University Hospitals of Leicester NHS Trust

Data Integration helps the University Hospitals of Leicester NHS Trust save more than £30k per annum and increase remote access security by deploying an SSL VPN.

University Hospitals of Leicester NHS Trust (UHL) is one of the largest and busiest teaching trusts in England, employing over 12,000 staff and providing services to nearly a million people across Leicester, Leicestershire and Rutland and beyond.

The Trust was given an 'Excellent' rating for the quality of its services and 'Good' for its use of resources by the Healthcare Commission in the 2005/06 Annual Health Check.

Frontline NHS staff are key to delivering high standards of patient care, but they often work long and unsociable hours in a stressful environment. One way that IT can make life a bit easier for employees is by offering flexible and home working facilities for staff. Surveys have shown that giving employees the option to work from home improves employee satisfaction, increases productivity and can improve staff retention rates.

As home working has become more commonplace, and the government has launched initiatives to encourage employers to offer flexible working, employees have come to expect this as a right. Meanwhile, organisations seek to become more agile and look for ways to enable collaborative working with suppliers, partners and other third parties.

The Challenge

UHL's IT team saw the operational costs of supporting remote access escalate as more departments and staff requested remote access facilities. UHL's remote access was delivered through a combination of legacy dial-up systems and an IPsec VPN provided via N3. However, both services required support of remote users on Trust laptops and required client software to be installed on each remote user's machine. Furthermore, dial-up calls were costing the Trust in excess of £30K per annum for a system that only allowed 8 concurrent users.

David Rose, IM&T Technical Architect for UHL, set about finding a modern remote access solution that would be more cost efficient and meet the changing needs of the Trust into the future.

"In the current NHS climate, reducing revenue expenditure is extremely important; we simply couldn't afford to carry on with the spiraling costs of our old remote access arrangements. We also need to be more flexible in the way we offer remote access. It's no longer just Trust staff that need access, but contractors, suppliers and students. We need to able to give them access to selected resources, securely, with minimal set up and support," explains David.

The Approach

David knew that an SSL VPN remote access solution would solve many of his issues. In contrast to IPSec VPNs, SSL VPNs do not require software to be installed on each remote users machine so you do not need to issue each user with a laptop. They also enable the administrator to set different access policies to control different user groups (e.g. staff versus contractors) based on who the user is, what their connection medium is and what machine they are using. The user interface is presented as a web page so it is very intuitive to use which reduces the burden of remote access support calls for the IT helpdesk.

"I approached Data Integration following a recommendation from a colleague who was impressed with their reputation, we had also heard of DI because theyre a PASA framework supplier," says David.

The Solution

Data Integration proposed a solution based on Juniper Networks SA 4000 and UHL short listed two other suppliers. Following a formal competitive tender process UHL selected Data Integration because their proposal offered the best value for money, security of access and future-proofing. Resilience was also a key factor as UHL plans eventually to deploy multiple, load balanced, points of presence.

"During the selection process DI took us to see another Hospital Trust where they had deployed a similar solution, which gave me confidence that DIs proposal would deliver everything we wanted. They really listened to our requirement and gave me all the information I needed to make the decision," continues David.

Data Integration designed and installed the solution which comprised two Juniper SA4000s in a High Availability pair, Swivel PINsafe SMS token-less two factor authentication, Fortinet Fortigate EAL4 approved firewall and Symantec Sygate On Demand Protection (SODP).

Working together

Data Integration worked closely with UHLs IT team to specify how the solution would integrate with UHL's existing Microsoft Active Directory and Citrix systems. DI helped UHL to define the security and access policies for the different user groups which included configuring separate login pages and authentication methods for UHL Trust users and contractors.

Two factor authentication is a requirement for NHS remote access security, but UHL did not want to be burdened with the cost and distributing hardware tokens, so UHL use an SMS based system as a simple and cost-effective alternative. Trust users are required to supply an Active Directory username and password as well as a PIN and token code which is sent to the user's registered mobile phone.

Flexible, secure, user-friendly

UHL launched the solution to a test group of six users but soon decided to migrate all their dial-up users onto the new system. The Trusts staff have found the system easy to use and are accessing MS Office, email and some clinical applications from home. The new system helps the IT department too because suppliers of clinical applications whose support agents are based in the USA and Australia can use the SSL VPN to provide support to UHL.

The Future

With staff and supplier remote access successfully up and running, David is looking at what he will do next. The Trust is a University Hospital, so clinical staff that also work for the University are his primary concern, but the Juniper SSL VPN will enable him to give academics secure access to selected Trust resources. He is also looking at using the system to provide access for Social Services and parts of the Trust without LAN connectivity, such as the crèche. Yet another option would see doctors and nurses equipped with 3G cards in their laptops so that they can connect back to the Trust via the SSL VPN when they have to visit patients at home.

The new system gives the Trust a great deal of flexibility to take advantage of new ways of working and improve information sharing between itself and its partners.

David concludes by summarising the benefits solution: "The main benefit has been reduced costs at a time when the Trust is trying to reduce revenue expenditure. The other big benefit has been better security; our conventional RAS solution was inherently insecure. Remote users were not getting anti-virus updates and sensitive documents were being downloaded onto laptop hard disks so, for security reasons, we were unwilling to allow users to use their own personal computers. With the new solution we can control access in a much more granular way, even on home and contractor PCs. We've saved money by eliminating dial-up calls, reducing support calls to our helpdesk and because we no longer need to issue a UHL laptop to everyone that wants to work remotely. Staff are happy because they have the flexibility to work from home and I'm happy because the solution is easy to support."

Download the University Hospitals of Leicester NHS Trust Case Study