The NHS will run a series of trials piloting contactless smartcard readers that enable access to IT systems in hospitals without needing to be physically handled – reducing time and helping to prevent the potential spread of disease. The project has been initiated by the Department of Health’s IT service, Connecting for Health (CfH), which came into operation in 2005 and supports the NHS in developing computer systems and services. In conjunction with the 12.7bn National Programme for IT (NPfIT), CfH has issued a tender for smartcard readers requesting the delivery of up to 100,000 devices over a three year period with 20,000 readers to be delivered over the first year, and 50,000 across the second year. The initial 100-reader trial will take place at an undisclosed NHS trust and will not be publicised unless successful, a wise move for NpfIT seeing as another failed IT project would be a significant blow to their reputation.
Since its inception, the risk of IT equipment becoming a vector for infection in the healthcare environment has been a primary concern for the NPfIT. Unfortunately for the NHS the current devices and solutions available have shown limited degrees of success in reducing the risk of obtaining an unwanted virus. In the past, the medium of choice for communicating information within the NHS has been paper, which is virtually impossible to disinfect. Furthermore, it’s nigh on impossible to log and trace which patients or member of staff has been in contact with each piece of paper – thereby making it extremely difficult to locate the source of any paper-transmitted infection. It’s not surprising that one of the key objectives of the NPfIT is to eliminate much of the paper communication throughout the NHS, from primary care, all the way to pharmacy and secondary care.
The NHS has recently purchased NXP smartcards for all members of staff who work with the existing touch card readers. A CfH spokesman said, "We have been looking to acquire proximity smartcard readers for some time but the appropriate technology has only just become available. A key requirement is ensuring the product we procure is capable of being easily and effectively cleaned to prevent that piece of equipment from transmitting germs and bacteria."
It's a case of out with the old and in with the new. Previously, the NHS deployed CRS (Care Record Service) Gemalto smart cards, which required the user to place their smart card on a specially manufactured clean reader. Similar to a chip and PIN debit card, the smart card was printed with a staff member’s name, photograph and unique user identity number. Staff were granted access to confidential patient information based on their work and level of involvement in the care of the individual. While this improved the security of NHS records (allegedly) the risk of transmitting infection was still apparent, as although physical contact has been greatly minimised – sometimes it still occurred when the smartcard was placed on the reader. And that wasn’t the only concern. A recent survey conducted by the GP’s newspaper Pulse revealed that one in six NHS staff flouted the rules regarding confidential medical records, and shared smartcards. Despite CfH warnings that "disciplinary procedures should follow" if smartcards are used improperly, 5% of GP’s also admitted sharing their own smartcard.
Rumours around the Department of Health suggest the NXP SmartMX may be the likely candidate to acquire the tender. But does the SmartMX reader provide the desired solution for the NHS? The signs certainly look good. The reader is the first to have contact and contactless interfaces and is certified for use in the health sector, meaning phase-out of old technology can be gradual. The product can also be integrated into other smart card systems and enables physical and digital signature functionality. CfH will only place an order depending on the outcome of the trial, so it's in the interests of suppliers to get it right.
While NHS trusts move forward with contactless IT technology there are still a number of obstacles to be faced. There are still password issues with computer systems, as well as a lack of applications provided by NPfIT, many of which are not accessible with certain smart cards. Passport problems have been notoriously difficult to solve for NPfIT, due to the cost of implementation and the fact that local applications vary across each NHS trust in Britain. However, NPfIT has no choice but to push new IT projects and encourage development. Already four years behind initial targets, and rumoured to be over budget, the programme must make progress soon or face the possibility of a major re-evaluation or restructuring process. NHS chief executive David Nicholson told MPs that the NPfIT was at a "pivotal position". Speaking at a House of Commons Health Select Committee meeting, Nicholson said, "If we don't make progress soon we are going to have to sit down and think it through again. We can't go on and on like this."
The trials announced for contactless smart card readers can only be a good thing for the NHS. If successful, the project will greatly reduce the risk of infection. If unsuccessful, (which is just as likely!) the project could spell the end for NPfIT. It’s a considerable gamble. CfH officials believe it could take up to ten years to get arrangements fully nailed down. This serves as a timely reminder of how difficult the information governance of the health sector remains.
Tom Tainton – Smartcard & Identity News
Connecticut police caught a man who had stolen over $15,000 worth of digital currency in a mobile phone theft after he mistakenly sent an apology email to a det.....Read More
The Insider Data Breach Survey 2019 found that 95% of IT leaders acknowledged that insider threats were a serious concern within their business while 55% of emp.....Read More
A database containing sensitive information of about 90,000 German Mastercard "Priceless Specials" loyalty program members shared online following a breach disc.....Read More
Spear-phishing has overtaken ransomware as the number one driver of cyber security insurance claims, according to AIG.
Phishing, also known as business e.....Read More
Back in 2017, the U.K. government issued a tender to run a GBP 20 million Cyber Schools Programme as part of the National Cyber Security Strategy 2016-2021 crea.....Read More