David Hancock, co-chair of INTEROPen, recently penned a blog about the clear benefits of open standards and the challenges of delivering them. He remarks at the end of the blog: “Open standards are vital for opening up the NHS for system vendors, but also citizens whilst building a far healthier and collaborative environment for IT development.” This is a statement that we at Imprivata wholeheartedly agree with. Our focus is on how to turn the academic vision for an open standards utopia into actionable elements that organisations can implement today and tomorrow to improve the lives of our clinicians on the front line.
Moving to a level playing field
Open standards provide a level playing field to vendors of all sizes to work with the NHS, providing solutions that will work as expected. Adopting open standards helps to ensure that different systems work well together, and it is this knitting together of systems that will allow the NHS to benefit from the best-of-breed solutions that may address a very specialised area, while at the same time, enjoying the economies of scale when multiple departments are able to use the same system, an electronic patient record system (EPR) for example. This linking of systems to the EPR should lead to the fabled ‘one version of the truth’, something that is often more difficult to achieve than it sounds (or indeed should be) in the digital age.
The power of shared data
Jocelyn Palmer, Director of OneLondon, discussed how patient data shared between care organisations can help to save lives by providing crucial information, that also has context, in an emergency. She provided examples where, on a day-to-day basis, sharing information means that patients receive better care from more informed clinicians. This openness also provides flexibility and enables Trusts to pivot as necessary, because the same data can be used to populate different systems.
So, the stakes are high, and so too are the benefits if we can get open standards and an ethos of openness throughout the systems used by the NHS. Sharing data, however, brings with it another challenge, and that is of protecting that data and patient privacy by ensuring that it doesn’t fall into the wrong hands. The recent cyberattack on two London Trusts that affected the pathology lab had hugely disruptive consequences where operations were cancelled, and patients had to be redirected to other hospitals. This is not an isolated case. The HSE in Ireland was subject to an attack from which it is still recovering, and there are numerous other notable cases.
Protecting critical infrastructure is crucial
As the NHS moves towards adopting open standards such as the updated NHS Care Identity Service, known as CIS2, the general direction is one where cybersecurity is becoming even more important. Legislation that is not directly applicable to the UK, like NIS2, which affects EU countries and comes into force this October, is worth watching because, in order to deal with EU partners, many UK businesses will also need to comply, and our own UK legislation is likely to mirror it.
NIS2 deals with the protection of critical and important infrastructure, which includes healthcare, government and public administration, critical infrastructure, finance, telecommunications, as well as new sectors including food production and distribution, chemicals production and distribution, and high-tech manufacturing. Coverage has also been extended within individual sectors, so for example, the directive now extends beyond just hospitals, with diagnostic laboratories, medical device manufacturers, pharmaceutical companies, and other life sciences organisations providing basic medical products and services also having to comply with the new directive.
Streamlining cybersecurity processes
The other perennial challenge is making cybersecurity transparent to the end user. Clinicians and care providers have enough on their plates without having to wrestle with technology every time they need to interact with patient information. While technology is a wonderful enabler when done right, all too often clinician and patient needs are overlooked resulting in a suboptimal solution. It is crucial that clinician and patient needs should guide the use and implementation of any technology, including cybersecurity. Interoperability is seen as the future, but NHS trusts still have legacy apps and in many cases, paper. We must balance these needs carefully.
Opening up access to data
At Imprivata, we are committed to interoperability via open standards and can provide single sign-on to all web applications. We are currently working with NHS England to integrate with the new CIS2 service in England, to provide continued Spine access for all users, and we are a member of INTEROPen, and take an active participation in INTEROPen events.
Another recent initiative has been to commission a report by research analyst IDC that discusses the fundamental role of technologies such as Identity and Access Management (IAM) as a key pillar of cybersecurity and compliance within NIS2. The paper covers:
- The strategic importance of digital identity and the trend towards security platforms
- Why organisations struggle with authentication and access controls
- The optimal way to apply consistent and robust identity security controls across an enterprise
Download your complimentary copy of the IDC Report here