Welcome to the govroam blog! We at Jisc are committed to keeping you all informed of the ongoing govroam service. We’ll use this blog to let you know how we are progressing, and aim to have some guest posts from those using the service too.
For those of you who want to know more about govroam, we have some information on the govroam service page.
If you are interested in the service, and would like to speak to a member of the service team, please fill in the contact form below
Introduction
Wakefield CCG, Mid Yorkshire Hospitals NHS Trust and Wakefield Council are 3 of 59 public sector organisations supported by the Yorkshire and Humberside Public Services Network (YHPSN). The YHPSN is rolling out public sector WiFi roaming across its organisations using Govroam.
Aims & Objectives
The ability for multidisciplinary teams to work effectively across the district is a key element of the district’s vision of “connecting care” and the development of a multi-speciality community provider model for health and social care outside acute services. The ability to connect seamlessly in all locations is a key enabler for the transformation of health and care services.
Method
Building on the successful experience of using the YHPSN network in Wakefield our teams knew that we needed to progress beyond the basic public sector network to develop an enabling service for our teams to work in an agile manner across Health and Social Care.
We were confident that the implementation of a secure shared WiFi service was a strategic enabler for change. The opportunity presented by Govroam WiFi was immediately seen as meeting this need. Being simple to implement and use whilst retaining the element of control of devices authenticated to use the service was essential to ensure uptake and address the need to ensure secure connection.
Results
An example benefit:
Wakefield Council has been working with the Mid Yorkshire Hospitals Trust for several years, assisting with the discharge needs of patients needing some support in order to be able to return home.
Initially the Council installed a communications link into a single office within Pinderfields Hospital so that a social worker could access the council’s social care system. However this involved much walking to and from the office, wasting productive time. Furthermore there was only space for a single social worker. Later the accommodation was expanded through relocation, but the connection was lost.
Now with Govroam the social worker based in Pinderfields Hospital is able to connect to the council’s systems wherever she is in the Hospital, making contact much simpler, her working time more productive, increasing the number of discharges she handles, and releasing beds for more patients. It has increased her morale and she received a small prize from the hospital for the increase in productivity!
With Govroam the Council can now more readily deploy the full team of social workers not only to any ward as required but also to other neighbouring hospitals in Pontefract, Dewsbury, Huddersfield, Halifax and Leeds, with more joining the service very soon.
As well as providing these operational benefits, managers from the Council have also benefited when working with their partners at hospital or CCG premises, as they can readily and securely access their information on the Council network. Similarly for NHS staff attending Council locations.
Conclusions
The benefits of the implementation in Wakefield have been immediately apparent to our STP partners in West Yorkshire and Harrogate and neighbouring STP areas. Linked with other initiatives such as the NHS implementation of WiFi to hospitals and GPs, this service will directly support the aims of the STP to achieve greater alignment and delivery of Health and Social Care services at both STP level and in place based services. The Govroam model is manageable on a sustainable basis, giving confidence for partners to invest.
With many thanks to Richard Main, Informatics Integration Lead at Wakefield CCG for this contribution. It also draws on a press release by Wakefield Council.
Many, perhaps most, wifi access services across the public sector require some sort of authentication of people who use them. Since authentication involves some processing of personal data, it’s worth reviewing how different ways of doing that might be affected (or not) by the General Data Protection Regulation (GDPR) when it comes into force in 2018. Andrew Cormack, Jisc Technologies’ chief regulatory adviser, looks at the govroam model and its alternatives.
Govroam provides both the best guarantees of good behaviour (since the user’s home organisation is required to deal with any breaches of visited site policy) and involves the least exchange of personal data. The visited site only knows where a roaming user comes from, not who they are, and sees no username, e-mail address or other information that would allow them to contact the user directly. The only thing provided by the home site is confirmation that the user has authenticated successfully and will be held to account for their behaviour, and a temporary session ID indicating which connection that applies to. That’s clearly the minimum needed to provide authenticated access, so “necessary for the purpose of the [user agreement] contract” under Article 6(1)(b) of the GDPR. Since UK govroam practice is that home sites do not disclose the identities of roaming users, it could be argued that, under the European Court’s judgment in Breyer, even the session ID isn’t personal data; however visited sites should probably treat it as a pseudonym (recognised by Article 25(1) of the GDPR as a helpful risk-reduction measure) and continue to keep it and any accompanying logs in accordance with their own security policies.
A definite pseudonym, the use of which is recommended to govroam home organisations, is the Chargeable User ID (CUID – see the corresponding eduroam statement; a govroam-specific policy is to follow). Like the session ID, only the home organisation can link this to an individual or use it to contact them. Home organisations should provide different CUID values to each visited organisation, preventing its use to track visitors between organisations. However CUID does enable a visited organisation to recognise when, for example, an individual is repeatedly logging in and causing problems for the service. Such problems should be resolved by the home organisation, but CUID can let the visited network implement temporary measures until that is done. Since CUID is not necessary to provide the service, the appropriate GDPR basis is likely to be that processing is in the legitimate interest of the visited site, for example to protect the availability of the service. This basis requires the organisation to balance its interests against those of the individual, so visited organisations requesting CUID should review the purpose(s) for which they plan to use it, implement appropriate retention periods and other controls, and then confirm that these do not involve an excessive intrusion into users’ privacy and other rights.
Compare the GDPR-friendly govroam mechanism with alternative means to provide authenticated visitor access. Where wifi providers can’t rely on govroam’s strong guarantee that users are known to their home organisations and have passwords acceptable to those organisations, some use two-factor approaches instead. These typically ask the user to provide a mobile phone number or e-mail address to which a temporary authentication token can be sent. For a service concerned that usernames may be shared (either knowingly or not) it again seems reasonable to claim that this is a requirement of providing the service the user has requested. An e-mail address or mobile number is, however, likely to be considered as a direct identifier so there’s little doubt that these must be handled in accordance with the GDPR.
Some services request an e-mail address not in order to send a second authentication factor, but to allow the provider to identify patterns of suspicious use. In effect this is a less privacy-protecting (and less effective, since the user can give multiple e-mail addresses) equivalent of govroam’s CUID. Again it’s hard to claim that this is necessary for a contract but, given that Recital 49 of the GDPR recognises that processing personal data for network and information security may be a legitimate interest, that justification (Article 6(1)(f)) might apply instead. This requires, however, that the provider ensures (and, under the GDPR, documents) that their interest is not overridden by the rights and interests of the user. Since identifying patterns of use will require a directly-identifying email address to be kept over multiple login sessions, retention periods and the security of stored data will need careful consideration and implementation.
Finally, if personal data collected during registration or authentication are used for other purposes, then those activities must be justified separately under the GDPR. Some changes are likely to be needed to practices common under the previous Data Protection Directive (EU) and Act (UK). In particular, any use of addresses to send marketing e-mails must be opt-in; making such consent a condition of providing service is likely to be unlawful under Article 7(4).
Overall, the govroam solution to granting visitor access, which provides the in-depth audit trail that you might need through cooperation with a visitors’ home site, while minimising the personal data you need to hold, represents an effective way to meet the new requirements of GDPR.
This post was derived from an article soon to be available on Andrew’s regulatory developments blog (article URL to follow).
The Govroam community is developing as follows (last updated 18th January 2019):
Organisations where Govroam is live (3,244 Govroam venues logged so far):
Organisations where Govroam is actively being set up:
Organisations engaged with Govroam e.g. through the Roaming JISCMail list, London CIO’s Group, if not already mentioned:
The Govroam Companion app (iOS and Android compatible) is available free of charge and shows the individual sites where Govroam is live (over 3,244 logged so far).
Locations can also be seen on the Jisc website at https://www.jisc.ac.uk/govroam
It is great to see a set of partner organisations come together in a locality, be in country, region, county or natural community, and then using Govroam to allow staff roaming access to WiFi between the organisations. In health and social care in England this has often been helped by the coming together of organisations to create their Local Digital Roadmaps.
The case study for Kent PSN’s use of Govroam emphasises the cross organisation benefits in a patch, such as staff co-location. It also mentions improving the support for interactions between health and social care e.g. social workers getting access when on NHS premises (and vice versa)
Just as the use of eduroam has become well established in many NHS sites to allow access for clinical placement students and academic staff (latest list here, 132 sites today, Salford Royal Hospital, Lincoln County Hospital. Birmingham Dental Hospital and Queen Elizabeth Hospital, King’s Lynn the latest to be added) so we will be tracking the progress of Govroam. This will be in the following separate blog here so it can be regularly updated.
Submitted on behalf of Marcus Baw
Hi, I’m Marcus Baw and I’m a locum (freelance) GP and Emergency Physician in the North West of England. I’m also a health tech specialist, and a programmer. Being a locum means I work in a number of different NHS settings, which makes for very varied day-to-day work. It means I get to experience a wide range of NHS organisations and see how they vary in terms of their (lack of) provision of WiFi for staff.
Me, the NHS and WiFi
WiFi in the NHS has become a bit of a soap-box subject for me, as the advent of the Internet has seen almost all of the current and reliable information resources migrate from books and journals to online websites and webapps, which is great for learning and staying up-to-date – except when you’re deprived of an Internet connection!
If we want our NHS clinicians to make good, well-informed decisions in a timely fashion, it’s vital that all NHS environments provide their staff with access to these online resources. It’s simply indefensible to deny them this access.
It has to be WiFi. 3G/4G ain’t gonna cut it.
Quite often, I find myself working somewhere without access to the WiFi (it’s worth noting here that there is always WiFi present, it’s just that in many hospitals clinicians aren’t deemed important enough to have access). I can sometimes get by, sort of, with mobile data. But many clinical environments – for example modern steel-framed PFI hospitals – have poor or absent mobile signal within them (meaning mobile 3G/4G data won’t work reliably) so without access to WiFi, clinicians are cut off from vital online resources for best practice.
It’s not even about accessing electronic patient records via WiFi
Right now, I know of nowhere in the NHS that has a sufficiently advanced system to enable a clinician to access the patient record through their own mobile device through WiFi (just to pre-empt those comments saying ‘I can dial in on my Thinkpad’ – no, VNCing in on a laptop doesn’t count, it’s slow, it’s clunky, it’s death by abysmal User Experience).
So the WiFi requirement is not actually about accessing patient records through our devices, it’s purely about access to essential information resources.
Why would we send our NHS clinicians to do battle with disease and ill health, without giving them access to the vital weapon of current, evidence-based, peer-reviewed knowledge?
So what resources are we trying to access? Aren’t we supposed to be working?
These days, we’re seeing medical students being educated via Skype and recording their progress in ePortfolios like Moodle – We’re teaching new procedures to junior doctors using YouTube, which gives them an important first overview of a procedure, making them much better prepared for the formal 1-to-1 hands-on instruction that follows – We’re sharing knowledge about management of common and rare diseases more than ever before, creating free online reference texts like Dermnet.nz and online medical calculators like MDcalc.com – our internationally-respected British National Formulary is online and searchable. We can access professional guidelines from the General Medical Council and advice from our medical defence organisations. Patient information leaflets about any condition can be searched for and supplied to the patient in seconds – We can get hold of any journal paper from the history of medicine in a few clicks – And for everything else, there’s always Google.
WiFi backstory
Back in 2013 I did a very simple online survey to find out what the status of access to WiFi is across the whole NHS, and the headline figure was that around 20% of respondents had access to free WiFi in their place of NHS work. Disappointing.
The good news is that since 2013, my subsequent surveys have shown an encouraging trend towards increasing provision of WiFi to NHS front-line staff. Last time I did the survey (2015) about 50% of respondents reported they had access to free WiFi. NHS Digital now has an official NHS WiFi Programme, tasked with bringing free WiFi to the whole NHS, for patients and staff.
However, there’s a flaw. Federated roaming WiFi isn’t in those plans.
Whilst having access to WiFi in one’s home organisation is definitely a step forward, represents some progress, what we really need is Roaming WiFi. We need this in order to make possible new ways of working and new models of care delivery, where clinicians and other staff are able to roam throughout the NHS in an always-connected state.
It has to be Roaming. Single-organisation WiFi ain’t gonna cut it.
Imagine an NHS in which clinicians can roam to neighbouring NHS organisation to see specialist patients, and can remain connected to their familiar systems throughout. GPs would be able to attend a case conference at the local authority’s social care offices, and still access the patient’s record. And that’s just the tip of the iceberg. As more and more public sector organisations joined Govroam, we would see transformation of the way professionals could interoperate across the public sector instead of the current organisationally-siloed working. The benefits of fluid cross-organisational collaboration between Police, Fire, Ambulance, Social Care, Local Government, Central Government, Hospices, GPs, Walk-in Centres, Hospitals, Libraries, and others will lead to innovation that is as yet unimaginable.
Govroam
When I first heard about govroam as proposed in the UK by Jisc, I thought: ‘That’s exactly what we need in the NHS’. The eduroam model, which has been proven to a) work, b) be cheap, and c) scale internationally, seems to be ideal.
The NHS (and the UK public sector in general) has an appalling record for procurement of technology. It tends to be able to pull off the impressive epic multiple fail of paying all the R&D costs of an untested vendor-specific platform, swallowing rocketing implementation costs, suing the supplier and losing, and still ending up not owning any of the IP, when it’s delivered it’s brand new legacy tech.
So I’m very wary when I hear of ‘public-commercial partnerships’ and new shiny tech, and would be much more comforted by the thought of an Eduroam-influenced platform with it’s reliable, tested technology, oIpen source radius server options, and simple, non-proprietary architecture.
For the record, despite agreeing to guest-blog for Jisc, I’m not a closed-minded govroam fanboi: I’m completely open to other suggestions for how federated roaming WiFi could work. And as long as it does work, at a cost that public sector can afford, then I’m ambivalent about how it’s delivered, whether this be public or commercial. Right now though, I think I would need to hear some extremely powerful arguments against govroam for it not to be a natural choice.
OK – so what do I do about this?
* If you’re someone with responsibility for NHS IT, then ask your clinical colleagues what they need from an NHS WiFi service. In particular, what benefits would be had from access to roaming WiFi. How would this change their practice? Make sure what your organisation is providing will meet these needs.
* If you’re a clinician, you could talk publicly about your clinical connectivity needs (blogs, presentations, Twitter), point out where they are not being met by the current levels of provision, and talk about how roaming WiFi would make the care you deliver easier to provide, and of higher quality.
* If you support the idea of GovRoam then tell people about it – the more people that know that roaming WiFi across all of Health and Care is not only technically possible, but is a real and present offering, the better.
* If you are a senior NHS Digital executive working in Domain A – then you might need to rethink your WiFi programme. Sorry.
Jisc welcomes the opportunity to solicit the personal views of various stakeholders in roaming connectivity use cases and provision, and specifically invited Marcus to contribute his take in this case. However, we would note that Jisc is involved in ongoing profitable discussions with NHS Digital and colleagues around the subject of WiFi roaming, and therefore don’t share his perspective that this aspect of connectivity provision is not addressed in their plans. We would be happy to offer a chance to respond to Marcus’ view to a representative of the NHS team(s) involved – mark.o’leary@jisc.ac.uk
I’ve been working on various infrastructure projects for education for more than twenty years now, but the one constant through that time has been wireless technologies. In particular, I 
was part of the initial group of three that brought the eduroam idea (then called Location Independent Networking) to life in the UK, working with UKERNA. Curiously enough all three, then from universities in Manchester, Bristol and Southampton, now work for Jisc and are still engaged in one capacity or another in improving the eduroam experience.
eduroam is one of the Big Ideas
The eduroam roaming federation has been one of the Big Ideas™ of this generation of networkers, and I think that sometimes the education sector forgets how powerful it is. There was a time when the invisibility of a service was its badge of honour, a testament to its reliability, but in the current climate we need to ensure that people are aware of the direct and indirect benefits it brings, so that they can take some ownership and help protect and extend the coverage.
For a number of years, I’ve been trying to find a way to bring those benefits to a wider public sector base in the UK. Although I hate the phrase, one that recurs in discussions of federated roaming is “it’s a no-brainer”. Admittedly, once you bring someone to the point of understanding the new ways of working and efficiencies that something like eduroam brings, and they realise that they already have most or all of the infrastructure, services and skills they need to participate in it as part of their existing local provision, the arguments against deploying a roaming service are few on the ground. That’s why it is so surprising that it has been so hard to catalyse the creation of a roaming solution for a wider public sector, such as health, government or the blue light services.
What’s the problem?
So why has it been so hard? Well, the first hurdle is establishing need: there’s a chicken-and-egg argument around limited roaming demand (due to the absence of infrastructure to support it) justifying not creating such an infrastructure. It takes decision makers with vision to see that participating in a roaming federation will trigger a cultural change that will foster new ways of working, collaborating and sharing resources. Then there’s the thorny issue of funding. An eduroam-like infrastructure is very cheap to build and run, as national services go, but if the invoice ends up on just one department’s accounts, but the benefits are demonstrably distributed nationally, there’s an understandable reluctance. That’s where some of our former attempts to foster the launch of such a service have foundered, attempting a ‘top down’ funding model with central government. There’s also a question of scope: govroam is a roaming service for staff, in the main, but most public sites are also facing increasing pressure to provide connectivity for visiting members of the general public. Experience from eduroam suggests that trying to solve both problems (staff roaming and public connectivity), with their incompatible requirements, via a single network design is biting off too much. It may be that Jisc can also help address the public visitor problem, but probably not as part of the govroam deployment.
Govroam 2017
So in this current initiative, Jisc is trying to promote a govroam solution based on the proven eduroam design and compatible with similar initiatives internationally. It will be funded from the grass roots by the participants that receive the benefits, in a transparent way tailored to suit the purchasing processes of the sectors it serves. It will support basic network activities such as email, web and VPN, and form a foundation on which future designs that bring home organisation services directly to the roaming context could be built. As an early adopter pilot service it already exists and is supporting roaming across the UK.
It’s certainly timely. Three of our European neighbours have deployed a govroam network, albeit on a smaller scale, and within the UK, individual Trusts, Councils and PSNs are starting to create regional roaming capabilities. We are on the cusp now of either fragmenting into incompatible islands of proprietary roaming technologies, or agreeing to standardise on something with national or international scope.
I hope you will look into what is developing here and consider taking part; if you already an early adopter, I hope you will tell your colleagues about your experiences. I hope to remain part of this project as it matures, and ultimately to be able to grumble that it is so much part of life in government and health circles that people are starting to take it for granted. It is, after all, a no-brainer…
Govroam = Public Services Roaming
Govroam provides easy Internet access for visiting users from other public sector organisations, without the need to individually register or reconfigure your device when you arrive at the visited site.
Following on from eduroam’s worldwide success in delivering savings and efficiencies in education collaboration, govroam replicates this proven design pattern. The new service is available to all Public Sector organisations.
Participation means that an employee with either a laptop, mobile and/or tablet when visiting another affiliated organisation, will be able to connect to the internet seamlessly, by authenticating using their own home organisation credentials. This single login will allow you to connect wherever there is a govroam network available, and once the profile is installed on your device, this connection will happen automatically.
Fig. 1: The building blocks required for govroam
Govroam uses robust end-to-end encryption (AES as part of 802.1X tunneling) so that your private user credentials are only available to your home organisation for authentication, and never exposed over the air or accessible by the visited site’s infrastructure – even fake networks set up with the aim of stealing your credentials can’t gain access to them through govroam.
If you already have the basics required (see fig. 1), all you need to do is create the govroam SSID on your WLAN and configure your RADIUS server to proxy any non-local authentication requests received against that SSID up the hierarchy of RADIUS servers that make up the govroam fabric. One of those servers will recognise the domain that the request is coming from and ensure the proxied request is forwarded to its home site for authentication. Fig. 2 sketches the service in action.
Fig. 2: the govroam infrastructure