IT

Under the Freedom of Information Act, I would like to request information about the main digital systems currently used within your organisation.

Please provide a list of the main clinical, administrative, and corporate systems, excluding:
standard desktop software (e.g. Microsoft Office, Outlook/email, web browsers), locally created spreadsheets, templates, or databases maintained by individual teams.

Attached is a spreadsheet for completion, for each system, please provide on a new row (where available):

1. System name
2. Supplier/vendor
3. Primary purpose / category (choose from: PAS, EPR/Clinical Records, Radiology, Pharmacy, PLICS, Finance, HR/Workforce, Risk & Governance, Other)

If a system doesn’t fit one of the listed categories, please use “Other” and provide a short note.

Organisation name Organisation Code Region Organisation Type Organisation HQ Postcode System name Supplier / vendor Primary purpose / category Comment

I am writing under the Freedom of Information Act (2000) to please request the following information regarding your Trust’s patient portal, also known as a Patient Engagement Portal (PEP).

General Information

1. Does your Trust have a PEP?     Yes / No
• If no, do you plan to have one? ___________

2. What is the name of your PEP product? ___________________________
3. What year did your PEP go live? __________

Staff Training and Support

4. Did staff receive formal training on using the PEP during implementation?     Yes / No
• If yes, was this mandatory? ___________________

5. Do staff receive formal ongoing training on the PEP?     Yes / No
• If yes, is this mandatory? ___________________

6. Which job role and/or department provides support for staff using the PEP? __________________________________________________

7. Is it mandatory for staff to use the PEP?     Yes / No

Implementation and Management

8. Which team led the PEP implementation process? ____________________________________

9. Did your Trust have a formal implementation strategy or project plan for the PEP? Yes / No

10. Does your Trust have dedicated Project Management support for digital transformation? Yes / No
• If yes, please provide the job title ______________________________________

11. Does your Trust have any ring-fenced funding to support digital transformation?     Yes / No

12. Does your Trust have a designated board-level role with responsibility for digital strategy?      Yes / No
• If yes, please provide the job title ______________________________________

13. Do you have a dedicated team solely working on the PEP?   Yes / No
• If yes, how many members of staff work on this team? _____________________

PEP Functionality

14. From the following list, please tick which PEP functionalities are:

• Live currently
• Due to be implemented in the next 12 months

Live 12 Mths
Notifications such as appointment confirmation and reminders
Appointment scheduling/rescheduling
Digital letters
Test results
Asynchronous messaging
Forms for patients to complete via the portal such as PROMs, PREMs, pre and post-operative forms etc
Patient-initiated follow-up (PIFU)
Wait list validation
Use of Artificial Intelligence

Usage Data

15. How many staff have logged on to the PEP in the last 6 months ___________

16. Please provide a breakdown of the staff groups who have logged on to the PEP in the last 6 months, shown as percentages:

For example: 60% Administrative, 20% Clinical, 10% IT Support, 10% management.

______________________________________________________

With many thanks for your assistance with this request,

1. Digital Dictation
● Name of supplier & product
● Number of user licences
● Procurement method (e.g., framework)
● Contract start date
● Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
● Total contract value (if available)
● Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
● Key internal stakeholder role/title
● Desired features not currently delivered (optional)

2. Outsourced Transcription
● Name of supplier & product
● Procurement method (e.g., framework)
● Contract start date
● Average monthly volume of letters (if available)
● Average monthly volume of lines (if available)
● Total contract value (if available)
● Key internal stakeholder role/title
● Desired features not currently delivered (optional)

3. Speech Recognition
● Name of supplier & product
● Number of user licences
● Procurement method (e.g., framework)
● Contract start date
● Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
● Total contract value (if available)
● Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
● Key internal stakeholder role/title
● Desired features not currently delivered (optional)

4. Ambient AI Scribe
● Name of supplier & product
● Number of user licences
● Procurement method (e.g., framework)
● Contract start date
● Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
● Total contract value (if available)
● Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
● Pilot stage (if applicable, please specify supplier, pilot duration, and scope)
● Key internal stakeholder role/title
● Desired features not currently delivered (optional)

5. Video Consultation
● Name of supplier & product
● Number of user licences
● Procurement method (e.g., framework)
● Contract start date
● Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
● Total contract value (if available)
● Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
● Key internal stakeholder role/title
● Desired features not currently delivered (optional)
● Average number of video appointments per month/year
● % of virtual/remote consultations conducted using video vs telephone

6. Health Information Systems
● PAS (Patient Administration System)
● EPR (Electronic Patient Record)
● eDMS (Electronic Document Management System)
● RIS (Radiology Information System)
● LIMS (Laboratory Information Management System)
● e-Correspondence (e.g., Docman)
● Hybrid Mail (e.g., Synertec, Healthcare Communications)
● Patient Portal (e.g., Patient Knows Best)

Under the Freedom of Information Act, I would request you to respond to questions included in the attachment.

Please could you provide the following information:
General:

* Number of Sites
* Number of Employees
* Number of IT Staff
* Annual IT Budget

Web Security

1. Who is the provide of your current web security solution?
2. Does your current web security provide you visibility in to cloud and/or business application usage?
3. When is the contract up for renewal?
4. Typically, what is the chosen duration of these contracts 12, 24, or 36 Months?
5. Name and contact details of the person responsible?
6. Current annual spend for this contract?
7. Current number of licenses for this contract?
8. Did you purchase via a reseller, or partner (if yes, please specify who e.g. Phoenix, Softcat etc.)?
9. Are you planning on assigning specific budgets for securing web security in 2025?
10. Do you procure this technology through the G-Cloud framework (if not, how do you procure & plan to procure Web security in the future?)

Security Awareness Training

1. Do you current undertake cyber security awareness training with your staff?
2. Who is your current Security Awareness Training provider?
3. When is the contract up for renewal?
4. Typically, what is the chosen duration of these contracts 12, 24, or 36 Months?
5. Name and contact details of the person responsible?
6. Current annual spend for this contract?
7. Current number of licenses for this contract?
8. Did you purchase via a reseller, or partner (if yes, please specify who e.g. Phoenix, Softcat etc.)?
9. Are you planning on assigning specific budgets for Security Awareness Training in 2025?
10. Do you procure this technology through the G-Cloud framework (if not, how do you procure & plan to procure Security Awareness Training in the future?)

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.

Can you please provide an update on your Trust’s Infrastructure, including aspects of SaaS, Messaging, and eProcurement? The questions are in the attached spreadsheet, which I would be grateful if you could fill in.

I am writing under the Freedom of Information Act 2000 to request the following information;

1) Has your organisation been notified of any data breach or security incident in the last 3 years involving systems built upon or integrated with Salesforce?

2) Has your organisation experienced, or been informed of, any incidents relating to procurement or contract management systems that operate using Salesforce, namely the Atamis e-Procurement suite of software?

Please provide details of;

• The date the incident occurred
• The nature of the compromised data (such as commercial, personal, financial)
• If the breach was reported to the Information Commissioner’s Office
• Any remedial action taken by your organisation

3) Further to this, has your organisation undertaken any risk assessments in relation to the use of systems integrated with Salesforce. If so, please provide a summary of the findings.

To whom it may concern, I am writing to request information under the Freedom of Information Act 2000 regarding the cyber security of your NHS Trust, specifically relating to incidents and the current measures in place to mitigate such threats. 1. Ransomware incidents (FY2022–FY2025) Please confirm whether any digital systems within hospitals managed by your NHS Trust were affected by ransomware attacks during the financial years 2022–2023 through to 2024–2025 (inclusive). If yes: How many separate ransomware incidents occurred within this period? For each incident, please provide: The date or month of occurrence A brief description of the nature of the attack (e.g. type of ransomware, point of system entry, services impacted) 2. Data breaches following cyber incidents (FY2022–FY2025) Were any data breaches reported as a result of ransomware or other cyber incidents during this period? If yes, please provide for each breach: The type(s) of data affected (e.g. patient records, staff information) The specific impacts of each breach, categorised as follows (where applicable): Loss of patient data Loss of staff data Disruption to patient services (please specify which services, if known) Disruption to operational processes Financial impact (e.g. cost of recovery, penalties, compensation, etc.) Other impacts – please specify 3. Current cyber security measures (as of date of request) Please list all cyber security measures and protocols currently in place across the Trust. These may include, but are not limited to: Cyber insurance (including provider and coverage if available) Internal and external firewall systems Use of multi-factor authentication (MFA) for user accounts Access control systems for sensitive data and critical systems Anti-virus and anti-malware protection Cyber security training or awareness programmes for employees Regular penetration testing or security audits (please specify frequency) Existence and status of an incident response plan (e.g. last updated date) I look forward to your reply.

I am submitting this request under the Freedom of Information Act 2000.
Please provide the following information:

1. Access to Testing Clinical Information Systems

o What is the approval process by which an external organisation may apply or request to connect with the trust’s test clinical systems of record. (e.g. EMR, EHR, PACS)
o Which internal teams, roles, or committees are responsible for approving such a connection?
o What steps are involved in obtaining the necessary permissions or agreements to establish such a connection?
o What is the entry point for this process? e.g. email address or webform.

2. Access to Production Clinical Information Systems

o What is the approval process by which an external organisation may apply or request to connect with the trust’s production clinical systems of record. (e.g. EMR, EHR, PACS)
o Which internal teams, roles, or committees are responsible for approving such a connection?
o What steps are involved in obtaining the necessary permissions or agreements to establish such a connection?
o What is the entry point for this process? e.g. email address or webform.

At this point we’re not asking for information regarding the technical specifics of the trust’s internal systems. We are only requesting information on the trust’s approval and decision making processes.

I am writing to request information under the freedom of information act on your organisations use of Job Planning. Please can you fill out the questions for each staffing group listed in the table below-

Consultants SAS Doctors Allied Health Professionals (AHPs)
1. Does your organisation use job planning software?
2. If yes, please can you specify the name of the job planning supplier?
3. If no, could you please specify how you carry out job planning?- for example paper based, Excel, Microsoft word, Other- please state
4. What is the contract start date for your job planning supplier?
5. What is the contract end date for your job planning supplier?
6. What was the annual cost of your job planning supplier for the financial year 24/25 (April 2024 – March 2025)?
7. Is job planning in your organisation demand led?
8. If yes, what frequency is it reviewed? (Monthly, Quarterly, Annually)
9. For each staffing group what percentage of staff is job planning rolled out to?
10. What other third-party systems does your Job planning system integrate with?

Please do not hesitate to contact me if you have any questions.

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.
Please provide information regarding the following system contracts:
1. Analytics (BI that includes outcomes)
2. BI & Data Warehousing
3. Clinical Communication and Collaboration
4. Clinical noting
5. Document Management
6. EPR
7. Forensics/ Secure
8. HR
9. Integration Platform
10. Patient Administration System
11. Patient care scheduling
12. Virtual Wards
13. Voice recognition

Please enter ‘No System Installed’ or ‘No Department’ under supplier name if your trust does not use the system or have the department:
a) System type –
b) Supplier name –
c) System name –
d) Date installed –
e) Contract expiration –
f) Is this contract annually renewed? – Yes/No
g) Do you currently have plans to replace this system? – Yes/No
h) Procurement framework –
i) Other systems it integrates with? –
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –

I would like to request information on your organisation under the Freedom of Information Act.
SIP Trunking
Have you implemented SIP?
If yes, when does the contract expire?
Who is your SIP provider?
The email address of the primary contact for this contract?

Telephony
What is your current telephony system?
How many users of the telephony system?
When is the contract up for renewal?
The email address of the primary contact for this contract?

Team Telephony
Have you voice enable your Teams Licences?
If yes, when does the contract expire?
If not, is that something you are considering?

Contact Centre
What is the manufacturer of your contact centre.
How many concurrent agents do you have.
Who supplied and maintains the contact centre When does the contract expire

I’m contacting you as part of an independent review into the use of Electronic Document Management Systems (eDMS) across NHS Trusts in England. Specifically, I’m seeking information on how digitised patient records are processed, scanned, and managed within your Trust as I have seen from a previous request that I have need of further clarification on.

The questions below focus on scanning operations and any technology or providers involved.

**eDMS Implementation and Scanning Practices**

1. How is content added to your eDMS? (Please delete as appropriate)

– Scanned Internally by Trust Staff
– Scanned Internally by a Company
– Scanned Externally by a Company
– Digital Documents Uploaded by Trust Staff
– Digital Documents Fed Through From Other Systems

2. If records are scanned internally by Trust staff, is this undertaken via a centralised scanning bureau or departmentally?

3. If some, or all records are scanned externally, what is the scanning service provider(s) company name(s)?

4. What is the scanning service provider’s contract expiry date?

5. If some, or all records are scanned via an internal, centralised scanning bureau, please specify the scanning hardware manufacturer and device models that are in use (e.g. 54Falcon Scanners by Opex Corporation 6).

6. If some, or all records are scanned internally at a departmental level, please confirm if desktop scanners or Multi-Function Devices (MFDs) are used. (Please delete as appropriate)
o Desktop Scanner
o Multi-Function Device (MFD)

7. Please specify the scanning hardware manufacturer and device models that are in use at a departmental level.

I wish to submit to the organisation a freedom of information request relating to the organisation’s ICT contracts, specifically around:
1. contact centre contract(s)
2. inbound network services contract (s)
The first part of my request relates to contact centre service contracts which could relate to one of the following:

1. Advanced call distribution to control the flow of calls and maximise customer experience
2. Email, website live chat and integrations with popular social media apps like Facebook and Instagram
3. Performance monitoring tools to track performance, customer satisfaction and other key sales metrics

This could be part of a whole package or separate service applications.

Please send me the following information for each provider:

1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.

2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier

3. Contract Duration: For each supplier, please state the contract duration of the contract expires. If available please also include any contract extensions.

4. Contract Expiry: For each supplier, please state the date of when the contract expires.

5. Contract Review: For each supplier, please state the date of when the contract will be reviewed.

6. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.

7. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address. At the very least please provide me with their actual job title.

8. Number of Agents; please provide me with the total number of contact centre agents;

9. Number of Sites; please can you provide me with the number of sites the contact centre covers.

10. Manufacturer of the contact centre: Who is the manufacturer of the contact centre system that you operate?

11. Do you use Microsoft Exchange 2003 as your email server? If not, then which products do you use?

12. Number of email users: Approximate number of email users across the organisations.

The second part of my request relates to the use inbound network services contracts which could relate to one of the following:
1. 0800, 0845, 0870, 0844, 0300 number
2. Routing of calls
3. Caller Identifier
4. Caller Profile- linking caller details with caller records
5. Interactive voice response (IVR)
For a contract relating to the above please can you provide me with?

1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.
2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier
3. Contract Expiry: For each supplier, please state the date of when the contract expires.
4. Contract Review: For each supplier, please state the date of when the contract will be reviewed.
5. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.
6. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address.

Also, I would appreciate it if the contract information was included within a spreadsheet.

I would be grateful if you could help in answering a request for information, answering for A & B on questions 1-11:

Q1) When purchasing software do you manage the licenses in house or outsource this to an MSP?

Q2) Which SAAS solutions are you utilising to manage the estate across Print, Desktop, Laptop, Peripherals, software assets & Telephony?

Q3) Are you using Autopilot or Intune today?

Q4) Is there a specific team that manages your software applications today in which is separate to the hardware asset management team?

Q5) How many devices are in the estate in totality including Laptops, Desktops, Printers, Virtual environments and telephones?

Q6) Do you usually pay for your software as a CAPEX or OPEX expense?
:- also do you pay for your hardware as an CAPEX or OPEX expense?

Q7) What is the process in place to test new software implementations and who would be the lead on new software implementations & how long would this usually take?

Q8) How many meeting room spaces do you have & do you have any management tools to make the most of your meeting room spaces?

Q9) How many operating systems are managed within the estate and which ones E.G Windows, Mac OS , Linux?

Q10) Is there a DEX (digital employee experience) strategy in place within the organisation?

Q11) do you have any services in place today to Track, Lock & wipe endpoint devices even if not connected to the network or powered down?

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.
1. What is your whole Trust’s IT spend for the following financial year?:
FY 2023/2024 (£):
FY 2024/2025 (£):
DEFINITION: Please include in your IT spend calculation the capital and revenue cost of your IT staff, Software, Services, Hardware, Communication equipment and Other IT spend for the requested financial year.

2. Based on your most recent Digital Maturity Assessment (DMA) submission to NHS England in 2024 (and 2025, if completed), please provide the following:
a) Your overall DMA score (on a scale of 1.0 to 5.0).
b) If readily available, the individual scores for each of the seven DMA pillars:
• Empower Citizens
• Ensure Smart Foundations
• Healthy Populations
• Improve Care
• Safe Practice
• Support People
• Well Led

DEFINITION: The Digital Maturity Assessment (DMA) is a self-assessment tool used by NHS organisations to evaluate their readiness for digital transformation. The overall score is usually the average of seven pillars, each scored from 1.0 (least mature) to 5.0 (most mature). The pillars are: Empower Citizens, Ensure Smart Foundations, Healthy Populations, Improve Care, Safe Practice, Support People, and Well Led.

3. Based on your most recent HIMSS EMRAM and HIMMS INFRAM assessment/ self-assessment, please provide the following:
Which HIMSS EMRAM score have your Trust currently achieved (0-7):
Which HIMSS INFRAM score have your Trust currently achieved (0-7):
Do you have plans to reassess, if your Trust is working towards achieving a new HIMSS EMRAM or INFRAM level, what level is this, and when will it be achieved:

Definitions:
Electronic Medical Record Adoption Model (EMRAM) – is an eight-stage model, scored from stages zero (least mature) to seven (most mature). At each stage, organisations need to demonstrate a progressive and eventual removal of paper, higher pervasiveness of use and compliance statistics, and an increasing reliance on automation and clinical decision support.
Infrastructure Adoption Model (INFRAM) – The eight-stage INFRAM measures the maturity of a healthcare facility’s IT infrastructure across five areas: mobility, security, collaboration, transport and data centre.

In accordance with the freedom of information act, please could you answer the following questions:

What EPR (Electronic Patient Record) is currently being used by the Trust?
Are there any plans to change this? If so, when?

I’m writing on behalf of Systech Innovations to request the following information under the Freedom of Information Act, relating to your organisation’s data storage for digitised patient records:

1. What system is used to store image files (i.e. records which have been scanned and digitised)?
2. The current total amount of data stored in the system. Please provide this in terabytes (TB).
3. The volume of data added to the system annually for the past two years (2022/23 and 2023/24), with figures in TB.
4. The hosting environment used for the system (e.g. on-premise, local cloud, or external private cloud).
5. The total amount of data that has been deleted from the system since its initial implementation, also in terabytes.

I am writing under the Freedom of Information Act 2000 to request information about Gloucestershire Health and Care NHS Trust’s current and future plans for IT service delivery models. I believe this request is in the public interest as it promotes transparency in how public sector bodies manage and procure IT services, ensuring accountability and value for taxpayers.

Specifically, I am seeking information that would help me understand the strategic direction and considerations regarding outsourcing, in-sourcing, multi-sourcing, or optimising existing contracts.

Please provide the following information where available:
• Current IT Service Model – Is your IT delivery primarily in-house, outsourced, or a hybrid approach, and if not delivered in-house, who provides this service?
• Major IT Contracts – Key details of significant IT service contracts (including scope, value, end date and any options for extension or renegotiation).
• Future IT Plans – Any strategic plans or considerations for changing IT delivery models (e.g., outsourcing, in-sourcing, multi-sourcing).

I am writing to request the following information under the Freedom of Information Act 2000:

1. What technology platform does the Trust currently use to support its Direct Engagement (DE) model for the medical locum workforce?
2. What is the name of the platform provider?
3. What is the cost of the platform expressed as a percentage fee or pence per hour?
4. What staffing groups does the Trust include in its Direct Engagement (DE) model (e.g., medical, AHPs, clinical, non-clinical)?
5. What is the current uptake of the DE model within the Trust, specifically as a percentage or proportion of the total locum workforce?

I am writing to you under the Freedom of Information Act to request answers to the following questions:

1. Has the trust implemented a Patient Engagement Portal (also known as a Patient Portal)?
2. If so, please provide the name of this solution, and the name of the company that supplied it.
3. When was this solution procured?
4. Does the trust have any plans in the near future to replace this solution?

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.

Please provide information regarding the following 9 system contracts and their accompanying consulting support contracts:

1. Adult (working age) services
2. Child and Adolescent Mental Health Services (CAMHS)
3. Child Health System
4. Clinical noting
5. Eating disorders
6. EPR
7. Inpatient e-prescribing
8. Older Adults
9. Patients Note Tracking

Please enter ‘No System Installed’ or ‘No Department’ under supplier name if your trust does not use the system or have the department:

a) System type –
b) Supplier name –
c) System name –
d) Date installed –
e) Contract expiration –
f) Is this contract annually renewed? – Yes/No
g) Do you currently have plans to replace this system? – Yes/No
h) Procurement framework –
i) Other systems it integrates with? –
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –

Can you please provide your trust’s IT spend for the following financial year:
FY 2023-24:

Please include in your IT spend calculation the cost of your IT staff, Software, Services, Hardware, Communication equipment and Other IT spend for the requested financial year.
Please provide your answer in the above format for each system.

What projects are they investing in within IT, Data and transformation for 2025?

How much is the budget spend allocated to this?

How many contractors do they have within IT, Data, Software, AI, Analytics and BI?

In relation to cyber security, we are asking for the name of your main cyber security provider. We do not need to know the software or sub-contractors used.

Clarification on ‘N/A’ Responses:
• Please enter ‘No System Installed’ if your trust does not have such system.
• Please enter ‘No system needed’ if your trust does not have a department or service which requires such a system.
Clarification on Contract expiry date:
• If the contract is expiring in the next 6 months, please state if the trust plans to renew, re-procure or take any other action.
• If the contact is on a rolling basis, Please enter ‘Rolling’.
Additionally, could you please fill in the missing product names and revised contract expiry dates?

Please could you answer the following:
1. Is your NHS organisation currently using any software/apps that include artificial intelligence (AI)?
If answer to Q1 is yes:
2. Please provide a list of any AI-based software that is currently in use within your organisation. Please include the brand name of the software and the name of the company that sells it.

3. For each of the AI-based software products currently in use, please state whether:

a. it is only being used within the context of a research study or pilot project OR

b. is has been purchased/commissioned by your organisation for routine use.