NHS Digital has said it is taking a number of steps aimed at simplifying the use and improving the security of NHSmail.
Dan Jeffery, head of innovation, delivery and business operations at NHS Digital, has outlined the moves in a blogpost, saying it is part of the organisation’s effort to strengthen data security around the secure email service without “reinventing the wheel”.
He said the first step is the development of a Joiners, Movers, Leavers product to integrate NHSmail, the Electronic Staff Record and local directory services. This will automate the movement of accounts between organisations using NHSmail, with the synchronisation of attributes and the commissioning and decommissioning of local identities in the active directories.
When fully implemented, it is expected to save around 40,000 hours and millions of pounds per year.
Second is the creation of a password synchronisation micro-service to align passwords used in the NHS Directory and local active directories. This is expected to improve cyber security by reducing the number of passwords users need to manage, reducing the temptation to store them in an insecure way.
Thirdly, NHS Digital plans to run behavioural and transactional analysis to identify patterns in user behaviour and digital transactions to spot anomalous events. This could be if a user attempts to authenticate a service at an odd time or from an unusual location and could lead to the authorisation being blocked.
The measures come on top of the continued filtering and monitoring of spam and malicious activity across the NHSmail gateway. This leads to the stopping of about 500 million malicious events every three months.
Jefferey commented: “Our work with NHSmail over the past year is an example of how we can improve the security, identity verification and user experience of one of the NHS’s key communications tools without ripping up the foundations and causing disruption to users.”
Image from psd.scot.nhs.uk, Open Government Licence