East Kent Hospitals University NHS Foundation Trust

Saving more than £80,000 a year through single sign-on technology

Overview

A clinician’s time is precious – time spent on onerous login procedures is time that could be better dedicated to patient care. Security shouldn’t impede access to important patient information, but should instead be fast and work first time, every time – so it becomes an asset rather than a hindrance. East Kent University Hospitals NHS Foundation Trust wanted to review its complex access procedures and find a solution to help them better meet their organisational goals for effectiveness and efficiency.

Buckland Hospital, East Kent Hospitals

East Kent Hospitals University NHS Foundation Trust has five hospitals and several outpatient facilities across East Kent and Medway. The Trust provides a wide range of services within both hospital and community settings, and employs more than 7,500 clinicians and other staff who require access to a variety of healthcare applications and support systems. The Trust serves a local population of around 759,000 people.

Challenge

The Trust’s clinical staff required access to more than 86 applications, however the organisation’s password security policy required individuals to use separate login credentials for each application. As a result, users forgot their credentials and could not access core systems. Clinicians and staff resorted to writing down passwords or sharing accounts with other users, actions which compromised the Trust’s strict security requirements.

Nicola Ellingham, former project manager for East Kent Hospitals University NHS Foundation Trust, was responsible for the implementation and support of access management technologies and knew the importance of finding the balance between security and employee productivity.

“Obviously, keeping our patients’ data secure is of paramount importance, however with so many disparate logins, the productivity of clinical staff was being affected, which could have led to an impact on patient care. For any NHS Trust, that would be completely unacceptable service”, explained Nicola.

To ensure security, as new applications were implemented users were asked to remember complex password credentials which reset at irregular intervals causing them to be locked out, unproductive and frustrated. “We noticed that almost 25 percent of our helpdesk calls were related to password or access issues. This equated to more than 8,000 calls a year and was a huge drain on our resources,” said Nicola. Additionally, IT found that despite having only 7,500 users, more than 20,000 accounts existed on the e-directory. This was due to the lack of an integrated IT access management policy across the network which made user ID verification a difficult task.

With these challenges in mind, Nicola and the IT team looked at possible routes to managing user access that would address the security needs of the organisation whilst reducing the complexity of the logon process for employees. One of the options immediately identified was Single Sign-On (SSO), which involves linking all access rights to one strong network login. This, in turn, authenticates users into all applications they are authorised to access without having to repeat the login process each time.

Solution

Nicola discussed the Trust’s requirements with ITHealth, the premier healthcare Imprivata reseller and NHS IT security and access management specialists. After identifying that the Trust had similar access management challenges to other NHS organisations, ITHealth recommended Imprivata OneSign, an identity and access management appliance that can deliver SSO quickly, easily, and affordably. “Having the peace of mind that other Trusts within the NHS had used Imprivata OneSign was extremely important, especially as we have quite a complex IT infrastructure spread across multiple sites,” said Nicola. “One of the key reasons behind choosing Imprivata technology was that it could be integrated with our existing network without changes to our LAN/WAN or huge hardware investment. Imprivata OneSign also supports the NHS Smartcard which is an important part of our IT plans.”

Working closely with ITHealth, and following consultation with employees around how IT systems were being used and how user workflows would be impacted, East Kent Hospitals University Foundation NHS Trust started the rollout of Imprivata OneSign. “We were surprised at how quick and non-disruptive the implementation was. Users from clinical and support roles were using SSO extremely quickly without impacting on their day-to-day tasks,” said Nicola.

Results

Before Single Sign-On

  • Employees had strict password policies related to application access, leading to forgotten or written-down login credentials
  • The IT Helpdesk was burdened with calls concerning access issues – each call lasting an average of 30 minutes
  • The organisation had more than 20,000 accounts in e-directory, but only 7,500 users

After Single Sign-On:

  • More than 7,500 clinicians and other staff are supported with Single Sign-On
  • 25% reduction in helpdesk calls, equivalent to savings of more than £80,000 per year
  • Implemented centralised system to track all application access for reporting and auditing purposes

By the numbers

  • £80,000 in savings due to reduced calls to the IT Helpdesk
  • More than 7,500 users enrolled for Single Sign-On
  • 87 applications enrolled, including legacy and healthcare systems