For the first release of the new FormularyComplete, regulation of access to the content is intended to mirror the access levels familiar from the legacy system as closely as possible — though the content will now sit on a website outside the customer's private network, instead of being installed on an internal web server.
The three levels of content access in both the legacy and new systems are:
(1) Summary view — list of medicines included in the local formulary and their status: free public access (if the formulary report is published)
(2) Basic use — full read access to all formulary content: login-free access from any computer terminal on the customer's internal network
(3) Admin use — access to amend the content and/or configure local settings: username plus password access from a desktop computer on the customer's internal network, with three roles (Editor, Publisher and Administrator)
The move to the cloud brings the challenge of distinguishing, from a location outside a customer's protected internal network, computer terminals that are inside it from all which are not. This is essential not only to ensure that authorized users alone can access the full content but also to bring up their own organization's formulary when they connect to the website.
IP address authentication option
The straightforward way of identifying the origin of internet connections is their public internet protocol (IP) address. Most large organizations have their own public IP address ranges, which are clearly assigned to them, and when a computer on their network connects to the public internet, it will use one of those addresses. However, exceptions to this scenario are proliferating. Private individuals and small businesses that do not publish on the internet have long relied on "dynamic" IP addresses that their service provider continually reallocates. Larger business organizations may choose nowadays to contract out maintenance of their IT systems to suppliers who are the actual owners of the IP addresses that they provide as part of their service.
Of specific importance here is that the National Health Service has its own national high-speed network, N3 (but in due course to be replaced by the HSCN). When a computer connects to the internet over N3, the router at the gateway from N3 to the public internet substitutes the computer's internal network address with a public address allotted for the connection. The public addresses in the available pool are not reserved for the use of any individual NHS trust or CCG in a way that would identify a FormularyComplete customer.
Deciding whether IP address authentication is suitable
The managers of your internal IT network will need to determine whether you can use the IP address option. For this, they need to take into account that the Royal Pharmaceutical Society is not a part of the NHS, and so FormularyComplete itself is not on the N3 network.
If all your connections to www.formularycomplete.com (on the public internet) can be routed out by your IT department via an IP address that you own, that would be ideal.
Alternatively, if all your connections to the public internet go out anyway via IP addresses that you own, for us to record those addresses is also likely to be a good solution.
However, while we can record more than one address or range for you, a single public IP address can front hundreds of PCs, and an IP range may comprise hundreds of IP addresses, and so the details of what they represent should be double-checked.
IP address authentication is not applicable:
- To private IP addresses (see https://en.wikipedia.org/wiki/Private_network)
Public IP addresses are not suitable:
- If they are subject to substitution by your internet services provider
- If some of the computers that may be routed through them belong to partner/sister/associate or unrelated organizations served by the same internet services provider but who are not FormularyComplete customers, or who are FormularyComplete customers but have a separate formulary
Public IP address ranges are not suitable:
- If parts of the range may be shared, so that some of the addresses it comprises may be usable by partner/sister/associate or unrelated organizations
IP address authentication is not likely to be suitable:
- If some of your internal users have no way of using the only suitable IP addresses you have
Referrer URL option
In this alternative access method (see https://en.wikipedia.org/wiki/HTTP_referer) you must have a web page in which you place a link to www.formularycomplete.com. In order to provide a measure of security, the page must be accessible only on your internal network.
This is the fallback option because it means that your FormularyComplete users must start from a web page on your intranet — i.e. will introduce an extra initial click into the access procedure.
Where IP authentication is used, basic user connections should not time out provided that the IP address of the connection does not change.
Where referrer URL authentication is used, the maintenance of basic user connections depends on the browser to retain the session cookie. Browsers generally keep session cookies for long enough that intermittent use of FormularyComplete during a day should not require reactivation of the referrer link.
Sessions for admin logins also depend on the browser for how long it will keep the cookie. Browsers might discard the cookie when the user closes the window or after a time period.