The Blackpool Teaching Hospitals NHS Foundation Trust is situated on the west coast of Lancashire and operates within a regional health economy catchment area that spans Lancashire and South Cumbria.
The Trust provides a range of acute services to the 352,000 population of the Fylde coast health economy and the estimated 18 million annual visitors to the popular seaside town of Blackpool. Since April 1, 2012, the Trust has also provided a wide range of community health services to the 445,000 residents of Blackpool, Fylde, Wyre, and North Lancashire.
The challenge
The global coronavirus pandemic has accelerated the digital transformation of many NHS organisations beyond recognition. In many cases, what would have normally taken several years, has gone through development in just a couple of weeks.
For the NHS during the pandemic there has been an urgent need to temporarily deploy highly skilled staff between NHS organisations to continue to deliver effective and efficient patient care. Previously, whenever a staff member needed to temporarily move to another location, the administrative process involved the creation of honorary contracts and the checking of personal and employment information which was all performed manually.
However, during the pandemic, time was of the essence, so it was imperative that these processes could be simplified, and technology enabled where possible.
As Andrew Temple, Senior Project Manager at Blackpool Teaching Hospitals, explains: “The process of onboarding staff was manual with physical checks of documents being required before a member of staff could work in a new location. But as the pandemic broke out, the need for the process to digitise was clear. It was imperative that we reduced the administrative burden on clinicians and maximised the time they could spend with patients.”
Any application we use to access NHS data and systems must be thoroughly tested to provide assurance that we are practising good data security and that personal information is handled correctly.
Senior Project Manager, Blackpool Teaching Hospitals
The solution
A range of teams came together to develop an NHS COVID-19 Digital Staff Passport. This provided a safe, secure, and efficient solution using blockchain technology, an app, and a HR portal to seamlessly transfer trusted staff information from an employee-owned record on a smartphone into an employer’s staff record.
The passport has been thoroughly tested throughout the past year to reduce the time it takes to onboard staff. This has been key during the COVID-19 pandemic and the recovery period when staff have volunteered to be deployed quickly between NHS organisations.
When a staff member is deployed to a different NHS organisation, they can now verify their identity and employment credentials using a QR code on their device. By validating the cryptographic credentials of staff members, NHS organisations can be confident in both the identity and employment of staff members. It provides state-of-the-art encryption of sensitive personal data, which was thoroughly tested before going live.
“Any application we use to access NHS data and systems must be thoroughly tested to provide assurance that we are practising good data security and that personal information is handled correctly”, explained Andrew Temple, Senior Project Manager at Blackpool Teaching Hospitals.
This is where Claranet’s expertise was required. With over 20 years of experience in penetration testing, the team reviewed the solution to ensure it was designed and built with security in mind. Security controls, such as those enforcing Authentication and Authorisation checks, were comprehensively reviewed to ensure that only members of staff who were needed to access the system were able to.
The interim COVID-19 Digital Staff Passport has been instrumental in placing the right people in the right place, at the right time. Our role has been to ensure a secure rollout of the technology.
UK Security Director, Claranet
The results
Claranet ensured that all new and existing data was stored robustly and could not be shared between devices.
To further safeguard the process, Claranet ensured that anyone issuing credentials themselves had unique accounts and that two-factor authentication was used each time they logged on. In addition to testing the application itself, Claranet also ensured all back-end services were robust by subjecting them to rigorous penetration testing.
As the application is refined and further iterations are developed almost monthly, Claranet continues to be called upon to undertake further penetration tests.
“In many ways, Claranet provides the ‘Sec’ in our DevSecOps,” says Andrew. “Their penetration testing is dynamic, focusing on the new features, and therefore streamlining the development process.”
Claranet has worked flexibly throughout the project to accommodate the accelerated timeframes the project needed to work to. The team has worked weekends when necessary and ensured reports were sent back to the project within 24 hours so that each phase of the application development could go live in a timely manner.
“The interim COVID-19 Digital Staff Passport has been instrumental in placing the right people in the right place, at the right time,” added Dave Ashton, UK Security Director at Claranet. “Our role has been to ensure a secure rollout of the technology, and we are delighted to support the Blackpool Teaching Hospitals in their fantastic work.”