Four overlooked risks in NHS IT systems

Four overlooked risks in NHS IT systems

Healthcare Published on 5 mins Last updated

Many IT directors within NHS trusts are facing increasing challenges around performance and security risks in back-office systems – which, left unresolved, could jeopardize the delivery of patient care.

While most IT risks are scrupulously mitigated within NHS trusts, risks associated with back-office systems often have the potential to be overlooked. Remote access systems, email communications, print management platforms and web services like intranets can be just as vital to the delivery of patient care as diagnostic and patient imaging applications. Yet these ubiquitous back-office systems are often left unprotected and unoptimized – unlike clinical IT systems.

This oversight puts IT directors in a precarious position. Without load balancing technology in their back-office, they are unnecessarily vulnerable to four significant risks: system downtime, security weaknesses, poor user experiences and a stifling incapacity to evolve.


System downtime

In an environment where lives are literally at stake, downtime in any IT system must be considered unacceptable. Whether they are delivering healthcare services in the community, sharing patient data via NHSmail, sending out letters to patients or managing appointments via a web service, NHS staff need reliable, available IT systems, to enable them to provide critical and acute care.

Let’s consider remote access systems, as an example. Community based medical professionals need to be able to access patient data and back-office systems from patient homes, clinics and other third-party sites. If downtime were to occur in the remote access system, these clinicians would find it difficult to care for their patients.

Equally, a failure in the remote access system could seriously disrupt the running of the NHS trust, especially given that many NHS support staff are following Government advice and working from home during the COVID pandemic. Whatever their role, NHS staff who work remotely have to have consistent, reliable access to the applications they need to do their jobs, from anywhere, using any device.

NHS trusts can reduce the risk of downtime in remote access systems, including virtual desktop environments, by using a load balancer to share traffic across multiple servers. If one server fails, the load balancer will reroute the traffic instantly to another available server, preventing any loss of service for users. If maintenance is required, IT teams can decommission and then recommission servers at will, without any interruption in remote access for users and without the need to schedule downtime. The use of load balancers with remote access solutions and virtual desktop infrastructure (VDI) also improves security, which leads us on to point number two...

Security weaknesses

The need to keep patient data secure is absolutely paramount, and all NHS trusts will have a range of IT systems and employee policies in place to ensure this. It is important to remember, however, that back-office systems, including remote access systems, VDI, Microsoft Exchange, Office 365 and Microsoft Teams, can present potential security risks. All available measures should therefore be implemented to improve data protection, both in existing back-office systems and in future plans.

Let’s look at email as an illustration of this point. IT directors may already think that their NHS email platform,, is secure, but they can use load balancers to reinforce the security and encrypt data and images when they travel between email servers and users. Load balancers can also be used to improve security when users are accessing or NHSmail from mobile devices, outside of the control of the trust. Furthermore, IT teams can use load balancers to undertake maintenance on email servers, implement security patches and make other updates that improve the overall security posture, without having to arrange downtime in the email system.

Many trusts may currently be planning to migrate their current NHSmail servers into hybrid cloud and on-premises IT environments, using the Microsoft Hybrid Service on Office 365. Best practice approaches for achieving this NHSmail migration include the use of a load balancer to improve performance.

Poor user experiences

When back-office systems perform sluggishly, users cannot complete tasks promptly, waste valuable time and become frustrated. Email communications and print management systems are not used at the bedside in wards or operating theatres, but are nonetheless essential for the efficient and effective delivery of patient services.

Print servers, in particular, are an often-overlooked but incredibly important back-office system.  NHS trusts can send out around 100,000 letters per month and need to be able to print exceptionally high volumes of documents on multiple printers, every day. Just a few weeks ago, the UK government added a further 1.7 million people to its Shielded Patients List, and each NHS trust in England needed to send out hundreds or thousands of letters to patients who are at the highest risk from coronavirus. This demonstrates just how important it is for print management systems to work optimally at all times. It was not only a huge undertaking to send letters to everyone on the Shielded Patients List, but also an extremely urgent one – patients needed to be advised of their vulnerability as quickly as possible, so that they could take steps to protect themselves.

If print servers are allocated to specific departments or teams, one print server can become overloaded, while another is underused. NHS trusts can use load balancers with print servers to improve the management of print queues, and balance print requests across multiple servers and printers in different locations. Equally, they can use load balancers with print management and document workflow applications, such as PaperCut or Kofax, to optimize the performance of these solutions and ensure user satisfaction by keeping the printers working.

Incapacity to evolve

Back-office IT systems need to be scalable and agile, so that NHS trusts have the capacity to respond to sudden or gradual increases in system usage, as well as evolve to reflect changing healthcare guidelines.  If back-office systems are not scalable and flexible, unnecessary costs can be incurred and transformation projects can be delayed.

Take web services, for example.  Most NHS trusts have a large number of web servers delivering a diverse range of web services, web sites and intranets.  While primarily for staff use, many web servers deliver patient services, such as services for booking appointments, requesting prescriptions or viewing interactive hospital maps.  With many more NHS staff working from home and an increasingly internet-savvy population, almost all NHS web services are experiencing growing usage.

NHS trusts can use load balancers to share internet and intranet traffic across multiple servers based on an intelligent understanding of server performance and load.  This reduces the risk of individual web servers becoming overloaded (causing slow performance and a poor user experience) and enables high availability to be maintained even during spikes in Internet or intranet traffic. Critically, the use of load balancers makes it much easier for NHS trusts to add additional servers to gradually scale up their services, when needed, while keeping service disruption and costs down.

Looking ahead to the future, the NHS is moving towards more collaborative operating models and shared services – known as Integrated Care Systems (ISCs) to reduce cost. The delivery of digital pathology services, for example, is already moving to a hub and spoke model, with multiple trusts and healthcare providers sharing the services and capabilities of a central provider. Load balancers can help pave the way for this collaboration, by sharing traffic across multiple data centers and giving organizations the flexibility to evolve their service delivery in a cost effective way.

Now is not the time to be taking risks. NHS staff are under incredible pressure, not only treating COVID-19 patients but also working in new COVID-secure ways to protect others. IT teams in NHS trusts must, therefore, take every possible step to minimize the risk of IT failures that could put clinicians under even greater stress – and, in this ongoing campaign to reduce IT risks, the back-office should never be overlooked.