University Hospitals of Morecambe Bay NHS FT

Enhancing identity management and MDM solutions with automated provisioning

Project overview

Healthcare organisations are implementing mobile solutions to improve care quality and clinical productivity, increase operational efficiency, and ultimately provide better patient outcomes.

However, the introduction of new mobile technologies creates new challenges around security, inventory management, and clinical efficiency. Read how University Hospitals of Morecambe Bay improved security and management of its shared mobile devices through Imprivata GroundControl’s automated provisioning.

University Hospitals of Morecambe Bay is a University Teaching Hospital providing community and hospital services across the Morecambe Bay area – covering a thousand square miles in south Cumbria and north Lancashire. The Trust operates from three main hospital sites: Furness General Hospital, the Royal Lancaster Infirmary, and Westmorland General Hospital in Kendal, as well as a number of other community healthcare premises. The Trust has approximately 8,000 employees and provides services for a population of more than 350,000.


Early in 2020, the Department for Health and Social Care announced that all NHS Trusts were required to replace pagers in UK hospitals by the end of 2021; the object of the motion being to replace old, outdated communication methods with mobile technology. For UHMB, it was essential that these pagers, which were trusted and relied upon by clinicians, were replaced with a solution that was user-friendly for staff, would not impede clinical productivity, and would be safe for patients.

The Trust had already implemented an MDM solution – in this case, VMWare Workspace ONE – and had enrolled approximately 2,200 devices (circa 1,900 Apple iPhones and 300 Android devices). These devices were configured as either a 1:1 device or set-up to be a shared device on a ward.

The Trust was finding that accountability of its shared devices had been lacking. Devices would often be given to wards or administration areas and it would be difficult to know where they were or who was responsible for them. Due to the difficulty in pinpointing these devices, inventory management was a challenge and devices were not always kept fully up to date with iOS upgrades, introducing security risks.

“Historically, devices were given to wards and there was no real accountability as to who was responsible for them or where they were – especially if it was a shared device.”

Paul Lewis

Server and Desktop Infrastructure Specialist, University Hospitals of Morecambe Bay NHS FT


UHMB had been a long-standing customer of ITHealth, as well as users of Imprivata OneSign for many years. To improve the Trust’s shared device management efforts and minimise IT burden, ITHealth introduced the Trust to automated provisioning from Imprivata GroundControl.

UHMB liked how with Imprivata GroundControl users can leverage a badge-tap workflow for streamlined access to secured devices and that the devices could be allocated on a ‘per shift basis’. Additionally, with close integration of its MDM and Imprivata OneSign solutions, UHMB saw how it would be possible to image devices specifically for each user and eradicate manual authentication into individual applications.

UHMB chose to implement Imprivata GroundControl with iPhone 11s, initially rolling out 10 docking stations with approximately 200 iPhones. Paul Lewis, Server and Desktop Infrastructure Specialist at the Trust describes it as ‘simple, tidy set-up’. Each designated area on a ward has an Imprivata GroundControl charge and sync station with 20 x mini lightening cables, up to 20 x iPhone 11s, and a proximity reader for the tap-on/tap-off feature. Behind the docking station sits an SFF (Small Form Factor) Windows 10 PC – with no keyboard, mouse or monitor being required.

According to Paul, device check-out is an easy process that ‘takes less than 10 seconds’. The user goes through a one-time enrolment to match their Active Directory account against their NHS smartcard. At the start of each shift, the user then simply taps their smartcard against the Imprivata GroundControl proximity reader which checks the user details against the Imprivata OneSign appliance – to verify that the smartcard has been enrolled for the user. If it hasn’t, the reader bleeps and alerts IT that a user is trying to check-out a device which may not be configured for them and so the user is directed back to enrolment. If Imprivata OneSign recognises and verifies the user, the request is passed to Imprivata GroundControl to check out an optimal device (in terms of battery life and device health) which is then identified to the user in the form of first name and surname on the device’s screen.

The assigned iPhone has all the apps the clinician needs pre-installed and automatically connects to the Trust’s secure wi-fi-network. The device is checked out to the clinician for a maximum of 7 days (a time period set specifically by UHMB). Another device can’t be checked out by the user until the previous device is returned. Once a device is checked back in, UHMB have triggered a full device swipe to occur, so each device is completely re-configured for the next person to check-out again.

Additionally, UHMB has an in-house team of developers who can create Apps to distribute to devices (without the need for Apple ID, Google Play, etc). The Trust has developed an in-house app to work with Imprivata GroundControl that allows staff to assign a task or ‘bleep’ to a clinician if they’re on a shift. The task will come through to the iPhone in the form of a push notification which can then be dealt with.

“It’s a simple device check-out process for clinicians which takes less than 10 seconds. All in all, it’s a very slick solution.”

Paul Lewis

Server and Desktop Infrastructure Specialist, University Hospitals of Morecambe Bay NHS FT


Particular benefits of the Imprivata GroundControl solution for UHMB are as follows:

– Full asset management and loss prevention
The Trust can fully track check-in and check-out: who, when, where, and which devices — all from their Imprivata GroundControl Device Dashboard.

Comprehensive activity and audit logs provide full visibility into user interactions with devices and applications. The Trust can now glean information, such as which users have last accessed devices as well as the last known location of a device, which not only expedites investigations into lost devices, but also increases user accountability.

– Improved security and smart workflows
Imprivata GroundControl’s Workflow Editor has allowed UHMB to set the rule that all of its shared-use devices are fully wiped between each use, ensuring that the device is completely re-imaged for the next trusted identity upon approved check-out.

– Enhanced clinical productivity
Effortless access to an optimal device with the simple tap of a proximity badge means UHMB clinicians spend less time worrying about technology and authenticating and more time focused on patients.

– Reduced IT burden
The Trust’s IT staff can now remotely manage, personalise, and update devices at scale. Imprivata GroundControl allows UHMB to provision devices in bulk straight from the box by skipping all setup screens and enrolling in its MDM to allow personalisation all at once.

“We always trust ITHealth’s ability to recommend solutions that will bring real benefit to our organisation. Imprivata GroundControl has not disappointed. It has saved us a ton of device provisioning time by automating the process. It’s secure, provides full auditability and seamlessly integrates with our MDM.”

Paul Lewis

Server and Desktop Infrastructure Specialist, University Hospitals of Morecambe Bay NHS FT

You may also be interested in…

View all case studies

Take the next step

We’re here to help. Get in touch to discuss your cyber security challenges.

Prefer to talk? Just call us on 0115 987 6339.