4-page Case Study - Posted 11/15/2007
Views: 556
Rate This Evidence:
London Healthcare Trust Gives GPs Secure Remote Access to Patient Data
Kensington and Chelsea Primary Care Trust (PCT) is the NHS body responsible for general practitioner (GP) services for 190,000 people in central London. GP systems now have to meet stringent standards to ensure that they will integrate with those installed under the National Programme for IT in the NHS. The PCT commissioned a pilot study to compare two options, pitching a Cisco firewall against Windows Server® 2003 running Microsoft® Internet Security and Acceleration Server 2006. Hytec Information Security, a leading independent IT solutions firm in the United Kingdom, concluded that only the Microsoft technology met all the project requirements for security, ease of operational management, and remote access by GPs to their patients’ confidential data.
Situation
Kensington and Chelsea Primary Care Trust (PCT) is the NHS body charged with making improvements to local health services across the Royal Borough of Kensington and Chelsea in central London. It serves a population of 190,000 people. The PCT works with general practitioner (GP) practices, the local authority, and hospital trusts to enhance the efficiency of local health services, and to make them more accountable to the patients and communities they serve.
PCTs bring together GP services and community health services such as health visiting and district nursing, thereby delivering better integration of services. GP systems now have to meet stringent standards in IT to ensure that they will integrate with those installed under the National Programme for IT in the NHS. Following full implementation of a government directive from 2003, the PCT has taken control of the delivery of IT services to the 44 GP practices within its jurisdiction, as well as 15 other primary care sites. To provide a support and management service, suppliers require electronic access to the systems that reside within the GP practices through the NHS broadband network N3.
But N3 is an “untrusted environment” with a nationwide user base of 1 million in which there is a key concern about the security of person identifiable data (PID). PID contains sufficient information to be able to identify it as belonging to a specific patient. Government guidance from 2003 dictates that PID “must not be transmitted in the clear across N3,” thereby requiring all access to PID through N3 to be adequately protected from the untrusted environment.
A second challenge was related to management and support. GP Systems of Choice, a national initiative to give GPs a choice of clinical systems, has given PCTs responsibility for delivering management and support services to GPs. The PCT also wanted GPs and practice staff to have remote access to their practice systems.
Hytec Information Security, a leading independent IT solutions firm based in the United Kingdom, was involved in finding a solution for Kensington and Chelsea PCT to best manage and audit all GP system access through secure, encrypted communications. Its client base includes the IT departments of local authorities, residential social landlords, and emergency services, as well as NHS trusts and PCTs. Alan Hunt, Technical Director, Hytec Information Security, says: “After detailed discussions with Hytec and a range of stakeholders in the borough, the PCT decided to proceed with a pilot study to fully evaluate two viable options—from Cisco and Microsoft—to resolve the GP site access and security issues identified in our analysis.”
Solution
In August 2006, the two options were both tested in a live GP site environment in collaboration with the relevant GP systems supplier and N3. The first option was to implement a Cisco PIX firewall at each GP site in the borough. The other used Windows Server® 2003 running Microsoft Internet Security and Acceleration Server 2006, although initially it was trialled with Microsoft Internet Security and Acceleration Server 2004. The PCT technical requirements are outlined as follows:
- Establish secure communications between the GP sites and the PCT through N3 to ensure safe transfer of PID between the PCT and GP practices.
- Compliance with information governance standards from NHS Connecting for Health, the agency in charge of “digitising” the NHS.
- Extend the reach of the PCT Active Directory® directory service into the GP sites to ensure the efficient deployment of PCT technology systems that will support GP practice-based commissioning, which is being developed on Microsoft Office SharePoint® Portal Server 2003.
- Provide a route for centralised support and administration of the GP sites’ ICT systems from the PCT by PCT technicians and their service partners.
- Offer a pathway and mechanism for the ongoing management and deployment of antivirus and software updates.
- Deliver a method of reliable backup and restore of GP systems, which in Kensington and Chelsea come from three different vendors, controlled by the PCT.
Hunt says: “The Microsoft solution delivered all of the PCT’s identified requirements, but it also did more than just provide the information for the security regime that was required between the N3 network and the GP, and now onto the PCT. It also created a point of presence that could connect into the GP site, which could be controlled by the PCT.”
Notable deficiencies in the PIX firewall solution, according to Hytec, included lack of remote access functions, lack of onsite GP systems backups, and the inability to extend the PCT domain into the GP site.
In a second phase of the project, the PCT plans to examine routing all access to the Internet from GP sites through the PCT blue code system, which then monitors and filters all Internet access and reduces spyware and software attacks.
Benefits
GPs in Kensington and Chelsea now enjoy far better and more responsive IT support. They no longer need to wait for individual engineers to visit their practice to handle antivirus or software updates. Routine work that formerly took hours now only takes minutes. GPs and practice managers can access their desktops with the flexibility to access PID from remote locations without security worries.
Remote Working Helps GPs Improve Patient Care
With the Microsoft solution, GPs working in Kensington and Chelsea can access systems within their practices from remote locations in a secure manner either through the Internet or wireless technology.
PCT IM&T Manager Iftikhar Din, says: “With remote access, GPs do not need to return to their practices to consult patient data or clinical notes—as a result, they can spend more time with their patients. They can enjoy much greater flexibility secure in the knowledge that patient confidentiality is not at risk.”
Hunt adds: “If the Cisco solution had been selected, this service would have required additional funding. As things stand, the Microsoft solution is providing many benefits in addition to the installation of a simple firewall, and that’s where the added value lies.”
Technicians Manage Software and Antivirus Updates Centrally
The GP systems within the jurisdiction of the PCT were previously managed by 10 engineers visiting each of the practices on a regular basis to implement software and antivirus updates. Although located in a geographically compact urban borough, the support desk system generated inefficiencies, cross borough travel, and often resulted in unnecessary downtime.
Din says: “All computers controlled by the PCT in GP practices are now being centrally managed from a central site. It is much easier to make sure that the antivirus software and all other relevant upgrades are up to date. What used to take hours, plus time to organise and travel time, now takes minutes.”
All GP Practices Achieve Highest Level of Compliance
The PCT is striving, through the Microsoft project, to bring every GP practice up to the same high level where IT tools and security of patient data is concerned. Din says: “With the GPs linked into the PCT core network, we can decide what updates go to which practices. All this is done remotely without downtime and we can also inventory the software at the GP practices so we know exactly what is out there.”
GP practices in Kensington and Chelsea serve a highly mobile population and patients and staff often move between practices. Din says: “Every practice when the implementation work is completed will have a standard configuration on its site. We are standardising the infrastructure so if practitioners or nurses move between practices they will find exactly the same ICT tools wherever they work.”
Data Quality and Training Improves at Doctors’ Surgeries
The improvement of data quality at GP surgeries in Kensington and Chelsea, as a result of the Hytec-led project, is helping the PCT meet national targets within the NHS. The value of high quality patient-held information has never been so important to the NHS.
Din says: “Data quality is crucial and the availability of complete, accurate, and timely data is important in supporting all the current NHS strategies, including the modernisation agenda, national service frameworks, clinical audit and governance, and clinical and performance indicators.”
Good quality data is vital to the performance and management of the activities of a PCT and Kensington and Chelsea is no exception. It is also helping the PCT to assess the ICT training needs of GP practices and benchmark their levels of computer literacy.
GPs Gain Overview of Patient Journey Through PCT
GPs are now connected to the PCT community information system, which is hosted centrally, and, as a result, have an overview of their patients’ journeys through the different services at the PCT.
Din says: “We are now getting a read-only view on the community information system so that GPs will be able to track where their patients have been. So we’ve got a project where a GP can input an NHS patient number and view all the activity for that NHS number on our community system.”
Previously, all such searches were performed manually and often required an IT technician to visit the practice to manage the search. “GPs were getting fed up with having to request searches in different departments and often made overlapping searches,” says Din. “Now, we only need to make an information request once, instead of many times.”
For More Information
For further information about Microsoft products and services, please visit
www.microsoft.com/uk
or call 0870 60 10 100*
For hearing impaired customers with a Minicom, contact: 0870 50 30 400*
*Lines are open 8am–6pm, Monday to Friday. Please note, numbers prefixed 0870 will be charged at national call rates. For details of national call rate charges, please contact your telecommunications provider.
For more information about Hytec Information Security Limited products and services, call +44 1865 887428 or visit the Web site at: http://www.hytec.co.uk/
For more information about Kensington and Chelsea Primary Care Trust products and services, call +44 208 962 4656 or visit the Web site at: http://www.kc-pct.nhs.uk/
Microsoft Server Product Portfolio
For more information about the Microsoft server product portfolio, go to:
www.microsoft.com/servers/default.mspx
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published November 2007
