IIM
- FAQs

SEARCH

What's new

29 July 2010
Release 12 Bulletin
read more...

26 July 2010
Executive Briefing - July 2010
read more...

View all news stories

 

ESR News

View Current Issue

View ESR News archive

 
Home Integrated Identity Management

Integrated Identity Management

From April 2008 new NHS Employment Check Standards were required of the NHS as part of the annual health check. Similarly, robust identity checks (using the same identity management standards) are carried out by an NHS organisation’s Registration Authority (RA) to verify an individual’s identity before allowing access to NHS Care Records Service (NHS CRS) applications. Combining these two parallel activities into a single integrated identity management process has been proven to deliver:

  • improvements in information governance
  • significant cost savings
  • elimination of unnecessary duplication of activities between and within HR and RA functions
  • more robust control of who has access to NHS CRS applications

Pilots for the User Identity Management (UIM) software and the ESR interface

14 pilots have now been selected for the UIM and ESR interface.  Read the full list of NHS organisations participating in the pilot project here.

Key Workstreams
Move to the CRS Smartcard Enablement
Strategic Decision Making
Further Information

Key Workstreams

  1. The integration of business processes between HR and RA functions
  2. The introduction of Position Based Access Control (PBAC), facilitating access to NHS CRS applications based on the job an individual does, the access rights associated with this job and the mapping of these rights to an ESR position
  3. The deployment of new registration software, User Identity Manager (UIM) (from late 2009)
  4. The deployment of an interface between ESR and the NHS CRS (from late 2009)

1. HR/RA business process integration. The Large Scale Workforce Change Programme supported over 100 organisations to integrate business processes, such as pre-employment checks and Criminal Records Bureau (CRB) clearance, between their HR and RA functions.

A toolkit was released May 2009 for all NHS organisations to use which describes the experiences, learning and outcomes gained from this programme of work.  To view the toolkit, click here.

2. Move to PBAC. Strict control of access to patient care records is fundamental to the operation of the NHS CRS. PBAC provides a simple and effective mechanism for providing users the access they need in the course of their work, whilst also ensuring that these access rights are properly managed and appropriate for the job they are doing. Instead of requiring case-by-case scrutiny for every person who requires access to care records, PBAC grants these rights according to the access control position to which their job is assigned. Once the rights attached to each access control position have been approved — along with the jobs included in these different positions — the process of granting access rights for staff becomes much more simple.

As a result the administrative workload on RA sponsors will be reduced, and more robust and timely governance of access is enabled, meeting public and staff concerns about who has access to personal clinical records and why.

In preparation for the ESR to UIM interface implementation, organisations will need to map their ESR positions to access control positions. As this activity may require a full or partial review of the ESR work structures, which hold the position information, it is recommended to begin this work as soon as possible.

A toolkit was released May 2009 to support the introduction of PBAC in NHS organisations. To view the toolkit, click here.

3. Local adoption of the new registration software, UIM. UIM is new registration software that will enable the use of electronic forms and digital signatures, removing the need for paper based work flow. UIM requires no data to be migrated, and the use of Position Management to support PBAC is integral to its operation. UIM is expected to be available for deployment by RA teams from late 2009 after a successful early adopter phase.

4. Interface between ESR and UIM. There are two distinct parts to enabling the interface between ESR and UIM:

a) Smartcard enabled access to ESR. This will ensure that staff data is secured to the same level as patient data and is a pre-cursor step to the interface between ESR and UIM to ensure that ESR users have e-GIF Level 3 security clearance in order to effect changes on NHS CRS.

During the move to NHS CRS Smartcard enabled access all ESR users will need to have moved from the existing login process to using an NHS CRS Smartcard to access ESR.

Sun JRE (Java Runtime Environment) needs to be installed on ESR end user computers to support the Smartcard deployment. The NHS ESR Data Team is managing this transition.

421 NHS organisations have now enabled NHS CRS Smartcards for ESR users.  All NHS organisations have received letters about switching off traditional username and password access to ESR – these letters can be found under the heading Documents to download, further down this page.

Read more about the move here.

Read FAQs about the move to Smartcard enablement here.

b) Enabling the ESR to NHS CRS (UIM) interface. This final step in the process activates the interface between ESR and NHS CRS. HR functions currently update ESR when changes are made regarding an employee’s assignment to an established position. The ESR interface will be triggered by such changes and will automatically update an individual’s access rights to NHS CRS compliant systems, reflecting the requirements of their new position. It will enable the management of access control via a single point of data – the change to the employee’s position within ESR.

Strategic Decision Making

Communications to Chief Information Officers and Directors of Workforce was issued in April 2009 informing them about the initiative and requiring them to make a strategic decision regarding the choice of implementation model. The ‘Developing a Strategy for Integrated Identity Management’ toolkit explains the background to the decision making process and guides executives to the correct selection of implementation model. The choice of implementation model will be based on the type of organisation; individuals who need access to NHS CRS and the correlation of that user base with employee records on ESR.

Download the toolkit here

Further Information

  1. For further information on HR/RA business process integration please contact your SHA RA Lead or Lynda Scott, Business Development Consultant at NHS Employers on 07789 653308 or Lynda.Scott@NHSemployers.org
  2. A series of information roadshows took place regionally during June.  More are planned for 2010.
  3. Guidance and supporting information regarding the deployment of the technical solutions of UIM and the ESR interface will be provided later in 2009. 
  4. Your local ESR Registration Account Manager will be able to provide further advice and guidance. Read more about the Registration Account Managers, includes contact details.
  5. SHA RA Leads provide support for the integration of HR and RA process and general guidance to the RA community relating to the above initiatives.

Documents to download

Links

Acceptable use Copyright Accessibility