Patient data protected while clinicians enjoy improved access to medical records at the point of contact
The Oxford University Hospitals NHS Trust (OUH) is one of the country’s largest hospital trusts, with 11,000 employees. It provides for all acute services to Oxford and the surrounding county (a population of approximately 630,000), but offers a wide variety of specialist tertiary services to a far wider population.
Accident and emergency services are based in two departments; the main one at the John Radcliffe Hospital in Oxford and a smaller department at the Horton in Banbury.
Between the two emergency departments, up to 350 patients are seen each day.
The Oxford University Hospitals NHS Trust is renowned for its teaching facilities which support both Oxford University and Oxford Brookes University. The hospital is also home to the George Pickering Education Centre, providing education and training for staff, specialists and junior doctors.
The Emergency Department received the Department of Health’s National Annual Building Better Healthcare Award in 2004 after being judged to be the best designed hospital building in the country.
The Nicholson Challenge is demanding the NHS saves around £20billion by 2015, forcing trusts to closely examine working practices and to find areas to make it more efficient.
Achieving these savings while simultaneously improving service quality requires a careful strategy and the OUH has already identified the adoption of an organisation-wide electronic patient record (using the Cerner Millennium integrated solution) as an important tool to support this.
However, the NHS security infrastructure built on a national authentication application using smartcards and card readers on every computer presented some challenges for the trust.
In particular, the national infrastructure did not cater for busy clinicians in areas where rapid login and user-switching as well as session roaming would be critical, especially in the complex and frantic workflow of an Accident and Emergency (A&E) department.
Dame Fiona Caldicott, trust board chairman, devised the Caldicott principles in 1997 which address the secure and sensible handling of patient data. Naturally, data security is therefore an important issue at the hospital.
The OUH first implemented Imprivata OneSign in 2008 to improve the security and efficiency of access to sensitive patient information. When treating patients, clinicians at the trust are typically required access to multiple applications, each demanding individual log-in credentials and password policies. This inevitably led to users forgetting their credentials, tempting password sharing, provoking unwanted strain on IT helpdesk resources and wasting valuable clinician time.
Imprivata OneSign addressed these very significant issues by offering a single point of authentication that negated the need to enter multiple log-on credentials each time an application was accessed, allowing patients to be treated more quickly, and reducing disruption for clinicians while keeping data secure.
Since the initial project was completed in 2008, the OUH’s IT requirements have changed, particularly in the A&E department. The desire for a more flexible, manageable and secure endpoint environment meant that desktop virtualisation (VDI) had become a key priority, ahead of deploying the Cerner Millennium electronic patient record. To support this better, Quest vWorkspace was implemented with OneSign to promote further efficiency savings.
With clinicians constantly moving from location to location to treat patients in different areas of A&E and beyond - all while using different equipment - there was a vast amount of switching between workstations, which meant repeating the same authentication procedure to access patient details. Each click in this process takes time, but more importantly it distracts the attention of clinicians when their undivided focus is needed to treat medical emergencies.
“At the trust, we were already seeing the flexibility and management benefits of using VDI,” said Dr Paul Altmann, chief clinical information officer at OUH.
“However, we needed a secure single point of access to both the virtual desktop and the applications therein without disrupting workflows. This was essential for clinicians who rightly focus on patient care as their absolute priority, and who therefore need to have the most unobtrusive IT and security systems in place to support high-quality care.”
To support the need for very slick and quick logins, user switching and desktop roaming, the existing OneSign implementation was enhanced to provide a ‘Tap and Go’ No Click Access to virtual desktops across all clinical areas.
Imprivata natively supports VMware and Citrix virtual desktop environments, however Quest vWorkspace VDI is not currently supported by Imprivata ‘out of the box’. To ensure this infrastructure could coexist with the Imprivata solution, the IT team was able to utilise Imprivata’s open application programming interface (API) to integrate with the Quest environment.
Dr Altmann said: “The real strength of this project is that we have been able to make full use of Imprivata’s open interface to support the technology investments we had already made. We were happy with how Quest vWorkspace was working for us, and the ability to tailor Imprivata’s solution to fit that jigsaw was really essential to this project from an IT management and budget perspective.”
As an established Imprivata customer, OneSign was already embedded into the clinical workflow and so implementing No Click Access to roaming desktops meant clinicians were able to use their existing NHS smartcards to benefit from new functionalities.
By tapping a card and entering a OneSign PIN at the start of a shift, a user is authenticated and a vWorkspace desktop is auto-launched, connecting and logging the user into Cerner Millennium EPR, OneSign providing the unique user name in the form of the users unique user ID number, but always requiring a passcode, and other systems such as WebPACS. To authenticate to Spine applications, a clinician inserts the card into an Omnikey reader and the Identity Agent middleware within the VDI desktop requests the Spine PIN number. Once recognised the user is authorised to use the Spine applications until the card is removed from the reader, at which time the Spine session is disconnected.
Access to Cerner Millennium and other applications for which the user is authorised are available until the user taps their card to suspend their session; disconnecting from the virtual desktop securely. When that clinician roams to another desktop, the user’s virtual session is launched automatically with the tap of a card as it was left running at the previous desktop.
This can be hugely beneficial to care providers moving from workstation to workstation, as the requirement to arduously re-open applications to access patient data is negated; saving valuable time and helping clinicians to focus on their patients without compromising on security.
The deployment of Imprivata No Click Access to roaming desktops extends efficiency benefits of OneSign by integrating with the Quest vWorkspace VDI. It also provides seamless integration with Spine applications, Cerner Millennium and other critical systems. Through Imprivata’s extensive healthcare industry partnerships and non-proprietary interface, this was easy to configure.
A&E workflows have been vastly improved and, in turn, clinician satisfaction has increased. The need to manually enter login credentials for each session is eliminated, which is highly beneficial to staff who are constantly on the move while treating patients. Removing this ‘IT distraction’ has proven invaluable to the end users, who are now better supported by IT to do their jobs.
“Staff in the A&E department are constantly using different workstations,” said Dr Altmann. “The work we have done with Imprivata gives our staff the mobility needed to securely access sensitive patient information at the point of care, without having to endure a complicated log-in process repeatedly throughout their shifts. Our ‘Tap and Go’ solution built with Imprivata’s No Click Access to roaming desktops empowers our users to work on the move without the worry of data security.”