IT

Dear Gloucestershire Health and Care NHS Foundation Trust,

Under the Freedom of Information Act 2000, please provide the following recorded information held by your organisation regarding assurance processes for software based data erasure of end of life IT equipment.

For clarity, this request relates specifically to the erasure of storage media associated with end of life hardware such as laptops, desktops, servers, storage arrays, or other data bearing IT equipment. It does not relate to operational deletion of data within live systems, routine account management, or DSP Toolkit self assessment processes.

Physical destruction methods such as shredding, crushing, degaussing, or disintegration are outside the scope of this request. This request concerns software based erasure only.

This request seeks to distinguish between confirmation that an erasure process was carried out and recorded evidence demonstrating that the final data state of a specific storage device is irrecoverable. I am not seeking technical configuration detail or security sensitive information, only the recorded assurance basis relied upon when concluding that personal data has been rendered irrecoverable.

Please confirm:

1) Whether your organisation’s policies, contractual terms, or internal procedures require an explicit outcome based warranty or guarantee that personal data on a specific storage device has been rendered irrecoverable as a final data state following software based erasure.

2) Where software based erasure of storage media is undertaken internally, what recorded evidential assurance is relied upon to conclude that the final data state of the specific storage device is irrecoverable, as distinct from confirmation that an erasure process was executed.

3) Where software based erasure is undertaken by a third party provider:

a. Do the certificates or contractual documents held constitute an explicit outcome based warranty or guarantee of irrecoverability for each specific storage device processed?

b. Beyond reliance on supplier accreditation or recognised standards including but not limited to ADISA certification, ISO accreditation, NIST alignment, HMG IA standards, NHS Digital guidance, or Data Security and Protection Toolkit assertions, and beyond confirmation that a wiping process was completed, does the organisation hold any recorded, device specific documentation evidencing independent verification, testing, or validation that the data on the storage media has been rendered irrecoverable in practice?

4) If no explicit outcome based warranty or device specific outcome evidence is held beyond certification, accreditation, or confirmation of process completion, please confirm what recorded form of evidential assurance is relied upon when concluding that personal data has been rendered irrecoverable.

Yours faithfully,

To Whom It May Concern,

Please find below FOI request.

Could I please request that when responding, if the name of your organisation is not in your email signature that additionally this is provided.

1. What is the name of your organisation

2. Within which Nation do you report (England, Scotland, Wales, Northern Ireland)

3. To which ICS / ICB (or alternative) do you report / belong? (if this is in the process of changing please give the name of the new organisation as you will be of 1 May 2026)

4. Does your senior leadership team have live access to updates regarding the Trust corporate plan?

5. Are you able to provide live reporting regarding shared projects / risks to your local ICB / ICS / appropriate alternative body?

6. What is your latest NHS Digital Maturity Score?

7. What software do you use for the management of Projects?

8. Who is responsible for the overall management / reporting of projects?

9. What software do you use for the management of corporate risks?

10. Who is responsible for overall management management / reporting of corporate risks to the board?

11.Is any part of the organisation currently using Microsoft project Online?

12. If yes to the previous questions, which teams / departments?

13. What is your organisations policy in regards to AI & AI Solutions

If you would prefer to answer using a Microsoft Form, that can be done so using this link.

Kind Regards

Dear FOI Officer

I am writing to request information under the Freedom of Information Act 2000.

I would be grateful if you could complete the attached spreadsheet which has all of the information I am requesting. If you can complete the attachment with your organisation name at the top I would be very grateful. You may need to expand the columns in excel to see all of the questions.

Questions Answers
Organisation Name Gloucestershire Health and Care NHS Foundation Trust
Do all of your users primarily use a LOCAL Trust owned O365 tenant for email/Teams or are you on the central national tenant (nhs.net) Local/Central
Do you use the central tenant InTune MDM yes/no
Do you use your own InTune MDM yes/no
If not using InTune as MDM, which product do you use Name of product here
Do you have PowerBI/Fabric in central tenant yes/no
Do you have a Microsoft Enterprise Agreement yes/no
Microsft end user license costs 22/23 (ex VAT) Costs as a figure here
Microsft end user license costs 23/24 (ex VAT) Costs as a figure here
Microsft end user license costs 24/25 (ex VAT) Costs as a figure here
Microsft end user license costs 25/26 (ex VAT) – to date Costs as a figure here
Do you have plans to move to the central tenant if you have not already yes/no
Microsoft License renewal date Date here

End User Licenses most recently purchased below
Microsoft License Name Total Number of Licenses purchased
Enterprise Mobility + Security E3
Enterprise Mobility + Security E5
Exchange Online (Plan 2)
Microsoft 365 Apps for enterprise
Microsoft 365 Copilot
Microsoft 365 E3
Microsoft 365 E5
Microsoft 365 F3
Microsoft Entra ID P1
Microsoft Entra ID P2
Microsoft Intune Plan 1 Device
Microsoft Intune Plan 1 User
Microsoft Teams Domestic Calling Plan
Microsoft Teams Phone Standard
Microsoft Teams Premium
Microsoft Teams Rooms Pro
Office 365 E1
Office 365 E3
Office 365 E5
Planner and Project Plan 3
Planner and Project Plan 5
Planner Plan 1
Power Automate Premium
Power BI Pro
Project Online Essentials
Visio Plan 1
Visio Plan 2
Any other end user Microsoft Licenses below

If this information is already publicly available, please direct me to where I can find it.

I would prefer to receive the information in CSV or excel spreadsheet format please

Please just reply to this email with the relevant attachment completed.

Yours faithfully,

Dear Gloucestershire Health and Care NHS Foundation Trust,

Please can you answer the following questions regarding the Trust’s print and document management set up under the Freedom of Information Act:

1. During 2025, approximately how many paper documents created in clinical or administrative settings were later scanned or uploaded into the Trust’s electronic patient record system?
2. During 2025, what was the total number of pages printed by the Trust?
3. How many printers or multifunction devices (MFDs) were in active use across the Trust during 2025?
4. How many print- or scanning-related faults or failures were logged during 2025?
5. Does the Trust maintain physical storage for legacy medical records, and if so, are those records primarily stored on Trust premises, or off-site with a third-party provider?
6. During 2025, approximately how many outpatient or patient appointment communications were issued by post or hybrid mail?
7. During the same period, how many missed or unattended appointments (“no-shows”) were recorded? And how many of those no-shows were attributed to appointment communications not being received or acknowledged by the patient?

I’ve tried to align these questions with what I assumed to be easily accessible data that can be gathered within FOI time and budget limits. If for any reasons these questions can’t be answered, please I would be very grateful if can you instead advise on any similar metrics reported that could be shared instead?

I would be grateful if you would acknowledge receipt of this request and I look forward to receiving your full response in 20 working days.

With kind regards,

Dear, Gloucestershire Health and Care NHS Trust
Under the Freedom of Information Act, I would like to request the following information.

1. Telephone System

What make is your telephone system?
How old is the telephone system you operate?
How many users do you have?
Is your telephone system cloud based or on premise?
Can your switchboard operators transfer external incoming calls to all users across your estate?
How many extensions does your telephone system have?

2. Telecoms Estate

How much do you spend annually on telecoms?
Do you know how this is split into Voice Telecoms / Data Networking / Mobile Communications / Maintenance?
Which suppliers do you use for Voice / Data / Mobile / Maintenance?
How many analogue lines do you have?
How many ISDN2 Services do you have?
How many ISDN30 Services do you have?
How many mobiles do you have?
Have you done anything about the Analogue Switch Off / Digital Switch On? If so, what have you done?
What are the contact details for the person who looks after telecoms and the costs associated with these?

3. Microsoft

How much do you spend annually with Microsoft?
How often do you review licensing costs?

Many Thanks & Best Regards

Dear Gloucestershire Health and Care NHS Foundation Trust,
Please can you answer the following questions regarding the Trust’s IT set up under the Freedom of Information Act:

1. What was the typical average login time for staff devices, measured from power-on to a usable desktop session, during the 2025 calendar year?
2. How many endpoint or device-related incidents (for example PCs, laptops or tablets) were logged with the IT service desk between 1 January and 31 December 2025?
3. What was the average time taken to resolve endpoint or access-related incidents (mean time to restore, in hours) during the same period?
4. How many IT-related service interruptions affecting clinical or administrative workflows were recorded between 1 January and 31 December 2025?
5. How many clinically significant IT outages were recorded during 2025, and what was the cumulative total duration of these outages (in hours)?
6. As of 31 December 2025, how many desktops and laptops were in active use within the Trust, and how many of these devices were more than five years old?
7. How many staff did not have a designated digital workstation as part of their role during 2025? And what percentage is this compared to the Trust’s total staff number?
8. During 2025, did the Trust use any tools or platforms to proactively monitor staff’s device health or digital workplace experience (for example endpoint management, device health monitoring or digital experience management)?
If yes, please indicate which of the following best applies:
o basic device management only (reactive / break-fix)
o proactive device health monitoring
o proactive digital experience or workforce experience monitoring

I’ve tried to align these questions with what I assumed to be easily accessible routinely reported IT data that can be gathered within FOI time and budget limits. If for any reasons these questions can’t be answered, please I would be very grateful if can you instead advise on any similar metrics reported that could be shared instead?
I would be grateful if you would acknowledge receipt of this request and I look forward to receiving your full response in 20 working days.

Dear FOI Team,

I am writing to make a request under the Freedom of Information Act 2000 for the following information relating to your Trust’s Electronic Patient Record (EPR) system:

1. The name of your current EPR system and the supplier/vendor

2. The contract start date and total contract duration (including any extension options)

3. The contract end date (or earliest date at which the contract could expire)

4. Whether any extension options have already been exercised

5. The total annual contract value (or total contract value if annual is not available)

6. Whether the Trust is currently undertaking, or planning to undertake, a procurement exercise for a new or replacement EPR system

7. If a procurement is planned, the anticipated timeline for issuing a tender or Prior Information Notice

If any of the above information is commercially sensitive and exempt under Section 43, I would be grateful if you could provide as much of the remaining information as possible and confirm which elements have been withheld.

I would prefer to receive the response electronically by email.

Thank you for your assistance.

Yours sincerely,

Dear FOI Team,

I am submitting the following request under the Freedom of Information Act 2000.

1. Does the Trust use TTP SystmOne as Electronic Patient Record?
(if no, no further questions required)

2. Does the Trust use signature pads (e.g.Topaz or any other signature pad provider) in any service areas?

3. If yes, please list the make, models in use and the departments or services where they are deployed.
4. Are these devices integrated with TPP SystmOne for capturing patient or staff signatures?
5. If integrated, please briefly describe the type of workflow (e.g., consent forms, care plans, community documentation).

No personal or clinical data is requested.
Please respond to this email address as I work remotely.
Thank you for your assistance.

Dear, Gloucestershire Health and Care NHS Trust
Under the Freedom of Information Act, I would like to request the following information.
Telephone System
What make is your telephone system?
How old is the telephone system you operate?
How many users do you have?
Is your telephone system cloud based or on premise?

Can your switchboard operators transfer external incoming calls to all users across your estate?

How many extensions does your telephone system have?

Telecoms Estate

How much do you spend annually on telecoms?
Do you know how this is split into Voice Telecoms / Data Networking / Mobile Communications / Maintenance?
Which suppliers do you use for Voice / Data / Mobile / Maintenance?

How many analogue lines do you have?
How many ISDN2 Services do you have?
How many ISDN30 Services do you have?
How many mobiles do you have?
Have you done anything about the Analogue Switch Off / Digital Switch On? If so, what have you done?
What are the contact details for the person who looks after telecoms and the costs associated with these?
Microsoft
How much do you spend annually with Microsoft?
How often do you review licensing costs?

Many Thanks & Best Regards

Dear Gloucestershire Health and Care NHS Foundation Trust,

Under the Freedom of Information Act 2000, I would like to request information regarding your use of ambient or AI-assisted systems to support clinical documentation during patient consultations.

For the purposes of this request, “ambient AI” refers to systems that passively listen to, record, transcribe, summarise, or otherwise process clinician–patient conversations in order to generate clinical notes, letters, or structured records, either in real time or after the consultation.

Please confirm:

Whether the Trust currently uses, is piloting, or has contracted for any ambient AI or AI-assisted clinical documentation system (for example systems provided by suppliers such as Heidi, Lexacom, Tortoise, or similar).

If yes, for each system in use or under contract, please provide:

– The name of the software/system and the supplier.
– The clinical setting(s) in which it is used (for example outpatient clinics, community services, mental health services).
– Whether the system records live audio, processes audio locally, or transmits audio to a third party or cloud service.
– The total contract value or annual spend.
– The contract start date and end date, including any extension options.

Whether the system was procured via a formal procurement framework, and if so the name of the framework used (for example NHS SBS, Crown Commercial Service, Health Systems Support Framework, or similar).

The department and job title responsible for oversight of the system (for example Medical Director, Chief Clinical Information Officer, or equivalent).

If the Trust does not currently use an ambient AI system, please confirm whether procurement, evaluation, or pilot activity has taken place within the last 24 months.

If any part of this request is unclear, please contact me for clarification.

Yours faithfully,

AI Use in Operations

1. Does your organisation currently use any form of Artificial Intelligence (AI) or automated systems in its operations?

o If yes, please list the tools or systems in use and provide a brief description of their purpose (e.g., administrative support, triage, analytics, chatbot services, etc.).

o If not, please state whether your organisation has explored or piloted any AI-based technologies in the past 3 years.

AI for Decision-Making

2. Does your organisation use AI or algorithmic systems to support or inform decision-making in any area (e.g., resource allocation, risk assessments, case prioritisation)?

o If yes, please describe the type of decision-making supported and the nature of the AI’s role (e.g., advisory, automated assessment, automated decision).

o Please also confirm whether human oversight is applied.

AI Chatbots and Customer Interaction

3. Does your organisation currently use chatbots or virtual assistants—AI-driven or rules-based—to support public enquiries or internal staff functions?

o If yes, please specify their purpose, whether they are AI-based, and when they were implemented.

Policies and Governance

4. Does your organisation have any formal policy, strategy, or guidance relating to the use of Artificial Intelligence or automated decision-making?

o If yes, please supply a copy or provide a link.

o If not, please indicate whether such a policy is in development.

Data Protection and Ethics

5. If AI systems are used, what measures or frameworks does your organisation have in place to ensure:

o Compliance with data protection and privacy obligations
o Transparency for service users
o Ethical or responsible use

(For example, DPIAs, algorithmic impact assessments, ethical guidelines—if applicable.)

Trials, Pilots, or Future Plans

6. Has your organisation run any pilots, trials, or exploratory projects involving AI in the last 3 years, or does it plan to do so in the next 12–24 months?

o If yes, please provide brief details of the purpose, timeline, and status of these initiatives.

Staff Training and Awareness

7. Does your organisation provide any training, guidance, or internal communications to staff relating to AI, its use, or its implications?

o If yes, please describe the type of training or include documents if available.

If any of the above information is already publicly accessible, please feel free to provide links instead of attachments.

Thank you for your time and assistance.

Kind regards,

1. Digital Dictation

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

2. Outsourced Transcription

Name of supplier & product
Procurement method (e.g., framework)
Contract start date
Average monthly volume of letters (if available)
Average monthly volume of lines (if available)
Total contract value (if available)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

3. Speech Recognition

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

4. Ambient AI Scribe

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Pilot stage (if applicable, please specify supplier, pilot duration, and scope)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

5. Video Consultation

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)
Average number of video appointments per month/year
% of virtual/remote consultations conducted using video vs telephone

6. Health Information Systems

Name of supplier & product of the following HIS:
PAS (Patient Administration System)
EPR (Electronic Patient Record)
eDMS (Electronic Document Management System)
RIS (Radiology Information System)
LIMS (Laboratory Information Management System)
e-Correspondence (e.g. Docman)
Hybrid Mail (e.g. Synertec, Healthcare Communications)
Patient Portal (e.g. Patient Knows Best)

Dear FOI Team,

Under the Freedom of Information Act 2000, please provide the information held by the Trust for the following questions relating to digital transformation:

1. Core Digital Systems
Please provide a list of the Trust’s core clinical and operational systems (e.g., EPR, PAS, ED, theatres, e-rostering, diagnostics), including the system name, supplier and contract end dates.

2. System Infrastructure Model (IaaS, PaaS, SaaS)
Please confirm, for each of the Trust’s core clinical and operational systems listed in Question 1, the type of infrastructure model used:
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• On-premise / locally hosted
If only partially held, please provide whatever information is available
3. Digital Priorities & Transformation Initiatives
Please provide details of the Trust’s current digital transformation priorities and any major programmes underway (e.g., EPR optimisation, cloud migration, AI, automation, data platform development).

4. Use of Emerging Technology
Please provide information on any current or planned use of artificial intelligence (AI), automation, machine learning, or advanced analytics tools within the Trust.

5. Digital Transformation Contact
Please provide the name, job title, and email address of the person (or team) responsible for leading the Trust’s digital transformation or digital strategy (e.g., CIO, CDIO, CCIO, Director of Digital).

I would be grateful if you could provide the requested information electronically. If the Trust requires any clarification, please let me know.

Yours sincerely,

Question
1. For each of the elements below, please provide details about your cloud provider: Main provider Total annual spend 2025/2026 (£) Contract end date Additional notes
Data storage
Networking
Back-up and archive
Application databases
Big Data analytics databases
Email

2. For each of the network supply systems listed below, please provide the requested details: Main supplier Total annual spend 2025/2026 (£) Contract end date Additional notes
Mobile telecoms
Data network (broadband)
DEFINITION: Broadband is the actual internet connection afforded by your internet service provider (ISP), which you can access directly via a LAN or ethernet connection between your modem and device
WiFi (hardware)
DEFINITION: Wifi is a wireless connection between multiple devices and your router, and just one of the ways you can access the internet
CoIN (if applicable) – Community of Interest Network
WAN (Wide Area Network)
DEFINITION: WANs connect users and applications in geographically dispersed locations
LAN (Local Area Network)
DEFINITION: LANs connect users and applications in close geographical proximity (same building)
VPN provider
Other (please specify)

3. Please supply the following details regarding your servers: Main supplier Total annual spend 2025/2026 (£) Contract end date Additional notes

4. For each element of IT infrastructure below, please provide the requested details: Main provider Total annual spend 2025/2026 (£) Contract end date Additional notes
Desktop management
Networking
Data Centre: hardware
Server management
IT/cyber security support supplier?

5a: What percentage of your servers are virtualised? % Virtualised Main supplier Additional notes

DEFINITION: A virtual server re-creates the functionality of a dedicated physical server. It exists transparently to users as a partitioned space inside a physical server.

5b: In relation to your trust’s virtual servers please provide the requested information: Number of servers Owned or Leased Average age of servers Main supplier Annual spend 2025/2026 (£) Additional notes

6a: Does your trust have any virtualised desktops? Main product Main Supplier Total annual spend 2025/2026 (£) Number of virtual desktops Contract end date Additional notes
DEFINITION: A virtual desktop is a preconfigured image of operating systems and applications in which the desktop environment is separated from the physical device used to access it. Users can access their virtual desktops remotely over a network.

6b: If your organisation does not have virtualised desktops, are you planning to implement any within the next two years? Yes/No Preferred supplier Expected number Additional notes
Where you plan to implement new virtualised desktops, please provide details as requested

7: Please outline your trust’s WiFi coverage for each element listed below Patient WiFi coverage Staff WiFi coverage Additional notes
Community wide (e.g. CoIN – Community of Interest Network)
Enterprise wide (whole campus)
Main building only
Sections of building(s) only
Mobile phone signal enabled through WiFi
No wireless networks are used in the trust

Dear FOI Officer,
Under the Freedom of Information Act 2000, I am writing to request the following information:
Provider 1
1. What is the name of your Nurses Job Planning software provider? (None if software not used)
2. When did the contract for this provider start? (dd/mm/yyyy) (None if software not used)
3. When does the contract for this provider expire? (dd/mm/yyyy) (None if software not used)
Provider 2 (If applicable)
4. What is the name of your second Nurses Job Planning software provider? (If you have more than one provider)
5. When did the contract for this second provider start? (dd/mm/yyyy)
6. When does the contract for this second provider expire? (dd/mm/yyyy)
Provider 3 (If applicable)
7. What is the name of your third Nurses Job Planning software provider? (If you have more than one provider)
8. When did the contract for this third provider start? (dd/mm/yyyy)
9. When does the contract for this third provider expire? (dd/mm/yyyy)
Additional
10. What was the Trust’s total spend on Nurses Job Planning fees in 2024 (excluding implementation)?
11. What was the Trust’s total spend on Nurses Job Planning fees in 2025 (excluding implementation)?
12. What is the number of contracted licences for Trust’s Nurses Job Planning provider?
Kind regards,