The Trust’s clinical staff required access to more than 86 applications, however the organisation’s password security policy required individuals to use separate login credentials for each application. As a result, users forgot their credentials and could not access core systems. Clinicians and staff resorted to writing down passwords or sharing accounts with other users, actions which compromised the Trust’s strict security requirements.
Nicola Ellingham, former project manager for East Kent Hospitals University NHS Foundation Trust, was responsible for the implementation and support of access management technologies and knew the importance of finding the balance between security and employee productivity.
“Obviously, keeping our patients’ data secure is of paramount importance, however with so many disparate logins, the productivity of clinical staff was being affected, which could have led to an impact on patient care. For any NHS Trust, that would be completely unacceptable service”, explained Nicola.
To ensure security, as new applications were implemented users were asked to remember complex password credentials which reset at irregular intervals causing them to be locked out, unproductive and frustrated. “We noticed that almost 25 percent of our helpdesk calls were related to password or access issues. This equated to more than 8,000 calls a year and was a huge drain on our resources,” said Nicola. Additionally, IT found that despite having only 7,500 users, more than 20,000 accounts existed on the e-directory. This was due to the lack of an integrated IT access management policy across the network which made user ID verification a difficult task.
With these challenges in mind, Nicola and the IT team looked at possible routes to managing user access that would address the security needs of the organisation whilst reducing the complexity of the logon process for employees. One of the options immediately identified was Single Sign-On (SSO), which involves linking all access rights to one strong network login. This, in turn, authenticates users into all applications they are authorised to access without having to repeat the login process each time.