back to article This is also a system for GPs, right? UK doctors seek clarity over Health dept's £40m single sign-on funding

UK doctors' union the British Medical Association (BMA) is seeking clarification on how GPs will access the £40m funding for single sign-on to health systems recently promised by health and social care secretary Matt Hancock. When it trumpeted about the project at the beginning of January, the Health Department said the plan …

  1. Anonymous Coward
    Anonymous Coward

    The GPs systems are outsourced and in some if not most cases are separately funded by the health boards. Therefore the funding being directed at the GPs for single sign on possibly isn't needed. It would be needed to fund the IT suppliers and integrators as a carrot followed with a stick that if their systems don't allow SSO by X date they get penalties - and sufficient controls to ensure no-one boards the gravy train.

    There are few(none?) doctor's who would understand ICT to any sufficient level to know how to even start getting SSO working on their systems and they won't have a dedicated IT person in their practice.

    1. Skoorb

      "health boards"?

      Someone's in Wales (the only place that has an NHS and still has health boards).

      This announcement is only related to NHS England - health is a devolved matter.

      1. Intractable Potsherd Silver badge

        Scotland has health boards also.

    2. Warm Braw Silver badge

      There seem to be endless boundary complications. In my locality, a lot of GP patients will be seen in hospitals belonging to a different trust, particularly A&E walk-ins. Although GPs (here) routinely have access to hospital records within their own trust, they have to request results for their patients from out-of-trust hospitals. I'm not sure what steps a hospital receiving a request for information actually takes to ensure that it's not only coming from a genuine GP, but from a GP with whom the patient is actually registered. I'm not sure that's a test that can easily be automated, but it needs to be done.

      1. ibmalone Silver badge

        The hospital should have your GP on record (either through your referral or one of the questions they ask when you turn up to an A&E or walk-in centre), though I have no idea how they know when you change. Possibly the summary care record https://digital.nhs.uk/services/summary-care-records-scr carries the information (provided GPs update it).

        Fun bonus fact, the only time I've ever had to use my EHIC is visiting A&E in Northern Ireland, as the hospital wasn't able to find my English GP on their system.

  2. john.jones.name
    WTF?

    WTF are they doing ?

    basically all the vendors should either be given a carrot (money) or stick (fined/no procurement) to have all the app's all use the same SSO

    Maybe they should look at what the JISC built for all the Uni's in England : https://openathens.org/single-sign-on/

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF are they doing ?

      Also see Shibboleth, Govroam, eduroam, and a load more 'work together you muppets it saves money' systems that make life a whole lot simpler.

      Seriously why isn't there a JISC for the NHS?

      1. Anonymous Coward
        Anonymous Coward

        Re: WTF are they doing ?

        The Athens software that JISC funded became privately owned way back. The NHS have been using it (probably only in a limited number of places, mainly in hospitals I'd imagine) so presumably have found it of limited benefit, or it's been implemented really badly.

        I think OpenAthens became the brand that interoperated with SAML2 when Jisc mandated Shibboleth to replace Athens in all UK universities and the UK Access Management Federation was formed (who stayed behind the scenes which is why users never heard of them!).

        I now see that OpenAthens merged with Jisc in 2019. Wonder where that leaves the UKAMF...

        In short, they should be looking at Shibboleth in the UK Access Management Federation as it would hook straight into eduGAIN, eduroam across Europe, and could hook into other federations as they become available...

        1. Evil_Goblin

          Re: WTF are they doing ?

          I never actually managed to get eduroam to work at anywhere other than my "home" university back in the early noughties - has it improved?

          1. Is It Me Bronze badge

            Re: WTF are they doing ?

            I have managed to get connected to Portsmouth Uni's (not my employer) EduRoam with out noticing when at the ferry terminal, and only have a couple of visitors to my employer mention issues when connecting so I believe it must.

          2. ibmalone Silver badge

            Re: WTF are they doing ?

            Seems to work everywhere in Europe now, have unexpectedly found it provided in Arlanda airport (at the time I got better signal there than in our office, happily now improved). Apparently it's quite involved behind the scenes getting the authentication to work.

          3. monty75

            Re: WTF are they doing ?

            My phone and laptop have automatically connected themselves to Eduroam networks at other unis all over the U.K. and also in Germany. It’s not always welcome as the phone sometimes decides to stop using 4G when it can see a weak Eduroam hotspot at some educational establishment or another a mile or so away.

          4. Phil W

            Re: WTF are they doing ?

            Your success at signing into eduroam at other institutions or organisations comes to down to whether your home organisation has their RADIUS set up properly for external logins and if they've configured things correctly with JISC. Getting signing working at your home organisation is pretty simple getting it working elsewhere a little less so.

          5. anothercynic Silver badge

            Re: WTF are they doing ?

            Where can you eduroam? Here, and here, and here, here and here.

      2. Anonymous Coward
        Anonymous Coward

        Re: WTF are they doing ?

        Shibboleth sounds like something HP Lovecraft would make up!

  3. A-nonCoward

    what is a GP?

    Grand Potatoe? General Public?

    1. Loyal Commenter Silver badge

      Re: what is a GP?

      I'm assuming you're outside the UK.

      A GP is a General Practitioner, basically a NHS "family doctor", and the person you go to for non-emergency treatment, if you can find an available 10 minute appointment in the timescale before your ailment solves itself - they're usually all booked up weeks or months in advance, a fair signifier of the Conservative government's attitude towards health funding.

      1. Irongut

        Re: what is a GP?

        > if you can find an available 10 minute appointment in the timescale before your ailment solves itself - they're usually all booked up weeks or months in advance

        In England (and maybe Wales). In Scotland its possible to get an appointment within a few days. My partner can even manage to get same day appointments if she phones at 9am and when those aren't available the GP will phone her back later that day to decide if she needs an appointment or just a prescription.

        You really should try voting in politicians who will fund the NHS instead of the Tories.

        1. Cederic Silver badge

          Re: what is a GP?

          My GP has a two to three week waiting time for an appointment, unless you need an "urgent" one, in which case there are a tiny number that are booked for the same day.

          Last time I rang I accidentally called during the "urgent" booking period, but well after they usually run out. The lady told me I was in luck as she'd just had a cancellation and would I like to come in at 3pm?

          I said no. It was an issue I'd had for around four years, so I told her to keep that same day appointment for someone that needed it and booked one for three weeks later.

          It's a painful system, but it's better than everybody waiting weeks.

          1. Anonymous Coward
            Anonymous Coward

            Re: what is a GP?

            It seems you're lucky as most people I've spoken too are like me, you have to wait three weeks and there's almost zero chance of getting an emergency appointment.

            1. BrownishMonstr Bronze badge

              Re: what is a GP?

              You should probably move to a more crap GP, they tend to be more free (time-wise).

        2. H in The Hague Silver badge

          Re: what is a GP?

          "In England (and maybe Wales). In Scotland its possible to get an appointment within a few days."

          Same here in NL, usually you can get an appointment the next day (in my, fortunately limited, experience). GPs also independent here, often just one + an assistant per practice.

        3. iainw

          Re: what is a GP?

          The funding model for the NHS has been broken for decades and it needs to be replaced with something which fits the reality of today. There is NOTHING party political about this - and if you think electing a different flavour of politicians will make a difference you are deluded.

          What is required is for the Great British Public to wake up to this fact and give the political parties the leeway to form a cross party consensus on NHS funding reform. But the Great British Voter is more concerned with casting a vote which favours their wallet.

        4. Mad Dave

          Re: what is a GP?

          >In Scotland its possible to get an appointment within a few days

          Not in North Glasgow it's not. My own experience:

          >Hello, can I have an appointment please?

          >I'm afraid there's none left

          >Can you put me on the waiting list please?

          >We only run a waiting list for 4 weeks, and it's full.

          >So there is no way for me to get an appointment?

          >Try calling tomorrow.

          Repeat x forever.

      2. RichardB

        Re: what is a GP?

        Not new under conservatives...

      3. Kubla Cant Silver badge

        Re: what is a GP?

        they're usually all booked up weeks or months in advance

        I can usually get an appointment with my GP in England within 24 hours, though I usually make a point of telling them that it's not an urgent problem. I guess I'm lucky to be registered with a well-run village practice.

        By way of contrast, a friend who couldn't get an appointment with her GP went to an NHS Walk-in Centre. They told her she seemed to be in serious need of treatment, but she would have to come back at 6 o'clock. When she did so, she was told that there were no available consultations (but they agreed that she seemed to be in serious need of treatment).

        So much for the on-demand Walk-in Centre. She ended up in A&E.

        1. Anonymous Coward
          Anonymous Coward

          Re: what is a GP?

          "I can usually get an appointment with my GP in England within 24 hours, though I usually make a point of telling them that it's not an urgent problem. I guess I'm lucky to be registered with a well-run village practice."

          It depends on where you are in the country. If I phone up and ask for a routine appointment with a named practitioner, it will either be in 5-6 weeks time, or I'll be told they only run 6 weeks in advance, there's none available, and to call back later (unless you're lucky and there's a cancellation). If it's an urgent problem, I can phone between 08:00 and 08:30, and get told to attend a sit-and-wait clinic that morning (assuming I can get through - the call queuing system can only handle 10 callers in the queue). Otherwise, the best way of interacting with them is to do an electronic consultation, which gets triaged the next morning, and either results in being (a) told to come in that day, (b) the GP phoning you at some point in the next day or so, or (c) having a routine appointment booked in the next few weeks.

          In short, the surgery is over-loaded. There's 8 GPs there, who have (due to surgery closures) around 28,000 patients between them (IIRC).

          1. H in The Hague Silver badge

            Re: what is a GP?

            "In short, the surgery is over-loaded. There's 8 GPs there, who have (due to surgery closures) around 28,000 patients between them"

            Yikes. That's around 3500 patients per GP. Here in NL it's just under 2000 per GP.

            Source: https://www.zorgprismapubliek.nl/producten/huisartsenzorg/huisartsenzorg/

            When I have time I'll try and compare health spending per capita in the two countries.

            1. Anonymous Coward
              Anonymous Coward

              Re: what is a GP?

              "Yikes. That's around 3500 patients per GP. Here in NL it's just under 2000 per GP."

              The average patients per GP in the UK was 1734 across England but reached a high of more than 3000 patients per GP in some locations. The cause is typically changes in available GP's and is addressed reasonably quickly (within 12 months by either incentives or natural relocation). Source

              1. H in The Hague Silver badge

                Re: what is a GP?

                "The average patients per GP in the UK was 1734 across England but reached a high of more than 3000 patients per GP in some locations."

                Thanks, AC.

                I'm currently in West Sussex and yesterday I had a chat with a GP at a party. She mentioned that in her area it could also take several weeks to get an appointment. (In NL that usually only takes a day, or perhaps two, at least in my experience.) She then continued by telling me that their average was 2000 patients/GP, so the same as in NL. Which begs the question why two primary healthcare systems with a similar patient/GP ratio, with similar appointment lengths (10 -12 minutes), in neighbouring countries result in such different waiting times. (Or perhaps I'm just lucky to live in a neighbourhood where folk rarely feel the need to see their GP.)

      4. jelabarre59 Silver badge

        Re: what is a GP?

        A GP is a General Practitioner, basically a NHS "family doctor", and the person you go to for non-emergency treatment,

        I've seen the term "GP" used in the US as well, althpugh more often known as a PCP (Primary Care Physician).

        if you can find an available 10 minute appointment in the timescale before your ailment solves itself - they're usually all booked up weeks or months in advance, a fair signifier of the Conservative government's attitude towards health funding.

        With the atrocity that is "ObamaCare" (officially the "Affordable" Care Act, named in the usual ironic fashion where the name is completely opposite to it's function) we are fast headed that way too. Especially as subsequent congresscritters put their ham-fisted hands on it and fubar it even further.

        1. BritAbroadAgain

          Re: what is a GP?

          It’s a common misconception that the Affordable Care Act has anything to do with the quality of care available or appointment availability.

          It’s all about paying for the care which it helps with by providing subsidies based on income, essentially means testing.

      5. ICL1900-G3

        Re: what is a GP?

        I see six conservative voters are in denial.

    2. Anonymous Coward
      Anonymous Coward

      Re: what is a GP?

      General Practitioners are the medical profession's equivalent of ICT's 1st line support team.

      - You struggle to get through to them.

      - They'll attempt a first time fix, but you know it's likely you'll have to contact them again about the same issue. Repeatedly.

      - They are the guardians of access to the specialists who can actually fix your issue, and guard that access like Sir Ian McKellen on a very narrow walkway.

      One curious difference between the medical profession and ICT is that the specialist clinician is often paid considerably less than the GP. Go figure...

  4. Anonymous Coward
    Anonymous Coward

    programme

    Apparently the govmint doesn't know how to spell PROGRAM

    1. Will Godfrey Silver badge
      Coat

      Re: programme

      But what ongoing government department's programme, would require knowledge about computer programs

    2. Iad Uroboros's Nemesis

      Re: programme

      In the U.K., it is spelt as Programme. In the US (which came after the UK), they spell it Program.

      The U.K. govt and public sector are quite sensitive to lazy, non-UK spelling. I know.

      1. J.G.Harston Silver badge

        Re: programme

        A schedule of actions is a programme.

        A schedule of actions followed by a computer is a program.

        Just as a disk is a disc-shaped item used for data storage. Perfectly useful distinction.

    3. Spanners Silver badge
      Flame

      Re: programme

      Not being from, or yet under the control of, the USA it is spelt "programme".

      Missing out the "me" at the end can be called an "Americanism" if you feel kind but telling someone to spell it that way is incorrect.

  5. Doctor Syntax Silver badge

    Presumably not everyone needs access to all these different systems. Is there a risk that a single sign-on gets access to all the systems irrespective of whether the user needs or is even entitled to such access?

  6. Irongut

    > it took 17 minutes for her to sign on to her practice systems

    Perhaps she should take typing lessons?

    1. RichardB

      Working in a heavily IT company, it was fairly normal for our pcs to take 20m to go from boot to functional post login.

      Well, I say normal, but usual would be abetter way to put it.

      Layers and layers of garbage, websense, nonsense, startup programs etc.

      1. Evil_Goblin

        1) Turn on PC

        2) Put in "Windows password"

        3) Go make a cup of tea, come back, put your tea down on your desk

        4) Enter all the rest of your passwords in the myriad of screens that have popped up

        5) Go and use the bathroom, hang your coat up, ask Mabel the forklift driver how her weekend was etc

        6) Return to your desk hoping that you can actually use your machine by now...

      2. Intractable Potsherd Silver badge

        Oh yes - University systems can take double-figure minutes to boot, and that's without updates being installed. There's nothing like getting in at 8am to clear the email garbage before a 9am lecture and still not being into the system at 8.45!

        1. Mad Dave

          Perhaps the teaching staff should have considered the consequences in terms of IT budgets before demanding outrageous pay increases?

  7. J.G.Harston Silver badge

    "NHS staff currently have to log in to multiple computer programmes when tending to a patient, with each programme requiring its own login details. Some staff need to log into as many as 15 different systems"

    Not in my experience. User logs into Windows, slaps in smartcard, enters smartcard password, and every application runs with that authentication. Did this before the Win7 roll-out, did it after the Win7 roll-out, still doing it after then Win10 roll-out I'm finishing off.

    Back when I did Win7 roll-outs for JobCentres, they used exactly the same thing.

    1. Will Godfrey Silver badge
      Unhappy

      I smell pork, and that looks suspiciously like a barrel.

    2. Handlebars

      depends on your job role

      For some people it's all off one smart card, for others it's multiple applications with separate sign in

  8. Mike 137 Bronze badge

    Potentially a good idea, but...

    Having direct experience of solving this problem for an acute trust, I see the need. However the approach seems hazardous. It appears from the very sparse documentation that individual trusts will implement their own choice of SSO. I suppose that's one better than using a system botched by some government coding project, but it will make both adequate maintenance and security assurance very hard to achieve. Standardisation is the best option, provided what is standardised on is up to scratch.

    1. Anonymous Coward
      Anonymous Coward

      Re: Potentially a good idea, but...

      I work for a company that implements technology solutions for the NHS. These are usually large scale clinical systems, and each might cater for hundreds of thousands of patients and upwards. My job is to design the integration of such solutions with trusts’ and hospitals’ systems, with a focus on designing security into every layer.

      It’s an almost impossible job sometimes, to name a few reasons - NHS networks are full of old, unpatched kit, proprietary medical systems and passwords on post it notes, and everyone is very busy. The biggest problem, though, is that there is no common standard for the architecture and function of NHS authentication systems. Nearly everywhere uses AD for core authentication functionality, but that’s the only common factor among NHS environments. Across the trusts I have worked with (dozens) there is every imaginable combination of the presence or absence of: ADFS, multiple domains and forests, just one flat domain, a central resource domain for user objects, various AD trusts, every AD functional model and combination of DC OSes imaginable, Kerberos delegation is often allowed but often blocked. On top of that Kerberos authentication is sometimes disabled as a system can only use NTLM, but that policy is applied to the entire domain! NLA is often blocked domain wide as there are still Windows XP machines in some places, random GPO security settings are configured all over the place, and change control is often non-existent. Multiple schannel cipher suites are frequently blocked because 10 years ago they had to get an old system to work, domain admins are all over the place – many left ages ago but aren’t disabled in AD, password policies are often absent, or frankly laughable and staff share logins.

      This isn’t to slag NHS IT people off – many are very, very good technically and extremely committed. Every IT dept I have seen is diligent and works really hard, but they don’t have the resources to look after the fundamentals.

      There is no way on God’s green earth that £40 million is going to fix this. Getting SSO to work is possible but very hard, time consuming and expensive. Every implementation is different and may require a complete overhaul of the design and much work for the trust, application code changes are often required too. There is also the worry that your application is at risk because you are trusting the AD security of an under-funded, old, unpatched, on its last legs infrastructure that is not subject to change control, with the keys to the data which it is your job to keep safe.

      Matt Hancock does not have a clue. Without massive, widespread investment and standardisation and agreed vendor standards, SSO is cloud cuckoo land.

      1. anothercynic Silver badge

        Re: Potentially a good idea, but...

        This is a perfect summary and it matches what's experienced in science and research as well. Many applications were never designed to use web-based single-signon, which is what other posters have alluded to with their references to Jisc (not JISC, apparently... they're no longer a committee but a charity), Shibboleth, OpenAthens and UKAMF.

        Remember, much of this stuff was done when XP was cutting edge(ish) and SSO didn't exist as a buzzword. And anyone who has worked with system/software procurements and external contractors (hi Deloitte, Crapita, IBM & friends) knows that unless you are knowledgeable enough and explicitly specify that the system *must* be forward-compatible with single-signon solutions of the future, you would *never* ever get that built in. Trying to retro-fit that... GOOD LUCK!

        40 million is nice, but it won't make close to a dent in anything custom and not based in the browser.

  9. Version 1.0 Silver badge
    Unhappy

    Google Practice?

    Why don't they all just sign into Google? The government's busy selling all the information so it's no big loss of privacy and, regardless of how you feel about Google, at least they know how to build databases that are secure and easy to access.

    1. Anonymous Coward
      Anonymous Coward

      Re: Google Practice?

      The Government may sell information to its "friends" but we do not.

      Google would be a better option than Microsith but that is unlikely to happen as too many highly paid people who think that they are important decided that MS gave the best incentives.

      1. Anonymous Coward
        Anonymous Coward

        Re: Google Practice?

        So basically you've been sold to Microsoft, all data access is monitored to check for errors, improve the product and make money - even if they get everything working, eventually we will have to pay for an "upgrade" again.

        If the government actually employed people in the UK to build these systems then there would be no deliberate data loss/sale and the money would flow into the local economy. Instead it's going to foreign corporations who "sponsor" politicians to get reelected to buy more crap from them. All of these attempts to fix our issues are actually just a way to make rich basturds (sic) filthy richer.

      2. anothercynic Silver badge

        Re: Google Practice?

        Makes no difference. Microsoft uses the same sign-in technology as Google does. They sit on the same board of the same foundation that drives its development. Facebook and Twitter are also on there.

        Its name is OpenID Foundation.

  10. Spamfast Bronze badge
    Flame

    most GPs are not NHS staff; the vast majority of GPs are independent contractors not directly employed by the NHS

    This really annoys me. Somehow the family doctor service in the UK has been re-privatized.

    My local GP surgery (or "medical centre" as they prefer to call it) seems to be owned by about half a dozen partner doctors who have their names "over the door" as it were.

    However whenever I do manage to get an appointment (similar experience to others' comments) I never get to see one of them but instead get a very young looking doctor that I've never seen before and never see again.

    When I complained about this as being contrary to the accepted concept of "continuity of care" the excuse I finally got back is that it's a "teaching practice" although their web site makes no mention of this that I can find.

    What I think is really happening is that the partners hire fresh off the boat/from medical school doctors that they can pay bottom-end salaries. As soon as said doctor has gained enough experience for a pay rise to be in order, they let them go and hire a new one.

    In the meantime this allows the partners to take on private patients and rake in the taxpayers money the practice gets for having NHS patients on the books.

    This is a disgrace in the UK, which is supposed to have a fair and publicly run health system paid for out of general taxation & national insurance contributions.

    And don't even get me started on UK dentists ...

    take up valuable clinician time – time that should be spent treating patients

    Or, for the partners, on the golf course in Florida.

    1. anothercynic Silver badge

      You're always welcome to the US style system, you know. "You got credit card? No? Go away then!"

      I'll take the NHS and the GP services and dentists over the "pay for everything" model any day, probably because I've experienced both.

    2. The Mole

      I think you've got it wrong there.

      They almost certainly a teaching practice, this means they can get doctors doing a 6 month rotation as part of their course before they have graduated. I'm not sure if they need to pay them (or get paid for the supervision) but it does mean they don't even need to worry about having to let them go at the end of hte 6 month rotation (or whatever the period is).

  11. J.G.Harston Silver badge

    GPs haven't been reprivatised as they were never nationalised in the first place. GPs have always been outside contractors funded by the NHS. Even until the 1960s all hospitals were also the same, independant organisations funded by the NHS.

  12. steviebuk Silver badge

    Lets hope its secure.

    I've already had to report spam coming from one of their breach NHSMail mailboxes. Not spoofed either, someone had actually breached a mailbox.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020