IGEL Secure Endpoint OS
for Now and Next
IGEL is a transformative secure endpoint OS designed for SaaS, DaaS, VDI and secure browser environments. IGEL significantly reduces endpoint TCO and your endpoint attack surface.
Gloucestershire Hospitals NHS Foundation Trust
Gloucestershire Hospitals NHS Foundation Trust dramatically reduces login time for clinicians with Follow Me Desktop improving security, while also supporting ePMA compliance
Small wins matter. From our SEDIT report we know that if we can reduce our IT burden by 1 minute per patient across our Emergency Departments, we will release 310 x 8hr shifts per year.Dr. Thomas MitchellEmergency Department Consultant, ED IT and EPR Lead, Clinical Medical Information Officer, Gloucester Hospitals NHS Foundation Trust
SUMMARY
THE CUSTOMER
- Gloucestershire Hospitals NHS Foundation Trust provides acute hospital services from two large district general hospitals, Cheltenham General Hospital (CGH) and Gloucestershire Royal Hospital (GRH). Maternity Services are also provided at Stroud Maternity Hospital. Outpatient clinics and some surgery services are provided by Trust staff from community hospitals throughout Gloucestershire. The Trust also provides services at the satellite oncology centre in Hereford County hospital. The Trust has over 900 beds and around 8,500 employees.
THE PARTNER
- Imprivata is the digital identity company for mission- and life-critical industries, redefining how organisations solve complex workflow, security, and compliance challenges with solutions that protect critical data and applications without workflow disruption. Its platform of interoperable identity, authentication, and access management solutions enables organisations in over 45 countries to fully manage and secure all enterprise and third-party digital identities by establishing trust between people, technology, and information.
THE CHALLENGE
- Enhance the access to the critical systems needed by clinicians as part of their workflows by simplifying login steps and reducing the time to log on which could be as much as 30 minutes
- Reduce the risk of ransomware
- Improve the acceptance and adoption among clinical users of the new EPR
- Reduce the IT administration and management burden and improve the ROI on investments in technology
THE SOLUTION
- ‘Follow Me Desktop’ (badge tap for roaming clinicians) provided by Altera SCM, Citrix, IGEL and Imprivata Enterprise Access Management (formerly OneSign and Confirm ID) with multi-factor authentication
- Imprivata for electronic Prescribing and Medicines Administration
- IGEL Endpoint OS for endpoint security
THE RESULTS
- Log on time greatly reduced for clinicians enabling more time for patient care
- Improved data and systems security via the combination of Imprivata and IGEL features
- Time and resource savings for IT as it is much easier to support the Imprivata/IGEL/Citrix stack from a central point
The Challenge – Complex and lengthy logins for clinicians at the point of care
Gloucestershire Hospitals NHS Foundation Trust is on a journey to expand the use of electronic patient records throughout the organisation. In 2020 Sunrise EPR was implemented for nursing documentation. The next step was to bring EPR into the Emergency Departments (ED). In the emergency department, staff needed to log on to multiple devices to access information and enter updates before returning to focus on patient care. This resulted in repeated automatic timeouts from clinical systems and the need to log in on a continual basis.
ED clinicians faced long login times and needed several user IDs and passwords to access all the different systems they needed. Login processes were also exacerbated by the requirement for system and security updates to be applied automatically as clinicians tried to log on, resulting in a worst case scenario of 30 minutes to access systems. Machines would often be left logged in and other users would start working on them resulting in security, safety and audit issues.
Given the complexity of the security stack, supporting users and maintaining an up-to-date secure systems environment was very onerous for the IT team and costly for the organisation. Up to 15,000 PCs across the Trust needed individual Windows updates and security patches applied four times a month. In addition, clinicians would often call for support to help reset user IDs and passwords.
“The combination of IGEL/Imprivata/Citrix creates an environment that significantly simplifies systems management. Centralised management and reporting requires fewer human resources. A single person can deploy updates to all devices centrally and respond to reports and statistics without relying on third-party applications or word-of-mouth feedback from end users.”
Matt Thompson – Digital Solutions Lead at Gloucester Hospitals NHS Foundation Trust
The Solution: a tailored clinical desktop that provides fast access to patient information
Gloucestershire Hospitals started a project to assess the benefits of creating a clinical desktop to access the Citrix-based EPR, removing personal desktop elements such as email and word processing which were not needed as part of clinical workflows. The Trust evaluated thin client/endpoint technologies and chose IGEL to reduce the need for expensive PCs, Windows user licences and the imperative to apply system and security updates device by device.
The IT team built the clinical desktop using the combination of Citrix and IGEL, with an Imprivata layer to provide single sign on (SSO) and multi-factor authentication (MFA). The Trust has labelled the combined solution the ‘Follow Me Desktop’ which provides ‘tap and go’ access for clinicians as they participate in clinical workflows. At the start of a shift the clinician’s initial logon requires a proximity card and PIN combination. This creates a virtual desktop session where any subsequent access to this session, within 2 hours of the initial logon, requires just a badge tap on any similarly configured device across both hospitals. This configuration gives clinicians the benefits of fast access to patient information, even while moving between departments or hospitals, as well as providing strong security and enabling the IT department to manage user licences more cost effectively.
Due to the nature of workflows within the ED, each machine has been programmed with a 90 seconds ‘fade to lockout’ to maintain security and auditability. This period will be varied as the solution is rolled out to different parts of the organisation such as outpatient departments where workflows see longer periods spent face-to-face with patients.
IGEL’s Preventative Security Model™, which is built on Zero Trust architecture, played an important role in helping the Trust to secure its endpoints. The read-only operating system is designed to prevent malware and ransomware attacks. As no data is stored locally and access is blocked to external drives, IGEL also helps to prevent data exfiltration.
“IGEL OS offers an ideal clinical desktop solution for our high-risk environment. Not only is it less vulnerable to cyberattacks, but it also eliminates the headaches of monthly patching we are required do to with our Windows PCs. Each endpoint with IGEL OS is one less endpoint I have to worry about.
” Fraser Frizelle – Head of IT at Gloucester Hospitals NHS Foundation Trust
The Results: time saved for clinicians has streamlined adoption of new EPR
The simplification and speed of access to the systems used in clinical workflows resulted in a “fantastic” response from clinicians who have seen a greatly improved user experience. This has also enhanced the acceptance and adoption of the Sunrise EPR.
As a result the Trust has now rolled out the ‘Follow Me Desktop’ solution across both its hospitals and its maternity unit. To date this includes 45 inpatient wards and 22 operating theatres. The success of the project has resulted in the solution being extended so that the desktop has been updated to include further clinical applications including electronic prescriptions and medicines administration (EPMA).
The flexibility of the Citrix/IGEL/Imprivata elements means that varied configurations have been adopted to address differing needs through the organisation such as in specialised environments.
Third party devices used in more demanding areas, such as the Cybernet medical PCs in the operating theatres, and Dell Toughbooks used in pharmacy rooms (typically cramped conditions with spills likely), are running the IGEL OS, with Windows removed for more robust security. With Imprivata embedded into IGEL OS these devices work in the same way as the regular IGEL hardware, giving clinicians the same user experience of fast access to clinical systems and data. On the wards, IGEL is used for all tracking boards which are continuously logged in and so do not need Imprivata’s tap and go capabilities.
The adoption of the solution has meant that IT management and administration burdens have been greatly reduced. The number of support calls is significantly lower, facilitated by the common look and feel across systems and Imprivata’s self-service password reset capability. Software installs and updates are now all completed centrally and remotely pushed out to the 1,400 IGEL devices throughout the organisation.
The Future:
The next step in the plan is for the Trust to implement a fully integrated EPR across additional areas in the organisation. Outpatient departments are starting to use IGEL OS and Imprivata to access the EPR for documentation and to place blood orders. The aim is for each clinician to be able move throughout the Trust’s estate tapping in and out of devices as needed facilitated by the ‘Follow Me Desktop’ solution enabled by the flexible combination of Imprivata/Citrix/IGEL.
