NHS-HE Connectivity Best Practice Working Group

From the Chair

INTRODUCTION
In many hospitals, researchers and students, teachers and medics work hand in hand to the benefit of both the NHS and also their University. Their work however is often complicated by the different IT systems policies and procedures between the two sectors. In many teaching hospitals, there will be two completely separate IT networks, one provided by the university, the other by the NHS.
Whilst at first this approach may seem to be highly secure, it fails to provide the access that staff require to do their jobs and can lead to less than perfect workarounds. Often consultants will have two PCs, one device on each network. More junior staff will not be able to get the information they need when they need it and may be tempted to use alternative technologies such as personal smartphones or 3G enabled laptops.

Key to this report is the understanding that communications equipment, particularly smartphones are now so widespread that it is impossible isolate the NHS from the advantages and disadvantages of the internet. So while most NHS organisations will (and should continue to) block access to undesirable content from their networks, the vast majority of staff will have technology that allows them download whatever they like on their personal mobile devices.

In chairing this working group I have been extremely fortunate that there are a number of organisations that have tackled these issues. We have therefore been able to pull together a series of case studies, best practice and sample policies and procedures that have a track record of being used.

The aim of this working group has therefore been to provide;

• Connectivity, between Universities and the NHS to support;
• Access to NHS systems from University networks
• Access to University systems from the NHS
• Access to internet based systems and web sites from within the NHS, when these would otherwise be blocked.
• To leverage the bandwidth available to University for students when they are on NHS sites.
• To put in place policies and procedures to support connectivity, whilst not increasing the risks of data security to either party.
• To give organisations confidence that they can move forward with confidence that they are implementing best / common practice.

THE CHALLENGES

The NHS is rightly worried about the security of the data it holds. The increasing use of IT systems to replace paper based notes means that more and more highly sensitive data is available to staff electronically. In using and storing this data, the NHS has a responsibility to ensure that it is kept securely.

IT managers in NHS hospitals also have to manage their IT networks to ensure that;

• Bandwidth is used appropriately and is targeted as business critical systems rather than casual browsing.
• Their organisations get good value from their IT, rarely having the budgets to buy the latest and greatest.
• Staff don’t abuse the internet
• Corporate systems that often aren’t compatible with the latest operating systems and software (such as Internet Explorer, Flash, JAVA etc) continue to run reliably.

Innovative universities have of course seen the value of Web 2.0 type systems in providing educational material and learning. Many sites such as youtube, facebook, and webmail have tremendous educational value, but are often blocked by NHS organisations.

In the ideal world it would be possible to resolve these challenges, however the work of the group has been to show how it is possible to provide the access that staff need despite these challenges. A key aim of the group has been to find ways to live with the reality, rather than change it.

OUTPUT FROM THE WORKING GROUP

This web site provides access to resources that will help enable organisations to resolve these issues, in particular the site provides;

1. Guidance on resources (web sites)  that every medical or other clinical  student will require access to as part of their training from NHS desktops. In making these recommendation we acknowledge that for many trusts this will necessitate relaxing some of the rules they currently have. In giving this guidance, we want to give NHS trusts the confidence to appropriately provide access. Whilst Trusts will of course need to do their own risk assessment on these changes, we believe that by collectively agreeing that certain sites should be available, it should help with concerns of reputational damage should a member of staff abuse the access they are given. In many cases we would argue that access to these sites should be universal, in other cases we accept that access should be restricted to certain staff or locations. (This resource is not yet available)
2. Sample process for how students should receive NHS user names and passwords.
3. Case studies about how technologies such as terminal services can be used to securely provide a University desktop on a PC connected to the NHS network. The same should be true vice versa but we have not found a case study on this yet. By taking this approach a number of organisations have shown that it is possible from a single computer to provide all of the access that staff require without compromising  security.
4. Information about how the NHS and HE can provide joint network capabilities securely. This includes the capability for NHS trusts to provide an academic wireless network alongside their current wireless network with having to go to the considerable expense and complexities of having two infrastructures.
5. Some reference to information sharing guidance as examples of the information governance involved
6. Information about the JANET-NHS N3 Gateway, a national link established in June 2010, between the two networks and how it can be used. The gateway provides a high speed link between the two networks that allows for staff on the NHS network in England and Scotland to access resources on the JANET network. Early use has included video conferencing and has enabled a number of organisations to significantly reduce the costs of leasing and managing wider area network links between the two sectors.

CONCLUSION

Whilst there are significant challenges associated with providing appropriate and secure IT access within university teaching hospital environments, the case studies included on this website show that there are a number of organisations that have overcome some of these difficulties.

I would recommend that all teaching hospitals work with their respective universities to review the content of the web sites and implement the recommendations. In addition I would encourage feedback on gaps in the case studies available and offers of further case studies in best practice so that the value of this resource can grow.

I would also like to thank the members of the working group for their help and support over the last twelve months.

Mark Blakeman, Director of Informatics & Corporate Projects, University Hospital of South Manchester NHS Foundation Trust, November 2011

Creation of the Working Group

The Working Group was created from discussions at the NHS-HE Forum and Scotland NHS-HE Forum in the summer and autumn of 2010 and triggered by a presentation from Natalie Lafferty and Andrew Howe from Dundee University. One of the follow-up actions from the November 2010 NHS-HE Forum meeting was
“From Natalie and Andrew’s session, and from the Scotland NHS-HE Forum meeting in June, it is clear that there needs to be more work on a coordinated approach to overcome local access to applications that support learning in particular but also research. As was made clear in the presentation many useful tools and resources can be blocked by local NHS firewall and desktop policies which vary across organisations and yet there is no clear place or guidance on what is good, common or acceptable practice and possibly also why it matters from an NHS perspective. It was agreed that we would find a way of developing at least some common and good practice guidance and make it available via this website and anywhere else willing to take it. We will need some volunteers to help with this, may be a virtual working group reporting back to the Forum.”

Terms of Reference

Terms of Reference of the Group

Membership

Membership of the Group

Plans for the Future

It became clear that the Working Group could not issue a report that could be “the answer” and that it would miss some important current issues and best practice or case studies. Also with all the changes happening in both the NHS and Higher Education that new issues, opportunities and practice will continue to emerge. It is therefore planned that there will be periodic additions and possibly refreshes of the resources. The Working Group intends to continue at least for a further year as a focus for collecting and publishing further best practice and case studies.

Who to contact with comments and suggestions

The Working Group would be pleased to receive comments and suggestions. In particular views on issues that should be reviewed by the Working Group and examples of your local initiatives that you would be willing to share as a resource. Please contact Malcolm.Teague@ja.net in the first instance.