EXCLUSIVE: Developing a technologically empowered health and care system

Will Smart
Will Smart, Chief Information Officer for Health and Care, NHS England

As the first Chief Information Officer for Health and Care, one of my most important tasks is to bring together and empower the information and technology agendas of the many different organisations that make up our health and care system.

Part of this is about ensuring organisations take the actions and employ the systems that we know work, yet my time as Chief Information Officer at Royal Free London NHS Foundation Trust showed me that it is also very much about knowing when to keep out of the way of local innovation and expertise. This can be a difficult balance to find, and enabling change both locally and nationally can be slow.

'Get on with IT'

But slow is no longer good enough. Professor Wachter’s report, Making IT Work, gave a green light to boards across the country to drive forward clinically lead informatics across the health service, and his assertion that it is time to “get on with IT” has never been more pressing, or true, than in the face of the cyber attack in May.

The overwhelming majority of patients in England were not affected by the WannaCry attack. We were fortunate, especially when you consider that there are several hundred trusts across the country treating hundreds of thousands of patients each day. However we do need to learn from this, and as the government formally accepts Dame Fiona Caldicott’s 10 data security standards for health and care organisations and compliance becomes part of the CQC inspection framework, we need to do everything we can to prepare ourselves for future attacks.

It is undeniable that there has been a historic under investment in infrastructure. We are rectifying this with a number of initiatives including the Global Digital Exemplars and their Fast Followers, whose blueprints will enable other trusts to implement transformation not just more quickly but more cheaply, freeing up funds for additional development and innovation.

The recently announced £21m cyber resilience fund is another step in the right direction, and will be spent reducing the use of unsupported platforms and browsers within major trauma centres and ambulance trusts across the country. We have also signed a Customer Support Agreement (CSA) with Microsoft that will enable us to monitor vulnerabilities more effectively, make software patches available for XP and allow us to roll them out for Windows 7 more easily.

The purpose of this work is to support local organisations to improve their perimeter and device security through hardening network security, improving network architecture and ensuring effective device patching and antivirus is in placeThrough NHS Digital’s careCERT alert system, we will continue to ensure that advice and guidance is available to local organisations, and my Cyber Security review, which will report in the Autumn, will seek to provide practical advice and guidance to support this work.

'CIOs and CCIOS to lead the way'

The WannaCry attack also taught us that cybersecurity is not just a technology issue. With colleagues in NHS England, NHS Improvement, the Care Quality Commission and the Department of Health, I will be working to ensure that cyber is a board-level issue, appropriately governed and managed, and that all staff working in the health and care system are aware of their responsibilities to prevent a future attack.

Our response to the WannaCry attack demonstrated that we already have a talented and committed information management and technology workforce across our service. I am personally delighted that through the NHS Digital Academy we now have the opportunity to complement this with the development of a strong core of world-leading healthcare informatics leaders.

With the first group of competitively selected Chief Information Officers and Chief Clinical Information Officers to be unveiled in September, the Academy will invest in the best informatics professionals to create a world leading information and technology workforce that can steer the system through the great digital transformation that lies before us.

I see this, and all the other exciting work we are doing, as really positive moves towards the goal I’ve always wanted: Chief Information Officers and Chief Clinical Information Officers on the board of every organisation in the country, and ultimately, an intelligent, technologically empowered health and care system that can achieve amazing outcomes for patients.