Mental health trust introduces two-factor security

South London and Maudsley NHS Trust uses tokens to protect patient records

The UK's largest mental health trust is adopting a two-factor authentication system to guard patient data.

South London and Maudsley NHS Trust is implementing the token-based security system to meet strict privacy standards laid down by the Mental Health Act and the Data Protection Act.

The need for that data to go only to authorised people is critical, says the trust's technical infrastructure manager, Rian Aldridge.

'If we don’t do that properly severe penalties can be applied,' he said.

'In some regards, banks have fewer legal requirements than we do, that puts a lot of pressure on us, it is very, very strict.'

The system, supplied by security firm Cryptocard, uses tokens that issue passwords that expire after just one use, making them redundant to potential hackers.

This means the organisation has a stronger level of authentication and staff no longer rely on ‘static’ passwords, which can be easily defeated.

Two-factor authentication will also help South London and Maudsley NHS Trust improve support to external clients and staff working out of hours, says Aldridge.

'This system only allows data to go to the people it should do,' he said.

What do you think? Email us at: [email protected]

Related stories

• Banks seek advantage from security profiles
• Two-factor buoys confidence
• Banks wary of two-factor model