How To Achieve 100% Smartcard Reliability

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

How To Achieve 100% NHS Smartcard Reliability

Do you long for the day when smartcards work perfectly or are even a thing of the past? Is it frustrating when smartcard authentication fails for no apparent reason? NHS Smartcard Reliability is a problem for many, but it’s not something you just have to put up with anymore.

We’ve been working with the NHS for fifteen years now and originated from an IT security background around smartcards and secure authentication. We have over 40,000 iO users (our smartcard identity agent) and as a result have seen thousands of local use-cases for the NHS smartcard, some hugely successful… some not so much.

If you’ve somehow wandered here by accident and aren’t sure what we’re talking about, NHS smartcards are similar to chip and pin cards that allow our healthcare professionals here in the UK to access the patient information that’s relevant to their role. Smartcard authentication is required for access to clinical applications – no smartcard authentication, no access.

Smartcard Failures

Historically, smartcards have been seen as a hindrance – they can slow down the process of clinicians getting access to a patient’s records in potentially critically time-sensitive situations, albeit in the name of security. But, they can fail to authenticate for what appears to be no explicable reason. Sometimes, it will fail two or three times and then just work.

This centres around the cumbersome and slow process but also because a physical smartcard with a physical reader can be prone to glitches.

Would it surprise you to know that up to 20% of smartcard authentications fail because of the physical nature of smartcards and readers? Although it may not come as a total surprise, I suspect most of you don’t know what the failure rate is in your specific trust?

If you use iO Identity Agent, you can find this out by visiting our Analytics Portal which we introduced in March last year. Analytics allows managers to view all the data that is passively collected through iO like which cards fail most frequently, or which devices and precisely how long each authentication takes.

 

What Can You Do About Your NHS Smartcards?

We repeatedly heard about smartcard frustrations from our users and as a result developed iO Virtual Smartcard. Virtual Smartcard solves both cumbersome and temperamental problems by virtualising the smartcard into the Cloud. When linked to a user’s Active Directory account, you can simply log in to Windows and become simultaneously authenticated. As the process is virtual, there are no physical gremlins to interfere with now defunct card or reader.

What’s more, our Analytics Portal can show unequivocal data of the much improved Launch Time (Windows logon to clinical application being ready) and also 100% reliability on Virtual Smartcard authentication.

You will find our Virtual Smartcard brochure on our website for more information and you can also contact us to request a demo.

Are Biometrics The Future For The NHS?

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

Biometric Technology in the NHS

After the huge launch at the Apple Event last night, everyone is talking about the leap in biometric technology to drop the fingerprint scanner in favour of facial recognition.

Biometrics are physiological reference points that are unique to every individual. The most commonly used are fingerprint and iris scanners, or facial recognition infrared technology.

It made us think here at Isosec, that fingerprint scanners are commonplace in all industries: Timekeeping sign-in systems are often fingerprint scanners, they’re used in HR and payroll and even some schools to take out library books; biometrics are widely accepted everywhere except the NHS.

As mounting economic and political pressure on the NHS forces IT leaders to adopt new technology to be more resourceful, one of the biggest worries is cybersecurity and the ways digital records can best be protected. Some Trust’s already use biometrics for restricted access areas and equipment. Could using biometrics to authenticate clinical staff be a sensible adoption for the NHS?

NHS Biometrics Iris Scan

What are the Advantages of Using Biometric Technology in the NHS?

  • Time Savings – In the NHS time is critical and by not having to waste time entering passcodes every time you authenticate, or having to reset your details with the registration authority more time can be spent on patient care.
  • Cost Savings – There would be no need for specialist printers or materials to print smartcards on, and no more buying smartcard readers. Smartphone’s are in everyone’s pockets and software could be set-up where code is shared with your personal device from the workstation and you authenticate using your biometrics on there.
  • Less Errors – Biometric data doesn’t change, so there’s less chance of duplicated records when you change your surname, or locked accounts when you forget or mistype your passcode.
  • Improve Security – Reduce reliance on secondary info like passcodes and high risk methods like smartcards that can both be shared or misplaced.
  • More Audits and Data – With new technology data is captured in real-time and can be easily shared and compiled to reveal new key learnings for an organisation which could be very beneficial to improving care in the NHS. Biometrics are unequivocal, providing clear audit trails for which users have done which tasks without wondering if a smartcard has been borrowed or passcode shared.
  • Integrated Care Pathways – If the NHS as a whole were to adopt biometrics as a patient identifier, for example, then those patients who are geographically shared by Trusts or have more complex healthcare in a range of settings could share their information more easily. With a biometric-accessed record a patient could take their health record with them wherever they go, be it social care, community care, or acute. They can also give consent to share their information in real-time, rather than waiting for paperwork to be processed.

Are Biometrics the Future of Cybersecurity in the NHS?

Whether the whole NHS will opt to use biometric data alone like Apple have done is hard to tell, the technology needs more thorough user testing first. Current NHS security standards demand dual authentication (e.g. a biometric plus a passcode) for an added layer of security, but as technology marches forward perhaps we will see a change in the UK’s digital healthcare technology, especially with the advantages stacking up. There is certainly no reason for Trust’s to wait to investigate their options, the technology is already here and waiting to be used to it’s full potential.

If you would like to talk to us more about our smart authentication products for the NHS please visit our website where you will find brochures and videos on our iO Virtual Smartcard.

5 Unsafe Workaround Tactics With The NHS Smartcard

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

Isosec and the NHS Smartcard

Okay, firstly there will be no naming and shaming here, so if you were hoping to see organisations with poorer processes than yours, shame on you. Cybersecurity is no joke, especially when it comes to the NHS smartcard and protecting patient data.

What we are going to share are five very real examples of unsafe working practices involving NHS Smartcards.

We’ve been working with the NHS for fifteen years now and originated from an IT security background around smartcards and secure authentication. We have over 40,000 iO users (our smartcard identity agent) and as a result have seen thousands of local use-cases for the NHS smartcard, some hugely successful… some not so much.

If you’ve somehow wandered here by accident and aren’t sure what we’re talking about, NHS smartcards are similar to chip and pin cards that allow our healthcare professionals here in the UK to access the patient information that’s relevant to their role.

Here’s five ways we’ve seen organisations abuse the power of the NHS smartcard.

 

 5 Unsafe Workaround Tactics With The NHS Smartcard

  1. Passcode strength – Pretty obvious one to start with, but setting a secure passcode really is important! We’ve had people volunteer that their passcode is ‘passcode’,‘1234’, even ‘doctor’. It may be quicker to type 1234 in a hurry, but it belittles the whole authentication process if you fail to keep your personal security standards high.
  2. Card sharing – Again, it might seem easy enough to pass your card onto a colleague when they’re in a hurry, but it’s hard to criticise cybersecurity standards of an organisation if individuals don’t adhere to explicit security processes.
  3. Leaving a cut card in a reader – Possibly the worst offender on this list, but sadly we have seen it in action! The explanation we were given was that Information Governance colleagues would regularly walk around and check on how things were running. In order to avoid detection of card sharing whilst still having quick shortcut access, one card was left in a reader and then cut off, so IG couldn’t see the card in the reader or even know that the behaviour was going on.
  4. Robot smartcards – By having a machine with a smartcard permanently in a reader which automatically logs in with a fixed passcode poses an IG risk and most trusts are completely oblivious to this. Our analytics dashboard highlights this behaviour straight away so it’s not something we see with iO.
  5. Single sign on passcode manager software – By using software to remember your passcode and have it key them in for you, you’re no longer using two-factor authentication, you take the security level down to just one factor, which doesn’t adhere to NHS security standards and doesn’t stop someone else jumping on your card should they pick it up.

 

What Can You Do About It?

Some people don’t think NHS smartcards are the best and from the list above it’s clear to see that there is some education around the issue of cybersecurity to be done generally. It’s a strong case for how sometimes poorly managed technology can hinder users rather than benefit them, but sadly there are often unsafe workaround tactics like these that harbour high risk behaviour.

However, we think when smartcards are used properly they do the job for the NHS and we’ve even developed ways to maximise the security and efficiency with them.

From our experience with IT departments in the NHS we listened to these extensive issues some Trusts have with the smartcard. From there we expanded our iO identity agent capability and iO Virtual Smartcard was created. There are a wealth of benefits to using our Virtual Smartcard product, but most importantly we built it to maximise the security around authentication whilst still addressing the user issues we have witnessed along the way.

By creating an innovative technology that meets both the practicality of everyday working practices as well as high-level security standards we hope to further the efficiency of the NHS whilst still maintaining the necessary safeguarding of patient data in the modern world.

NHS smartcard cybersecurity image of padlocks and code

To find out more about how to avoid these high risk behaviours in your organisation you can download our Virtual Smartcard brochure or watch our explainer video on our website.

Our Mindfulness Mountain Challenge

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

MIA Mental Health

2017 will see the launch of a new Isosec app, MIA Mental Health. MIA Mental Health is clinical mobile app to improve efficiency and patient care for mental health pathways. A rapid observations app is used to make observations on a tablet device, rather than on paper. Previously, notes had to be rekeyed into the Trust’s EPR, a duplication of tasks for the clinician and wasting valuable time. MIA Mental Health will sync notes automatically, use colour coded notifications to show which patients need attention, plus everything will be geotagged and digitally signed for better compliance and information governance. We have seen such amazing benefits and savings with MIA Maternity and hope that our current work with Mental Health professionals will benefit this area of healthcare in the same way.

To celebrate this good news, we’ve chosen Manchester Mind as our charity of the year 2017.

About Manchester Mind

Manchester Mind (registered charity number 1102058) was established in 1989. They are an independent charity providing support for 4,000+ people experiencing emotional or mental distress across our city.

In Britain in any one year, 1 in 4 of us will experience a mental health issue. Poor mental health can affect anyone – rich or poor, young or old, at work, within your family or circle of friends. It can shatter the lives of the people affected and the lives of those close to them.

Manchester Mind‘s aims are…

  • Address the effects of poverty, insecurity and poor physical health on mental health
  • Help people to manage their lives and to make positive choices with skill and confidence
  • Promote and create opportunities for people to contribute to their communities
  • Provide information and advice to people to meet their needs and raise awareness about mental health within our city

Their services tackle the root of poor mental health e.g. isolation, poverty, poor housing, lack of access to services, stigma and discrimination, lack of confidence and skills, or aim to help people to improve their quality of life if living with a long-term mental illness. Manchester Mind recognises people’s strengths and involve people in the services delivered to ensure they remain relevant and helpful.

Manchester Mind Logo

What We Hope To Achieve

In 2016 Isosec raised £1000 for last year’s chosen charity, Bliss. Through our work with Bliss we improved care for families with premature babies. Together we introduced a checkbox into our mobile app MIA Maternity so Midwives were reminded of the family’s specific needs. This year we hope to do the same for better mental health care.

We are climbing Scafell Pike in August to raise awareness and funds for Manchester Mind. It’s an uphill struggle and we want to challenge ourselves for those who struggle in day-to-day life with mental illness.

Our Mindfulness Mountain Challenge will be all about appreciating nature, exercise and healthy living through Mindfulness and we hope to use some of the techniques we’ve learnt from Manchester Mind to get us up that mountain!

Please donate whatever you can to support us with our challenge! Each member of the team is very passionate about this cause and we’re working hard to make sure the challenge is a success and Manchester Mind gains all the support they deserve. You can keep up with more of our fundraising adventures on Twitter @isosec.

How Digital Technology Improves Staff Satisfaction in the NHS

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

The staff are what keeps the NHS on its feet. They are the ones who ensure everything runs as it should, despite cuts to funding for services, despite having more complex health needs to treat, despite waiting on that long overdue pay rise. The NHS staff are the heroes of our healthcare system, they stay late after their long shifts, kindly talk patients through any concerns and are somehow able to stay calm while their establishment crumbles around them in an uncertain political and economic climate. As a result of this, staff satisfaction in the NHS is critically low.

In midwifery especially, for example, there is a huge concern over staff retention in the field, as is the case across several NHS disciplines. In the RCM’s 2016 Report ‘Why Midwives Leave’ it states that there is a current shortage of 3,500 midwives with an increase of around 100,000 births since 2002. A band six midwife has even seen pay decrease of £4000!

The same report and comprehensive survey states that the overarching reason for midwives leaving was due to staffing, workload and not enough time to spend with women to deliver the high quality care they needed.

What if there were ways that Trust’s could support their staff to deliver this higher quality care? By minimising unproductive tasks like unnecessary admin and travel, staff can spend time on what’s important and increase the time they spend doing what they trained to do – to help deliver care.

With our mobile digital solution MIA, we are increasingly finding that staff satisfaction is one of our top benefits.

Maternity iPad NHS

At one Trust last year, after a forward-thinking Lead Midwife and her community team saw the value of implementing efficient technology, and their Bradford score improved by 74%. Implementing MIA Maternity was not the only thing the team did, of course, they also improved Wi-Fi availability in their community hubs and introduced mobile workstations. But with a mobile solution like MIA, that works online or offline to complete clinical notes they are saving on average of 5 hours a week, per midwife; and the tasks they are cutting back on are the ones that make them unhappy at work!

This comes from not having to travel back to base at the end of the day to re-key paper notes into the Trust’s EPR, because MIA synchronises them transparently. It comes from not misplacing files or valuable forms because they’re digitised and accessible on a tablet device from anywhere, improving team information sharing. It means that midwives can now get home on time at the end of their shift, where before they had to fight over too few workstations back at base to type their notes up.

Very few, if any, NHS clinical staff do what they do because they want to spend time on admin, paperwork and getting stuck in traffic. These unnecessary tasks are stressful and stressed-out staff do not deliver the best care possible because they are worried about other things. By introducing smart technology like MIA a Trust is investing in its staff, giving them the best tools in order for them to deliver the best care.

It’s not just maternity that MIA can help with, any clinical paper process in the NHS can benefit from an agile development approach into a streamlined digitised solution. Check out our website to read about our other solutions, download brochures and find our more about improving staff satisfaction in the NHS. Any questions? Why not tweet us @isosec.

The WannaCry ransomware and how it (doesn’t) affect us

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

There’s been a great deal in the news over the past few days about the already infamous “WannaCry” (AKA “WannaCrypt”, “WanaCrypt0r”, “Wanna Decryptor” etc.) malware that’s spread like wildfire across the world, most notably infecting numerous NHS trusts. You may not already know that Isosec was built from a security background, we have cybersecurity expertise spanning 50 years. With this in mind we thought we’d let you know just what on earth is going on, how it might affect you, and how it, thankfully, doesn’t affect Isosec (despite the similarities in the name of other companies involved!).

What is it?

First and foremost we go onto the question that’s on most people’s minds; just what exactly is this thing? Well, “WannaCrypt” is a type of malware (malicious software) known as “ransomware”, which is software that will encrypt all of your most important files and folders, and then quite literally hold them ransom, asking you to make a payment in order to decrypt them for use (which more often than not is the worst possible thing you can do).

Now that the technical jargon is out of the way, a practical example. You receive an email with an attachment, you open this attachment and it runs a program on your computer, this program locks away all of your files with a password you don’t know, and then demands a sum of money in return for that password. Sound bad? It is! Ransomware has been around for many years in various forms, but what’s getting worse is not so much the programs themselves, but the way in which they spread.

In the case of “WannaCry”, the evidence thus far suggests that it’s capable of spreading across the entirety of a local network with ease, infecting every other computer on the network that isn’t up to date enough to protect against the vulnerability. Now if the “not up to date” part of that spiked your interest, that’s for good reason…

Staying safe

Whilst the usual security principles come into play here – always run an active anti-virus and keep a malware scanner to hand, don’t open unknown attachments, stay away from unfamiliar websites etc. – there is one that rises above all others in terms of importance; keep your computer up to date. The vulnerability in Microsoft’s Windows product that allowed the “WannaCry” attack to take place was fixed back in March of this year, meaning that the average computer was already safe by the time the attack began. But if you don’t regularly update – and don’t have automatic updates switched on – then you were, and possibly still are, at risk.

How this (doesn’t) affect Isosec

Due to the nature of Ransomware, attacks such as these are unlikely to affect us as a company. Our internal security policies keep us out of harms reach, and the fact we ship software rather than hardware means we’re not in the crosshairs of these sorts of attacks. But that doesn’t mean we can wash our hands of any responsibility, instead, it’s important to look at how we can help you to prevent these problems from happening.

Let’s use MIA Maternity as an example. MIA Maternity is completely offline-capable, and while that’s important for midwives who use our software in areas of limited or no connectivity, it’s even more important when a large scale cyber attack such as this one occurs.

This is because even though the Trust owned servers that hold the all important patient data might be compromised, the mobile devices remain functional, with a recent copy of all the patient data required to work. Midwives can continue to work without issue, and patient care isn’t compromised. Better yet, there’s no need to revert to older paper-based backups, midwives can continue to enter data into MIA Maternity, and it will be sent back to the server once the issue has been resolved by the Trust.

 

Here at Isosec we take security very seriously. It’s baked into how we make software, and is something on the minds of everyone here constantly.

Google Cloud Next London 2017

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

Introducing Google Cloud Next London 2017

Last week I was lucky enough to be able to attend Google Cloud’s annual “Next” event hosted in London’s fantastic ExCel exhibition centre. Peeling myself away from all of the exciting work going on around our newly announced Virtual Smartcard solution was difficult, but for a developer and technology enthusiast such as myself the event made for an exciting opportunity, and I couldn’t wait to see what Google’s Cloud Platform (GCP) had in store for a forward-thinking tech company like Isosec.

Banner for Google Cloud Next London

First and foremost however, a little background. GCP is well known amongst both Google and cloud enthusiasts alike, and has been around for a little over half a decade, with some of its individual components long predating that. It comprises some well-known cloud-based technologies such as BigQuery and App-Engine, some consumer grade facilities like Google Docs and Drive, and far more that even I – a self-confessed Google addict and cloud enthusiast – had never heard of.

Why were they doing this?

But Google have – in my opinion – been having a bit of a problem with their cloud efforts, and it comes in the form of the other well-known cloud platform currently on the market. See despite how well Microsoft’s Azure is currently regarded, and how much they’re incentivizing it financially, there simply isn’t anyone as well known in the industry as Amazon with their infamous AWS. You’ll hear about it all over the web, see it on the news, encounter it daily – even if you don’t realise it – on a tremendous amount of your favourite websites, and even run into it on popular TV shows like Mr Robot and Silicon Valley. It’s everywhere you look when it comes to the cloud, and that’s exactly what Google are trying to change.

GIF of Silicon Valley scene featuring Amazon AWS reference

AWS have frequently features in tech TV shows like HBO’s Silicon Valley

Cue Google Cloud’s Next event, where Google’s enormous marketing budget meets its tremendous technology advancements to provide something truly special. Over the course of two days – three if you took part in any of their paid bootcamps – this free event offered over 50 “breakout sessions” where the experts behind the tech demonstrated their offerings to small-ish groups ranging from tens to hundreds, or in the case of the keynotes, thousands. Of course, when you weren’t in one of the many dedicated rooms, a typically Google experience meant there were VR demonstrations, partners such as Intel, Accenture and plenty of others showcasing their various products, and the kind of free gourmet food and drink on offer that made you forget you weren’t spending the day in the company’s famed Googleplex.

Setting all the fanfare aside however, let’s get down to what’s important…

The technology

Whilst the GCP has been around for several years, its pace of innovation and change meant that almost everything felt brand new, or at least heavily polished. There was a big focus on their various levels of cloud technology, from the simplistically designed Cloud Functions to the more complex Compute and App Engines, and a huge push for their Spanner database technology and the overall architecture of their platform. This was truly an opportunity for Google to say “Here’s what we’ve done, and here’s why it’s better”, and they certainly didn’t disappoint.

Photo of main stage at Google Cloud Next London 2017

“Go big or go home” is definitely a motto at Google

Helping them get the message across were several high profile partners, some of whom featured in some of the various breakout sessions held throughout the event. Lush’s head of technology Ryan Kerry gave a fantastic talk about their migration to GCP and how they achieved it just in time for the Christmas rush, and VFX giants MPC did an incredible demonstration of their use of GCP to aid in the creation of some of Jungle Book’s awards winning animated sequences. Google did also reference Niantic, who had a famously poor launch from a technology perspective, but then I think you’d struggle to pin the blame for that on Google or the GCP.

GIF showing pre and post-animated scenes in the Jungle Book movie

MPC made use of GCP’s offerings when animating Disney’s Jungle Book

APIs are still king

What I found arguably most impressive however was not the flashy products or the big-name partners, but the APIs. Though already well known for its production and maintenance of APIs – when was the last time you used a website that didn’t have a Google Map embedded, or the option to translate its contents to a foreign language using Google Translate – Google are now looking to make the most of machine learning, artificial intelligence and the power of its infrastructure to conquer new areas. Particularly impressive were its demonstrations of its Data Loss Prevention API for understanding and automatically redacting sensitive information, Image Processing API for recognising the objects, facial expressions, locations and much more of both photos and videos, and their natural language API, which made the bane of most feedback forms – open ended questions – a cinch to analyse.

Photo of the Eiffel Tower in Las Vegas

If you thought this was a photo of Paris’ Eiffel Tower, then I’m afraid Google’s Image Processing API is smarter than you (it’s actually the one in Las Vegas)

Google being Google

Of course, it wouldn’t be a Google event if there weren’t some fun aspects, and whilst there were no slides or multi-coloured bicycles to help you get around, there were still a few elements of Google shining brightly through. The “Quick, Draw!” stand drew crowds of people – who evidently didn’t realise they could play online any time – and the Kubernetes “Whack-a-node” game gave a really fun take on high availability and service rebuild times, something I think most companies would struggle to do. Collaborative white boarding application Jamboard also got plenty of attention, and so too did Google’s Daydream VR headset, which had an unsurprising queue of people for the entirety of the event.

Output of Google's photo recognition API

The facial recognition API isn’t quite there yet, but it’s getting close!

Photo of attendees playing Google's "Quick, Draw!" game

Google’s “Quick, Draw!” stand garnered a lot of interest

All in all it was a fantastic event. Google put on one hell of a show, and struck a near-perfect balance between technical demonstrations and higher level overviews. They even managed to do the entire thing without it seeming like too much of an advertisement – which of course, it was – and that alone is a fairly impressive achievement. For a Google fan such as myself, it was a privilege to be able to attend, and the new technologies and concepts I was exposed to will be featuring in Isosec products very soon.

Introducing: iO Virtual Smartcard

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

Isosec’s iO Virtual Smartcard

We’d like to introduce the latest innovation from Isosec – iO Virtual Smartcard, the smart NHS identity agent.

Virtualising your NHS smartcard into the cloud means you can access it using a more convenient form of authentication, like your smartphone. iO Virtual Smartcard works with your NHS issued HR card, an RFID tag or even a biometric like your thumbprint.

With iO Virtual Smartcard you can walk to up to any desktop, scan a QR code with your smartphone, enter the passcode and you’re authenticated to use clinical applications.

Cool, right?

iO Virtual Smartcard by Isosec

Challenges without iO Virtual Smartcard


iO Virtual Smartcard addresses problems the NHS is currently facing with managing smartcards.

Smartcards are issued from your Trust’s Registration Authority (RA). Issuing physical cards takes a long time and requires expensive specialist printers for production.

Junior Doctor Intake
Taking on a new cohort of junior doctors, for example, becomes a logistical and resource-intensive undertaking. RAs travel to different locations to process new starters where they set up the RA system and printer and process each doctor one by one.

Agency Workers
A common approach with Agency Staff is to issue generic smartcards and distribute them across departments. When needed by an agency worker, a manager has to reset the passcode of an existing ‘pool’ card and update a spreadsheet with the agency worker’s details. After the shift is over, that agency worker should hand the card in. The manager then has to repeat the process of deregistering the card and updating the spreadsheet.

This process is inefficient and high risk for your Trust. In clinical system records, for example, details often read “Agency Worker 31291” instead of the specific agency worker’s name. This is usually resolved by reverting back to the spreadsheet for clarification, assuming the process was followed and records are up to date.

This longwinded process for a simple task creates a serious Information Governance issue and wastes valuable staff time that could be better spent elsewhere.

Smartcard User Woes
Smartcards can be a general inconvenience post-registration, especially if you accidentally lock your card. When this happens, you probably have to track down the RA, which may be on a different site or even unavailable in the middle of the night. You sit together whilst the RA unlocks your card. This re-registration is at least 30 minutes of valuable clinical time lost.

Isosec Virtual Smartcard QR Code Desktop

iO Virtual Smartcard


Isosec’s iO Virtual Smartcard leverages the strength of the existing RA process and eliminates the inefficiencies illustrated above. Known as eGIF Level 3, Virtual Smartcard mandates a strong identity check of the person requesting a smartcard.

  1. Once the user’s identity is asserted, the RA issues a virtual smartcard instead of a physical one. The virtual card is created in the Virtual Smartcard Cloud.
  2. The user downloads the Virtual Smartcard Authenticator App on their smartphone straight from the app store.
  3. The RA enrols the user’s smartphone for use with the virtual smartcard using a QR code displayed on their virtual smartcard portal.
  4. The user scans the QR code with the Virtual Smartcard App, enters their passcode on the smartphone and they are enrolled and ready for use… It’s as easy as that!

iO Virtual Smartcard using a smartphone
After the Virtual Smartcard is set up as above, it’s ready for everyday use. The user simply clicks Login on the iO identity agent on any workstation: Scan the QR code with the Virtual Smartcard app, enter passcode and authentication completes. iO will also launch any Spine clinical applications if configured to do so.

Please note that this is still two-factor authentication – something the users knows (the passcode) and something they have (the enrolled smartphone).

A user can still insert a physical smartcard if they wish – iO works with both physical and virtual smartcards.

Using the Virtual Smartcard using an HR card
Alternatively, an HR issued NFC card can be enrolled for use with the user’s Virtual Smartcard. In much the same way that a physical smartcard can be used with NFC, as can the HR card.

Self Service
Virtual Smartcard can be reset using self-service to avoid previously mentioned issues surrounding locked cards. After visiting the Self-Service Portal, a user enters their NHS email address to which a reset link is provided. The linked page asks the user to answer at least two security questions specified during the registration process. This allows the Virtual Smartcard to be unlocked and the passcode reset.

Each reset saves approximately 30 minutes and can be done whenever, wherever.

Security
As the Virtual Smartcard is held in the cloud, there is nothing to physically lose, share or leave in a reader. The Virtual Smartcard technology is improving a previously complex process, so compliance and risk are greatly improved. Users no longer have to battle the technology to do their jobs, they work productively together.

Analytics
The Virtual Smartcard Cloud service is built into the Isosec cloud-based analytics platform. With Virtual Smartcard it is easy to track when, where and how each Virtual Smartcard is used. This enables Trusts to learn from best practice and identify where any issues may arise. It also provides a rich set of data on how Spine applications are used; data which has not been readily available before. Isosec Analytics also enable Information Governance audits at the touch of a button.

Benefits

  • Enables the use of devices that don’t have a Smartcard reader e.g. an iPad using a virtual desktop client, or users working from home
  • Simple to adopt, solving the Information Governance issues with agency staff, bank smartcards and lack of traceability
  • No generic cards in the wild
  • Audits and analytics available at the touch of a button
  • Enables rapid access to systems for new starters or temporary/agency staff once they have a virtual card – managers can authorise their access via a management console
  • Provides a much improved user experience by enabling self-service reset of passcodes, thereby avoiding periods where cards are locked and can’t be reset due to unavailability of RAs

Future Use
Future plans for iO Virtual Smartcard include using other authentication methods. We are always looking to improve the iO Identity Agent and RFID tags and biometrics (e.g. fingerprint and iris) will be added. Authentication methods will be policy driven by individual Trust preference.

Using Virtual Smartcard for other purposes is also under consideration, like the possibility of Two Factor Authentication (2FA) for remote access over the public internet. Virtual Smartcard streamlines the authentication process by using a single two factor authentication from any device for internet access, Windows AD logon and Spine authentication for access to clinical apps.

Release Date
A number of pilots began in April 2017. A full case study with benefits realisation and business case process will be available soon. To register your interest and request a demo please visit our website or email info@isosec.co.uk and quote this blog. Virtual Smartcard will be readily available to all existing and new iO customers from June 2017. Please visit www.isosec.co.uk to download the iO brochure for information on our other Identity Agent software. You can keep up to date with the release by following us on Twitter @isosec.

Isosec Announce Charity of the Year 2017

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

MIA Mental Health

2017 will see the launch of a new Isosec app, MIA Mental Health. MIA Mental Health is clinical mobile app to improve efficiency and patient care for mental health pathways. A rapid observations app is used to make observations on a tablet device, rather than on paper. Previously, notes had to be rekeyed into the Trust’s EPR, a duplication of tasks for the clinician and wasting valuable time. MIA Mental Health will sync notes automatically, use colour coded notifications to show which patients need attention and will be geotagged and digitally signed for better compliance and information governance purposes. We have seen such amazing benefits and savings in time and money with MIA Maternity and hope that our work with Mental Health professionals will benefit this area of the NHS in the same way.

To celebrate the launch of MIA Mental Health and show how excited we are to start helping the people who help mental health patients, we are partnering with local charity Manchester Mind as our Charity of the Year 2017.

Manchester Mind Logo Mental Health Charity

About Manchester Mind

Manchester Mind (registered charity number 1102058) was established in 1989. They are an independent charity providing support for 4,000+ people experiencing emotional or mental distress across the city. They are an affiliate member of (national) Mind and adhere to its quality standards, but are not a local branch of Mind, and receive no core funding from Mind.

In Britain in any one year, 1 in 4 of us will experience a mental health issue. Poor mental health can affect anyone – rich or poor, young or old, at work, within your family or circle of friends. It can shatter the lives of the people affected and the lives of those close to them.

Manchester Mind‘s aims are…

  • Address the effects of poverty, insecurity and poor physical health on mental health
  • Help people to manage their lives and to make positive choices with skill and confidence
  • Promote and create opportunities for people to contribute to their communities
  • Provide information and advice to people to meet their needs and raise awareness about mental health within our city

Their services tackle the root of poor mental health e.g. isolation, poverty, poor housing, lack of access to services, stigma and discrimination, lack of confidence and skills, or aim to help people to improve their quality of life if living with a long-term mental illness. Manchester Mind recognises people’s strengths and involve people in the services delivered to ensure they remain relevant and helpful.

What We Hope To Achieve

In 2016 Isosec raised £1000 for last year’s charity, Bliss. Through our work with Bliss we improved care for mum’s with premature babies. Together we introduced a checkbox into MIA Maternity so Midwives visiting were reminded of the family’s specific needs. This year we hope to do the same for better mental health care. Please follow us on Twitter @isosec to keep up to date with our fundraising adventures and find out more about Manchester Mind.

Isosec shortlisted for two awards already in 2017!

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

We’ve really started of 2017 with a bang here at Isosec, with lots of plans to continue the momentum throughout the year.

We are very proud to announce that we are shortlisted in the 2017 British Journal of Midwifery Awards for Innovation in Practice with Shereen Nimmo, Lead Midwife from Imperial College Healthcare NHS and her community team. Shereen’s team was the pilot site for our clinical mobile app MIA Maternity, and they have completely transformed their community service delivery for women in London with better digital provisions; saving costs from previous inefficiencies, resulting in better care and outcomes for women, as well as increasing their home birth rate and breastfeeding mums.

BJM Awards 2017 Finalist

Isosec and Imperial have also been shortlisted for the HSJ Value in Healthcare 2017 Awards for the second year in a row in the Obstetrics and Gynaecology category, also for mobile app MIA Maternity. We are thrilled to be involved in the HSJ Awards again, and pleased that the panels for both awards can see the real value of digital transformation and recognise the savings and better patient care it can deliver.

HSJ Awards 2017 Finalist

Be sure to follow us on Twitter or here on the blog to find out whether we scoop an award! We have some new products launching in the immediate future, so it’s a very exciting time here at Isosec indeed! To find out more about MIA Maternity you can watch our short animated video or the full case study video at Imperial College Healthcare NHS.