Secure patient information – across community borders
The municipalities of Lillehammer, Øyer, Gausdal and Ringebu are the first in the country to securely and efficiently share patient information across community borders. The result is a better and safer offer to residents, and now the solution is ready to be used by others.
In 2012 the coordination reform put Norwegian municipalities to the test. The reform would provide the right patient care in the right place at the right time, which imposed strict rules on each municipality. However, the four municipalities Lillehammer, Øyer, Gausdal and Ringebu were well prepared. As early as 2010, they began the Trust ICT project, which aimed to ensure a good flow of patient information across community borders.
Before the project was launched, each municipality had its own database and its own method of handling patient records. Putting together the four systems turned out to require a new regulation. When this came about by the end of 2012, the municipalities could establish and adopt a joint patient record. This was an important step towards ensuring the best possible treatment for local residents, regardless of whether they are hospitalised in the neighbouring municipality or if they are taken care of by a doctor in their local community.
Ikomm, an IT partner in the project, is owned by Lillehammer, Øyer and Gausdal municipalities. They were given the mandate to coordinate the journal systems into one common solution, while ensuring that the standard of information security was high and in accordance with the Norwegian Data Protection Authority’s standard, secure zone.
- Municipal employees now use smart cards to access necessary patient systems. When moving on to the next patient or task, they remove the card, which automatically logs out the workstation.
The solution
Confidentiality, integrity, and accessibility were the key words. The new solution needed to be easy to log in to, but at the same time ensure that information can’t be accessed by unauthorised people. It was also important to keep track of who has access to, registers, and retrieves specific information.
“It was here that Buypass came into the picture. We had to find a way to authenticate municipal employees securely into the journal system, and chose a solution that uses smart cards for both login and logout”, says Kjetil Nordbye, Ikomm’s Project Director.
Using standardised client equipment ensured a secure login. Previously, employees were able to borrow each other’s login details to read or update journals. This practice ended with an individual user ID. A smart card makes it easy to login, and makes sure a user is always logged out when leaving the terminal.
Implementation and cooperation
After much pioneering work from both Ikomm and Buypass, a solution was arrived at that satisfies the Norwegian Data Protection Authority’s standards for secure zone, which at the same time is efficient and user-friendly. Using thin clients combined with a high level of security means that each and every login faces several different technical systems, which caused challenges along the way, but also made the end product very secure and efficient.
“The solution was implemented in close dialogue with pilot users in the municipalities, and the feedback has been very positive throughout. Good interaction between Ikomm and Buypass delivered a very good end result, which is suitable for building similar solutions for other inter-municipality cooperations and in individual municipalities, says Nordbye.
Approximately 2,500 smart cards have been issued to employees in the municipalities. These are mainly healthcare workers, but also other staff services that have a need to access the solution, such as canteen workers who need to know allergy information.
The results
The result is a seamless and stable solution that helps the four municipalities provide the right patient care in the right place and at the right time. Employees have been given a secure, efficient solution that provides them with necessary information across community borders, which helps them to comply with strict information security requirements during a busy workday.
“Municipal staff now use smart cards to access necessary patient systems. As they move on to the next patient or task, they take the card with them, which triggers an automatic logout at the workstation. This provides good information security, but equally important is the good and efficient access to information. A user can retrieve the work from any workstation and continue the session where they left off. In this way workstations are released more often, and the user can quickly return to their tasks by inserting the smart card and entering a pin code. As a bonus, the project has helped to raise awareness of information security among employees, says Ikomm’s Nordbye.
The health industry is a critical service, making it particularly important that all users are identified in the system. In addition, the smart card works as a multifunction card and includes physical access control to doors, print management and mobile office access.
“In addition to increased security, the system has helped to make the municipality’s employees more flexible and more efficient. Time saved on administration in healthcare is welcome and it benefits patients”, says Steffen Pettersen, Ikomm’s Sales Director.
The way forward
The four municipalities Lillehammer, Øyer, Gausdal and Ringebu were in the early stages of addressing the need for inter-municipal cooperation on patient information, and not least the need for a stable and secure system for handling the journals. Legislation was amended as a result of this work, and several municipalities are now looking at the Lillehammer region for inspiration.
“We are ready to roll out this solution in other municipalities, or in other areas of healthcare. The model that Ikomm and Buypass have developed is particularly suitable for municipal cooperation and private health enterprises, and we hope that more people will benefit from this pioneering work in the Lillehammer region”, says Ikomm’s Pettersen.
In addition, the solution will be relevant for other environments concerned with information security, such as suppliers to the healthcare industry and other businesses that manage sensitive personal data. In the Lillehammer region they are now ready for phase two: to lift the existing solution onto mobile platforms. This will among other things benefit home care services in the four municipalities.
“The solution we have developed with Ikomm is a good choice for anyone who manages sensitive personal information, and the concept can be tailored to suit most needs. We now hope that the rest of Norway’s healthcare services will be inspired by the Lillehammer region, and work to offer its residents similarly good services”, Says Pål Müller, Buypass Sales Director.