Clinical Software System
Reference: 24-25385
Date response sent: 10/12/2024
Details of enquiry
I am writing under the Freedom of Information Act 2000 to request information about several systems and services in use at Tavistock and Portman NHS Foundation Trust. My inquiries are as follows:
[Data Table Provided – See Below]
Response sent
| Row No | Technologies | Supplier | Software/ system | Contract expiry date | Revised expiry date |
| 1 | Electronic patient record | Advanced | Carenotes | 01/04/2024 | 28-02-2033 |
| 2 | Patient administration system | Advanced | Carenotes | 01/04/2024 | 28-02-2033 |
| 3 | Electronic prescribing and medicines administration | No System installed | |||
| 4 | Maternity information system | No System needed | |||
| 5 | Diagnostic imaging information system | No System needed | |||
| 6 | Electronic document management system | Trustmarque | Microsoft 365 | 01/04/2024 | 01-04-25 |
| 7 | Laboratory information management system (LIMS) | No System needed | |||
| 8 | Cyber security services | Data Withheld | |||
| 9 | Cyber security services | Data Withheld | |||
| 10 | Bed management system | No System needed | |||
| 11 | Clinical decision support system | No System installed | |||
| 12 | Hospital pharmacy system | No System needed | |||
| 13 | Population health management system | NHS England | HIE | Unknown | Contract held by NHSE. We do not hold expiry date. |
| 14 | Hospital discharge system | Advanced | Carenotes | 01/04/2024 | 28-02-2033 |
| 15 | Theatre scheduling system | No System needed | |||
| 16 | Clinical communications system | No System needed | |||
| 17 | Advice and guidance system provider | DrDoctor | DrDoctor | 30/04/2028 | Deployment underway |
| 18 | Virtual ward and remote monitoring system provider | No System needed | |||
| 19 | Cloud provider | Microsoft | 01/04/2024 | 01-04-2025 | |
| 20 | Robotic process automation system | No system installed | |||
| 21 | Staff rostering system | No system needed | |||
| 22 | HR/workforce management system | NHS England | IBM ESR | Contract held by NHSE. We do not hold expiry date. | |
| 23 | Supply chain and inventory management system | Microsoft | Intune | 01/04/2024 | 01-04-2025 |
| 24 | Financial management system | NHS Shared Business Services | Oracle | 31/12/2025 | |
| 25 | Barcode and scanning technology system provider | No system needed | |||
| 26 | Computer hardware provider (laptops, PCs, smartphones, tablets, iPads etc) | Dell | Outright purchase | N/a | No contract. Outright purchases |
| 27 | Computer hardware provider (laptops, PCs, smartphones, tablets, iPads etc) | Telefonica | Outright purchases | Outright purchases | |
| 28 | Patient engagement portal | ICNH Ltd | DrDoctor | – | 30/04/28 |
The information requested in Rows 8 to 9 is being withheld by the Trust under FOIA s.31(a), Law Enforcement: the prevention or detection of crime. Information is exempt if its disclosure, under this Act would or would be likely to prejudice (a) the prevention or detection of crime. Section 31 is a qualified exemption, which requires the public authority to carry out the public interest test. We have carried out the public interest and our public interest arguments are shown below.
Arguments in favour of disclosure
- Promoting accountability and transparency on how public funds are utilised and spent
- Assure public confidence that the Trust has robust arrangements in place to protect their information and our technologies.
Arguments in favour of maintaining the exemption
- The Trust has a duty to ensure, as much as possible, that its information systems and assets are kept secure
- Disclosure of the information requested, under FOIA, into the unregulated public domain, for rows 8-9, could render the Trust vulnerable to cyber-crime and/or malicious attack, by pinpointing our supplier, from which exact tools, facilities and services upon which the Trust relies could be deduced from other information in the public domain, and could be used as a starting point to attack network infrastructure and/or information systems.
- Should the Trust choose to release this data, it must consider not only the vulnerabilities its release might give rise to it, but also how these vulnerabilities might increase should a determined person/s, combine the requested data with prior/other knowledge gleaned from the public domain or other sources, thereby negatively impacting the Trust’s ability to provide essential services
- For the reasons given above, disclosure would also identify our suppliers and prejudice the security of their operations
Balance of Arguments
Based on the above public interest arguments, we have concluded that the weight of balance lies in maintaining the exemption and outweighs the public interest in disclosure.