IT

Dear FOI Team,

This is a request under the Freedom of Information Act 2000 regarding cybersecurity, cyber resilience and EHR/EPR supplier compliance. Please answer the questions below; where information is not held, please confirm this.

1. Certifications and DSPT status (please tick / fill)

Item Trust EHR/EPR Supplier
ISO 27001 — valid certification held? (Y/N)
ISO 22301 — valid certification held? (Y/N)
Cyber Essentials Plus — valid certificate held? (Y/N)
DSPT — submission completed for most recent assessment year? (Y/N)
DSPT — published status (Exceeded / Met / Approaching / Not Met)
DSPT — independent audit of submission undertaken? (Y/N) [supplier only] N/A

2. DSPT — narrative follow-up
If any DSPT requirements were recorded as ‘Not Met’ or ‘Approaching Standards’ in your most recent submission (Trust or supplier), please briefly describe the areas affected and confirm whether an improvement plan was submitted to NHS England.

3. Clinical safety
a. Has the Trust produced a DCB0160-compliant Deployment Safety Case and Hazard Log for its primary EHR/EPR system?
b. Has the EHR/EPR supplier produced a DCB0129-compliant Clinical Safety Case Report and Hazard Log?
c. Please name the Clinical Safety Officer (CSO) for (i) the Trust and (ii) the EHR/EPR supplier.
d. Has the Trust conducted simulation exercises or downtime training with clinical staff to prepare for a ransomware attack?

4. Cybersecurity leadership and staffing
a. Does the Trust have dedicated cybersecurity staff (separate from general IT)? If yes, please give the FTE count.
b. Does the EHR/EPR supplier have a Chief Information Security Officer (CISO), and is this role UK-based?
c. Does the supplier have UK-based cybersecurity staff responsible for NHS-deployed systems? If yes, please give the FTE count.

Please identify your primary EHR/EPR supplier when answering the supplier-related items above.

Thank you for your assistance.

Kind regards,

Dear FOI Team,

I am writing to make a request under the Freedom of Information Act 2000 for the following information relating to your Trust’s IT infrastructure:

1. A list of server hardware currently in use, including manufacturer, model, and year of installation or purchase.
2. A list of storage hardware (SAN/NAS) currently in use, including manufacturer, model, and year of installation or purchase.
3. A list of networking equipment (switches, routers, firewalls, load balancers) currently in use, including manufacturer, model, and year of installation or purchase.
4. For each item above, whether the equipment is currently covered by the original manufacturer’s support/warranty, a third-party maintenance provider, or is unsupported.
5. The annual spend on hardware maintenance and support contracts for the categories listed above, for the most recent financial year.
6. The date(s) on which current hardware maintenance contracts are due for renewal.
7. The name, job title, and contact email address of the person(s) responsible for IT infrastructure procurement and/or hardware maintenance contracts.

If it is not possible to provide all of the above, I would welcome any partial response covering the information that is readily available. I am happy to narrow the scope of this request if needed please contact me to discuss.

I would prefer the information in electronic format (spreadsheet or PDF).

Thank you for your assistance.

Yours faithfully,

, would you be able to answer the following questions please:
1. Please can you provide cost information on outsourced letter transcription for the last 3 years?
2. Please can you provide the number of letters by month not meeting a turnaround time of 7 days for the last 3 years?
3. Please can you provide the annual number of documents in backlog for the last 3 years?

Kind regards,

Dear FOI Team,

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.

Please provide information regarding the following system contracts:
1. Ambient Voice Technology (scribing)
2. EPR
3. Health Information Exchange (HIE)
4. Live operational dashboard system
5. Outcomes/performance benchmarking
6. Scheduling
7. Shared Care Record
8. Simple Business Intelligence
9. Transfers of care system
10. Voice recognition

Please enter ‘No System Installed’ or ‘No Department’ under supplier name if your trust does not use the system or have the department:
a) System type –
b) Supplier name –
c) System name –
d) Date installed –
e) Contract expiration –
f) Is this contract annually renewed? – Yes/No
g) Do you currently have plans to replace this system? – Yes/No
h) Procurement framework –
i) Other systems it integrates with? –
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –

Please provide your answer in the above format for each system.

System definitions:
Ambient Voice Technology (scribing): Ambient Voice Technology (AI Scribe) – Technology that automatically captures and transcribes clinician–patient conversations in real time and uses artificial intelligence to generate structured clinical notes or documentation. This differs from standard speech recognition or dictation tools because the system works in the background during consultations and produces draft notes for clinician review rather than requiring manual dictation.

EPR: An electronic patient/health record is an electronic record of periodic health care of a single individual, provided mainly by one institution. A digital version of a patient’s paper chart.

Health Information Exchange (HIE): Is the electronic transmission of healthcare-related data among medical facilities, health information organizations, and government agencies according to national standards. HIE enables care professionals to view shared records and make more informed decisions for patients.

Live operational dashboard system: Live operational dashboard system-this is a toolset developed to provide clinicians with the relevant and timely information they need to support daily decision making that improve quality of patient care

Outcomes/performance benchmarking: These systems enable a trust to compare their key clinical outcomes indicators, such as mortality, length of stay and readmission rates, with other NHS trusts

Scheduling: Enterprise level systems that are designed to effectively and efficiently allocate resources (staff, equipment, treatment and even data) to patients at the necessary time and place. Systems in this area range from appointment booking, typically for clinic slots, through to far more sophisticated SAP-style resource allocation and scheduling systems.

Shared Care Record: is a digital system that allows different health and care organisations to securely access and share a patient’s health and care information.

Simple Business Intelligence: Simple Business Intelligence- tools that transform raw data into actionable information

Transfers of care system: System used to manage and collect data on patient moving from one care provider to another.

Voice recognition: Identifies and translates spoken words into text. Used to complete tasks or transcribe documents.

Dear team,
Under the Freedom of Information Act, I would like to request the following information for each calendar year from 2020 to 2026 inclusive:
1. The number of cyber security breaches that have being identified that were found to be a result of a malicious threat actor (i.e. not accidental data breach)
2. The breakdown in high-level causes of these breaches as identified by cyber security incident response teams (CSIRTs), for example (but not limited to) unpatched software/hardware, lack of multi-factor authentication (MFA), leaked user credentials, lack of in-transit encryption, etc
3. The number of breaches that occurred that were attributed to a previously known vulnerability to the organisations hardware, software, policies, or processes, for example where system was known to be at risk due to being unpatched or out of support, or security controls were recommended but not enforced, and was defined within the resulting incident response report.
4. The estimated combined costs incurred as a result of cyber security breaches defined in request number one in each year.
No specific details are requested in relation to software/hardware utilisation, but rather high-level causes of breaches. I believe the high-level nature of this request does not allow for the use of s.31(1)(a) of the FOIA as this would not be likely to prejudice the security of your systems or data, as these are historical incidents which have since been dealt with. The public interest in understanding breach causes across public sector organisations outweighs the public interest in the exemption.
I would like you to provide the information in Word, Excel, or CSV format.
Please contact me if you need me to clarify my request.

Yours faithfully,

Dear Gloucestershire Health & Care NHS Foundation Trust

Please answer the following questions regarding your print equipment set up under Freedom of Information Act 2000 (FOIA)

1. Number of Multi-functional devices / photocopiers at the Trust?

2. Name of current supplier (the incumbent)?

3. When did the contract start?

4. When is it due to end?

5. Details of any extension options beyond above date (Q4)?

6. If contract has ended, when do you intend to re-tender this arrangement?

7. Route to market used – open tender of framework. If framework, which one?

8. Number of single function printers – in addition to above MFD count?

9. Is there a services agreement that covers above (Q8)?

10. Does the Trust have a Print Room?

11. If yes, please advise (a) name of supplier (b) number of devices (c) contract end date (d) details of any extension options?

12. Who at the Trust looks after this contract?

I would be grateful if you would acknowledge receipt of this request and I look forward to receiving your full response within 20 working days.

With kind regards.

Dear Gloucestershire Health and Care NHS Foundation Trust,

Under the Freedom of Information Act 2000, please provide the following recorded information held by your organisation regarding assurance processes for software based data erasure of end of life IT equipment.

For clarity, this request relates specifically to the erasure of storage media associated with end of life hardware such as laptops, desktops, servers, storage arrays, or other data bearing IT equipment. It does not relate to operational deletion of data within live systems, routine account management, or DSP Toolkit self assessment processes.

Physical destruction methods such as shredding, crushing, degaussing, or disintegration are outside the scope of this request. This request concerns software based erasure only.

This request seeks to distinguish between confirmation that an erasure process was carried out and recorded evidence demonstrating that the final data state of a specific storage device is irrecoverable. I am not seeking technical configuration detail or security sensitive information, only the recorded assurance basis relied upon when concluding that personal data has been rendered irrecoverable.

Please confirm:

1) Whether your organisation’s policies, contractual terms, or internal procedures require an explicit outcome based warranty or guarantee that personal data on a specific storage device has been rendered irrecoverable as a final data state following software based erasure.

2) Where software based erasure of storage media is undertaken internally, what recorded evidential assurance is relied upon to conclude that the final data state of the specific storage device is irrecoverable, as distinct from confirmation that an erasure process was executed.

3) Where software based erasure is undertaken by a third party provider:

a. Do the certificates or contractual documents held constitute an explicit outcome based warranty or guarantee of irrecoverability for each specific storage device processed?

b. Beyond reliance on supplier accreditation or recognised standards including but not limited to ADISA certification, ISO accreditation, NIST alignment, HMG IA standards, NHS Digital guidance, or Data Security and Protection Toolkit assertions, and beyond confirmation that a wiping process was completed, does the organisation hold any recorded, device specific documentation evidencing independent verification, testing, or validation that the data on the storage media has been rendered irrecoverable in practice?

4) If no explicit outcome based warranty or device specific outcome evidence is held beyond certification, accreditation, or confirmation of process completion, please confirm what recorded form of evidential assurance is relied upon when concluding that personal data has been rendered irrecoverable.

Yours faithfully,

To Whom It May Concern,

Please find below FOI request.

Could I please request that when responding, if the name of your organisation is not in your email signature that additionally this is provided.

1. What is the name of your organisation

2. Within which Nation do you report (England, Scotland, Wales, Northern Ireland)

3. To which ICS / ICB (or alternative) do you report / belong? (if this is in the process of changing please give the name of the new organisation as you will be of 1 May 2026)

4. Does your senior leadership team have live access to updates regarding the Trust corporate plan?

5. Are you able to provide live reporting regarding shared projects / risks to your local ICB / ICS / appropriate alternative body?

6. What is your latest NHS Digital Maturity Score?

7. What software do you use for the management of Projects?

8. Who is responsible for the overall management / reporting of projects?

9. What software do you use for the management of corporate risks?

10. Who is responsible for overall management management / reporting of corporate risks to the board?

11.Is any part of the organisation currently using Microsoft project Online?

12. If yes to the previous questions, which teams / departments?

13. What is your organisations policy in regards to AI & AI Solutions

If you would prefer to answer using a Microsoft Form, that can be done so using this link.

Kind Regards

Dear FOI Officer

I am writing to request information under the Freedom of Information Act 2000.

I would be grateful if you could complete the attached spreadsheet which has all of the information I am requesting. If you can complete the attachment with your organisation name at the top I would be very grateful. You may need to expand the columns in excel to see all of the questions.

Questions Answers
Organisation Name Gloucestershire Health and Care NHS Foundation Trust
Do all of your users primarily use a LOCAL Trust owned O365 tenant for email/Teams or are you on the central national tenant (nhs.net) Local/Central
Do you use the central tenant InTune MDM yes/no
Do you use your own InTune MDM yes/no
If not using InTune as MDM, which product do you use Name of product here
Do you have PowerBI/Fabric in central tenant yes/no
Do you have a Microsoft Enterprise Agreement yes/no
Microsft end user license costs 22/23 (ex VAT) Costs as a figure here
Microsft end user license costs 23/24 (ex VAT) Costs as a figure here
Microsft end user license costs 24/25 (ex VAT) Costs as a figure here
Microsft end user license costs 25/26 (ex VAT) – to date Costs as a figure here
Do you have plans to move to the central tenant if you have not already yes/no
Microsoft License renewal date Date here

End User Licenses most recently purchased below
Microsoft License Name Total Number of Licenses purchased
Enterprise Mobility + Security E3
Enterprise Mobility + Security E5
Exchange Online (Plan 2)
Microsoft 365 Apps for enterprise
Microsoft 365 Copilot
Microsoft 365 E3
Microsoft 365 E5
Microsoft 365 F3
Microsoft Entra ID P1
Microsoft Entra ID P2
Microsoft Intune Plan 1 Device
Microsoft Intune Plan 1 User
Microsoft Teams Domestic Calling Plan
Microsoft Teams Phone Standard
Microsoft Teams Premium
Microsoft Teams Rooms Pro
Office 365 E1
Office 365 E3
Office 365 E5
Planner and Project Plan 3
Planner and Project Plan 5
Planner Plan 1
Power Automate Premium
Power BI Pro
Project Online Essentials
Visio Plan 1
Visio Plan 2
Any other end user Microsoft Licenses below

If this information is already publicly available, please direct me to where I can find it.

I would prefer to receive the information in CSV or excel spreadsheet format please

Please just reply to this email with the relevant attachment completed.

Yours faithfully,

Dear Gloucestershire Health and Care NHS Foundation Trust,

Please can you answer the following questions regarding the Trust’s print and document management set up under the Freedom of Information Act:

1. During 2025, approximately how many paper documents created in clinical or administrative settings were later scanned or uploaded into the Trust’s electronic patient record system?
2. During 2025, what was the total number of pages printed by the Trust?
3. How many printers or multifunction devices (MFDs) were in active use across the Trust during 2025?
4. How many print- or scanning-related faults or failures were logged during 2025?
5. Does the Trust maintain physical storage for legacy medical records, and if so, are those records primarily stored on Trust premises, or off-site with a third-party provider?
6. During 2025, approximately how many outpatient or patient appointment communications were issued by post or hybrid mail?
7. During the same period, how many missed or unattended appointments (“no-shows”) were recorded? And how many of those no-shows were attributed to appointment communications not being received or acknowledged by the patient?

I’ve tried to align these questions with what I assumed to be easily accessible data that can be gathered within FOI time and budget limits. If for any reasons these questions can’t be answered, please I would be very grateful if can you instead advise on any similar metrics reported that could be shared instead?

I would be grateful if you would acknowledge receipt of this request and I look forward to receiving your full response in 20 working days.

With kind regards,

Dear, Gloucestershire Health and Care NHS Trust
Under the Freedom of Information Act, I would like to request the following information.

1. Telephone System

What make is your telephone system?
How old is the telephone system you operate?
How many users do you have?
Is your telephone system cloud based or on premise?
Can your switchboard operators transfer external incoming calls to all users across your estate?
How many extensions does your telephone system have?

2. Telecoms Estate

How much do you spend annually on telecoms?
Do you know how this is split into Voice Telecoms / Data Networking / Mobile Communications / Maintenance?
Which suppliers do you use for Voice / Data / Mobile / Maintenance?
How many analogue lines do you have?
How many ISDN2 Services do you have?
How many ISDN30 Services do you have?
How many mobiles do you have?
Have you done anything about the Analogue Switch Off / Digital Switch On? If so, what have you done?
What are the contact details for the person who looks after telecoms and the costs associated with these?

3. Microsoft

How much do you spend annually with Microsoft?
How often do you review licensing costs?

Many Thanks & Best Regards

Dear Gloucestershire Health and Care NHS Foundation Trust,
Please can you answer the following questions regarding the Trust’s IT set up under the Freedom of Information Act:

1. What was the typical average login time for staff devices, measured from power-on to a usable desktop session, during the 2025 calendar year?
2. How many endpoint or device-related incidents (for example PCs, laptops or tablets) were logged with the IT service desk between 1 January and 31 December 2025?
3. What was the average time taken to resolve endpoint or access-related incidents (mean time to restore, in hours) during the same period?
4. How many IT-related service interruptions affecting clinical or administrative workflows were recorded between 1 January and 31 December 2025?
5. How many clinically significant IT outages were recorded during 2025, and what was the cumulative total duration of these outages (in hours)?
6. As of 31 December 2025, how many desktops and laptops were in active use within the Trust, and how many of these devices were more than five years old?
7. How many staff did not have a designated digital workstation as part of their role during 2025? And what percentage is this compared to the Trust’s total staff number?
8. During 2025, did the Trust use any tools or platforms to proactively monitor staff’s device health or digital workplace experience (for example endpoint management, device health monitoring or digital experience management)?
If yes, please indicate which of the following best applies:
o basic device management only (reactive / break-fix)
o proactive device health monitoring
o proactive digital experience or workforce experience monitoring

I’ve tried to align these questions with what I assumed to be easily accessible routinely reported IT data that can be gathered within FOI time and budget limits. If for any reasons these questions can’t be answered, please I would be very grateful if can you instead advise on any similar metrics reported that could be shared instead?
I would be grateful if you would acknowledge receipt of this request and I look forward to receiving your full response in 20 working days.

Dear FOI Team,

I am writing to make a request under the Freedom of Information Act 2000 for the following information relating to your Trust’s Electronic Patient Record (EPR) system:

1. The name of your current EPR system and the supplier/vendor

2. The contract start date and total contract duration (including any extension options)

3. The contract end date (or earliest date at which the contract could expire)

4. Whether any extension options have already been exercised

5. The total annual contract value (or total contract value if annual is not available)

6. Whether the Trust is currently undertaking, or planning to undertake, a procurement exercise for a new or replacement EPR system

7. If a procurement is planned, the anticipated timeline for issuing a tender or Prior Information Notice

If any of the above information is commercially sensitive and exempt under Section 43, I would be grateful if you could provide as much of the remaining information as possible and confirm which elements have been withheld.

I would prefer to receive the response electronically by email.

Thank you for your assistance.

Yours sincerely,

Dear FOI Team,

I am submitting the following request under the Freedom of Information Act 2000.

1. Does the Trust use TTP SystmOne as Electronic Patient Record?
(if no, no further questions required)

2. Does the Trust use signature pads (e.g.Topaz or any other signature pad provider) in any service areas?

3. If yes, please list the make, models in use and the departments or services where they are deployed.
4. Are these devices integrated with TPP SystmOne for capturing patient or staff signatures?
5. If integrated, please briefly describe the type of workflow (e.g., consent forms, care plans, community documentation).

No personal or clinical data is requested.
Please respond to this email address as I work remotely.
Thank you for your assistance.

Dear, Gloucestershire Health and Care NHS Trust
Under the Freedom of Information Act, I would like to request the following information.
Telephone System
What make is your telephone system?
How old is the telephone system you operate?
How many users do you have?
Is your telephone system cloud based or on premise?

Can your switchboard operators transfer external incoming calls to all users across your estate?

How many extensions does your telephone system have?

Telecoms Estate

How much do you spend annually on telecoms?
Do you know how this is split into Voice Telecoms / Data Networking / Mobile Communications / Maintenance?
Which suppliers do you use for Voice / Data / Mobile / Maintenance?

How many analogue lines do you have?
How many ISDN2 Services do you have?
How many ISDN30 Services do you have?
How many mobiles do you have?
Have you done anything about the Analogue Switch Off / Digital Switch On? If so, what have you done?
What are the contact details for the person who looks after telecoms and the costs associated with these?
Microsoft
How much do you spend annually with Microsoft?
How often do you review licensing costs?

Many Thanks & Best Regards

Dear Gloucestershire Health and Care NHS Foundation Trust,

Under the Freedom of Information Act 2000, I would like to request information regarding your use of ambient or AI-assisted systems to support clinical documentation during patient consultations.

For the purposes of this request, “ambient AI” refers to systems that passively listen to, record, transcribe, summarise, or otherwise process clinician–patient conversations in order to generate clinical notes, letters, or structured records, either in real time or after the consultation.

Please confirm:

Whether the Trust currently uses, is piloting, or has contracted for any ambient AI or AI-assisted clinical documentation system (for example systems provided by suppliers such as Heidi, Lexacom, Tortoise, or similar).

If yes, for each system in use or under contract, please provide:

– The name of the software/system and the supplier.
– The clinical setting(s) in which it is used (for example outpatient clinics, community services, mental health services).
– Whether the system records live audio, processes audio locally, or transmits audio to a third party or cloud service.
– The total contract value or annual spend.
– The contract start date and end date, including any extension options.

Whether the system was procured via a formal procurement framework, and if so the name of the framework used (for example NHS SBS, Crown Commercial Service, Health Systems Support Framework, or similar).

The department and job title responsible for oversight of the system (for example Medical Director, Chief Clinical Information Officer, or equivalent).

If the Trust does not currently use an ambient AI system, please confirm whether procurement, evaluation, or pilot activity has taken place within the last 24 months.

If any part of this request is unclear, please contact me for clarification.

Yours faithfully,

AI Use in Operations

1. Does your organisation currently use any form of Artificial Intelligence (AI) or automated systems in its operations?

o If yes, please list the tools or systems in use and provide a brief description of their purpose (e.g., administrative support, triage, analytics, chatbot services, etc.).

o If not, please state whether your organisation has explored or piloted any AI-based technologies in the past 3 years.

AI for Decision-Making

2. Does your organisation use AI or algorithmic systems to support or inform decision-making in any area (e.g., resource allocation, risk assessments, case prioritisation)?

o If yes, please describe the type of decision-making supported and the nature of the AI’s role (e.g., advisory, automated assessment, automated decision).

o Please also confirm whether human oversight is applied.

AI Chatbots and Customer Interaction

3. Does your organisation currently use chatbots or virtual assistants—AI-driven or rules-based—to support public enquiries or internal staff functions?

o If yes, please specify their purpose, whether they are AI-based, and when they were implemented.

Policies and Governance

4. Does your organisation have any formal policy, strategy, or guidance relating to the use of Artificial Intelligence or automated decision-making?

o If yes, please supply a copy or provide a link.

o If not, please indicate whether such a policy is in development.

Data Protection and Ethics

5. If AI systems are used, what measures or frameworks does your organisation have in place to ensure:

o Compliance with data protection and privacy obligations
o Transparency for service users
o Ethical or responsible use

(For example, DPIAs, algorithmic impact assessments, ethical guidelines—if applicable.)

Trials, Pilots, or Future Plans

6. Has your organisation run any pilots, trials, or exploratory projects involving AI in the last 3 years, or does it plan to do so in the next 12–24 months?

o If yes, please provide brief details of the purpose, timeline, and status of these initiatives.

Staff Training and Awareness

7. Does your organisation provide any training, guidance, or internal communications to staff relating to AI, its use, or its implications?

o If yes, please describe the type of training or include documents if available.

If any of the above information is already publicly accessible, please feel free to provide links instead of attachments.

Thank you for your time and assistance.

Kind regards,

1. Digital Dictation

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

2. Outsourced Transcription

Name of supplier & product
Procurement method (e.g., framework)
Contract start date
Average monthly volume of letters (if available)
Average monthly volume of lines (if available)
Total contract value (if available)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

3. Speech Recognition

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

4. Ambient AI Scribe

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Pilot stage (if applicable, please specify supplier, pilot duration, and scope)
Key internal stakeholder role/title
Desired features not currently delivered (optional)

5. Video Consultation

Name of supplier & product
Number of user licences
Procurement method (e.g., framework)
Contract start date
Contract expiry date (please specify fixed end date vs option to extend/rolling contract)
Total contract value (if available)
Integration with PAS/EPR (please specify if outbound only – e.g., patient demographics, clinic work list – or outbound and inbound, e.g., document return)
Key internal stakeholder role/title
Desired features not currently delivered (optional)
Average number of video appointments per month/year
% of virtual/remote consultations conducted using video vs telephone

6. Health Information Systems

Name of supplier & product of the following HIS:
PAS (Patient Administration System)
EPR (Electronic Patient Record)
eDMS (Electronic Document Management System)
RIS (Radiology Information System)
LIMS (Laboratory Information Management System)
e-Correspondence (e.g. Docman)
Hybrid Mail (e.g. Synertec, Healthcare Communications)
Patient Portal (e.g. Patient Knows Best)

Dear FOI Team,

Under the Freedom of Information Act 2000, please provide the information held by the Trust for the following questions relating to digital transformation:

1. Core Digital Systems
Please provide a list of the Trust’s core clinical and operational systems (e.g., EPR, PAS, ED, theatres, e-rostering, diagnostics), including the system name, supplier and contract end dates.

2. System Infrastructure Model (IaaS, PaaS, SaaS)
Please confirm, for each of the Trust’s core clinical and operational systems listed in Question 1, the type of infrastructure model used:
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• On-premise / locally hosted
If only partially held, please provide whatever information is available
3. Digital Priorities & Transformation Initiatives
Please provide details of the Trust’s current digital transformation priorities and any major programmes underway (e.g., EPR optimisation, cloud migration, AI, automation, data platform development).

4. Use of Emerging Technology
Please provide information on any current or planned use of artificial intelligence (AI), automation, machine learning, or advanced analytics tools within the Trust.

5. Digital Transformation Contact
Please provide the name, job title, and email address of the person (or team) responsible for leading the Trust’s digital transformation or digital strategy (e.g., CIO, CDIO, CCIO, Director of Digital).

I would be grateful if you could provide the requested information electronically. If the Trust requires any clarification, please let me know.

Yours sincerely,

Question
1. For each of the elements below, please provide details about your cloud provider: Main provider Total annual spend 2025/2026 (£) Contract end date Additional notes
Data storage
Networking
Back-up and archive
Application databases
Big Data analytics databases
Email

2. For each of the network supply systems listed below, please provide the requested details: Main supplier Total annual spend 2025/2026 (£) Contract end date Additional notes
Mobile telecoms
Data network (broadband)
DEFINITION: Broadband is the actual internet connection afforded by your internet service provider (ISP), which you can access directly via a LAN or ethernet connection between your modem and device
WiFi (hardware)
DEFINITION: Wifi is a wireless connection between multiple devices and your router, and just one of the ways you can access the internet
CoIN (if applicable) – Community of Interest Network
WAN (Wide Area Network)
DEFINITION: WANs connect users and applications in geographically dispersed locations
LAN (Local Area Network)
DEFINITION: LANs connect users and applications in close geographical proximity (same building)
VPN provider
Other (please specify)

3. Please supply the following details regarding your servers: Main supplier Total annual spend 2025/2026 (£) Contract end date Additional notes

4. For each element of IT infrastructure below, please provide the requested details: Main provider Total annual spend 2025/2026 (£) Contract end date Additional notes
Desktop management
Networking
Data Centre: hardware
Server management
IT/cyber security support supplier?

5a: What percentage of your servers are virtualised? % Virtualised Main supplier Additional notes

DEFINITION: A virtual server re-creates the functionality of a dedicated physical server. It exists transparently to users as a partitioned space inside a physical server.

5b: In relation to your trust’s virtual servers please provide the requested information: Number of servers Owned or Leased Average age of servers Main supplier Annual spend 2025/2026 (£) Additional notes

6a: Does your trust have any virtualised desktops? Main product Main Supplier Total annual spend 2025/2026 (£) Number of virtual desktops Contract end date Additional notes
DEFINITION: A virtual desktop is a preconfigured image of operating systems and applications in which the desktop environment is separated from the physical device used to access it. Users can access their virtual desktops remotely over a network.

6b: If your organisation does not have virtualised desktops, are you planning to implement any within the next two years? Yes/No Preferred supplier Expected number Additional notes
Where you plan to implement new virtualised desktops, please provide details as requested

7: Please outline your trust’s WiFi coverage for each element listed below Patient WiFi coverage Staff WiFi coverage Additional notes
Community wide (e.g. CoIN – Community of Interest Network)
Enterprise wide (whole campus)
Main building only
Sections of building(s) only
Mobile phone signal enabled through WiFi
No wireless networks are used in the trust

Dear FOI Officer,
Under the Freedom of Information Act 2000, I am writing to request the following information:
Provider 1
1. What is the name of your Nurses Job Planning software provider? (None if software not used)
2. When did the contract for this provider start? (dd/mm/yyyy) (None if software not used)
3. When does the contract for this provider expire? (dd/mm/yyyy) (None if software not used)
Provider 2 (If applicable)
4. What is the name of your second Nurses Job Planning software provider? (If you have more than one provider)
5. When did the contract for this second provider start? (dd/mm/yyyy)
6. When does the contract for this second provider expire? (dd/mm/yyyy)
Provider 3 (If applicable)
7. What is the name of your third Nurses Job Planning software provider? (If you have more than one provider)
8. When did the contract for this third provider start? (dd/mm/yyyy)
9. When does the contract for this third provider expire? (dd/mm/yyyy)
Additional
10. What was the Trust’s total spend on Nurses Job Planning fees in 2024 (excluding implementation)?
11. What was the Trust’s total spend on Nurses Job Planning fees in 2025 (excluding implementation)?
12. What is the number of contracted licences for Trust’s Nurses Job Planning provider?
Kind regards,