has eliminated this issue: clinical staff and patients now get the full benefit of the new PACS system, whilst overall security of data is enhanced,” continued Geoff. “By using Imprivata OneSign® and the NHS smartcard together, we have removed these issues from the Radiology department, and we can’t wait to complete the roll-out of this project across the rest of the Trust.”
The implementation of the roll-out phase was enhanced by the service the Trust received from BMS. Chris Hutchinson was very pleased with the effective transfer to the live product. He stated, “The BMS Engineer came to site and seamlessly migrated the existing information on the evaluation unit to the newly installed Imprivata IAM appliance, which enabled us to progress very quickly to ’go live’. The level of convenience that users get from OneSign® leads to a return on investment on top of the immediate reduction in password reset requests and, ultimately, this delivers a better service to patients and a higher return for the Trust.”
The Benefits
The OneSign solution will deliver benefits and results to the Trust on a number of fronts. The Trust will gain increased control and management over user credentials, greater audit capabilities and a reduction in password management workload for its IT services desk. On completion, the Trust’s employees will benefit by not being locked out of applications due to forgotten passwords, as well as overall improvement of workflows.
As NHS organisations roll out the centrally procured McAfee SafeBoot encryption software it is worth noting that a single process can be facilitated for user authentication for both McAfee SafeBoot and OneSign Single Sign-On. During the Trust’s recent implementation of the McAfee SafeBoot software, BMS provided the necessary skills and experience to guarantee the Trust could deliver strong encryption, access control and security compliance, whilst ensuring the user experience continued to be seamless, bringing together data loss prevention and converged access and auditing.
Avril Davies, Head of IT Services at Tameside said, “Protecting patient data is a crucial activity for us. Imprivata Single Sign-On and McAfee SafeBoot are now an essential part of our integrated security portfolio and it is critical to Trust security that these diverse systems work together. We can now deliver strong encryption, access control, security compliance, and create workflow efficiencies, all of which contribute to us delivering real security of data.”
Related Case Studies:
- Newcastle-Upon-Tyne Hospitals NHS Foundation Trust Implement Single Sign-On »
- East Kent Hospitals Streamlines Clinical Access with Single Sign-On »
- University Hospital of South Manchester NHS Trust implements Single Sign-On with fast user switching using Imprivata OneSign »