The UK Health System Tries Spending Millions To Reduce The Time Spent Logging In To Things (theguardian.com) 118
The UK's National Health System is getting £40m (about $52.3 million) to try reducing login times on its IT systems, "a move the government says could free up thousands of staffing hours a day as the saved seconds add up," according to the Guardian.
They note estimates that switching to a "single sign-on" system reduced login times from 105 seconds to just 10 at one hospital, ultimately saving them 130 staffing hours a day.
TheNinjaCoder shared their report: In a typical hospital, staff need to log in to as many as 15 systems when tending to a patient. As well as taking up time, the proliferation of logins requires staff either to remember multiple complex passwords or, more likely, compromise security by reusing the same one on every system. The health secretary, Matt Hancock, said: "It is frankly ridiculous how much time our doctors and nurses waste logging on to multiple systems. As I visit hospitals and GP practices around the country, I've lost count of the amount of times staff complain about this. It's no good in the 21st century having 20th-century technology at work.
"This investment is committed to driving forward the most basic frontline technology upgrades, so treatment can be delivered more effectively and we can keep pace with the growing demand on the NHS."
They note estimates that switching to a "single sign-on" system reduced login times from 105 seconds to just 10 at one hospital, ultimately saving them 130 staffing hours a day.
TheNinjaCoder shared their report: In a typical hospital, staff need to log in to as many as 15 systems when tending to a patient. As well as taking up time, the proliferation of logins requires staff either to remember multiple complex passwords or, more likely, compromise security by reusing the same one on every system. The health secretary, Matt Hancock, said: "It is frankly ridiculous how much time our doctors and nurses waste logging on to multiple systems. As I visit hospitals and GP practices around the country, I've lost count of the amount of times staff complain about this. It's no good in the 21st century having 20th-century technology at work.
"This investment is committed to driving forward the most basic frontline technology upgrades, so treatment can be delivered more effectively and we can keep pace with the growing demand on the NHS."
Single point of failure (Score:3)
Re: (Score:2)
We went from the generic MFA (answering questions) to having a phone call made to accept as login. Since I have my issued cell phone called, that means if someone steals my phone while it's active and wants to look at my email, contacts, etc, for information, all they have to do is accept the call and hit the pound key. There is no other verification.
Re: (Score:3)
generic MFA (answering questions)
That is NOT MFA that is two forms of the primary password authentication method with likely much weaker secrets. Its two instances of something you know.
Factors in MFA should represent separate categories of:
1) Something you know
2) Something your are (bio metrics)
3) Something you have
4) (differing opinions on this one because its often possible to circumvent network tap to cellular etc) somewhere you are - IE you are at a physical console inside a physically secured facility.
accept the call and hit the pound key
That really should NOT be an i
systems for doctors needs to be easy and not to BS (Score:3)
systems for doctors needs to be easy and not to much BS.
Put to much BS in then they can just use there I'M an doctor god like power to get it changed.
Re: (Score:2)
Just how much power do you think doctors in the NHS actually have? It's significantly less than you think....
Re: (Score:2)
Unless I am misunderstanding your post
To an extent you are, but that is probably because I was trying to be brief. What I mean is, I have my issued iPhone. If I want to open the Outlook software, I am told I have to sign into my O365 account. To do that the MS MFA calls a phone number. In this case the phone itself. I answer and hit the pound key to get access to my emails.
If I happen to be on my phone and someone steals my phone out of my hand, to get access to all my documents all they have to do is
Re: (Score:2)
Oh ok - you are reading your mail on the phone itself. That is the part I missed.
Ordinarily they'd need either your password or 0365 session secret (1) factor + the ability to answer your phone (2) second factor. yes if they steal you phone out of your hand while its unlocked yes they get access. Same thing if someone runs by and grabs your laptop off the table at Starbucks after you have already logged in. At least for a short time they have access.
This true but its also not really the risk MFA is trying
Re: (Score:2)
No, it's two-factor auth as interpreted by 90% of organisations who are required to implement 2FA: Something you know, and something else you know. Two factors, checkbox completed.
Seriously, that's what 90% of 2FA use seems to be.
Re: (Score:2)
Well yes, but then it's up to you to NOT try and log in to the system if you know your phone is stolen, then the two-factor authentication call to you phone never happens.
Re: (Score:2)
Unless you mean they have sensitive work information on your personal phone, in which case, yes that is a bad design.
Re: Single point of failure (Score:3)
UK/UK rationale:
reusing a password for multiple sites compromises security.
using a single login for all sites must obviously increase security significantly.
Re: Single point of failure (Score:2)
Re: (Score:2)
Re: (Score:2)
Also...
"compromise security by reusing the same one on every system"
This is exactly what "single sign on" is, a single password that works on every system.
Re: (Score:3)
No, SSO lets you sign in /once/ and then continue working without using a password.
So not:
1) log in to the OS
2) log in to multiple applications
But:
1) log in to the OS
2) done.
Logging in to the OS can potentially be done with a key card, which they already carry. Suplement the key card with a simple PIN and a good "keycard is lost" procedure and you're reasonably secure.
Re: Single point of failure (Score:3)
because
1) breach the os
2) breach multiple applications one by one.
is way less desirable than
1) breach the OS
2) done.
Yes?
Re: (Score:2)
At this point in time all the logging into the different systems in a hospital will almost certainly be using the same account and password authenticating from the same group of servers and almost certainly it's all Active Directory based.
However rather than using the Kerberos ticket you get when you logged onto your workstation to log onto the various systems it is demanding you retype in your username and password again.
It's the same at my workplace (a UK University), everything is AD based, but very litt
Re: (Score:2)
Wish I had points to mod that up. Yeah, every time someone says "Why don't those idiots just deploy AD/FreeRADIUS/Fido/whatever, it's such an obvious solution, I don't know how people can be so stupid", I have to sit down and explain that we have something like seventy different systems, some dating back to $before_you_were_born, from different vendors, some of which are no longer in business, and virtually none of which speak AD or RADIUS/EAP or whatever, and now would you like to come up with a suggestio
Re: (Score:2)
I know how SSO works...
The authentication is effectively the same everywhere (ie the same password), you just don't need to enter it again because your OS remembers it and does it for you. In a typical scenario, if you're using a workstation which is not joined to the domain then you still have to log in to every application individually (using the same username and password for each).
Logging into an individual standalone application can potentially be done with a card, or biometric, or mfa etc too...
On a W
Re: (Score:2)
It's also gonna be a lot more expensive than it would have been because the government seems hell-bent on stopping private contractors being a thing. Instead, they'll hire the Capitas, Accentures and others at £1000/day for a junior flunkie.
I wouldn't be surprised if after £40m they end up with 30 different logons instead of 15.
https://stoptheoffpayrolltax.c... [stoptheoff...ltax.co.uk]
Re: (Score:2)
You're contradicting yourself. Or would you not call the big contracting companies private contractors?
Re: (Score:2)
Not really, as most of them are public companies ;-)
Re: (Score:2)
No.
In the UK a contractor in IT is someone that works on a fixed term contract with minimal to no employment rights.
A company with multiple staff may be a software house, a consultancy, a large consultancy or a festering shithole sucking life from all around it, but for some reason the Government like giving Capita work anyway.
Re: (Score:2)
£1000 a day, lol. If only it was that cheap.
(I was rented out by Capita at £6k a day)
the problem is one of those private contractors, £40m to implement single sign on... The gov should simply mandate it for the systems they have bought and demand the companies ge it done as part of whatever maintenance contracts they put in place. But they probably didn't do that in the first place, and all maintenance is charged at extortionate rates too.
Deliberately so perhaps, those no
Re: (Score:3)
It does not have to be a single point of failure. We use a SAML 2 IdP with redundant endpoints and redundant back-end databases. Our users love it.
Re: (Score:2)
Single sign-on is just a misspelling of "Single point of failure".
That's an interesting assessment. Every SSO system I have *ever* used had graceful fallback to a normal sign-on process. And for better or worse that fallback got "tested" a lot!
Re: (Score:2)
The single point of failure has always been the nut holding the keyboard.
Everybody is moving to OAuth 2.0 and OpenID Connec (Score:2)
Kerberos was an improvement in 1999.
Microsoft, along with everyone else, is moving to OAuth 2.0 and OpenID Connect. If they don't support OpenID, enterprise apps typically use its little brother, SAML.
Kerberos is designed for, and useful for, environments where everything is on-site and centrally controlled and managed (no SaaS), no opaque appliances.
Hell, yes (Score:5, Insightful)
I work at a big hospital. I can't count the number of times I have to type my password, despite the fact that I'm not in a patient-facing part of the enterprise and I almost never leave my desk. It's ridiculous. I complained to the SVP overseeing my part of the hospital and he laughed as if it was a joke.
Each day, I. AM. AT. MY. DESK. Why does every single system need to log me out after 15 minutes of inactivity on that system and why aren't they sensitive to activity on other systems? It means that essentially for everything that I do, I have to log in, again, and again, and again. I probably spend an accumulated 20 minutes going through login procedures each day. We, thankfully, have a single login ID that covers most (MOST) systems, but there is no communication between them at all. No Kerberos-like token. Why? Why? Why? These problems were solved independently at least two different times that I know about (MIT's Project Athena, CMU's Project Andrew) in the 1980s. Why do we have to keep re-inventing the wheel?
Re:Hell, yes (Score:5, Interesting)
I work at a big hospital. I can't count the number of times I have to type my password, despite the fact that I'm not in a patient-facing part of the enterprise and I almost never leave my desk. It's ridiculous. I complained to the SVP overseeing my part of the hospital and he laughed as if it was a joke.
Each day, I. AM. AT. MY. DESK. Why does every single system need to log me out after 15 minutes of inactivity on that system and why aren't they sensitive to activity on other systems? It means that essentially for everything that I do, I have to log in, again, and again, and again. I probably spend an accumulated 20 minutes going through login procedures each day. We, thankfully, have a single login ID that covers most (MOST) systems, but there is no communication between them at all. No Kerberos-like token. Why? Why? Why? These problems were solved independently at least two different times that I know about (MIT's Project Athena, CMU's Project Andrew) in the 1980s. Why do we have to keep re-inventing the wheel?
Because thats how the tory gov stealth privatises the NHS. They start by letting it fester and rot then throw buckets and buckets of public cash at private companies to "fix" the problems they created. It doesn't matter if they actually do or not. Actually they prefer it if they don't because then they can throw more money at a different private company. They like to say they are putting record amounts of money in but it's all getting outsourced and practically none of it goes where it is needed most.
Re:Hell, yes (Score:5, Insightful)
It's called "defund demoralise privatise". Wreck the system and then say that it's a burden on the taxpayer, then flog it off to the people who fund your party who are able to run it "successfully" but mysteriously still have to be paid by the taxpayers twice - once through tax and again at point of use (See: the railways).
Re: (Score:2, Interesting)
Re: (Score:3)
the FAA is one of the better and more useful organizations that I would NOT privatize.
You can't. Boeing already owns them.
Re: (Score:3)
Re:Hell, yes (Score:5, Informative)
I completely agree with you.
Having spent a lot of time in hospitals in the UK a couple of months ago (nothing serious - mostly participating in research) I noticed exactly what you are saying. Clinicians had to login very frequently to many systems, and an SSO or single-token login would have saved them a lot of time. Importantly, it also seemed to be a distraction, and adding distractions to any complex analytical task or multi-step procedure (i.e. nearly all medical work) increases risk of mistakes.
Re: (Score:2)
Re: Hell, yes (Score:2)
Yes but its not gonna save any hours. Because the staff is still wasting boatloads of time constantly checking their Facebook updates and feeds. Every time I go to a hospital or doctors office I am amazed about how much time I see the nurses and nursing staff glued to their phones instead of paying attention to the patients.
Re: (Score:3)
Re:Hell, yes (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
fingerprints
I don't trust my hospital IT staff with biometric data. The pay is awful, so they don't get top candidates. The IT director is power-mad and has deliberately disabled iMessage on the phones the hospital owns so they can force all communication between doctors and nurses to use either plaintext (might violate HIPAA, so pretext to fire the nurse), or an approved "secure messaging app", which they can read. Um, nah, I'm not carrying on with them, but whatever I say isn't your damned business. Cuz, y'know, HIPA
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Healthcare usually involves the movement of substantial amounts of money - from patients to providers or from insurers to providers.
You obviously live in a country that doesn't have national healthcare. Money changing hands doesn't happen in UK hospitals. If you're in a country that doesn't have an NHS, e.g. from Canada* or the USA, then you have a lot of bureaucracy to deal with, not because of the hospital but because of your privatised health insurance companies.
*Canada doesn't have an NHS, it has a limited "single payer" health insurance system within each province. It's also a 2-tier system so you need to buy private insurance to g
Re: (Score:2)
You obviously live in a country that doesn't have national healthcare. Money changing hands doesn't happen in UK hospitals.
Right, instead every taxpayer funds NHS constantly at levels set by politicians that want to simultaneously increase spending and reduce taxes.
If you're in a country that doesn't have an NHS, e.g. from Canada* or the USA, then you have a lot of bureaucracy to deal with
Right, because the NHS is nothing like a large, bloated bureaucracy - it's the very model of efficient delivery of modern healthcare.
Re: (Score:2)
You obviously live in a country that doesn't have national healthcare. Money changing hands doesn't happen in UK hospitals..
Oh yes it does. Just because it's transparent to YOU doesn't mean departments aren't keeping track of stuff. That aspirin isn't free, neither is that piece of gauze. Either you, your insurer or the government will have to pay for it. In the case of a social insurance hospital, it comes out of quarterly or monthly budgets for the department. Waste too much gauze and you're going to get a visit from admin. So no cash is moving around but value certainly is, and it's all being tracked. Otherwise that $10,000 v
Re: (Score:2)
Because thats how the tory gov stealth privatises the NHS. They start by letting it fester and rot then throw buckets and buckets of public cash at private companies to "fix" the problems they created. It doesn't matter if they actually do or not. Actually they prefer it if they don't because then they can throw more money at a different private company. They like to say they are putting record amounts of money in but it's all getting outsourced and practically none of it goes where it is needed most.
I see ... as opposed to the amazing efficiency and effectiveness under Labour governments.
And you do realize that even if one took your rant at face value, that would only be possible because it is non-private, right?
Re: (Score:2)
Because thats how the tory gov stealth privatises the NHS. They start by letting it fester and rot then throw buckets and buckets of public cash at private companies to "fix" the problems they created. It doesn't matter if they actually do or not. Actually they prefer it if they don't because then they can throw more money at a different private company. They like to say they are putting record amounts of money in but it's all getting outsourced and practically none of it goes where it is needed most.
I see ... as opposed to the amazing efficiency and effectiveness under Labour governments.
And you do realize that even if one took your rant at face value, that would only be possible because it is non-private, right?
You explain to me then how the tories are pumping more and more money in and services are getting consistently worse across the board. How does a private company, do the job better for the same or less at the same time as making a profit? How does that private company resists pressure to cut costs to increase profit as is their nature? No one ever claimed labour ran it at 100% efficiency and public owned has it's own set of problems but can you look at me with a straight face and say the nhs has gotten bett
Re: (Score:2)
I don't know why you think the Tories are pumping more money in. That's only true in nominal terms which are irrelevant. In real terms, it's been at a standstill, and accounting for medical inflation (runs faster than general inflation) and demographic changes (ever more sick gammons, largely), it's run behind for the last nine years.
Re: (Score:2)
Re: (Score:2)
You explain to me then how the tories are pumping more and more money in and services are getting consistently worse across the board.
It's because Britain has been getting flooded with destitute immigrants from the Middle East and Africa who go on the dole and then go to NHS for healthcare which is stressing NHS to the breaking point.
You cannot have both open borders and a nationalized healthcare system like the NHS. This SSO plan is rearranging deck chairs on the Titanic.
Strat
Re: (Score:2)
Because thats how the tory gov stealth privatises the NHS.
Similar issues were experienced under the Labour government that was in power from 1997 to 2010.
Re: (Score:2)
Oh Horseshit (Score:2)
Because thats how the tory gov stealth privatises the NHS. They start by letting it fester and rot then throw buckets and buckets of public cash at private companies to "fix" the problems they created.
NHS sysadmins aren't making people log in so much because they're in some conspiracy with Tories to destroy their own jobs. FFS. They're doing it because sysadmins are technology bureaucrats. And they're the same everywhere. They think they have good reasons (mostly security) to make users log in so much, and SSO is a single point of failure. Security outweighs convenience now. Think HIPAA laws in the US, for example. THAT is why you have things like logons that die automatically after 15 minutes.
Re: (Score:2)
Re: (Score:2)
Because thats how the tory gov stealth privatises the NHS.
The Tories aren't stealth privatising the NHS. They are doing it out in the open, in bulk, while lying in the faces of voters.
Re: (Score:2)
idiot. The NHS was privatised already, back in 2008 when Gordon Brown (yes, Labour!) legislated his "any willing provider" bollocks.
and if you want to know who is running the NHS into the ground, its all those Blairite managers and CEOs who are in charge of every trust and private company "providing services" to the NHS.
none of the money goes where its needed because of this excess of administration, and that requires even more money to be trousered by administrators to help handle the mess the administrato
Re:Hell, yes (Score:4, Informative)
Yes, its easier to say "Tory cuts" because thats what it is - the Tories have been in charge now, essentially, for a decade and could have reversed any of Labours policies in the first year but didn't, so now they own them. And what do they do instead? Slash the budget, pressurise staff to work longer hours, reduce the workforce and reduce pay.
Theres a reason Jeremy Hunt was so hated amongst the NHS staff when he was Health Secretary - he was the one destroying the NHS, and he was doing it as part of David Camerons and Theresa Mays plans to privatise it. You don't put someone who co-authored a book on privatising the NHS in charge of the NHS without some aspect of ulterior motive there...
Under Jeremy Hunts management, the NHS got actively hostile to its staff, with the end result being a high suicide rate amongst junior doctors and a general exodus of staff to other countries. Add on to that the lower than inflation pay rises for the entire decade and you end up with a junior doctor being paid less for their hours worked than someone shelf stacking at a supermarket, being responsible for peoples lives, and being told that they cannot simply go home at the end of their shift if a patient is at risk - and patients are *always* at risk because thats how the NHS is being run, because then doctors can be pressured into staying well beyond their end of shift for no pay. Thats how the Tory NHS finds its extra cover.
If you strike, you are threatened with prosecution for any patients that come to harm.
If you whistleblow, your entire career is ruined because the body responsible for your employment insists you are not an employee (even though you sign a contract with it, and you are beholden to its disciplinary proceedings and training requirements) and therefor it has no obligation to you, but it will withdraw your training number anyway which means you cannot find any placements because hospitals wont employ a doctor without a training number.
If you leave NHS employment for more than two years, you have to do 6 months of free junior doctor level work for the NHS before you can reenter at the level you were at when you left.
You are required to "reflect" on "difficult cases", including cases where you think your care was less than exemplary and how you could improve that care, as part of your annual appraisal - and then those "reflections" are used against you in a court of law to prosecute you for the failings of the system.
All of these things are what the Tories brought in, while at the same time reducing the NHS funding to levels not seen under the prior Labour government.
So yes, it's the Tory cuts and policies which are the issue.
Re: (Score:2)
Facts:
- Labour introduced PFI, effectively privatisation of the health service.
- PFI deferred costs, which means much of the existing NHS budget is going towards paying off the profligacy of Blair and Brown
- The NHS has a wasteful bureaucracy that's highly resistant to change
- The demand for NHS services keeps rising and rising and rising. Some of that is an aging population, some of that is due to immigration
- The NHS budget rises every year. Every year. Every single fucking year.
Should the NHS be publicly
Re: (Score:2)
It seems to work the same way in engineering, at least in my experience designing HVAC, plumbing, & fire protection. When computers first came out, paper was the permanent record, even though the floppies you created were saved, the paper copy was what was referred to. Now, the electronic copies are the permanent record and every time you need a paper to mark up or carry with you, you
Re: (Score:2)
There is a market for a large tablet with very long battery life that is used to display documents and mark them up.
There are some epaper ones that run Android and are okay but they cost about 10x too much. If they were cheap I'd buy a couple at least.
One day we will get there.
Re: (Score:2)
Here is the funny part the switch to digital records has actually increased the use of paper in health care settings.
Popular joke: "The paperless office is as likely as the paperless bathroom."
Re: (Score:2)
I work in a company that is mostly remote. We have very little paper. My hiring paperwork was all online, no paper. Remote companies will tend toward less paper earlier, but non-remote companies will use those techniques if they find it cost effective.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Why does every single system need to log me out after 15 minutes of inactivity on that system
Because of auditing and accountability. People can't be trusted to log out by themselves and used to leave their terminals open, where anyone else could come while you're in the bathroom or something and grab data they're not supposed to grab. In your name. The logout is there to help you, not screw you. But yeah I agree each employee having a physical dongle or card, etc would make much more sense than endless logins and passwords. Provided people don't start leaving their dongles/passwords in the machines
Re: (Score:2)
It makes sense for the PC to timeout. It does not make sense for the applications which are only accessible from those same PCs to also time out individually. There's nothing more frustrating than filling out a web form, clicking submit and finding out the stupid application timed out while you were actively using it just because you didn't trigger a page load in 10 minutes. And of course this only happens when it takes longer than the timeout to fill out the form, meaning it always happens in the situat
Re: (Score:2)
Re: (Score:3)
Provided people don't start leaving their dongles/passwords in the machines when they go to lunch or take a shit, etc. Then we're back to square 1.
Make the employee badge the token for SSO. Plug (or swipe) your badge into a card reader at each workstation - that plus a PIN logs you into all systems. Removal of the badge, loss of proximity, or a timeout logs you out. Put badge readers on the break rooms, bathrooms, and other doors that need regular access. If you want to take a break or use the bathroom you *have* to take your badge with you.
Re: (Score:2)
This is an issue that plagues many government systems. There's a tug of war:
-ISOs decree stupid timeouts
-People use easy passwords
-ISOs decree complex password requirements
-People start saving passwords
-ISOs decree no password saving
-With no workarounds left, People complain to IT en mass
-CIO devises single sign on, which completely overrides all the above.
-ISO pouts.
Re: (Score:2)
Re: (Score:2)
Why does every single system need to log me out after 15 minutes of inactivity on that system and why aren't they sensitive to activity on other systems?
You have to do that because the security certifications your hospital holds require them to be in place. It's frustrating as hell, but management needs to pass their audits.
Re: (Score:2)
Each day, I. AM. AT. MY. DESK. Why does every single system need to log me out after 15 minutes of inactivity on that system and why aren't they sensitive to activity on other systems?
Oh, so you have it easy.
At my work they decided to roll out a password management system to encourage us to store logins there and only sign on to the computer, and sign into the password management system for everything else. That actually....sounds somewhat reasonable. But there's a catch:
The password management system fails to log in the first try, every time. There's some bug where it barfs on whatever is sent the first time. I have no idea WTF that is all about. It also times out after 15 minutes. So a
Re: (Score:2)
Re: (Score:2)
Encryption and Law (Score:4, Insightful)
Perhaps Mr Secretary if the government spent less time trying to ban and break encryption software, instead of standardizing it, your staff maybe able to use a public key system so they would only have to remember one pass phrase for all the systems they use.
Just a thought old chap!
Re: (Score:2)
> ... or, more likely, compromise security by reusing the same one on every system.
How is that not equivalent to what a single sign-on performs? Or how a password manager performs?
Yes, SSO lets you sign on once to multiple things, without having to re-input your password.
But both put you at a single point of failure for your entire secured ecosystem. Maybe your password manager is better written than most commercial applications that "include password security management", maybe it's a steaming pile of
Re: (Score:2)
None of the points you raised have anything to do with the method I'm talking about.
You don't exchange a login/password you exchange a cryptographic generated session key. [ssh.com]
Re: (Score:2)
You don't exchange a login/password you exchange a cryptographic generated session key.
We call that SSO. It stands for 'single sign-on'. There are multiple commercial and other implementations available. It's got standards and everything.
What we don't need to do is manage a private key, and trust me, you really don't want 2 million NHS staff trying to manage private keys.
You validate your passphrase against your private key on a local device, usually once at the beginning of the day
Whatever the fuck makes you think people have 'a local device'? They use multiple devices, they share those devices, they're mobile within several miles of hospital.
It is a vastly better method than single sign on
No, it is not. It may be a preferred option for specific use
Re: (Score:2)
Whatever the fuck makes you think people have 'a local device'?
Do you have to swear at me in all your posts? Are you that unable to contain your emotional state that you have to attempt to spread it? Go sit down with a nice cup of tea and calm yourself down.
Do you understand that concepts are about conceptual things?
No, it is not. It may be a preferred option for specific uses but granting SSO access to a couple of million non-IT people is absolutely not one of them.
Well that's great, go get in contact with Mr Secretary and tell him how to sort it out with SSO as this is something the entire healthcare system with it's IT budget and everyone has missed. I'm sure they will be grateful for your input.
Re: (Score:2)
Do you have to swear at me in all your posts?
No. I choose to. Do you have to be an imbecilic cunt in all your posts?
Well that's great, go get in contact with Mr Secretary and tell him how to sort it out with SSO as this is something the entire healthcare system with it's IT budget and everyone has missed.
Which part of a £40m budget is beyond your fucking reading comprehension? Which aspect of NHSX being established precisely to spot and implement this type of thing suggests the minister is not already aware and engaged?
Matt Hancock isn't the brightest member of the cabinet but shit, even he's around four years ahead of you.
Why not 20th century technology? (Score:5, Insightful)
It's no good in the 21st century having 20th-century technology at work.
Why would you *not* want 20th century technology like Kerberos that will do this for you?
RFID Cards (Score:3)
Re:RFID Cards (Score:4, Insightful)
My last stay at a newer hospital showed me that the nurses (and doctors?) tapped RFID cards, hung around their necks, to each computer they'd access. (They'd also scan the bar code on my wristband with the computers' scanner.) It seemed a pretty quick process to me; I don't see how else you'd do that if you desired authentication everywhere. I always wondered what a nightmare a hospital IT department must be like.
That was my thought: all these hospitals require staff to wear badges: simply use those as your authentication token. Would also let hospital admin/IT track login locations, multiple simultaneous logins/impossible login changes such as 30 secs to a minute later between two stations that are a 5 minute walk away (to prevent possible security breaches/credential sharing), etc.
Re: (Score:2)
Cards alone aren't especially secure as they can be lost/stolen/borrowed, although they are certainly quick and easy for lower privilege systems.
Hospital IT is certainly complicated, and identity management is more complicated than it is in corporate environments, owing to the large number of applications each staff member has to use, and the issues around confidentiality.
As with most IT problems involving large organisations, the challenges are not especially technical, they are organisational and regulato
Re: (Score:2)
Cards alone aren't especially secure as they can be lost/stolen/borrowed,
They can, but they can also be tracked. Make every employee scan to get in, no piggybacking, (I've worked in facilities that do that and it's not horribly onerous, and we had to scan and enter a code to get through doors) and if a card is reported lost/stolen/etc, check logs/video to see if/when it was used to enter the building and by whom (assuming you have security cameras). Borrowing should be against policy, but if you lock it so that a card can only be logged into 1 station at a time that problem ge
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I've noticed at most of the pharmacies at CVS (the drugstore chain), the employees have bar code stickers on the back of their hands. They'll regularly scan their bar code as they're working.
I assumed that this was some sort of authentication system, and it made sense as they're working at stations that already have bar code readers for tracking medications. But if the hospitals are tracking patients with bar codes, it could work there, too.
It many ways, it could be *more* secure than RFID badges, if you'
Re: (Score:2)
The card provides authentication to access the device, but additional software and infrastructure would still be required to assure access to software running on the device or accessed from it.
RFID cards are an alternative to a username and password, rather than providing SSO.
S-so 1980s (Score:2)
Is the UK so far behind? (Score:2)
Over the past five or six years, I have had multiple opportunities to experience hospital systems from the consumer side. Anyone working for the hospital has an RFID-equipped photo ID badge, and all terminals have an RFID reader, which logs them in and out in a second or two.
Is there some reason that can't be implemented in the UK?
Really? (Score:2)
Check footage from UK hospitals, every other screen has a post-it with the login credentials on it.
This is just good business (Score:2)
SSO for businesses with a lot of apps needed for workers to function are just doing the good business thing with SSO. If your apps require SSO authentication first, they can be more secure than permitting ad hoc logins. I get this at work, where I cannot any longer log in 'directly', though. in some cases, in practice, that's semantics. But it's helpful when it works.
Saving seconds? I think of time savings more in useful chunks. For a nurse, though, a 15 second login to merely view a chart section to see i
Really? (Score:2)
They note estimates that switching to a "single sign-on" system reduced login times from 105 seconds to just 10 at one hospital, ultimately saving them 130 staffing hours a day.
Until they either reduce staffing by 16.25 shifts/day (130 hr / 8 hr shifts) I call BS on their claimed savings. I'd also accept increased performance metrics (more patients seen/shift, for example).
Once you realize that doctors and staff interview patients while logging in, you realize there really are no big savings.
Re: (Score:2)
From another article:
With almost 5,000 logins per day, it saved over 130 hours of staff time a day, to focus on patient care.
That was at one hospital. That's a fuck of a lot cheaper than training and hiring 16 new nurses, something the NHS happens to be short of.
Really ? (Score:2)
The 95 seconds saved adopting single sign-on will be spent by employees sipping one more coffee.
Re: (Score:2)
Because the systems are so overly complicated that they need to waste hours to do simple things.
Re:Better still (Score:5, Informative)
Fuck, you've never worked in a busy hospital have you?
The nurses do most of the work, and the ones sitting at the nurses station have to be there to monitor the patients and their care. Sure, late night shift might be quieter, but there are also fewer personnel working then.
Re: (Score:2)
LOL, yeah - funny. Take a look at this NHS guide regarding patient wait times [www.nhs.uk] and ask yourself if that seems better than what patients in the US experience.
When diagnosed with life-threatening cancer, it's OK to wait two weeks for a referral. So after the doctor says "You have cancer" you can wait up to two weeks for the follow-up.
All other diagnoses allow for up to 18 weeks wait times for referrals... That over 4 months.