How do we protect the privacy of those receiving care in a fragmented health care sector? How can schools, social services, medical services, specialist clinics, private providers and family members collaborate in a secure chain of care? The lack of interoperable systems means that telephone calls, e-mails and letters will often be issued with security defects. The employees in the chain of care require a new approach and a comprehensive view of the patient across organisational boundaries.
In one area we have come a long way and are now seen as a forerunner. Sweden has been building up a national infrastructure for secure login for 10 years. The HSA (Hälso- och Sjukvårdens Adressregister – health care professional database) is a solid platform to build on. It consists of an electronic database containing quality-assured information on persons, departments and units in municipalities, county councils and at private care providers. The database contains information on over 500,000 professionals. The HSA allows efficient procedures to be introduced at a time of increased demand for authorisation protection and access controls. The information in the HSA is registered and quality-checked so that only authorised persons can access the information for which they are authorised. This allows secure login with smart SITHS cards.
However, login must also be fast and simple. In one health region, login time to the computer at start-up in the morning was measured at six minutes. Logging in to the most frequently used systems takes several minutes longer. Users log in sometimes using a password and sometimes using a smart card. Logout can take several minutes when the user wants to take a break, goes to lunch or finishes work for the day. Fast user switching is required when several people share a single computer. Otherwise, users work in each other’s login, which negates the whole idea of the national IT security solution.
In a well thought-out IT infrastructure, smart cards can reduce login times to seconds and make employees’ everyday work more efficient. They make it easier to comply with the organisation’s security policies and productivity also increases. Below are a few examples of applications that use smart cards and software solutions that already exist in the Swedish health care system:
- Single login provides fast, simple access to all services, applications and information that require login with certificates.
- Automated processes simplify day-to-day work by directly opening applications when the user logs in and closing them when the user leaves the workplace.
- Session mobility allows users to take their cards with them and leave the workplace to immediately resume work at another workstation in the same session with the same programs and documents open.
- Fast user switching enables users to switch easily at local workstations with full access to data while maintaining security.
- Full lockdown protects information and applications from unauthorised access by completely closing the computer environment down until a new card is inserted into the card reader and a PIN is entered.
- Faster login using new plug-ins from leading system platforms. Fast login that takes seconds where it could previously have taken minutes.
- Login, as simple as using a mobile Bank ID, through apps and web applications on tablets.
The use of mobile health care systems will increase considerably. A tablet makes documentation easier, faster and more secure in care of the elderly and when making rounds. Login using a smart card enables user authentication and digital signing of medical certificates and prescriptions. The card identifies the user clearly and unequivocally.
These are major steps towards a secure, efficient chain of care:
- Changes in working methods must take place in order to bring about cross-border cooperation in health care.
- IT infrastructure must be constructed so that login is fast and there is absolutely no use of insecure passwords.
- The technical solutions are available but are not being fully exploited.
- Login has the power to liberate people when it is structured correctly.
Building up infrastructure takes time, but we have already made quite a lot of progress. It will guarantee long-term solutions that make work faster, simpler and more secure for a hard-pressed body of professionals. Now is the time to accelerate the work on change.