Call for national standards on remote access

Tags: CfH EMIS GP GPs PCT Remote access Solution

22 Aug 2006

GPs are calling for national standards on remote access to practice computer systems because of concerns that present methods could potentially put patient data at risk.

Dr Paul Bromley, a GP in Leek, Staffordshire, and colleagues from the EMIS National User Group are unhappy that the current arrangements delegate decision-making to primary care trusts (PCTs) and argue that definitive national guidance is needed.

Dr Bromley, who has developed a special interest in remote access over the last few years, says that for several years he used the solution offered by Cable and Wireless, and latterly BT, which secured the connection between the remote computer and NHSnet.

He told EHI Primary Care: “It was only later, after somebody pointed it out to me, that I realised the virtual private network tunnel only went as far as the NHSnet connection, not all the way to our practice server and so could be intercepted form within NHSnet.”

Since then Dr Bromley has started using a piece of software called SSH to secure the final leg of the journey which he believes is secure but argues that definitive guidance is necessary. Other practices have started to use software called LogMeIn, a US-based system, which allows remote access to computers.

Dr Bromley said: “There has been a lot of discussion about this on the EMIS server and again although this works very well it has been pointed out to me that it goes via a third party sever and also that someone could potentially put spyware on the remote computer that could capture your passwords and so on.”

The issue of remote access was the responsibility of the NHS Information Authority. Since its demise, however, this has been delegated to PCTs. GPs say they are concerned that no-one at PCT level will have sufficient expertise in remote access security.

Dr Bromley added: “We feel that this needs to be taken up nationally so that we get a solution which has a national stamp of approval on it. It’s crazy really that people are passing the buck on something like this that’s so critical.”

He said he had contacted Dr Gillian Braunold, CfH national GP clinical lead, who had promised to take it up within the agency. He said he was also considering setting up an e-petition to garner support for the issue.

Reader's Comments

Here's another "I told you so"

22 Aug 06 20:08

It was only a matter of time before the absence of guidance relating to end-site security issues made the headlines. I'm only surprised it has taken so long to appear. Long before the CFH Information Governance team decided to focus their attention on the security of the NHS Data Spine and Core applications and leave the wider NHS largely to it's own devices, those in the know commented to anyone who would listen - including E-Health Insider - that the security of confidential data on the NHS's private data network would be at greater risk than it had been before the closure of the NHSnet Security Team. The policies, advice & guidance contained in the NHS Security Operating Procedures ensured that all types of connectivity was managed in a consistent and effective manner, protecting sensitive data and giving NHS organisations confidence that the allowed solutions were tried, tested and safe. Logmein, GoToMyPC and a wide range of other 3rd party remote access tools were specifically blocked due to the security threats they represent. It's a shame that it will take a major incident to bring Network Security back on the agenda.

Very interesting

sifl6000@yahoo.com

22 Aug 06 20:08

very interesting article. As someone who has used remote access software and had great success with it (actually I used Logmein, the software specified in the article), I can certainly attest to its convenience. Logmein itself is a perfectly secure programme, but I could see how more home-grown options may not be; some standardisation within the industry is absolutely necessary. Sounds to me like an enterprising remote access company should step up and take charge here!

The problem is lack of central guidance..

mary.hawking@nhs.net

22 Aug 06 21:08

I have been in on this discussion on emis-list - an open list where a lot of very knowledgable people discuss topics of interest and not limited to either EMIS users or NUG members. The problem being discussed was the need - for all systems - for remote acces to the practice system, both for working from home and for providing care for patients at the point of care when this was not in the practice premises (home visits, nursing homes etc). When the NHSIA was operational, life was comparatively simple: there was an individual there who could - and did - give authoratative advice on what was ecure and what was not - and give *official* support for acceptable solutions. Since NHSIA has been abolished, the responsibility has been delegated to individual PCTs (post code lottery for remote access? ;->>>) , and after an erudite discussion of the details - advantages and disadvantages - of some solutions, the conclusion - which I thoroughly support - was that what was really needed was a *central* authoity which could examain difefrent solutions and certify that the solution proposed by the practice (or other organisation with a business need for remote access) satisfied the security needs of the NHS.

A major concern is that the contributers to the discussion were fully aware of the security implications of remote access: does this apply to all GPs and other organisations?

Guidance or chaos

phil.griffin@nhs.net

23 Aug 06 09:08

2 of the comments above illustrate the problem - one says LogmeIn is safe, the other says it isn't. My problem as a PCT IT Lead and Caldicott Guardian is I have no way of knowing which is correct and cannot therefore in all conscience make recommendations to the PCT.

GPs all over the place want to use LogMeIn and I suspect many already are. I am very confident the logon procedure for LogMeIn can be made totally secure using their optional security features. What I have absolutely no way of knowing is whether or not the link once established is impervious to prying eyes.

hat goes through the LogMeIn gateway? What can they see if they want to? Is it a pure peer-to-peer SSL connection or not? How safe is it to have several PCs with the LogMeIn agent active and connected to LogMeIn servers in the US?

All we need is an expert opinion to say yes or no to this and the fog will lift. Until we get that people will do their own thing and that's when the problems will arise. We only need one significant leak of confidential medical information and the shutters will come down big time. At the moment we are living in a dangerous void.

It is a call to sell expensive Kit. better secure the data.

gerard@careprovider.com

23 Aug 06 11:08

We may need principles and guidance, but not prescriptive and expensive proprietry solutions which were all the NHSIA allowed in the last era.

I have a linux/zebedee solution which seems to satisfy the guidance I have seen to date. Logmein type software struck me a limited and also keeps alive a connection to the internet. Apollo use logmein on a temporary basis to connect to GP surgery systems.

N3 was to be a totally secure intranet. That stiill allows for abuse within it, and holes will appear, including rogue proxy server connections from the outside in. Better to secure the data, and demand user authentication using our cards, rather than blocking all external connections and being too prescriptive on types of VPN solutions.

To be fair to N3 - a rare opportunity

23 Aug 06 13:08

It is not often I feel the need to defend N3, quite the reverse, I work for a Health Informatics Service and have had plenty of opportunity to critisise N3, but gerard@careprovider.com is wrong when he says that "N3 was to be a totally secure intranet." The idea that NHSNet was secure was a myth wich was exposed by some of the virus outbreaks which were propogated over it. It was made clear from an early stage that security over N3 was to be the responsibility of the application which was running over the network and that the network itself should be treated as insecure. The TPP system is encrypted end to end and therefore any remote access will be secure. If EMIS or any other supplier are pushing solutions which use N3 it is clearly their responsibility to ensure that the solution is secure. GPs insist, rightly, that they have significan responsibilities as the data owner when discussing information sharing on the spine. I do not feel they can then blame someone else if they then use access methods which are insecure or breach IG rules such as routing data flows through US servers. It is surely the role of the Caldicott Guardian in each practice to assure themselves that any access mechanism is secure before allowing the staff in the practice to use it.

secondary

ian.bailey@bromleyhospitals.nhs.uk

23 Aug 06 14:08

and how long I have been suggesting secondary care access (in and out) needs to be standardised.

I don't miss the NHSIA

24 Aug 06 09:08

Did anyone ever get any useful advice from the NHSIA? My request for advice and my invitation to visit the trust I worked for to discuss some security issues was met with the response that the security team did not speak directly to trusts.

There is another solution coming

roz.foad@stalbansharp-pct.nhs.uk

24 Aug 06 09:08

In October, BT is due to release its own CfH approved end to end encryption for remote access. This might be the answer, it might be too expensive or not fit for purpose, but it does put light on the horizon. however becasue of this I don't think CfH will rush to approve any other solution. GPs might have to buy their own private investigation and approval from a security firm if they want a thorough check on LogMeIn or other solutions.

Re: To be fair to N3 - a rare opportunity

phil.griffin@nhs.net

24 Aug 06 09:08

Caldicott Guardians are identified out of existing staff, are largely untrained to any meaningful degree, and are not necessarily technical. You highlight the very heart of this debate - as a Caldicott Guardian I do not have the knowledge, skills or training to assess the technical security of a remote connection. I therefore need some guidance. I suspect most Caldicott Guardians are in this position. As I currently have no way of finding out whether or not a particular remote connection method is secure, I cannot recommend my practice or PCT uses it - not because it's unsafe, but because there is no expert opinion I can call on to find out. This is true across all PCTs and Practices I suspect, hence the call for a national steer. we need it, and we need it NOW.

To be fair to EMIS, they are not pushing a solution

geoff.schrecker@gmail.com

24 Aug 06 10:08

The anonymous comment suggests EMIS are pushing these solutions. I fear the contributor has misunderstood. None of these remote access solutions are made available through EMIS. I was not aware that TPP made available a remote access solution either, if so I would be interested to see what it is. The issue is NOT hosted systems where the connection is encrypted and secure end to end. It is that most GPs have historically worked from home in addition to the time spent in surgery, they also see patients in residential and nursing home away from their surgery base. Many have used remote access solutions to gain full access to the medical record, until recently there was an NHSIA approved secure token system for this. This (I understand) is no longer available and no-one is taking responsibility for checking the securty of or authorising alternatives. This leaves us either having to treat these patients without full records access, or having to find our own remote access solutions when we are neither trained nor qualified to make an adequate assessment of the security of these solutions.

(CoI I am an EMIS GV user.)

Terminal Services

25 Aug 06 16:08

Why not just use the N3SP Remote Access VPN solution to connect into N3, then connect to a Windows 2003 Server onsite using the built in security of Terminal Services - It's fairly cheap to setup and is used in loads of places?

Remote Access

Huseyin.Rezvan@southwarkpct.nhs.uk

29 Aug 06 23:08

I have researched this for three years and have two pilots running from BT and MillBeck Communications.

Both solutions use the Broadband Secure ID Token and you log into N3 NHSNET, The BT solution is £90per year and Millbeck Communications £500per year.

Once on N3 I have set the GP's to use Remote Desktop Connection(Windows Free Software) to log onto their appropriate system in their Practices with their IP Addresses. With the exception of One GP who is using PC Anywhere.

As to date i have found this method very succesful and the GP's are enjoying using this. Also no known issues/problems have been found to date.

I am also using this method to allow access for certain PCT staff from home into NWW sites and Groupwise Access.