How the revolution in NHS Smartcard authentication is being driven by Virtual Smartcard from Isosec

You can discuss physical NHS smartcards with almost any NHS Trust to instantly get the picture... It’s a tale of how day to day life is made difficult by business process and management overhead from trying to issue physical smartcards to all staff: permanent and agency, in a world of ever-increasing estate size and technical complexity. Whether it’s how to issues physical smartcards to a cohort of new junior doctors at 4pm on a Saturday to how to replace lost cards in the middle of the night without compromising patient care – this NHS process was crying out for innovation.

Isosec has heard these scenarios (and worse) time and time again from customers and wanted to deliver the necessary innovation to improve efficiency whilst ensuring both security and the strong identity check remained vigilant. Having over 10 years experience with NHS authentication and a background in IT security, Isosec were ideally placed to work with their 50+ NHS Trusts who are using the tried and tested Isosec Identity Agent iO for authentication.

It was clear that customers wanted to keep all the great functionality that physical smartcards provided, yet need a more virtual and workable solution, where the physical smartcard could be replaced by a virtual one, kept securely in the cloud, and deliver fast, safe and seamless authentication and experience for users. It also needed to embrace and support new and upcoming functionality, like ePrescription and robot automation, which are both coming online later in 2018.

During the past year, Isosec combined the ingenuity of the development team with customer feedback to design, develop and deliver the Isosec Virtual Smartcard solution. After working closely in partnership with Barnsley Hospital NHS FT, the formal launch took place in January 2018. Since then, Isosec have six new NHS organisations on board, with many more adopting Virtual Smartcard in the coming months.

“Isosec and the Virtual Smartcard solution has solved a huge problem for us and has actually directly impacted our patient care. We’re getting nurses turning up, getting what they need to access systems straight away in the right place so that they can get on with delivering the care that they need to deliver. I highly recommend this technology to any NHS organisation.”
Tom Davidson, ICT Director, Barnsley Hospital NHS Foundation Trust

Virtual Smartcard addresses a multitude of inefficiencies the NHS is currently facing from managing physical smartcards. Issuing physical cards takes a long time and requires specialist printers for production. Common issues and inefficiencies around issuing physical cards arise particularly when recruiting. Clinicians have to travel around the Trust to register for cards so Virtual Smartcard is a big time saving for them as well as avoiding any unsafe workaround tactics like leaving cards in readers or card-sharing that can pose huge information governance risks to patient data.

So, what are the key components and why is the Isosec Virtual Smartcard so beneficial to the NHS?

Virtual RA
Smartcards are issued by a Trust’s Registration Authority. Issuing physical cards takes time and requires specialist printers. With the Virtual RA a manager can issue a Virtual Smartcard in the Virtual Smartcard Cloud where it is stored securely and never leaves. Other methods of authentication that can be easily associated with Virtual Smartcard include HR cards, AD accounts and even biometrics.

A Virtual Smartcard can be reset using self-service to avoid issues surrounding locked cards. After visiting the self-service portal, a user enters their NHS email address to which a reset web link is promptly provided. The linked page asks the user to answer security questions specified during registration. This allows the user to unlock their Virtual Smartcard and reset the passcode. Each reset saves approximately 30 minutes of clinical time and can be done whenever, wherever.

Every use of a Virtual Smartcard is audited, geotagged and digitally signed giving the Trust an unequivocal view of when and who authenticated, which apps were used and for how long. Spine clinical applications also show the actual Spine user details, not a generic name in the case of generic physical smartcard usage.

Virtual Smartcard requires two-factor authentication to national apps as per NHS standards known as eGIF level 3. As the Virtual Smartcards are cloud based, they are more secure as there is nothing for a user to lose or leave in a reader. In the event of smartphone loss, Virtual Smartcards can be instantly deregistered using the Virtual RA preventing any breach.

Please contact Isosec to find out more.

Event Diary

Exclusive research from the Public Sector Show 2018 takes the temperature of over 700 UK public servants, giving a picture of their views on the health of the nation’s public services.