‘No smartcard’ Spine apps on way: HSCIC
- 21 January 2016
NHS staff will soon be able to get mobile access to the NHS Spine without the use of a smartcard.
The Health and Social Care Information Centre is developing a mobile access project called CIS Mobile that will enable applications to be developed against a security framework that meets the requirements of the Spine. Users of these applications will be able to access Spine data without a smartcard.
The HSCIC has also piloted a specific mobile application, called Oxygen, for the Apple iPad, which makes the iPad a ‘proxy’ for the smartcard. Users can then access some Spine services with two-factor authentication.
Adam Lewis, head of product, identity services at the HSCIC, said the new technology will initially allow mobile Spine access on iOS devices within a hospital campus.
He recognised this still places constraints on users, but emphasised that this is the first step in a wider mobile strategy. The ability to work in an ‘offline mode’ and developments for Android devices are also part of the strategy.
The project is part of the HSCIC’s Care Identity Service programme, which used to be run by BT as part of its contract to manage Spine services. Responsibility was moved in-house in February last year.
Rob Shaw, HSCIC chief operating officer, said when the CIS was insourced it provided an opportunity to make changes at “quite a good pace and in a way that’s affordable to the NHS.”
The priority list for development is being defined using feedback from NHS staff and mobile access to the Spine was high on that list.
“A big constraint people had was that when they were not sitting in front of a terminal that they owned they couldn’t get access on to the Spine, Shaw explained.
“We wanted to make is so people working out in the community can access systems using a couple of different initiatives.”
Work on CIS Mobile started at the end of last summer. The framework is being developed with NHS application providers who want to develop apps that meet its requirements.
The framework should be available for pilot applications this summer. Assuming the pilot goes well, it should be available for general use by the autumn.
“There are a number of suppliers involved in the current development of mobile products for the Spine, but we can’t capture every supplier working in the NHS. We have regular sessions that people are welcome to join,” Shaw said.
The Oxygen pilot, meanwhile, enabled health and social care staff to see some data held within Spine services, giving them access to these data sets at the point of delivery.
“If somebody is performing a ward round, speaking to a number of patients, they can take the mobile device with them and can show or record information at the point of care rather than take notes and transcribe that later on,” Shaw said.
During the pilot, Oxygen was safeguarded via a one-off registration process that required an NHS smartcard. Once this was done, the iPad became a proxy substitute for the smartcard.
Users authenticated themselves on iPad and the Oxygen app by using Apple’s Touch ID or a passcode for the device and a password for the app. In future, Oxygen could use the CIS Mobile framework.
Brett Jackson, principle systems engineer, said: “The iOS solution is a new product, a new platform, so any application that gets built on that will need to integrate with the product via interfaces that we are in the process of defining.”
Anthony Wilson, product owner for access improvements, said the HSCIC is aware that NHS staff often use shared devices. The current offering is based on a user being assigned a device, but being able to use it on shared devices would be a big step forward.
A third project that the HSCIC is involved with involves using contactless smartcards to give users access to Windows tablet computers using ‘near field communication’.
Users put their card in a slot based smartcard reader on the device, enter their log-in details, and have access to the clinical system in place at their hospital.
The new technology is designed to overcome issues with desktop computers that mean users have to repeat a lengthy sign-in process if they are logged out of a system.
The technology is already being trialled and mainstream users will have access by the end of this financial quarter.
Jackson said: “These products are quite early in our roadmap. We need feedback from trusts and suppliers on where we can deliver the most value and where the demand is. What products and features people really want?”