Public Key Infrastructure Design for a Health Department

Situation

This health provider is responsible for the wellbeing of millions of residents and thousands of staff. A priority is protecting electronic patient information and minimising potential risks across its network. A key component of their security strategy is their use of public key infrastructure (PKI). This set of policies, procedures, services and technology work together to manage trust and encryption, securing the transfer of electronic data.

A new PKI design was required to provide more robust authentication management to support the increasing digitisation of healthcare. With increasing advances in technology come increasingly sophisticated security threats. The PKI design focussed on risk hardening, helping the organisation proactively keep on top of threat management.

The organisation teamed with Business Aspect to evaluate and deliver a new PKI design that would:

  • Provide a resilient certificate infrastructure to establish a chain of trust for all users, devices and applications.
  • Facilitate secure communication and co-ordination across 1000s of health and community care providers and agencies.
  • Give citizens the confidence that their data is being managed securely.

Solution

The health provider asked Business Aspect to help them deliver a new PKI. Business Aspect brought security and business process improvement expertise combined with in-depth knowledge of working within the health sector.

Business Aspect offered the right mix of business consulting and technical services with health domain expertise. We gave the client confidence that they would deliver a new PKI design successfully.

Business Aspect gathered PKI requirements from an extensive number of stakeholders including the digital health team, many associated health services and a new regional hospital. Business Aspect documented and analysed options, scoring them against requirements collected from the Cyber Security, Technical Assurance, Architecture and Operations teams. This resulted in a recommendation to adopt a managed service approach.  By outsourcing the critical but undifferentiated operation of the PKI to a leading managed services provider, the organisation could retain its focus on delivering more efficient, effective and affordable healthcare outcomes.

As a second step Business Aspect developed an architecture to support the organisation’s requirements, including the definition of governance and administrative roles. The Business Aspect Security team worked with key stakeholders to gain endorsement and approval for the architecture and then progressed to the solution and detailed implementation design.

Business Aspect was also responsible for supplying the technical documentation to move the solution through the organisation’s Change Board, including implementation plans, support plans, governance, guides and new work instructions.

Outcome

The health organisation successfully implemented the new PKI solution using a trust chain that is wholly owned and controlled internally. The digital certificates that are issued by the PKI administrators provide authentication of an identity and protection of data through encryption and digital signing. These features are key enablers of electronic processes, workflows and business essential to the delivery of more efficient, effective and affordable healthcare outcomes.

The PKI has moved the Organisation closer towards a healthcare ecosystem where they are able to share confidential information in a controlled environment across diverse systems and providers to deliver better patient outcomes.

This is a significant step in addressing inefficiency and administrative burdens of providing healthcare services on such a large-scale.

Read the Case Study here

We solve complex business problems