Page 1

THE ELECTRONIC STAFF RECORD PROJECT

NATIONAL HEALTH SERVICE A QUICK REFERENCE GUIDE TO ACTIVATING THE ESR INTERFACE TO UIM Information Classification: ESR User Base Author:

Chris Price

Creation Date:

14 July 2010

Last Updated:

8 October 2010

Document Ref:

ESR-RPP0006 Quick Reference Guide to Activating the ESR Interface to UIM

Version:

1.0

Approvals:

Paul Spooner Title: ESR Director of Operations Chris Price Title: RPP Implementation Manager


1. Document Control

1.1. Change Record Date

Author

14 July 10 21 July 10 5 October 10 8 October 10

Chris Price Chris Price Chris Price Chris Price

Version

Change Reference First draf

0.1 0.2 0.3 1.0

First draft Updated following initial review Updated following formal review Final version

1.2. Reviewers Name

Position

Nick Adcock

ESR Design Team Lead

Lee Pacey

ESR Head of Design

Paul Spooner

ESR Director of Operations

Steven Finney

NHS ESR Data Analysis Manager

1.3. Distribution Copy No.

Name

Location

1 2

Library Master

Project Library Project Manager

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

2


2. Contents 1.

Document Control.......................................................................................2 1.1. Change Record........................................................................................................ 2 1.2. Reviewers ................................................................................................................ 2 1.3. Distribution............................................................................................................... 2

2.

Contents ......................................................................................................3

3.

Introduction .................................................................................................4 3.1. 3.2. 3.3. 3.4. 3.5.

4.

Readership .............................................................................................................. 4 Purpose.................................................................................................................... 4 Background.............................................................................................................. 4 What does the ESR interface to UIM enable?......................................................... 4 Reference documentation and other information sources....................................... 4

Requesting the activation of the ESR Interface to UIM............................5 4.1. How to request the activation of the ESR interface to UIM ..................................... 5

5.

Pre-requisites ..............................................................................................6 5.1. 5.2. 5.3. 5.4. 5.5.

6.

Strategic decision regarding choice of implementation model ................................ 6 Smartcard enablement of ESR users ...................................................................... 6 UUID Data Load ...................................................................................................... 6 Position Based Access Control (PBAC) .................................................................. 7 ESR and UIM set-up Activities ................................................................................ 7

Activating the ESR Interface to UIM ..........................................................8 6.1. Step 1 - Complete UIM set-up activities .................................................................. 8 6.2. Step 2 - Complete ESR set-up activities required prior to interface activation........ 8 6.3. Step 3 – Activate the ESR interface to UIM............................................................. 9 6.4. Step 4 - Complete ESR Set-up activities required post interface activation and deploy the interface ...................................................................................................................... 9 6.5. Step 5 – Review the implementation of the interface .............................................. 9

7.

Appendix 1 – Key Terminology................................................................10

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

3


3. Introduction 3.1. Readership This guide is aimed at Project Managers, Implementation Managers, ESR and RA Leads responsible for the delivery of HR, RA and ESR within an organisation who need to understand how to deploy the ESR interface to User Identity Manager (UIM).

3.2. Purpose The purpose of this document is to provide guidance regarding the implementation of the interface between ESR and the User Identity Manager (UIM) registration software. It is assumed that the interface is being adopted as part of the approach to Integrated Identity Management (see ‘Developing a Strategy for Integrated Identity Management’). This document focuses primarily on the technical activities required to activate the interface. The ESR interface to UIM implementation approach guide provides supplementary information and implementation considerations regarding the technical activities referenced within this guide. It is recommended that organisations are familiar with this document, and the ESR interface to UIM implementation approach guide, prior to the activation of the interface.

3.3.

Background

The ESR interface to UIM is applicable to those organisations that have chosen to deploy the interface as part of their strategy for Integrated Identity Management (see ‘Developing a Strategy for Integrated Identity Management’). The deployment of the interface requires other components of the Integrated Identity Management initiative to have been completed before implementation commences, these are: • Strategic decision regarding choice of implementation model based on ‘Developing a Strategy for Integrated Identity Management’. • Position Based Access Control (PBAC) including the mapping of ESR positions to NHS CRS Access Control Positions – A minimum of one Access Control Position must be defined and mapped to a corresponding ESR position. • Smartcard enablement of core ESR users. Organisations should also have an awareness of the activities outlined within the HR/RA Process Integration toolkit, although the completion of these activities is not compulsory for the activation of the interface.

3.4. What does the ESR interface to UIM enable? The activation of the ESR interface to UIM completes the deployment of the Integrated Identity Management (IIM) initiative. The interface, utilising mappings between ESR positions and NHS CRS Access Control Positions as defined in UIM, automatically updates an individual’s access rights to NHS Care Records Service (NHS CRS) systems when a change is made in ESR.

3.5. Reference documentation and other information sources The following table lists documentation referenced within this guide and other related sources of relevant information. Title ESR-RPP0005 ESR interface to UIM implementation approach guide ESR-RPP0006 A quick reference guide to activating the ESR interface to UIM ESR-RPP0007 ESR set up pre-interface activation

Purpose Provides guidance regarding the implementation of the ESR interface to UIM. Provides an overview of the technical steps required to activate the ESR interface to UIM. Provides instructions regarding the ESR set-up

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

4


quick reference guide

ESR-RPP0008 ESR set up post interface activation quick reference guide

M-3980 NHS CRS to ESR data matching user guidance ESR online user manual

ESR e-Learning Captivates ESR Integrated Identity Management website

UIM Implementation Guide (Link accessible via N3)

Developing a strategy for Integrated Identity Management (Link accessible via N3) HR/RA Process Integration toolkit (Link accessible via N3)

Position Based Access Control (PBAC) Toolkit (Link accessible via N3) NHS CfH Integrated Identity Management website (Link accessible via N3)

activities that must be completed no later than 2 weeks prior to the activation of the ESR interface to UIM. Provides instructions regarding the ESR set-up activities that must be completed as soon as possible following the activation of the ESR interface to UIM. Data match/cleanse/load procedure to match employee records in ESR to existing NHS CRS records. The standard ESR user manual covering all aspects of using the ESR solution including the new interface and RA functionality. E-learning tools covering the end to end processes between ESR and UIM All user documentation regarding the ESR interface to UIM is available via the ESR website http://www.esrsolution.co.uk/iim/ Provides instructions regarding the UIM set-up activities that must be completed no later than 2 weeks prior to the ESR set-up activities being undertaken. Provides the structure to key decisions that need to be made by NHS organisations to realise the benefits of Integrated Identity Management. Helps NHS organisations move towards the integration of business processes between Human Resources and RAs, or between RAs and other identity capture processes. Describes how to simplify the assignment of access rights to the NHS CRS. All user documentation for UIM is on the NHS CFH NWW web site.

4. Requesting the activation of the ESR Interface to UIM

4.1. How to request the activation of the ESR interface to UIM Further information regarding the availability of interface activation dates and data load slots is available here. The ESR Regional RPP Project Managers are able to provide further advice and guidance regarding the implementation activities. To request an interface activation date organisations should e-mail esr.smartcard@nhs.net with the following information: • • •

Organisation name (including the ESR VPD if known); Required interface activation date; Confirmation that a data load is required.

The NHS ESR Data Team will then confirm allocation to a go-live date and data load. Note: The interface activation dates and data loads are subject to availability. Allocation will be on a strictly first come first served basis.

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

5


5. Pre-requisites There are number of pre-requisites that must be completed prior to the activation of the ESR interface to UIM.

5.1. Strategic decision regarding choice of implementation model It is assumed that organisations reading this guidance have decided to adopt the interface as part of their approach to Integrated Identity Management (see ‘Developing a Strategy for Integrated Identity Management’). The Strategic decision should be formally communicated to the NHS ESR Regional RPP Project Manager.

5.2. Smartcard enablement of ESR users All NHS organisations within England are moving to NHS CRS Smartcard facilitated ESR access as part of the drive to improve information governance for all personal identifiable data held by the NHS. The transition to Smartcard enabled ESR access ensures staff data is secured to the same level as patient data and provides ESR users with the e-GIF level 3 security clearance in order to effect changes on NHS CRS via the ESR interface to UIM. The NHS ESR Data Team has been working closely with organisations to remove username and password access to ESR user accounts (a process known as URP lockdown). As a pre-requisite to the activation of the ESR interface all ESR User Responsibility Profiles (URPs) must be locked down, with the exception of the National LMS and Employee Self Service URPs. Further details regarding the ESR Smartcard enablement project and the URP lockdown process are available via http://www.esrsolution.co.uk/iim/. Any queries relating to the Smartcard enablement of ESR users should be directed to esr.smartcard@nhs.net.

5.3. UUID Data Load Organisations deploying the ESR interface to UIM will have a number of employees in ESR who have, or will need to have, access to NHS CRS applications. These employees will already have, or need to have, a record on the Spine User Directory (SUD). For the ESR interface to function, the employee records in ESR will need to be matched and then linked to their equivalent records in the SUD. The actual link between the two systems at employee level is achieved by adding the Unique User Identifier (UUID) from the SUD record into the ESR employee record. The ESR who: • • •

interface will ‘control’ person details and access rights in UIM for all employees on ESR Are identity checked to e-GIF level 3 and Have a UUID entered against their record and Are assigned to an ESR position which is linked to an access control position

Organisations requesting activation of the ESR interface to UIM will be offered a free data load service by the NHS ESR Data Team. This will facilitate the loading of the UUID and e-GIF flag into ESR, for all matching records between ESR and NHS CRS. The data load will ensure that all ESR person records are linked to the appropriate record on NHS CRS prior to the activation of the interface. The data load will utilise a similar procedure as that used for loading the UUIDs of ESR users during the ESR Smartcard enablement programme. A data extract will be taken from both ESR and NHS CRS and run through a data matching tool. This will produce a report of records that can be successfully matched between ESR and NHS CRS. A successful match will require the NI Number, Surname and Forename to be the same in both ESR and NHS CRS. The NHS CRS UUID and e-GIF flag for matching records will then be loaded into ESR on the agreed load date. Records that cannot be successfully matched between ESR and NHS CRS will not be loaded into ESR. ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

6


Prior to the data load taking place organisations will be provided with data matching reports detailing any data cleansing that may be required on either NHS CRS or ESR. The records must be cleansed in advance of the data load in order for the UUIDs to be loaded into ESR. Further details regarding data matching are available within the M-3980 NHS CRS to ESR data matching user guidance. Important Note: UUID Data loads can only be provided by the NHS ESR Data Team prior to the activation of the interface. Following the activation of the interface organisations will need to use the person lookup functionality to manually assign UUIDs to ESR person records (for those records where the UUID has not been loaded into ESR). Queries regarding the loading of UUIDs into ESR should be directed to esr.smartcard@nhs.net. Important Note: UUID Data loads will only be provided by the NHS ESR Data team prior to the activation of the interface. Following the activation of the interface organisations will need to use the person lookup functionality to manually assign UUIDs to ESR person records (for those records where the UUID has not been loaded into ESR).

5.4. Position Based Access Control (PBAC) Using the Position Based Access Control (PBAC) methodology (as explained in the PBAC toolkit) enables organisations to define a number of NHS CRS Access Control Positions which can be subsequently set up in UIM. These NHS CRS Access Control Positions define the access rights to NHS CRS applications needed by staff to do their job. In order for the interface to operate the definition and relationship between ESR positions and NHS CRS Access Control Positions needs to be established. The mapping between NHS CRS Access Control Positions and ESR positions needs to be defined as part of the PBAC work so that it is clear which jobs, as defined by ESR positions, relate to which NHS CRS access rights. This mapping needs to be formally approved and signed off before the implementation of the interface commences. It is anticipated that organisations will have completed PBAC (including the mapping of ESR positions to NHS CRS Positions) prior to the implementation of UIM. It is however possible for organisations to activate the interface with a minimum of one Access Control Position mapped to a corresponding ESR position. This will allow the Access Control Position(s) to be downloaded to ESR and then linked to the appropriate ESR Position(s) as part of the implementation. Further NHS CRS Access Control Positions can be created in UIM if required, and then downloaded into ESR allowing for a progressive rollout of the interface functionality within an organisation. Organisations should also have an awareness of the activities outlined within the HR/RA Process Integration toolkit although the completion of these activities is not compulsory for the activation of the ESR interface to UIM.

5.5. ESR and UIM set-up Activities A number of set-up activities must be completed in both UIM and ESR prior to the activation of the interface and in ESR post activation of the interface. Subsequent sections of this document provide an overview of the activities that need to be undertaken. Links to documentation, providing detailed instructions with regards to each of the set-up activities, are included where appropriate.

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

7


6. Activating the ESR Interface to UIM A number of activities must be completed in UIM and ESR prior to the activation of the interface, these activities are summarised below; •

Step 1 – Complete UIM Set-up activities Must be completed no later than 2 weeks prior to interface activation date.

Step 2 – Complete ESR Set-up activities required prior to interface activation Must be completed no later than 2 weeks prior to interface activation date.

Step 3 – Activate the ESR interface to UIM The interface will be activated on the date agreed with the NHS ESR Central Team.

Step 4 – Complete ESR set-up activities required post interface activation and deploy To be completed as soon as possible following interface activation.

Step 5 – Review the implementation of the ESR interface.

6.1.

Step 1 - Complete UIM set-up activities

The set-up of UIM must be completed prior to the ESR set-up activities being undertaken. The key activities that must be completed in UIM are summarised below; • • • • • •

Reassess the roles and responsibilities of RA managers, RA agents and Sponsors Set-up RA Staff in Calendra Set-up workstations being used for UIM activity Create a minimum of one worklist in UIM Approve and grant a minimum of one Access Control Position in UIM Approve National Terms and Conditions

Instructions regarding the set-up of UIM, including a 2 page quick reference guide, are available within the User Identity Manager Implementation Guide which can be downloaded from http://nww.connectingforhealth.nhs.uk/iim/implement Timeframe for completion: The UIM set-up activities must be completed no later than 2 weeks prior to the interface activation date that has been agreed with the NHS ESR Central Team.

6.2.

Step 2 - Complete ESR set-up activities required prior to interface activation

Upon completion of the UIM set-up activities, the following must be completed in ESR prior to the activation of the ESR interface to UIM; • • • • •

Define a supplementary role for RA Sponsor(s) and allocate these to the ESR organisation hierarchy. Allocate one or more users with the NHS CRS RA Agents notification role. Download the Worklist(s) from UIM and allocate to the ESR organisation hierarchy. Ensure the correct NACS code has been allocated to the ESR organisation hierarchy. Allocate the appropriate RA URPs to one or more ESR users.

Instructions for the completion of the above activities are available within the ESR set up pre interface activation quick reference guide.

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

8


Timeframe for completion: The ESR set-up activities outlined above must be completed no later than 2 weeks prior to the interface activation date that has been agreed with the NHS ESR Central Team.

6.3.

Step 3 – Activate the ESR interface to UIM

The ESR interface to UIM will be activated on the date agreed with the NHS ESR Central Team provided that the UIM and ESR set-up activities have been completed within the agreed timeframes. If the UIM and ESR set-up activities, outlined in 6.1 and 6.2, have not been completed it will not be possible for the NHS ESR Central Team to activate the interface. Following the activation of the interface any updates to the ESR fields listed below (for employee records that have a UUID and are identity checked to e-GIF level 3) will result in messages being sent to UIM reflecting the changes to personal details. • • • • • • • • •

Title Surname First name Middle name NI Number Date of Birth Email address (Person Form) Work phone number (Phones Form) Work mobile number (Phones Form)

The interface will not however transmit any messages relating to changes in access rights until ESR positions have been linked to NHS CRS Access Control Positions.

6.4.

Step 4 - Complete ESR Set-up activities required post interface activation and deploy the interface

Following the activation of the ESR interface it is necessary for the NHS CRS Access Control Positions that have been created in UIM to be downloaded and linked to the appropriate ESR position(s). The linking of ESR positions to NHS CRS Access Control Positions must be completed in accordance with the mappings that have been formally agreed by each organisation. Performing the link automatically grants or changes access rights on NHS CRS based on the definition of the Access Control Position in UIM. This will be applicable to all the employees assigned to that position who have their UUID populated in ESR and are identity checked to e-GIF level 3 (i.e. e-GIF flag set to ‘Y’ in ESR). The ESR set up post interface activation quick reference guide provides instructions regarding the download of NHS CRS Access Control Positions from UIM into ESR and the linking of these NHS CRS Access Control Positions to ESR positions (as per agreed mappings). The document also provides an overview of key aspects of the interface functionality and links to the elearning training material. Timeframe for completion: The ESR set-up activities should be completed as soon as possible following the activation of the interface.

ESR Positions should be linked to NHS CRS Access Control Positions in line with the agreed deployment strategy at each organisation. As further NHS CRS Positions are defined in UIM these can be downloaded to ESR and linked to ESR positions as per the agreed mappings.

6.5.

Step 5 – Review the implementation of the interface

Following the implementation of the ESR interface organisations can define further NHS CRS Access Control Positions in UIM which will allow for the progressive deployment of the interface functionality. Additional NHS CRS Access Control Positions can be created in UIM following the activation of the interface which can then be downloaded into ESR and linked to ESR positions (as per agreed mappings) as appropriate. ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

9


7. Appendix 1 – Key Terminology The following terms are relevant to this document and have been extracted from the full Glossary of terms available via http://www.esrsolution.co.uk/iim/ • Access Control Position. An Access Control Position is defined in UIM and contains a set of access rights which have been approved and granted through the RA process. NHS CRS users can be associated to Access Control Positions directly in UIM or via the ESR interface. • Assignment. The assignment in ESR provides the link between employee and position. Each employee will have at least one assignment but may have more if they do more than one job. The assignment holds contractual data such as the grade, hours worked etc • e-GIF. Policies and standards to enable information to flow seamlessly across the public sector and provide citizens and businesses with better access to public services. All users of NHS CRS must be identity checked to e-GIF level 3. • ESR – Electronic Staff Record. The Electronic Staff Record (ESR) is the integrated Oracle Human Resource Management System (HRMS) (including Payroll) in use by the vast majority of organisations within the NHS; hosted and maintained by McKesson plc. • ESR Position. A position identifies the post/job that exists within each organisational unit as defined in the workstructures in ESR. Positions can be defined with certain default information such as grade and staff group which are inherited as defaults when an employee is attached to a position via their assignment. It will be possible to link positions in ESR to equivalent positions in UIM to be used for access control. • Integrated Identity Management – The development of closer integration between the currently separate processes involved in capturing and managing staff identity, and controlling access to the NHS Care Records Service (NHS CRS). • NHS CRS – NHS Care Records Service. The NHS Care Records Service will help NHS organisations in England to store patient health care records on computers that will link information together quickly and easily. An NHS CRS Smartcard will give a user access to the NHS CRS and other National Programme for IT applications such as Choose and Book and the Electronic Prescription Service. • PBAC – Position Based Access Control. The PBAC methodology groups access control requirements by job allowing for any number of employees to share generic access rights based on what they do rather than who they are. • RA Agent. Works under the direction of the RA manager to administer the RA function. They are responsible for performing registration and maintenance of sponsors and health care professionals/workers in the organisation(s) that the RA agent holds this profile for. They also ensure that National and local RA processes are followed. • RA Sponsor. Sponsors approve access and the issue of NHS CRS Smartcards and are usually the line manager of users. In UIM sponsors will manage approvals via worklists. • SUD – Spine User Directory. The Spine User Directory is the repository which stores users’ profiles and registration information both current and historic includes roles and organisations that an individual works for. • UIM – User Identity Manager. The new software which will provide the electronic management of access control which is replacing the current paper based registration process. • UUID – Unique User Identifier. The User’s Unique ID Number is used by all NPfIT applications to uniquely identify the user to the application. The UUID is the number displayed on the NHS CRS Smartcard. Occasionally called the UID (Unique ID Number). ESR will also hold the NHS CRS UUID against employee records so that it can validate that the employee has an active authenticated entry on NHS CRS. • Worklist. Worklists group actions in UIM, users login to their worklists to manage actions and approvals. ESR will automatically access and update worklists for many types of change initiated in ESR such as request for a new user, change access requirements based on positions and changes to personal details. • Workstructures. Workstructures is the area of ESR that allows the definition and management of the organisation structure and hierarchy within an NHS Organisation. Workstructures are hierarchical and consist of organisational units, departments, locations and positions. A specific URP manages workstructures.

ESR-RPP0006_ESR_UIM_Interface_Activation_Guide_v1.0.doc

10

http://www.electronicstaffrecord.nhs.uk/uploads/media/ESR-RPP0006_ESR_UIM_Interface_Activation_Guide  

http://www.electronicstaffrecord.nhs.uk/uploads/media/ESR-RPP0006_ESR_UIM_Interface_Activation_Guide.pdf

Read more
Read more
Similar to
Popular now
Just for you