Integrated Identity Management

The Electronic Staff Record (ESR) and NHS Connecting for Health teams have developed a new secure, scalable and streamlined system to capture and manage employee identity and control access to electronic patient records. The IIM system aims to improve information governance and patient confidentiality, while reducing the administration costs of managing employee identity in the NHS.

The NHS is required to meet the NHS Employment Check Standards (July 2010) for all staff, volunteers, contractors etc. providing NHS services. Responsibility for these checks sits with the Human Resources (HR) department. Similarly, robust identity checks (using the same identity management standards) are carried out by an NHS organisation's RA to verify an individual's identity before allowing access to NHS Care Records Service (NHS CRS) applications.  IIM allows NHS organisations to make significant cost savings by combining these parallel activities, and allowing access to electronic patient records on computer systems linked to the NHS Spine.

User Identity Manager (UIM) is the new software for managing Smartcards and replaced Calendra from March 2011.  UIM can also link to the Electronic Staff Record (ESR). Human Resources functions currently update ESR when changes are made regarding an employee’s assignment to an established position. The ESR interface to UIM is triggered by such changes and automatically updates an individual’s access rights to NHS CRS compliant systems, reflecting the requirements of their new position. It enables the management of access control via a single point of data – the change to the employee’s position within ESR.

The NHS Operating Framework 2010/11 requires organisations to develop Action Plans to utilise the User Identify Manager (UIM) and Electronic Staff Record (ESR) Interface – to support compliance with the NHS Employment Check Standards and achieve the associated productivity gains.

The scope of implementing Integrated Identity Management is defined by the following separate but related workstreams:

• Strategic Decision Making
  For more information refer to the ‘Developing a Strategy for Integrated Identity Management’ toolkit.
• Position Based Access Control and Position Mapping
  For more information refer to the ‘Position Based Access Control (PBAC)’ toolkit.
• Integration between HR, RA and Wider Business Processes
  For more information refer to the ‘HR/RA Business Process Integration’ toolkit.
• User Identity Manager (UIM) Implementation
  Further information regarding the implementation of UIM is available within the ‘User Identity Manager Implementation Guide’.
• ESR Interface to UIM Implementation and Deployment
  Further information regarding the implementation of the ESR interface to UIM is available within the ‘ESR Interface to UIM Implementation Approach Guide’. Following the activation of the interface organisations are required to complete the ESR-RPP0010 ESR Interface to UIM: Deployment Assessment.

The Smartcard enablement of core ESR users is a pre-requisite to the activation of the ESR interface to UIM. This will ensure that staff data is secured to the same level as patient data and ensure that ESR users have e-GIF Level 3 security clearance in order to effect changes on NHS CRS. The Smartcard enablement of core ESR users is complete for the vast majority NHS Organisations in England and the NHS ESR Data Team continues to work with those organisations that have not yet completed the transition. Click here for further details regarding the ESR Smartcard enablement project along with timeframes for the Smartcard enablement of ESR users with access only to Employee Self Service and/or NLMS (the Smartcard enablement of ESR users with access only to the e-learning URP is optional).