Streamlining Windows and clinical application logon with the NHS Smartcard

Tweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

As part of our product roadmap, we are about to release our next iO product – iO Logon. I always get a little excited when we release something new and innovative, especially as it’s something I’ve wanted to do for a long time – make the NHS Smartcard able to log on to Windows and the Spine seamlessly.

First some history.

Back in the NPfIT days, we used to joke that Spine SSO (Single Sign On) was the only single sign-on system where a user had to log on twice – once for Windows with username and password (AKA AD Credentials) and then with a smartcard to access Spine clinical applications. This has been the norm for a long time resulting in delays for users wanting to get or update patient information or order tests.

We introduced Spine Session Persistence back in 2012 – the ability to keep clinical applications running even when disconnected from a virtual desktop, saving at least 30 seconds every time a user re-connected back to their virtual desktop. This helped in a big way to improve the experience for clinical users through integrating the technology better.

So, the current user experience goes something like – turn up to work, log in to Windows with username and password. Wait. Virtual desktop appears a few seconds later. Insert smartcard. Enter passcode. Select role. Clinical app starts. Wait. Wait some more. Still waiting. Clinical application now available. After some time using the clinical application, the user disconnects from the virtual desktop to return some time later. Log on to Windows again. Wait. Insert smartcard. Continue using clinical application.

Our vision is about enabling clinicians to do what they do best – treat patients using efficient supporting IT systems. Not the other way round of battling with IT systems to then deliver patient care.

iO Logon delivers just that – a fast and streamlined access to clinical applications.

The new process goes like this:

1. User walks up to a workstation and presents their NHS smartcard – either inserting it or placing it on a contactless reader

cf8g5o1d.

2. User is prompted for their NHS smartcard passcode – not their Windows username and password!

2w5vmw78

You’ll notice that there is a remember passcode tickbox meaning that user doesn’t need to enter it again until some policy defined period or event – simply presenting the card next time will allow them straight in.

And that’s it – the user is signed in to Windows and their Spine applications launch. Then, simply remove the smartcard and the user is returned to Step 1. Removing the smartcard disconnects them. Re-presenting the smartcard then simply gets them back to their applications where they left of – a matter of approximately 1 second.

From an administration point of view we’ve designed this to be as simple as possible. Registration for the iO Logon service is done by the user by simply enrolling their card when they present it for the first time:

7t7yootc

Obviously, there is still a management interface for setting up the various policies and de-registering cards, but that’s it.

One of the really great aspects of this new iO Logon product is around the analytics. As Edward Demming famously observed, “without data, you’re just somebody else with an opinion”. Which in the case of user log on time is very true. Just how long does it take to log on and get access to a clinical application? Isosec has his its own cloud based analytics platform that collects this information to give an unequivocal view. This view breaks down in detail to the individual aspects of the authentication process and how long it takes before the clinical app is ready. It also can show a macro view of all authentications for a particular user as well as across groups of users. This then allows bottlenecks to be identified and improvements made. I’ll discuss more about the analytics another time as we release more of our analytics roadmap functionality.

On a final note, iO Logon is part of an exciting and ambitious roadmap for iO. We are busy working through R&D for our next iO solution aimed at agency staff. More on that soon.

Leave a Reply

Your email address will not be published. Required fields are marked *