NHS Scotland Digital transformation – right data, right people, right place

Andrew Harrison, Principal Product Manager, International at Imprivata

Identity and access management is a key element in bringing NHS and social care workforces together, and enabling the secure sharing of information for better patient outcomes. Andrew Harrison, Principal Product Manager, at Imprivata discusses how such technology underpins the digital journey, and how enabling fast access to patient information supports clinicians while safeguarding data.

With cost pressures increasing on all NHS Scotland healthcare services and the need to “deliver more for less”, digital is seen as a key tool to help drive efficiencies and greater productivity. Inefficient IT can become even more of a burden than no IT at all and lead to core activity taking longer, impacting those key areas that need to be addressed. However, when deployed well, the broader adoption of digital platforms drive efficiency and higher productivity. Removing barriers by streamlining the experience of the clinician at the point of care, reducing the time taken to access clinical applications and the data they contain can be a true enabler to better patient care. Indeed, NHS Scotland's Care in the Digital Age: Delivery Plan emphasises the importance of digital transformation in healthcare.

As Jonathan Cameron mentions in the HTN Special Report: Digital and Data across Scotland, a key focus is bringing the workforce along for the digital journey. Accessing applications that clinicians need to do their job should be as transparent and easy as possible, for example, a simple badge-tap to open a patient record or a clinical application. A Once for Scotland policy in this area would ensure that every clinician, nurse, allied health professional and social care worker would access patient information in exactly the same way, from any location, delivering economies of scale as well as a better experience for healthcare workers.

Single digital identity – standardised approach for NHS Scotland

To make this approach a reality, each NHS employee would have a single digital identity, which they would authenticate against for all needs. This makes usage of secure, highly versatile and healthcare focused authenticators a top priority. Within this digital identity, employees are provided with role-based access, so depending which job they are performing, in which location, they have seamless access to the applications and records they need for that role at that point in time.

Using role-based permissions when onboarding new staff can reduce provisioning times from days to just minutes. As well as ensuring that clinicians, locums, or student doctors on rotation are able to hit the ground running as soon as they start work in a new location, it also saves considerable time for stretched IT staff who are freed up for more proactive work.

Role-based access supports staff mobility, enabling NHS staff to work across departments and even across different organisations, without the need to be reprovisioned each time, or to use a different form of authentication.

Time saved, user adoption of digital workflows boosted

This reduction in friction for end users when using technology not only saves huge amounts of time (numerous studies cite savings of 30 – 45 minutes per 12 hour shift), it also significantly reduces frustration, and consequently, clinician burnout.

Another significant benefit is increased user adoption for digital technologies. By making access fast and easy, saving users time, they are far more likely to adopt new workflows more enthusiastically. A prime example is the use of connected medical devices, such as those used to take vital signs for the calculation of early warning scores, and the new Hospital Electronic Prescribing and Medications Administration (HEPMA) which is being rolled out across Scotland. While improving hospital efficiency HEPMA also better safeguards both patients and clinicians, because there is a clear audit trail of who prescribed what for which patient and when.

Safeguarding systems and patient privacy

Safeguarding data and patient privacy are key tenets for digital transformation to be successful, and bring cyber security into sharp focus. Managing user access more closely, avoiding the use of general login accounts or sharing of credentials (sticky notes with passwords left in full view) and enabling fast user switching so that there is no need to share logins provides a full audit trail. It also reduces the likelihood that privileged accounts will be used for nefarious purposes, either deliberately, or because an account has been hacked.

Strong management of privileged accounts, including those of vendors and partners. is a key component for NIS2 compliance, ISO27001, CIS Controls and Cyber Essentials Plus. This helps to thwart cyber attacks because it limits the damage that a potential hacker could do should they successfully gain access to a system.

Imprivata technology is already in use in health boards across Scotland and the rest of the UK and Ireland. For more information and to calculate just how much time you could save with Identity and Access Management software please visit: https://www.imprivata.com/uk/roi/imprivata-onesign#roi-for-single-sign-on