With more than 13,000 health and care organisations in England and Scotland using NHSmail and 64,000 movements of user accounts every month, the burden is real and the security implications relating to identity are acute. But that also means the opportunity for improvement is significant.
We are delivering three important improvements to workflows and to integration with local processes.
1. A new Joiners, Movers, Leavers (JML) product integrates the Electronic Staff Record, NHSmail, and local directory services. It automates the movement of user accounts between NHSmail organisations, the synchronisation of attributes and the commissioning and de-commissioning of local identities in the active directories. When fully implemented, this process is expected to save around 40,000 hours a year, leading to millions of pounds worth of efficiency savings.
2. A password synchronisation micro-service allows users to synchronise their password from the NHS Directory to their local active directory services and vice versa. This will also improve user experiences by delivering a same sign-on experience regardless of whether they authenticate for services against the NHS Directory or local Active Directory services. It will also improve cyber security by reducing the number of passwords users need to manage, reducing the temptation to store them in an insecure way – such as post-its with user-names and passwords written on them and stuck to desktop or laptop monitors.
3. Behavioural and transactional analysis will allow us to identify patterns in user behaviour and associated digital transactions to help pinpoint anomalous events. For example, if a user attempts to authenticate a service from an unusual location or an odd time or date the service can block authorisation in case the account has been compromised.
These new services build on a series of improvements to the NHSmail platform over the past year, including: