Integrated Identity Management (IIM) and Registration Authority (RA) Policy NO. HRP14 Applies to: All Staff Committee for Approval Education and Workforce Committee Date of Approval: 21 January 2013 Review Date: January 2016 Name of Lead Manager Jo Harvey Version 2
INTEGRATED IDENTITY MANAGEMENT (IIM) AND REGISTRATION (RA) POLICY CONTENTS PARAGRAPH PAGE 1 Introduction 5 2 Purpose 6 3 Compliance 6 4 Equality Impact Assessment 7 5 Good Corporate Citizen 7 6 Definitions 7 7 Duties (Responsibilities) 9 7.1 Chief Executive 9 7.2 Trust Board 9 7.3 Director of Human Resources and Corporate Affairs 9 7.4 Human Resources Department 9 7.5 Head of Service / Divisional Manager 9 7.6 Service Lead 9 7.7 Line Manager 9 7.8 Registration Authority Manager (HR) 10 7.9 Registration Authority Agents 10 7.10 The Steering Group for Information Governance 10 7.11 HR Policy Review Group 10 7.12 Education and Workforce Committee 10 7.13 WHIS 10 8 Ongoing Processes 11 9 ESR-UIM Interface 11 9.1 Registration 11 9.2 Existing Staff (with ESR position) 11 9.3 New Starters 11 9.4 External Shared Service Staff 12 9.5 Position Based Access Control (PBAC) 13 9.6 Amendment to an existing Access Control Position 13 9.7 Removal of an Access Control Position 13 9.8 New Access Control Position 14 9.9 ESR Position Linking 14 9.10 Amendment to an ESR Position 15 9.11 Removal of an ESR Position 15 9.12 New ESR Position 15 9.13 Personal Information Management 16 9.14 Automated Addition and Revocation of NHS CRS Access 16 3/31
10 UIM Standalone 17 10.1 New Starter 17 10.2 Managing NHS CRS Access 18 10.3 Non ESR Staff 18 10.4 Change of Access 18 10.5 Leavers 18 10.6 Directly Employed Staff 18 11 ESR Maintenance 19 11.1 NHS CRS Sponsors in ESR 19 11.2 RA Agent Configuration in ESR 19 11.3 NACS/ODS Codes in ESR 20 11.4 Worklists in ESR 20 11.5 RA Notifications in ESR 20 11.6 RA URP s in ESR 21 12 Registration Maintenance 21 12.1 Audit 22 13 Procedure of Card Management 22 13.1 Card Issue 22 13.2 Damaged Cards 22 13.3 Change of Details 22 13.4 Fallback Cards 22 13.5 Lost or Stolen Smartcards 23 13.6 Charges for Replacement Smartcards 23 13.7 Found Cards 23 13.8 Unlocking Cards 24 13.9 Expired Cards (Certificate Renewal) 24 13.10 Out of Hours Card Management 24 13.11 Forgotten Smartcards 24 14 Disciplinary 24 15 Security Incidents 25 16 Training/Support 25 16.1 ESR Training 25 16.2 UIM Training 26 17 Process for Monitoring Effective Policy Implementation 26 18 Other Relevant Procedural Documents 26 19 References (as evidence base) 26 4/31
Appendices Appendix 1 System Processes 27 Appendix 2 Additional Information 28 Appendix 3 Identity Verification 29 Appendix 4 ESR Registration Authority User Role Profiles 30 Appendix 5 Smartcard Issue Logging Process 31 Integrated Identity Management (IIM) & Registration Authority (RA) Policy 5/31
1. INTRODUCTION From April 2008, NHS Employment Check Standards became a requirement in the NHS as part of the annual health check. Similarly, robust identity checks were also enforced using the same identity management standards carried out by an NHS organisation s Registration Authority (RA) to verify an individual s identity before allowing access to NHS Care Records Service (NHS CRS) applications. Combining these two parallel activities into a single Integrated Identity Management (IIM) process has proven to deliver significant benefits through HR/RA Process Integration and the move to Position Based Access Control (PBAC), both supported by the following new software applications. Integrated Identity Management significantly improves access control to NHS CRS systems containing person identifiable information through revised business processes and the introduction of two new software applications: User Identity Manager (UIM) is new registration software to manage NHS CRS access control and facilitate the Interface to ESR. UIM uses electronic forms and digital signatures thereby removing the need for paper based workflow. The implementation of UIM requires no data to be migrated. Access control in UIM is facilitated using NHS CRS Access Control Positions (ACP) defined by the Position Based Access Control Methodology which is therefore a pre-requisite to its implementation. ESR-UIM Interface can be used to link staff records in ESR to user records in NHS CRS in order to remove duplication and to drive access control based on the job that a person holds. HR functions currently update ESR when changes are made regarding an employee s assignment to an established position. Where a position is linked to an NHS CRS Access Control Position, the ESR interface will be triggered by such changes and will automatically update an individual s access rights to NHS CRS compliant systems to reflect the requirements of their new position or status. Based on the significant benefits and improved Governance that could be achieved, Wirral Community NHS Trust elected to implement the ESR-UIM Interface which was activated on the 3 September 2012 alongside UIM Standalone. To realise further benefits the Trust has reviewed processes/procedures and explored integration opportunities, for both directly and externally employed staff (agency staff / contractors), in the following areas: New Starters Managing change Leavers 6/31
This document is the Integrated Identity Management Process and Policy for Wirral Community NHS Trust and is relevant to both Registration Authority (RA) and Electronic Staff Record (ESR) users to ensure that any changes made in ESR and UIM, which have a direct impact on the ESR-UIM Interface, are considered and reviewed in accordance with the continued functionality of the software. The approach taken was to identify the current process/procedures and in considering new process requirements, define future solutions. See Appendix 1 for outlines of the key system processes 2. PURPOSE The purpose of this document is to outline the agreed processes required to support the ESR Interface to UIM ongoing. The document will also provide guidance to ensure that relevant applications continue to be operated safely and efficiently through future developments. The document is not intended to be an exhaustive review of all HR/RA processes procedures but rather will focus on necessary changes to the following key elements: For employed staff (requiring access to NHS CRS Applications) Vacancy control process New starter setup (from acceptance of offer of employment) Managing changes to person details, assignments and positions Leaver process Access Control For externally employed staff (requiring access to NHS CRS Applications) Registration Access control Managing changes to person details/access Leavers process The intended audience of this document are those staff situated within the Registration Authority (RA) functions and the Workstructures, Recruitment, Payroll and HR functions on ESR. 3. COMPLIANCE Compliance with Government legislation, and CfH standards, policies and procedures will ensure a controlled environment for the RA responsible for Wirral Community NHS Trust CRS users. Throughout time, new documentation will be produced by the governing bodies which will require scrutiny before a managed implementation. This responsibility will fall to the 7/31
Registration Authority Manager (RAM) who will ensure total compliance in line with Trust working practices. It is the responsibility of all staff registered by the RA process to comply with the requirements and procedures laid down in this document and any future versions. All non-compliance issues are to be reported to the Wirral Community NHS Trust RAM. The various documents listed in the Reference Documents (Section 19) are available for reference or as guidance for Wirral Community NHS Trust RA staff. 4. EQUALITY IMPACT ASSESSMENT This policy has been Equality Impact Assessed as of 7 th October 2011. The Equality Impact Assessment did not highlight any significant disadvantages in relation to disability, sex orientation, sex, racial minorities, age, religion and deprived groups. It identified that people, patient and staff records would be safe and secure and staff members would have greater awareness over the use of smart cards and RA implications in their daily work. This policy will be available upon request in Braille, large print or alternate languages. 5. GOOD CORPORATE CITIZEN Wirral Community NHS Trust is required to have proper and transparent mechanisms in place, for the management of data and information. In doing so, the trust will fulfill its corporate citizen responsibilities. 6. DEFINITIONS CfH NHS Connecting for Health NHS Connecting for Health came into operation on 1 April 2005 and is an agency of the Department of Health. It supports the NHS to deliver better, safer care to patients, by bringing in new computer systems and services ESR Electronic Staff Record the NHS database used to store employee details and track their employment history and information. HR Human Resources (Wirral Community NHS Trust). NHS CRS NHS Care Records Service 8/31
A service which works towards linking care records through I.T. systems; allowing staff quicker access to information in a safe and secure environment across organisational boundaries. Sometimes shortened to CRS or Care Records Service. NPfIT National Program for Information Technology Responsible for procurement and delivery of the multi-billion pound investment, in new information and technology systems to improve the NHS. RA Registration Authority Organisations that need to access patient information within the NHS Care Records Service and other National Programmes have to set up Registration Authorities to manage this process. The Registration Authority is responsible for verifying the identity of health care professionals and workers who wish to register to use these services. RAA Registration Authority Agent Someone who supports the day-to-day operation of the local Registration Authority. Responsible for issuing and updating Smartcards for users; adhering to the National Registration Authority processes within the local setting and for liaising with Trust departments and staff to support their operational needs. RAM Registration Authority Manager Someone who supports the Wirral local Registration Authority in delivering the NHS Connecting for Health systems and other associated IT Projects by identifying, managing, planning and issuing Smartcards to Users across the Trust in a professional and timely manner. Other responsibilities require auditing the use of Smartcards, review and implement policies and procedures relevant to RA, performing day to day maintenance on the Connecting for Health Registration systems and other IT systems associated with the role. RBAC Role Based Access Control The process through which a national set of Job Roles and related Activities and Areas of Work can be applied to grant users access to functionality and indirectly to data within NPfIT systems and services. Sponsor The individual identified by the organisations Executive who has been appointed to designate and approve access by users to information and the functionality of NPfIT systems via the selection of the appropriate RBAC codes. Smartcard 9/31
NHS CRS Smartcards help control who accesses the NHS CRS (NCRS) and what level of access that they can have. They are similar to a chip and PIN credit or debit card, but are more secure. A user s Smartcard is printed with their name, photograph and unique user identity number. SUD The Spine User Directory (SUD) contains a master copy of the details of all Clinicians and Users. Basic personal details are held, together with; Organisations, Sites, Medical Practices and Departments. This has been superseded by UIM. 7. DUTIES (responsibilities) 7.1 Chief Executive The Chief Executive has overarching responsibility for ensuring the content of this policy is applied consistently and fairly across WCT. 7.2 Trust Board The Board of Directors have overall responsibility for ensuring that the Trust delivers high quality services that are efficient and effective. The Board is made up of the Chairman, Chief Executive, Executive Directors, Medical Director and Non- Executive Directors. The Board of Directors oversee the running of the Trust, make the decisions that shape future direction, monitor performance and ensure accountability. 7.3 Director of Human Resources and Corporate Affairs The Director of Human Resources and Corporate Affairs is the named officer responsible for ensuring the content of this policy is applied consistently and fairly across WCT. 7.4 HR Department The HR Department has a responsibility to ensure that the policy is followed, fairly and consistently. Their duties will involve: 7.5 Head of Service/Divisional Manager The Head of Service (HOS)/Divisional Manager is responsible for ensuring this policy is disseminated and adhered to across their service. 7.6 Service Lead The Service Lead is responsible for ensuring this policy is implemented across their service, and for ensuring that the Registration Authority staff in their own area of work follow and action the policy for the issue and maintenance of NHS CRS smartcards. 7.7. Line Manager Line Managers have a responsibility for implementing this policy and for bringing it to the attention of staff in their work area. Advising managers on the application of the policy Ensuring the effective implementation of the policy Reviewing and amending the policy as necessary. 7.8 Registration Authority Manager (HR) Has a responsibility to ensure organizational adherence to national policies and procedures for Registration Authority and promotion of good practice. To develop and maintain RA strategies including the production of the 10/31
RA Policy. To ensure national RA processes for card issue/revocation and profile modification by RA Agents are adhered to and that all RA forms and associated materials which support the issue/revocation of a smartcard are retained in accordance with national RA processes and standards. To ensure that RA Agents are sufficiently responsible and trained to operate the national RA processes, equipment and applications. To manage risks and issues associated with implementing RA. 7.9 Registration Authority Agents Have a responsibility to ensure adherence to RA policies and procedures, to promote good practice., and to maintain and update their knowledge in respect of RA processes, equipment and applications. To ensure RA processes for card issue/revocation and access profile modification are adhered to and that all RA forms and associated materials which support the issue/revocation of a smartcard and the role profiles associated with the card are retained appropriately. To undertake RA tasks including smartcard issue/revocation and updating of role profiles plus monitoring of card use as applicable to the role. 7.10 The Steering Group for Information Governance is the Information Governance Group and this Group is responsible for co-ordinating Information Governance in the Trust. The group develops and maintains Information Governance policies, standards, procedures and guidance and oversees the annual submission of the Information Governance Toolkit (IGT). The IG Group will be responsible for signing off any changes or requests to/for access to access control positions in User Identity Manager (UIM) as reflected on the Master Mapping Table for the ESR to UIM interface and UIM standalone. 7.11 HR Policy Review Group The HR Policy Review Group (HRPRG) is a subgroup of the Education & Workforce Committee which consists of representatives from HR, Management and Staff Side representatives. The HRPRG has responsibility for developing, reviewing and monitoring this policy. Once PRG have agreed the content of the policy it will be submitted to the Education & Workforce Committee for approval. 7.12 Education & Workforce Committee The Education & Workforce Committee are responsible for approving this Policy. 7.13 WHIS (Technical Support) WHIS are responsible for investigating and resolving any technical issues relating to NHS CRS software or printers that fail to work. In addition to this, the unlocking of smartcards and renewal of expired certificates also fall within their remit. 8. ONGOING PROCESSES All of the processes identified in this document are the solutions that have been identified and established within Wirral Community NHS Trust. These will be closely monitored, maintained and adhered to by the intended audience (HR, Workforce, Recruitment, RA and Payroll) to ensure that the organisation maximises the benefits of 11/31
the ESR interface to UIM to drive the strategic approach to IIM by fully utilising the relevant components including: HR/RA Process Integration; Position Based Access Control; ESR Position Mapping and Linking; Automated Granting and Revocation of NHS CRS Access rights; Recording Identity Checks once in ESR thereby eliminating the duplication of effort This will also include the regular review and maintenance of various elements such as Notifications, Worklists, allocation of ESR RA URPs, ODS Codes and NHS CRS Sponsors requirements within ESR. 9. ESR-UIM INTERFACE Wirral Community NHS Trust operates a fully integrated process for HR and RA in as much that the Registration Authority function has been encompassed within the HR department. Where an ESR position has been linked to an NHS CRS Access Control Position, a change to the personal record of a member of staff attached to an ESR position will automatically update the individual s access rights to NHS CRS compliant systems to reflect the requirements of their new position or status. Where ESR/UIM positions are linked the following process will be applicable: 9.1 Registration 9.2 Existing Staff With An ESR Position The HR Team at Wirral Community NHS Trust operate a meet and greet process whereby staff requiring an NHS CRS Smartcard for the purpose of their role, make an appointment to meet with HR. At this point ID, is verified and the photograph is taken/existing ID card photograph confirmed as acceptable to use, prior to the Smartcard being produced. See Appendix 3 to this document for details of acceptable form of identification or go to : http://www.nhsemployers.org/recruitmentandretention/employmentchecks/employment-check-standards/pages/verificationofidentitychecks.aspx#3 9.3 New Starters (With a Position in ESR) After the offer of employment letter has been sent out all new starters are required to attend a meeting with Wirral Community NHS Trust HR staff in advance of hire where they are asked to produce all of the relevant ID documents. These will be recorded against their record in ESR and filed on their HR file. Once the ESR form has been received into HR, the applicant will be hired within ESR. If it has been identified that a smartcard is required, a search will be carried out via the search/view user in CRS located within the tools menu on the assignment page in ESR to check if there is an existing NHS CRS record to avoid a duplicate record being created. If it is found that the applicant has an existing NHS CRS record this is then associated with their position in 12/31
ESR. If it is found that the applicant does not have a CRS record one will need to be created. The request for a smartcard / amendment to an existing card will then appear in the RA worklist in UIM to be granted/printed by an RA Agent from the relevant business area. (See Appendix 5) Where ESR & UIM positions have been linked, and provided that the IT software Identity Agent v13 has been deployed across the Trust, the smartcard user will be able to digitally accept the Terms and Conditions of use of the smartcard. Where IA13 has not been deployed across the Trust, the personal data entered into ESR will still transfer across to UIM, but the user will need to be directed to the NHS CRS Spine User Portal, where they should select the last option from the list, launch Terms and Conditions to accept these digitally. All RA Agents should issue new cards locked and ensure that the user of the card logs in to the system to accept the Terms and Conditions of use at the point of issue. Nb. The completion of the RA01 short form parts 1 & 2 (the applicant signs RA01 to confirm acceptance of the Terms and Conditions of use defined by CfH), will only be required if the ESR position they are attached to has not been linked to a UIM position and is being managed by UIM standalone (see section 9). Until further notice Registration Authority forms will continue to be used across the Trust for both UIM standalone and the ESR/UIM interface until such a time that all concerned are fully conversant with the new systems. 9.4 External Shared Service Staff External Shared Service staff within Wirral Community NHS Trust are members of staff not directly employed by Wirral Community NHS Trust who assist in various elements of ESR including Payroll, bulk updates of data and, more recently, transfer of staff. As these staff are not assigned to an ESR Position they cannot have their NHS CRS Access for Wirral Community NHS Trust controlled using the ESR-UIM Interface however, they still require their Smartcard UUID to be entered into ESR to ensure that they can use their Smartcard to access Wirral Community NHS Trust s VPD. This requires ID checks to be recorded in ESR for the user and the association to be completed using the RA Workbench URP found in ESR, rather than the ESR record as per an employee of Wirral Community NHS Trust. This process ensures that the ESR person details are used to generate the NHS CRS user record therefore eliminating unnecessary duplication. 9.5 Position Based Access Control (PBAC) Wirral Community NHS Trust has reviewed all of the NHS CRS Access used within the organisation and has developed the Access Control Positions using a bottom up approach based on these findings. It is expected that these Access Control Positions will be reviewed either on an ad-hoc basis when a request has been made or on a 6 monthly period to ensure that the current 13/31
requirements are still valid. Any adjustments will be processed using the relevant options below. For more information on PBAC please refer to the Position Based Access Control (PBAC) toolkit. 9.6 Amendment to an Existing Access Control Position It is likely that Wirral Community NHS Trust Registration Authority staff will receive a notification to amend an existing Access Control Position via four separate methods. A request from an existing user/sponsor Identification of amendment through the review process Notification from a supplier that an amendment is required Trust Acquisitions or Mergers or other organisational change Whatever method is used for requesting the change the process for amendment will still follow the authorisation process that has already been established within Wirral Community NHS Trust. Therefore details of the suggested, or requested, change will need to be forwarded to the RA Manager. The RA Manager will prepare the relevant paperwork for submission and approval by the Information Governance Group or Senior Information Risk Officer (SIRO) before the amendment is made to the Access Control Position. If the request for change is denied the person that made the request will be notified of the outcome and this, in turn, could then determine whether a new Access Control Position is created. It is necessary to ensure that any changes to access control positions are documented and included within the ESR PBAC Master Mapping Table before it is resubmitted for approval by the Information Governance Group. 9.7 Removal of an Access Control Position If, during the review process, Wirral Community NHS Trust Registration Authority staff identify that an Access Control Position is no longer required the Registration Authority staff must identify who is currently assigned to the Access Control Position and determine whether the staff in question need to be assigned to a new position. Once this has been determined it is necessary to ensure that the change is documented by the RA Manager prior to approval by the Information Governance Group or SIRO. Upon receiving authorisation the Registration Authority staff will notify the ESR staff member to ensure that the ESR Position Linking is modified in accordance with the change. If a replacement Access Control Position is not required Wirral Community NHS Trust Registration Authority staff will notify the staff in question that they will no longer have any NHS CRS Access associated with their Smartcard. 14/31
Once these steps have been completed the Wirral Community NHS Trust Registration Authority staff will be able to close down the Access Control Position and the ESR staff will need to re-run the Submit Request process to remove the Access Control Position from being assigned. The removal of an access control position will be reflected in the ESR PBAC Master Mapping Table. 9.8 New Access Control Position A new Access Control Position can be identified in a variety of ways as follows:- A new NHS CRS system; A request to amend an existing NHS CRS Access Control Position (NHS CRS ACP); A new ESR Position within Wirral Community NHS Trust; A new NHS CRS ACP; Identification through the review process. When new NHS CRS ACPs are identified the Registration Authority staff will need to determine who requires this access and inform the RA Manager who will keep a record of this action and submit the detail to the Information Governance Group or the SIRO for authorisation and approval. Upon receiving authorisation the NHS CRS ACP(s) will be created, Approved and Granted in UIM before being downloaded into ESR via the Workstructures URP, Submit Request process so that it is available for linking. 9.9 ESR Position Linking Wirral Community NHS Trust has identified that, to ensure maximum benefits are achieved; directly employed staff will have their NHS CRS Access managed via the ESR-UIM Interface. The mapping will also need to be considered when creating, amending or removing ESR Positions to ensure that staff assigned to these positions maintain the correct NHS CRS Access. All position linking will be completed in accordance with the approved ESR PBAC Master Mapping. N.B. The exceptions for this are those staff not directly employed and do not therefore have a record on ESR. Or where it has been identified that the position in ESR is not suitable for linking with UIM. These staff will be managed via UIM standalone only. 9.10 Amendment to an ESR Position Wirral Community NHS Trust ESR staff will determine whether the ESR Position in question is/is not linked to an NHS CRS ACP. A review must be undertaken to confirm that either: the current NHS CRS ACP is still required; 15/31
a new NHS CRS ACP needs to be approved and created; NHS CRS Access no longer required; A different existing NHS CRS ACP is required to be linked. If access is no longer required the Registration Authority staff will need to ensure that the ESR PBAC Master Mapping Table is updated before it is submitted to the Information Governance Group or the SIRO for authorisation and approval. Wirral Community NHS Trust ESR staff will then send out a communication to the affected staff advising them of the change. 9.11 Removal of an ESR Position Before an ESR position is removed Wirral Community NHS Trust ESR staff must check if it is linked to an NHS CRS ACP. If linking is in place the ESR staff must ensure that the staff currently residing in the position are transferred into another position with the relevant NHS CRS Access. If staff are moved into another ESR Position that does not have an NHS CRS ACP linked the staff will automatically lose their NHS CRS access. 9.12 New ESR Position If a new ESR Position is required potentially affecting access to the NHS CRS or without pre-determined access rights, Wirral Community NHS Trust RA staff will ensure that communication is made with the relevant staff within the organisation to ascertain the required NHS CRS access if any. This process forms part of the Vacancy Control Process within Wirral Community NHS Trust to ensure that any modifications or additions to NHS CRS ACP s are revealed prior to affected new starters commencing in post. The process involves the completion of ESR 2 by the recruiting manager (create a new position in ESR), which is then passed to finance for approval and sign off. Following this ESR 3A (fill a vacancy), is completed by the recruiting manager who will need to indicate whether smartcard access is required and level of access. The addition of an ESR position will be reflected in the ESR PBAC Master Mapping Table referred to above. 9.13 Personal Information Management Now that the ESR-UIM Interface is activated Wirral Community NHS Trust will use ESR to automatically inform UIM of any personal detail changes, ensuring that the data is kept up to date in UIM and consistent with ESR. Amendments to the data items below, in ESR, will automatically trigger a message to be sent to UIM for granting and HR/RA staff within Wirral Community NHS Trust will ensure that they regularly monitor UIM to accept/reject these changes. N.B. The personal details that are shared with UIM from ESR are as follows:- 16/31
Title Surname First name Middle name NI Number Date of Birth Email address Work phone number Work mobile number Once a message from ESR is granted in UIM, the UIM record is locked and can only be changed via ESR. 9.14 Automated Addition and Revocation of NHS CRS Access When a Wirral Community NHS Trust member of staff has their assignment status (to an ESR position linked to a NHS CRS Access Control Position) changed from an active status in ESR, a message is sent to UIM via the interface to remove access to NHS CRS applications. This ensures that amendments to NHS CRS access take place in a timely manner, extra resource is not required and Information Governance is greatly enhanced. Active assignment statuses are: Active assignment; Acting up; Internal secondment Changes to an inactive assignment status (listed below, correct as at September 2012) will result in the automatic revocation of NHS CRS Access for Wirral Community NHS Trust taking place. Assignment Costing Deletion Career Break Maternity Out on External Secondment - Paid Out on External Secondment - Unpaid Suspend With Pay Widow/Widower Active Contingent Assignment End Suspend Assignment Suspend No Pay Suspend Contingent Assignment Terminate Assignment Terminate Process Assignment Inactive Not Worked 17/31
10. UIM STAND ALONE Wirral Community NHS Trust acknowledges that there are some instances where staff cannot have their NHS CRS Access managed via the ESR-UIM Interface and these staff will need to have their NHS CRS Access managed via UIM standalone. It has been determined that the staff being managed via UIM standalone within Wirral Community NHS Trust will consist of the following groupings:- Temporary or Agency Staff (non-esr) Contractor Staff (non-esr) Staff who require their NHS CRS Access amended on a regular basis as they regularly work in different locations. Whilst all access requirements can be managed via ESR the organisation has elected not to in this instance. 10.1 New Starter All requests for new starters NHS CRS access, modification of details and revocation of access through UIM standalone will continue to be managed and approved through the use of RA forms (see appendix 2 for form guidance). Where there is an RA Agent on site, the request would be made to that individual. For service areas with no nominated RA Agent or those based in Old Market House, the request would be made to the HR department. All new starters in Wirral Community NHS Trust that fall outside of the ESR-UIM Interface processes will have their Smartcard produced in UIM via the request, approve and grant process. It has been agreed that the new starter process will either be completed fully within the HR Department or facilitated jointly between the nominated RA Agents on site and HR. New starters will be given an appointment for a face to face meeting with RA/HR, where they will produce their ID documentation. The RA or HR Staff will then verify ID and enter the relevant information into UIM and complete the Smartcard process with the new starter present. The smartcard should be issued to the user locked. All completed RA forms should be kept in a secure place (a lockable cabinet), that should only be accessible to RA staff. 10.2 Managing NHS CRS Access Managing NHS CRS Access outside of ESR is dependent upon the staffing group requiring NHS CRS Access. Wirral Community NHS Trust HR staff will ensure that the appropriate defined process is followed for these staffing groups. 10.3 Non-ESR Staff Non-ESR staff NHS CRS Access will only be assigned time limited CRS access (3 months). The Line Manager will determine the NHS CRS Access Control Position most appropriate for the user and will advise the HR staff via the relevant form. 18/31
Wirral Community NHS Trust HR staff will assign the NHS CRS Access to the non-esr staff via UIM using the executive grant approach and a time limit of three months will be set. 10.4 Change of Access Any non-esr staff requiring a change in NHS CRS Access will notify their Line Manager that their current NHS CRS Access is not suitable for their role. The Line Manager will then review this request and following consultation with RA staff identify to HR which level of NHS CRS Access is required via form RA02 to request an adjustment. Upon receipt of the form Wirral Community NHS Trust HR staff will revoke the current NHS CRS Access Control Position and assign the relevant NHS CRS Access Control Position via UIM using the executive grant approach with a time limit of three months. 10.5 Leavers Revoking NHS CRS Access outside of ESR is dependent upon the staffing group that requires the revocation notifying HR staff via RA03. Wirral Community NHS Trust HR staff will ensure that the correct process is followed for these staffing groups. The time limited profile initially assigned will also ensure that access is revoked in the event of HR not being notified of the leaver (see 10.3). This will ensure that NHS CRS Access will be revoked at the end of the set time period and, if an individual is still in post, NHS CRS Access can then be re-assigned for a further 3 months. 10.6 Directly Employed (NHS) Staff Wirral Community NHS Trust HR staff will ensure that NHS CRS Access that has been assigned directly through UIM for employed staff is reviewed, amended or revoked in accordance with the information detailed on the appropriate RA form. 11. ESR MAINTENANCE There are elements of ESR that require regular monitoring and review to ensure that the ESR-UIM Interface continues to function correctly. These elements are identified in the sections below. 11.1 NHS CRS Sponsors in ESR A sponsor from a Registration Authority perspective is an individual nominated by the organisation executive to approve changes in NHS CRS relating to access to applications for end users. These may be line managers for a group of staff. A number of different sponsor functions can be defined in UIM. The sponsor roles that will relate to ESR are B1300 - Approve RA Requests,B0002 Approve RA Requests (Sponsorship Rights) and B0272 Approve RA Requests (Advanced). These are the equivalents to 19/31
the existing sponsor role used to approve requests to grant access for users to NHS CRS applications. ESR needs to know which employees are RA Sponsors in order to send messages across the interface to the correct Worklist in UIM. The Supplementary Role of NHS CRS Sponsor has been defined which has been allocated to all such employees. Wirral Community NHS Trust has agreed that there will just be one individual sponsor assigned in ESR and this set-up was completed as part of the interface activation activities. To change the Sponsor role in the future the Wirral Community NHS Trust ESR System Administrator will need to assign the NHS CRS Sponsor Supplementary Role to the specified person. Once the role is assigned the ESR System administrator will add the Sponsor s name to the organisational hierarchy at the appropriate level. This element should be reviewed every 6 months to ensure the nominated sponsor is still relevant. Also the status of the Sponsor will need to be tracked to ensure that their assignment remains active and that plans are established to replace the NHS CRS Supplementary Sponsor role should this change. Failure to maintain this role will cause the ESR-UIM Interface to generate business errors due to the sponsor no longer being valid. The Sponsor element of the ESR-UIM Interface is not required to carry out any physical tasks but must be kept up to date at all times. This is one of three main requirements for messages to pass from ESR to UIM and the person in question must have been issued with a Smartcard. 11.2 RA Agent configuration in ESR The ESR Supplementary Role of NHS CRS RA Agent is used to record the identity of the RA Agent who performed the identity checks and allows for the separation of the person who actually performed the ID checks from the person recording the checks in ESR. Both items of information are important from an audit perspective. The verification of identity forms includes a field Enter Name of RA Agent that verified ID containing a list all staff members who have been assigned this role, including External Shared Service (ESS) personnel. ESS users must be set up in the trust with an associated person record. To setup RA Agents in the future the Wirral Community NHS Trust ESR System Administrator will need to assign the NHS CRS RA Agent Role to the specified persons. This element will be reviewed periodically every 6 months unless any of these staff either leave the organisation or move to another job within Wirral Community NHS Trust. 11.3 NACS/ODS Codes in ESR The NACS Code is also a crucial element of the ESR-UIM Interface. Wirral Community NHS Trust has identified one main NACS Code for the organisation (RY7) which is available in ESR and has been added to the Trust level of the hierarchy. 20/31
If the NACS code was to change or a new one added Wirral Community NHS Trust ESR staff must raise an SR with McKesson to ensure that the correct NACS Code is made available for use within the Wirral Community NHS Trust VPD. Once this has been completed the NACS Codes must be updated/added in line with the ESR guidance. (for further information see ESR_set_up_quick_reference_guidev1 0.doc) As a minimum the NACS Code must be placed at the Trust level of the organisational hierarchy and can only be altered or amended by the ESR System Administrator. If required in the future, Wirral Community NHS Trust can assign multiple NACS codes within ESR at the topmost level of the hierarchy where it is required. This will ensure that ESR sends messages to the correct UIM instance. 11.4 Work Lists in ESR A Work List can be described as a to do list in UIM and is used to store requests awaiting approval and granting. Work Lists are defined in UIM and need to be allocated to ESR organisational units (in workstructures). There can be as many as required. In Wirral Community NHS Trust it has been agreed that there will initially be one Work List set up in ESR. To ensure that the ESR-UIM Interface functions correctly the Work List(s) need to be assigned to the correct level(s) within the organisational hierarchy. The Work List information is taken from UIM and to make it available within ESR by the ESR System Administrator who must submit a request to retrieve it. This element should be reviewed every 6 months to ensure the Work List is still relevant. Should it be identified that this requires amending it must be completed immediately. 11.5 RA Notifications in ESR RA Notifications are required to be assigned to ESR staff to ensure that messages relating to errors encountered between ESR and UIM are made available in a timely manner. Wirral Community NHS Trust has assigned the notification roles (detailed below) as appropriate to the staff within HR that utilise the ESR-UIM Interface and this will be reviewed periodically every 6 months unless any of these staff either leave the organisation or move to another job within Wirral Community NHS Trust. The recipients of the notifications within Wirral Community NHS Trust will ensure that the incoming notifications are checked on a regular basis, at least daily, in order to identify and raise awareness to relevant persons if there are any issues with the ESR- UIM Interface. NHS CRS RA Agent Notifications This role will enable ESR staff to receive workflows related to general errors in messages sent to UIM via the interface (Excluding Add NHS CRS User and Re-open NHS CRS User requests). 21/31
NHS CRS Add Employee Errors Notifications This role will enable ESR staff to receive workflows related to Employees and External Shared Service Staff (Add NHS CRS user and Re-open NHS CRS user requests only). NHS CRS Add Applicant Errors Notifications This role will enable ESR staff to receive workflows related to Applicants (Add NHS CRS user and Re-open NHS CRS user requests only). 11.6 RA URP s in ESR Wirral Community NHS Trust has allocated the required URP s to all relevant staff within the HR Department whose NHS CRS access contains the requisite RA Agent role. These URP s have been allocated to staff to ensure that multiple people have the ability to carry out tasks within the functionality of the ESR-UIM Interface. The URPs are detailed on Appendix 4. Wirral Community NHS Trust HR staff will review the allocation of the URP s on a regular six monthly basis, or on an ad-hoc basis if staff/line Managers identify a need for it, to ensure that they are appropriately assigned to ensure business continuity. 12. REGISTRATION MAINTENANCE The Registration Authority Agents (RAAs) and Registration Authority Manager (RAM) responsibilities are outlined in the WHIS RAA and RAM Job Descriptions - Registration Maintenance. Procedures for the collection, storage, retention and disposal of Wirral Community NHS Trust RA documentation must comply with GP6 Health Records Policy. Maintenance of all RA documentation will be the responsibility of the Wirral Community NHS Trust RA. All documentation must be kept in a lockable cabinet which is only accessible to RA staff. 12.1 Audit The Wirral Community NHS Trust RAM will be responsible for managing an auditable trail of Wirral Community NHS Trust RA functions. Wirral Community NHS Trust RA will be open to internal and external audits to ensure it is complying with local and national policies. Audits will include end to end audit trails of the issue of all Smartcards, revocation of Smartcards, changes to user roles, storage of records, security of supplies and equipment, control of access to National Programme for IT) NPfIT applications, appropriate RBAC role allocation and scanned records. 13. PROCEDURE OF CARD MANAGEMENT 22/31
13.1 Card Issue Smartcards will be issued under controlled conditions and can be dispensed under predefined instances as detailed in sections 9.1, 9.2, 9.3 and 10.1. The relevant RA form will, as and when National policy dictates be completed prior to issue of the card. 13.2 Damaged Cards Smartcards which are rendered inoperable due to damage or normal wear and tear will be replaced by the Wirral Community NHS Trust RA team. Replacement where identification from the original card is difficult will require users to supply a secondary form of Identification. Users will be required to provide the damaged card to the RA team before a replacement one is issued. A completed and signed RA03 form will be required to re-issue the smartcard regardless of whether the staff member is linked by the ESR interface or only registered against UIM standalone. 13.3 Change of Details There will be occasions when information held on the users Smartcard will need to be changed. A new card will be produced and the old one destroyed by punching a hole through the chip. There will be no charge for issuing replacement cards because a user s details have changed. Users will be required to complete the RA05 Change of Details for NHS Care Records Service application form prior to any change to their Smartcard say for instance a change of name due to marriage. Regardless the reason for change proof will be required to verify the change being requested. 13.4 Fallback Cards There are no provisions to use Fallback cards within Wirral Community NHS Trust. 13.5 Lost or Stolen Smartcards Users who have lost their Smartcards or had their Smartcard stolen must notify the Wirral Community NHS Trust RA or the WHIS service desk as soon as possible. Failure to report lost cards will compromise the security of the users account, plus put patient safety at risk and render the user unable to access the NCRS. It is the user s responsibility to report the incident through the Instant Reporting System (Datix) at the first opportunity following the loss of a Smartcard and to report any theft to the police. On notification that the Smartcard has been lost or stolen the Wirral Community NHS Trust RA will revoke the card and an application for a re-issue of Smartcard must be made as soon as practical. The Information Security Manager will undertake an audit of the lost or stolen card s usage to ensure it has not been misused. 23/31
If the notification is within office hours (8am 6pm) then users will report to: WHIS Service desk. Email address is support@sd.whis.nhs.uk Telephone number is 0151 488 7743 Cards lost or stolen out of hours should be reported to the WHIS Service desk or the Wirral Community NHS Trust RA the next working day. 13.6 Charges for Replacement Smartcards There will be no charges for replacement or lost smartcards but the user s details will be logged for audit purposes. 13.7 Found Cards There will be times when Smartcards will be found because they have been lost by users or have been left unattended and are therefore open to possible theft or system misuse. On finding a Smartcard the following procedures should be followed. In a Card Reader unattended The card is to be given to the local Manager and is to be held in a secure, locked area for 12 Hours maximum. If the Smartcard is not returned to The Information Security Manager will undertake an audit of the lost or stolen card s usage to ensure it has not been misused. If the notification is within office hours (8am 6pm) then users will report to: WHIS Service desk. Email address is support@sd.whis.nhs.uk Telephone number is 0151 488 7743 Cards that are found out of hours should be reported and handed in to the WHIS Service desk or the Wirral Community NHS Trust RA the next working day. 13.8 Unlocking Cards Locked card needs to be unlocked by face to face meeting between the user and a sponsor, agent or manager. 13.9 Expired Cards (Certificate Renewal) Smartcards contain two digital certificates for the purpose of authentication. To ensure access to the NCRS (and therefore patient information) remains secure; certificates must be renewed every two years. Staff will be prompted via the application when their certificates are due to expire and are asked to renew. This can be done via the self service portal at the following link: https://portal.national.ncrs.nhs.uk/portal/dt Staff who do not renew their certificates when asked to do so will find that they expire and they will be unable to use their smartcard. In this instance the WHIS Service Desk should be contacted or an on site RA Agent. It should be noted that the user will need to physically take their card to either the RA Agent or Aviator House (WHIS) for the certificates to be renewed. 24/31
13.10 Out of Hours Card Management There will be no out of hours card management for Wirral Community NHS Trust. Lost or Found cards will be reported to the WHIS Service desk during working hours. (8am 6pm Mon Fri; email address support@sd.whis.nhs.uk) 13.11 Forgotten Smartcards It is the responsibility of each member of staff to ensure the safety and security of their smartcard at all times and to report to duty with the smartcard in their possession. Access to a staff member s smartcard is vitally important for the maintenance of operational delivery and effective patient care and therefore there will be zero tolerance of any staff member who reports for duty at commencement of their shift without their smartcard. If the staff member is sent home to retrieve their smartcard (i.e. because they live nearby and this solution has minimal impact on operational delivery) then the manager should arrange to recoup the time spent returning to collect the card from them at a later date. If the staff member is sent home for the day and replaced by a locum or bank member of staff then this should be treated as unpaid leave by the line manager. Repeat occurrences where staff members forget their smartcard and cause disruption to the service should be treated as misconduct under HRP1 Standards of Conduct & Disciplinary Rules. 14. DISCIPLINARY It is the responsibility of each member of staff to ensure the safety and security of their Smartcard at all times. Any breaches or misuse of individual Smartcards will be subject to the Wirral Community NHS Trust Disciplinary Policy and/or Security Policy. Wirral Community NHS Trust reserves the right to suspend access to, or to withdraw a Smartcard from a user in order to maintain security and confidentiality. All Wirral Community NHS Trust Smartcard users are signatories to the Code of Confidentiality and the RA User acceptance Forms. 15. SECURITY INCIDENTS All Wirral Community NHS Trust RA security breaches are to be reported immediately to the Wirral Community NHS Trust RAM the Instant Reporting Process (Datix). The RAM will consider all incidents reported. Any incidents considered significant will be escalated to the Information Governance Department and/or the Caldicott Guardian and Information Security Manager depending on the nature of the incident. A significant incident is an isolated incident or a series of less significant incidents that could lead to a serious degradation of healthcare or information security. The Information Governance Department, Caldicott Guardian and Information Security 25/31
Manager will consider incidents reported to them and decide whether Wirral Community NHS Trust systems or working practices should be reviewed as a result. A major breach of security will also be reported by the RAM to the Local Service Provider and NPfIT to ensure any risks resulting from the event can be taken into account and mitigated against. Incidents involving breaches of security or that demonstrate that a user may not be considered trustworthy should also be reported to the Information Governance Department, Human Resources and the Caldicott Guardian by the RAM so that any disciplinary measures required may be taken. Human Resources will decide which other members of staff need to be involved (e.g. line manager). 16. TRAINING/SUPPORT Training on both the ESR and Registration Authority systems is mandatory for Wirral Community NHS Trust HR and RA staff. This will maximise the staff s knowledge of the two systems to ensure that they have the ability to use the systems as per the requirements specified by Wirral Community NHS Trust, ESR and NHS Connecting for Health. For staff new to the RA role the completion of the relevant e-learning material should be undertaken. The trainee must notify the RA Manager and Recruitment/ESR Manager to enable this to be documented in accordance with the latest version of the IG Toolkit. 16.1 ESR Training Captivates have been developed by the NHS ESR Central Team to assist in the learning of the functionality. It is expected that all staff that will use the ESR-UIM Interface should complete the captivate training sessions to be found at: http://www.esrsupport.co.uk/rpp/captivates/ 16.2 UIM Training Wirral Community NHS Trust Registration Authority staff will ensure that the UIM e- learning material, available on the Connecting for Health Registration Authority web pages, is completed by everyone that has a requirement to access UIM standalone. An overview of the system can be seen at: http://nww.connectingforhealth.nhs.uk/iim/user/function The e-learning modules for UIM can be accessed at : http://www.connectingforhealth.nhs.uk/elearning/uim/uimelearning/ 17. PROCESS FOR MONITORING EFFECTIVE IMPLEMENTATION This policy will be monitored by way of regular review and the implementation of the following key performance indicators. 26/31
Deactivation time on the Spine User Directory against the action within the relevant form within ESR for leavers, maternity, paternity, adoption leave, suspension End to end audit trails of the issuing of all Smartcards, revocation of Smartcards, changes to user roles, storage of records, security of supplies and equipment, control of access to National Programme for IT) NPfIT applications, appropriate RBAC role allocation and scanned records. 18. OTHER RELEVANT PROCEDURAL DOCUMENTS NCRS Acceptable Use Policy Registration Policy and Practices for Level 3 Authentication V3.0 Health Records Policy GP6 Incident reporting policy GP8 19. REFERENCES Government E-GIF Standard NPFIT-NCR-DES-0294.06 WUTH Registration Authority Manager Job Description WUTH Registration Authority Agent Job Description NPFIT-FNT-IMD-IMPREFL-0034.01 27/31
Appendix 1 : System Processes 1.1.1 New Starter External Shared Service Mandatory Employment Checks Search/View User in CRS Associate Direct Employ/Hire ID Checking Mandatory Employment Checks Search/View User in CRS Associate Photo Create CRS Person Grant 1.1.2 Vacancy Control Vacancy Control Existing considerations Approve ESR Position Build ESR Position Link NHS CRS ACP to ESR Position NHS CRS Access Create New NHS CRS ACP Update NHS CRS ACP List Existing NHS CRS ACP Define New NHS CRS ACP 1.1.3 Managing Change Person Details Amend ESR Details Grant UIM Change Managing Change ID Checking (name detail changes) Assignment Status Establish Correct Assignment Status ESR Position Establish Suitable ESR Position 1.1.4 Leavers Leavers Leaver Notification Update ESR 28/31
Appendix 2 - Additional Information and RA0 Forms Further information on RA can be found on the CfH Website at: http://nww.connectingforhealth.nhs.uk/ra The latest versions of the RA01 RA09 forms can be found at the following location: http://nww.connectingforhealth.nhs.uk/ra/essentials/forms/registrationauthority-forms For your reference please see below guidance relating to RA forms : RA Form Current Version Purpose RA01 Part A v1.2 Contains the terms & conditions a successful applicant has to agree to prior to becoming an authorized NHS CRS user and being issued with a smartcard RA01 Part B v1.3 Captures a users registration details and their signed acceptance of the terms and conditions, and the sponsor s declaration. (The user must have been given a RA01 Part A) RA02 v5.5 Captures the access profile changes, which when approved by a sponsor can be granted to the user by the RA Manager or Agent RA03 v3.2 Completed by either a sponsor or RA Manager or Agents to revoke a users smartcard, or certificates, and where necessary re-issue a replacement smartcard RA04 v1.3 Completed by a sponsor to record the usage of or change to the profile of a short-term access smartcard RA05 v1.1 Completed when a user changes their name. It may be completed by the user and given to the RA when the users smartcard is re-issued. RA06 v1.1 Allows the sponsor to apply to the RA for a positions access profile to be changed RA07 v1.0 Allows the sponsor to apply to the RA to change the access profile associated with a template RA08 v1.0 Support the management of RA admin links (organizational restrictions) RA09 v1.0 Supports the creation of a self service fallback smartcard. (Fallback cards are not issued within Wirral CT). Please use this link if any ordering of RA related equipment or supplies are required: http://nww.connectingforhealth.nhs.uk/orders-rahardware/ 29/31
Appendix 3 - Identity Verification Each member of staff requiring access to an NCRS system will need a smartcard. The Wirral Community NHS Trust RA team will conduct ID checks in line with the e-gif 3 verification process. Individuals will need to provide 3 forms of ID. This will consist of either: Two forms of photographic personal identification and one document confirming their address One form of photographic personal identification and two documents confirming their address. Acceptable photographic personal identification includes: Current UK (Channel Islands, Isle of Man or Irish) passport or EU/other nationalities passport Passports of non-eu nationals, containing UK stamps, a visa or a UK residence permit showing the immigration status of the holder in the UK A current UK (or EU/other nationalities) photo-card driving licence (providing that the person checking is confident that non-uk photo-card driving licences are bona fide) A national ID card and/or other valid documentation relating to immigration status and permission to work. Any document that is not listed above (i.e. an organisational ID card) is not acceptable. Acceptable confirmation of address documents include: Recent utility bill (gas, electricity or phone) or a certificate from a supplier of utilities confirming the arrangement to pay for the services on pre-payment terms (note: mobile telephone bills should not be accepted as they can be sent to different addresses). Utility bills in joint names are permissible* Local authority tax bill valid for the current year* Current UK photo-card or old-style driving licence (if not already presented as a personal ID document) Bank, building society or credit union statement or passbook containing current address Most recent mortgage statement from a recognised lender* Current local council rent card or tenancy agreement* Current benefit book or card or original notification letter from Department of Work and Pensions (DWP) confirming the rights to benefit. P45 or P60 (proof of ID only) Full birth certificate issued by the General Registrar Office (proof of ID only) 30/31
Appendix 4 - ESR Registration Authority User Role Profiles The RA workbench is the primary portal by which RA agents can associate ESR employees against NHS CRS. This functionality can only be accessed by users with one of the following URPs ESR RA URP HR Admin with RA Data Entry with RA NHS Recruitment & Applicant Enrolment Administration Navigator (With RA) RA Workbench Requisite NHS CRS Access RA Agent (R5090) Access or RA Manager (R5080) Access Functionality Identical to existing ESR URPs but includes RA elements such as Mandatory Employment checks and RA Workbench Enables applicants at the offer accepted stage to be searched for on the assignment look up form (from the application) by users in order to reopen, create or un-associate a user on NHS CRS. This is subject to the applicants current e-gif and NHS CRS Status being set to either E (Employees/Applicants) or Y (Employees/Applicants) and not N ; RA elements such as Mandatory Employment checks and RA Workbench and does not enable access to sensitive ESR data. 31/31
Appendix 5 - Smartcard Issue Logging Process WHIS Log call for WHIS RA team (Mike Bell) EPS / CAB / SCR Problem with existing card Call is logged for WHIS technicians Call received at Service Desk PCT / w.e.f 01.04.2013 CCG Private Providers IE Spire, Peninsula, Spa Medica Pharmacists (EPS) Adastra New smartcard required Pharmacist requires new card Problem with existing card Technical problem / locked cards/certificate renewal Log call for WHIS RA team (Mike Bell) Log call for WHIS RA team (Mike Bell) Pharmacists need to contact Medicines management for RA forms to be completed Log call for WHIS RA team (Mike Bell) Call is logged for WHIS Technicians to fix Once RA forms have been faxed by Med management, the call can be logged for the WHIS RA team. New smartcard required Sexual Health HR RA Staff/ Sexual Hlth RA Agents Community Trust Unplanned Care / Out of Hours Diane McGonall, Call Centre, Riverside ESR Technical problem software/printer Call is logged for WHIS Technicians to fix New smartcard required HR RA Staff Choose and Book Problem with existing card Call is logged for WHIS technicians WUTH New smartcard required Contact Anna Hartley (HR, WUTH) ESR Problem with existing card Call is logged for WHIS technicians New smartcard required Contact Anna Hartley (HR, WUTH) 32/31