Connectivity, Performance and Security

Contents

• Making IT better
• Support Approach
• Maturity
• Digital Business Continuity
• Cyber security
• Our Connectivity, performance, reliability and upgrade focus areas are
• Our Transformation Plan headlines
• Measures for success

The strategy has outlined the many services in place across our four care groups and corporate services, operating in over 130 MPFT managed buildings.

In addition, we support over 20 prisons through our Health in Justice services that require reliable connectivity and operate from an extensive number of shared buildings with our health and social care, local authority, care home, voluntary sector, emergency service and education partners.

“Connectivity for Prison colleagues is very difficult and they are always an afterthought.”
Mark Poingdestre, Regional Lead Inclusion Substance Misuse Services

The geographical locations from where our staff are based are far reaching; from as far North as Leeds in Yorkshire to the Isle of Wight in the South. With such a wide-ranging geographical spread and our extensive property portfolio, including significant amounts of community, remote and home working staff, we need to provide flexible, tailored, network connectivity services and support.

MPFT Digital, in collaboration with the Staffordshire and Shropshire Health Informatics Service (SSHIS), need to ensure that our staff are able to operate securely, reliably, and effectively regardless from where they may be delivering care or business support services.

A typical acute hospital will have one or two main buildings and possibly 6 to 8 network connections for resilience. In comparison as a community and specialist Trust, MPFT Digital and SSHIS need to manage and support over 130 network connections and premises, over 250 network switches, over 600 wireless access points, over 150 Windows Virtual Desktops (for access to MPFT systems from non-MPFT network equipment and locations, including prisons), over 4500 IPT phone handsets, over 130 multi-function managed print devices and 2 managed data centres that all of our workforce and buildings ultimately need to connect back to.

Every single account, device, managed network connection, switch, printer and access point seamlessly connects back to our MPFT services from any trust premises regardless of the geographic location.

Through our Wide Area Network (WAN) services, we can ensure that our connections are monitored and secure, and all devices within those connected premises can receive updates, stay secure, and most importantly connect to the services and systems they need to, in order to deliver care.

In addition, with such an array of services, we inevitably need to have many best of breed systems that offer the specialist features that a generic Electronic Health Record (EHR) cannot support. This results in over 100 virtual servers in place to host our systems that also require proactive hosting, maintenance and support.

Making IT better

Through ongoing monitoring and assurance in the Trust’s Digital Committee and Digital Assurance Group, we know that there is work to be done to ensure that the number of major incidents and serious outages are reduced for our service users and workforce.

Over the previous five years, our investment into virtualised server technologies, network infrastructure, end user devices and associated IT support services has increased. Whilst there has been some recent improvement, further work is required to increase network reliability and reduce the impact on our service users, carers and staff.

“Staff would prefer 100% reliable IT than anything fancy in the new strategy. Unreliable IT causes disruption, stress and worry.”
Amanda Whitehouse, Occupational Therapy

The engagement survey results corroborate this impact, with 65% of our service leads and managers stating our systems and networks are not currently reliable enough and quick enough to use.

From our engagement conversations, our wireless networks are a particular area where our network performance needs improvement.

Many services are advising that wireless performance is not reliable enough for service users and guests. This also includes wireless connectivity for staff laptops, smartphones and tablet devices. Recent outages and major incidents are evidencing that it is not fit for purpose and reliable enough for modern use case and does not meet the needs of the increasing number of devices that rely upon our wireless networks.

“When it doesn’t work I find it embarrassing”
Tracey Fallows, Diabetes Nurse Lead

Without a robust and reliable infrastructure for our systems and devices, not only is the quality of care at risk for our service users, but our digital transformation and innovation ambitions are also at risk.

Through this digital strategy, our joint ambition is for the IT infrastructure to simply work for our service users and staff and to blend into the background of their daily activities, to be less frustrating, less disruptive and far less detrimental to their daily care duties.

When IT works, nobody typically notices. This is our ambition. We want to release capacity to care, to innovate through technology and for our workforce confidence in digital to grow through a more consistent, reliable experience.

Support Approach

Over the next five years, MPFT Digital and Staffordshire and Shropshire Health Informatics Service (SSHIS) will continue to maintain, update and expand our infrastructure platforms so that they remain secure, proactively protected, performance monitored, consistently highly available and resilient to outages.

We will make a significant capital investment into our wireless infrastructure, upgrading our access points at scale for the first time since 2013 and ensuring full wireless surveys are completed for wireless coverage and performance where it is most needed.

In particular we want to ensure our service users and guests within our premises, and especially our inpatients, have robust reliable wireless available to them for entertainment and to contact their families during their time within our care.

We will review our WAN approach, the networks that connect our workforce and buildings regardless of location. With a significant WAN contract due for renewal we can look to explore a move from existing technologies such as Multi Protocol Label Switching (MPLS) to more modern, flexible and affordable Software Defined-Wide Area Network (SD-WAN) approaches. Any new contract would be in place for the duration of the strategy.

With many community premises in place across the Trust, we need to increase the network resilience in those areas where our service business continuity plans require it.

We will increase the number of connections into our key premises with resilient wireless back up links in place which would offer internet access in the event of the main network connection becoming unavailable.

This will reduce single points of failure for network connectivity and result in less impact on service user care and staff wellbeing in the event of any network outages within our buildings.

The performance and health of all our network connections, devices and wireless access points will be proactively monitored through reporting dashboards to provide a faster intervention from IT support services in the event of any issues.

In alignment with our sustainability and efficiency ambitions, we want to reduce reliance on the number of locally hosted data centres across our Integrated Care Systems (ICSs). We will achieve this by first looking to cloud technologies that use sustainable approaches. Where budget and systems support allow, we aim to migrate our servers to cloud solutions with high availability, disaster recovery and data backup processes in place.

We will work in partnership to co-locate systems, servers, core networks, firewalls, routers and network connection termination points that cannot be migrated to cloud platforms into shared data centres.

Where MPFT have migrated to cloud services for some of our key systems to date, we have seen a positive performance and reliability increase, for example:

• Finance systems for digitised procurement processes
• Exchange Online for our emails and diaries
• Microsoft Teams for our videoconferencing
• RiO private cloud for our primary health record in use across the Trust

Cloud services also offer seamless failover and reduced impact of any localised failures, protected by predictive maintenance on hardware systems and storage. This allows for issues to be highlighted and resolved before they result in significant outages.

"Server issues significantly impact on my staff as they are not able to do their job in the time allocated and there is no time allocated for them to catch up. This then impacts on their stress levels. Systems are often slow, which is very frustrating when you are trying to work as efficiently as you can.” 
Stephanie Gommersall, MICATS Community Health Services

Our telephony estate will also be reviewed and a new dedicated telephony strategic plan produced for the Trust.

The number of workers working from home has significantly increased through lockdown and our COVID-19 response. Through our agile working approaches and premises and workforce strategies, this is likely to continue.

As such, the number of dedicated desktop Internet Protocol Telephony (IPT) phones across our premises is likely to reduce, in favour of more flexible telephony solutions where the phone number follows the staff member regardless of their working location and devices in use on any particular day.

Maturity

We will continue to monitor and assess our infrastructure improvement journey through national benchmarking such as NHS Improvement’s Model Health System, local and external audits, and an investment into the Healthcare Information and Management Systems Society Infrastructure Adoption Model (HIMSS-INFRAM).

Through robust baselining and annual review cycles, in addition to our ongoing monthly reporting cycles through our digital governance meetings, we can track our improvement of our infrastructure services with our ambition to achieve a HIMSS-INFRAM level 6 rating when our infrastructure and transformation journey is complete.

Another key element of our maturity is our hardware refresh cycles in place for our end user devices, for example, PCs, Laptops, Smartphones and tablets.

With recurrent revenue budgets allocated to the continual refresh of our device estate on a rolling four-year basis, we can ensure our staff are never burdened with equipment that is too old and no longer fit for purpose for the delivery of efficient, excellent and digitally enabled care.

In May 2021 the Trust completed three HIMSS assessments to provide us with a clear baseline from which to commence our digital maturity journey.

Digital Business Continuity

Our services, like those of our partners, should be designed with resilience and security at their core, based on open standards supporting safe interoperability with the wider health and care ecosystem.

They should offer operational performance, scalability and recovery commensurate with business impact and operational service needs.

We will seek and commission arrangements for the effective provision and hosting of core systems with high levels of resilience to ensure continuity of safe, effective and high-quality care for any system that is currently at risk. We will ensure alignment to any regional approaches and partnership working opportunities through our Integrated Care Systems (ICSs).

We will also ensure alignment to the national strategy declared through NHS Digital and leverage the benefits of cloud hosting in terms of availability, scalability and resilience where it is appropriate to do so.

Cyber security

Since the WannaCry attack in May 2017, the NHS has been vigilant to the risks of cyber threats and well supported through nationally funded NHSx and NHS Digital services.

The Trust takes its service user privacy and the security of all of our systems very seriously, ensuring our annually maintained and submitted Data Security Protection Toolkit (DSPT) process is undertaken successfully.

We also undergo proactive external audit, penetration tests, cyber essentials reviews and International Organization for Standardization (ISO) compliance standards assessments, with the aim of assuring and maintaining safety and security.

During our COVID-19 response when the Trust had the option to relax our Control of Patient Information (COPI) standards, which was a notice to relax information security laws for COVID-19 care purposes, we ensured that we did not.

By rapidly introducing enterprise solutions at scale with the requisite security protection and encryption in place, we were able to be responsive without compromising on security.

“Keeping our service user and commercial information secure is of paramount importance. As digital evolves so does the security arena. We can be met with new requirements and new risks in an ever changing digital world. To keep pace with the changes, security of new and existing systems will be considered and reviewing our network and devices alongside the SSHIS will work to mitigate risk.”
Lian Stibbs, Head of Information Governance and Records Access Management

Our use of MS Teams, encrypted video conferencing, SharePoint Online and Direct Access services meant that our staff continue to work from any internet connected device securely, further protected through Multi-Factor Authentication (MFA).

Our MFA is a zero-trust model, which means never trust an access request, always verify.

Every access request to our services will be fully authenticated, authorised and encrypted before granting access.

Given the wide ranging use of Microsoft, we will also closely follow the Microsoft Cyber Response playbooks, following best practice guidance to keep our systems safe.

We will use our security dashboards and real time alerting for all of our devices and network connections, with immutable data backups and tamper proof storage. This is for all hosted systems to mitigate the risks of ransomware attacks such as WannaCry, ensuring MPFT have a robust, adaptive and fully formed cyber defence plan in place.

We will have incident response plans in place for all core business critical digital systems and services and complete a robust round of strategic planning. This includes scenario building for a cyber event, in collaboration with our colleagues in the Emergency Preparedness, Resilience and Response (EPRR), SSHIS, and NHS Digital.

Our cyber security strategy also extends to the use of nationally supported Web Access Firewalls (WAF), part of the national NHS Edge Perimeter security offer to provide additional protection for any NHS website or system that is accessible on the internet.

Through use of carefully chosen suppliers, we will undertake proactive penetration tests of our systems and bespoke applications, ensuring any service user facing forms and applications are proactively checked frequently for any potential vulnerabilities.

We will continue to make use of the emergent and existing NHS Digital and NHSx offers relating to Information Governance, the deployment of technology and services such as security training throughout the Trust, and reduce expenditure through using centrally provisioned offers.

We will improve the technical security of MPFT infrastructure, making use of Artificial Intelligence (AI) and automation. This will provide organisational assurance around cyber security by identifying and removing legacy hardware software configurations, collaborating with ICS partners to share best practice and implement recommendations based on declared and identified risks.

As part of our ongoing management of suppliers through our MPFT Digital Service Development function, and in partnership with our procurement colleagues, we will ensure that all suppliers also manage our key systems with this same level or rigour.

We will manage our strategic partnerships and contracts to ensure our systems are:

• high availability
• tamper proof data backup protected
• disaster recovery tested
• penetration tested
• Cyber Essentials accredited
• Data Security Protection Toolkit (DSPT) compliant
• UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 compliant
• verified with the Digital Technology Assessment Criteria (DTAC) standards introduced through NHSx to support clinical safety

Any system changes, updates, or new systems deployments will also be protected through Cyber Security Assurance processes as part of our ongoing Clinical Authority to Release processes.

The CSO reviews and validates all key digital systems changes, the associated change processes, service user and staff impact, cyber security and safety, ensuring that any key change we make is clinically safe. 

An internal review process supported by our senior system owners, Chief Digital Information Officer (CDIO), Chief Nurse Information Officer (CNIO) and Chief Clinical Information Officer (CCIO) to ensure that any changes we make to our systems are adequately documented, tested, compliant, secure and safe to do. These processes will be reported to our Digital Committee and overseen by our Clinical Safety Officer (CSO).

Measures for success