Access to National Healthcare Systems is changing

Andrew Harrison, Principal Product Manager, International at Imprivata

We’ve got your back!

Andrew Harrison, Principal Product Manager, International at Imprivata discusses the trends that are affecting many local and national healthcare systems in the UK and across Europe. Importantly, he explains how healthcare organisations can migrate to these new systems despite limited resources and while also maintaining legacy systems.

Healthcare organisations across the UK and Europe are faced with the huge challenge of providing clinicians and healthcare professionals with secure and fast access to patient and clinical information systems. In most cases, clinicians need to access a mix of both local and national IT systems to provide safe, efficient and effective patient care, which can mean having a separate identity for each. This often adds significant extra complexity to the clinician’s workflow.

We must also consider that security of access to patient information is becoming an increasingly more urgent topic. Activity from cybercriminals continues to escalate with increasing number of disruptive attacks on healthcare organisations. As patient records are becoming ever more digitised, they become far more vulnerable to nefarious actors looking to steal and capitalise on their value. Think about the difference between stealing several thousand paper medical records, you probably couldn’t carry them, compared with stealing the same number of digital records!

Added to this, many national healthcare systems provided by central government bodies are outdated and in need of significant updates, in-line with modern needs.

With this in mind, governments in many countries across Europe (including the UK) are introducing new guidelines and requirements for managing critical national infrastructure, which includes healthcare. In the EU this manifests in NIS2 requirements, and in the UK, the National Cyber Security Centre is advising organisations to move to their Cyber Assessment Framework (CAF).

Governments throughout the UK and Europe are migrating their national healthcare systems to newer more modern, and more secure technology. No longer will it be adequate or indeed acceptable for healthcare professionals to be able to access sensitive patient information with just a username and password that can so easily be compromised. New government mandates are calling for increased security, including high assurance authentication to access both local and national health IT systems.

In a recent webinar we explained how healthcare organisations need to walk the fine line between maximising for security and optimising for user productivity. Users need and expect fast, transparent access to the resources they need to do their job, and they certainly don’t want to have to worry about data security.

IT departments have a big job on their hands

IT departments are protecting against internal and external security threats, adhering to regulatory requirements, and doing all this while maximising existing IT investments. Often with lack of resources and lack of bandwidth, is all of this even possible?

The short answer from Imprivata is Yes. Our mission is to make secure access to patient and clinical information simple through the strategic use of digital identity.

Imprivata’s Enterprise Access Management (EAM) has long been healthcare’s leading single sign on and authentication management solution. It provides fast secure access to devices, applications and workflows that clinicians need to do their jobs and provide efficient and effective patient care. Among a whole raft of capabilities EAM offers deep integrations with EPRs, and other clinical applications, to support fast, no-click application access. It supports re-authentication workflows for in-app authentication, break-the-glass medication administration, witnessing, and other workflows.

EAM connects users to all their devices, including traditional workstations, thin/zero client devices, mobile devices and medical devices. It also includes innovative authentication options. Things like proximity badges, facial recognition, phone-based tokens, even hands-free authentication. These authentication methods are particularly designed to meet the needs of modern healthcare workers.

In addition, EAM provides seamless access to national government systems, such as the NHS Spine.

Separate identities for local and national access

One of the key differences between clinicians in UK and Europe and the rest of the world is that they frequently have two identities. One for local system access at the hospital, and one provided for access to national systems, provided at government level. As already mentioned, these systems are accessed separately and create a significant additional overhead for clinicians.

National healthcare platforms were traditionally accessed using PKI and smartcards. This comes with clinical useability challenges, due to the technology involved. The trend that we are seeing now right across Europe is that these national platforms are shifting towards modern open standards, to keep pace with technology. This shift to new technologies opens a whole new world of useability and workflow potential, if appropriately deployed.

Imprivata has a strong track record of providing streamlined access to national healthcare IT systems. In 2016 we addressed smartcard usability issues for the NHS Spine. As a result, we delivered Spine Combined Workflow, which reduced the number of times clinicians need to insert a smartcard into a reader from 10/20+ per shift to just once.

In 2020, during the COVID pandemic when staff had to work remotely, they often didn’t have a smartcard reader at home, to access the national Spine system and physical smartcard issuance was problematic. Imprivata delivered a virtual smartcard to solve these hardware issues. This is our current product which simplifies access to national healthcare IT systems in the UK NHS market.

In 2025 – national systems are shifting from legacy PKI infrastructure to open modern standards such as the UK NHS CIS2 platform, based on OpenID Connect. This technology shift will bring change to the clinical workflow, and so, Imprivata will update its national access approach, leveraging this new technology, while still ensuring that seamless, secure access needs continue to be met.

Imprivata is in dialogue with multiple government bodies in the UK, and Europe, to ensure that we are at the forefront of development for these national systems. We plan to expand our UK national access offering to EU countries as it is required.

High assurance authentication - How Imprivata can help

High assurance authentication is a robust method, often using multi-factor authentication, that provides a high degree of confidence that the user attempting access is who they claim to be, crucial for securing sensitive data and systems. 

High assurance authentication will be a key requirement for accessing both local and national healthcare IT systems. However, most cyber security vendors continue to provide authentication modalities that follow the traditional model of one user, one device, one desk. This is not an effective healthcare model. When it comes to healthcare’s complex requirements including the need to share devices and for roaming (or follow-me) desktop workflows, Imprivata is uniquely placed to solve these needs.

Top Considerations for choosing an Authenticator.

Over time clinicians will need to access patient information with increasingly higher levels of assurance required. We are already seeing this mandated in many EU countries. Top considerations for choosing an authenticator should include:

  1. Does it work on all devices?
  2. Does it work on shared devices?
  3. Do you have to issue one device per user?
  4. Will clinicians have to carry an array of different authenticators for different solutions?
  5. Will clinicians have an array of software/hardware authenticators? Will that be confusing for them?
  6. Is the authenticator generic or specialised to healthcare workflows?
  7. Does the authenticator belong to a proven identity and access management suite specifically designed for healthcare?

To learn more about how new national healthcare IT systems are evolving, and the requirements for accessing them using more secure technologies, watch our on-demand webinar.