Please proved information regarding the following systems:
1. Accident & Emergency - Oracle Millenium
2. Diagnostic Reporting - ICE Desktop
3. Digital Dictation - Winscribe
4. Discharge Letters - Oracle Millenium
5. Document Management - Windip
6. Maternity - Badgernet
7. Order Communications -Oracle Millenium & ICE Desktop
8. Outcomes/performance benchmarking -
9. Trust Integration Engine (TIE) – Ensemble
10. Voice recognition – N/A
Please enter 'No System Installed' or ‘No Department’ under supplier name if your trust does not use the system or have the department:
a) System type –
b) Supplier name –
c) System name –
d) Date installed –
e) Contract expiration –
f) Is this contract annually renewed? - Yes/No
g) Do you currently have plans to replace this system? - Yes/No
h) Procurement framework –
i) Other systems it integrates with? –
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
Please provide your answer in the above format for each system.
System definitions:
Accident & Emergency: A specialist system used to manage patients and patient clinical notes in the Emergency Department (ED)
Diagnostic Reporting: test results which are electronically transmitted to the clinician who ordered them, with receipt acknowledgement.
Digital Dictation: device used for recording and managing natural speech, allowing staff to verbally input a patients' note into a system without having to manually input it.
Discharge Letters: The ability to electronically generate and send detailed discharge letters to GPs and other relevant HCPs, when a patient is discharged from hospital-based services.
Document Management: Converts records into electronic format so that they can be viewed, moved around, and managed electronically on screen. Acts as a live filing system.
Maternity: It is the specialist maternity system in use for maternity care.
Order Communications: Electronic ordering communications systems (OCS) are computer applications used to enter diagnostic and therapeutic patient care orders, for example laboratory test requests or prescriptions, and to view test results. The primary aim of the system is to remove most of the current paper-based process for requesting laboratory investigations and for receiving results.
Outcomes/performance benchmarking: These systems enable a trust to compare their key clinical outcomes indicators, such as mortality, length of stay and readmission rates, with other NHS trusts
Trust Integration Engine (TIE): The Integration engine enables trust merger sites to access clinical systems through one consistent, secure platform.
Voice recognition: Identifies and translates spoken words into text. Used to complete tasks or transcribe documents.
Trust Response:
a) System type – Accident & Emergency & Discharge Letters & Order Comms
b) Supplier name – Oracle
c) System name – Millenium
d) Date installed – June 2023
e) Contract expiration –
f) Is this contract annually renewed? - No
g) Do you currently have plans to replace this system? - No
h) Procurement framework k –
i) Other systems it integrates with? – As the main EPR this integrates with all the other trust clinical systems
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Diagnostic Reporting & Order Comms
b) Supplier name – Clinisys
c) System name – ICE Desktop
d) Date installed – Prior to 2005
e) Contract expiration –
f) Is this contract annually renewed? - No
g) Do you currently have plans to replace this system? - No
h) Procurement framework –
i) Other systems it integrates with? – Oracle Millenium, Telepath, GP Practices (Emis)
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Digital Dictation
b) Supplier name – Voice Technologies
c) System name – Winscribe
d) Date installed – prior to 2010
e) Contract expiration –
f) Is this contract annually renewed? - Yes/No
g) Do you currently have plans to replace this system? - No
h) Procurement framework –
i) Other systems it integrates with? – Oracle Millenium/LPRES
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Maternity
b) Supplier name – System C
c) System name – Badgernet
d) Date installed –
e) Contract expiration –
f) Is this contract annually renewed? - No
g) Do you currently have plans to replace this system? -No
h) Procurement framework –
i) Other systems it integrates with? – Oracle Millenium
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Integration Engine
b) Supplier name – Ensemble
c) System name – Inter systems
d) Date installed – 2023
e) Contract expiration –
f) Is this contract annually renewed? - Yes/No
g) Do you currently have plans to replace this system? - No
h) Procurement framework –
i) Other systems it integrates with? Integration engine that feeds all clinical systems across the trust.
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Outcomes/performance benchmarking
b) Supplier name – Telstra Health
c) System name – Dr Foster
d) Date installed – > 5 years
e) Contract expiration – 2025
f) Is this contract annually renewed? -No
g) Do you currently have plans to replace this system? - Yes
h) Procurement framework –
i) Other systems it integrates with? – none – uses data from national SUS
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) –
a) System type – Outcomes/performance benchmarking
b) Supplier name – NHS
c) System name – Model Hospital, NHS statistics, etc.
d) Date installed –
e) Contract expiration – no contract
f) Is this contract annually renewed? -No
g) Do you currently have plans to replace this system? - No
h) Procurement framework –
i) Other systems it integrates with? – none – national NHS data
j) Total value of contract (£) –
k) Notes (e.g. we are currently out to tender) – NHS published data from national returns.
The NHS is aware of the increasing threat of cyber-crime to organisations, especially including high-profile organisations such as the NHS. With this in mind, we consider that disclosure of core architecture would prejudice
the prevention
and detection of crime (including cyber-crime) and also the apprehension and prosecution of offenders. Therefore,
this information is exempt by virtue of section 31(1)(a) and (b) FOIA. This is a qualified exemption and the public
interest test applies.
We accept there is a legitimate public interest in the effectiveness of measures being employed to keep the NHS safe
and secure. This is especially important given that this infrastructure is maintained using public fund. However, this
is outweighed by the risks of criminal activity being undertaken if the information was disclosed. The release of this
material could provide valuable information to those wishing to launch a cyber-attack against the Trust or the wider
NHS. Knowledge of the core architecture would allow potential cyber-attackers to build up a picture of our capability
and capacity in this area. It could provide those groups or individuals with an indication of where to focus their efforts when targeting our systems. Groups planning attacks are known to conduct extensive research and will take
advantage of the ‘mosaic effect’ by combining information from different sources. If this information were to be combined with other information already in the public domain or obtained from elsewhere, the disclosure of it could assist in mounting an effort to breach or bypass cyber security measures, with serious consequences for both staff
and patients.
In these circumstances it is our view that the public interest in maintaining the exemption outweighs the public
interest in disclosing the information.
Section 24(1) – National security
In addition to the increased threats and incidents of cyber-crime, national security is also increasingly under threat
from those organisations and individuals who seek to use technology to disrupt the workings of public bodies. To
limit these risks, we are also withholding the information for the purpose of safeguarding national security. This information is therefore also exempt by virtue of section 24(1) FOIA. This is a qualified exemption and the public interest test
applies.
Again, we accept there is a legitimate public interest in the effectiveness of measures being employed to keep the
NHS safe and secure. This is especially important given that this infrastructure is maintained using public funds.
However, we consider that it is not in the wider public interest to disclose this information because, as well as the
risk posed to the security of the NHS, there is also a risk of national security being compromised. Knowledge of the
core architecture would allow potential cyber-attackers to build up a picture of our capability and capacity in this
area. It could provide those groups or individuals with an indication of where to focus their efforts when targeting
our systems. Groups planning attacks are known to conduct extensive research and will take advantage of the
‘mosaic effect’ by combining information from different sources. If this information were to be combined with other information already
in the public domain or obtained from elsewhere, the disclosure of it could assist in mounting an effort to breach
or bypass cyber security measures, with serious consequences. As the NHS is an essential part of the UK’s public
health and emergency response and these security measures also protect the proper functioning of Category One Emergency provision, the disclosure of this information may also compromise national security.
In these circumstances it is our view that the public interest in maintaining the exemption outweighs the public
interest in disclosing the information.
