Digitising the NHS

Security Buyer explores why digitising the NHS and protecting our medical information and data is of top importance, especially post Covid-19 

The NHS has been trying to accelerate their digital journey for many years, and go paperless. It was supposed to happen in 2018, but first it was pushed back to 2020 and now it’s been postponed again until 2023. The benefits of going paperless are easy to understand; digitised documents mean clinical data can be easily shared across the NHS, giving clinicians access to patient records and care plans wherever they are. That generates efficiencies and cost savings, as well as enabling higher-quality clinical care. 

Substantial investment is planned (£8 billion over five years), but the NHS has been hamstrung by the wide range of different IT systems being used by different parts of the service. Many of these can’t work together, making it difficult for hospitals to share scans with GPs, for example. 

The blame for missing the target to create an integrated paperless system of digital patient records – a key principle of the NHS Long Term Plan of 2019 –  has been blamed on poor planning, a lack of governance and a lack of sufficient investment. 

So, what is needed to fully digitise the NHS and what benefits would it have on security? 

Digitisation 

With the NHS approaching its 73rd birthday, Satpal Biant, Head of Public Sector at SAP, explores what should be the health service’s top tech priorities. 

Next July the NHS will celebrate its 73rd birthday. Further distribution of Covid-19 vaccines will make it a less gloomy occasion than last year’s, but there can be no doubt that the forces unleashed by the pandemic – most importantly digitalisation – will continue to reshape the institution. 

Digitalisation is causing upheaval across society – from videoconferencing disrupting traditional ways of working to the rise of dark kitchens in hospitality and the boom of ecommerce overtaking high street shops. And as identified by the 2020/21 NHS People Plan, this digital disruption has gone right to the heart of the NHS as well. 

The impact of the disruption will last beyond the pandemic. Of course, digitising an institution like the NHS is even more difficult than a retail chain. The past year has shaken the healthcare sector – but 2021 and 2022 will be where the NHS can regroup, adapt and plot a path to the future. To get there I believe there are three key technological priorities the NHS should focus on for the next 12 months – coordination and interoperability; cybersecurity; and innovation and intelligent automation. 

Coordination and interoperability 

The NHS employs 1.3 million members of staff – making it the UK’s largest employer, and one of the largest employers in the world. Its immense scale and segmented structure makes coordinating resources difficult. 

A consequence of providing such a range of services over so many regions, is that over the years the organisation has splintered – and so has its technology. Outdated legacy IT and more modern technology is therefore siloed and unable to interact. This was one of the most important findings of last year’s House of Commons Public Account Committee report, ‘Digital Transformation in the NHS’, which concluded that the lack of interoperability and limited capacity for information sharing across the NHS are two of the biggest challenges to its digital transformation. With critical information stored across unconnected servers, clinical systems and databases, tracking the patient journey across different departments of the NHS is incredibly complicated, hampering its ability to drive efficiencies across the organisation and streamline patient care. 

Tackling this lack of coordination and encouraging greater interoperability should therefore be a major priority for the NHS in 2021. 

Migrating parts of IT infrastructure to the cloud can be an important practical step towards doing this. Data stored on the cloud can be managed and shared more easily, making coordination easier. This should ease supply chain and procurement inefficiencies, and data derived from digital services can offer leaders greater insight into collaboration. 

Cloud can also offer the NHS more computational power than on-premises IT. Such a massive organisation inevitably generates vast quantities of data, and as healthcare is increasingly digitalised, more and more will need to be verified, stored, managed, and analysed. Investing in cloud adoption in 2021 will mean the NHS doesn’t have to play catch-up in the future. 

Better coordination and more interoperable data sets will have real-life impacts on patient outcomes. Hospitals or departments will be able to share health records with less friction, for instance. And when it comes to national health issues like Covid-19, obesity, or Alzheimer’s, having access to deep and broad data pools could be game-changing. It should also make workforce planning and management simpler, meaning healthcare workers can do their job more effectively. 

Cybersecurity 

We witnessed a spate of nation-state cyberattacks at the close of 2020, highlighting the growing threat of cybercrime for public and private organisations. While only the biggest and most successful breaches make headline news, attempts are far more frequent. 

As our healthcare system becomes more reliant upon a digital foundation, the NHS must ensure it’s protected from cyberthreats. 

A robust security system should feature reliable backup storage to prevent data loss and ransomware, in addition to redundant server infrastructure – distributed data centres that ensure both data and services are available to customers even if one data centre fails. Cloud services can also help shore up the NHS’s security as cloud security can be updated regularly with full adoption from all connected devices, preventing blind spots. 

Encryption is also vital. At a fundamental level, encryption simply makes data unusable for those who do not have verified access, so it should be the bedrock of any organisation’s data security capabilities. Multi-factor authentication is another important security tool that reduces the risk of breaches using stolen or lost devices. 

Innovation and intelligent automation 

As Covid-19 will continue to be a threat in 2021, the NHS must be ready to adapt to innovations quickly, and indeed innovate itself in response to crises. As such, decision-makers should prioritise this as a key organisational outcome in 2021. 

Applications and digital health solutions will need to be made faster, updated more regularly, and distributed more quickly in 2021. The best way to do this is to build these applications and solutions using a secure cloud platform. These can then be scaled and distributed across the NHS’s many regional arms. 

Another area in which innovation will be particularly key is intelligent automation. Automation can bring massive efficiency benefits while freeing up staff to do more rewarding, high-value tasks. The private sector is coming on leaps and bounds in this regard, by ensuring intelligent automation of business processes from the back office to the front office and reaping the benefit. The NHS is making some progress, but with a staff of over a million and budgets stretched, applying intelligent automation to core clinical processes where possible should be a top priority. 

An opportunity for renewal 

Prioritising the technology outlined above would be a positive step forward – but the NHS must go further. As the Public Account Committee’s 2020 report identified, “clear and transparent” governance arrangements are vital for real long-term success. In the past, implementation plans have been convoluted and opaque – blocking innovative private sector solutions and obscuring the procurement process, to the detriment of the government, private companies and the public. 

NHS leaders must take this opportunity to layout implementation plans with rigorous success metrics in place and accountability for decision-makers built-in. The private sector should be embraced for the value it can add from the get-go, and decision-makers should consult the public on their needs. 

2021 is an opportunity for renewal – not simply in terms of the technology used by the NHS, but in a broader sense. It can be the year NHS decision-makers embark on a truly long-term strategic plan. By doing so, the NHS will be in a strong position for many years to come. 

Recent research 

Cyber security expert Socura has recently launched an insights paper exploring the changing cyber security landscape in health and care organisations in the UK, with a specific focus on the NHS. With health and care organisations struggling to gain full visibility and control of their IT assets in the post-COVID era, this insight piece outlines the key steps needed to move beyond prevention, to detection and response, that enables vital digital change. 

Marc Chang, CEO and Founder of Socura, explains: “The proliferation of connected devices is exposing health trusts to the risk of “cyber physical” attacks, where virtual threats have a real world impact on patients. Coupled with resource and funding constraints, health and care organisations face widening visibility gaps, exposing them to ever more sophisticated, targeted threats.” 

An explosion in remote working endpoints and new technology investments brought about by the pandemic has created fresh security challenges and potential blind spots. With medical consultations being moved onto digital channels and VPNs turning into remote working bottlenecks, many health and care organisations are struggling to deploy patches and updates, or maintain visibility of remote endpoints. 

The insights paper emphasises another pressing challenge. Organisations like the NHS are putting data into cloud environments from multiple vendors and, as a result, the detection and response to threats requires even more focus and investment to protect dispersed systems and data. Greater cloud adoption changes the risk profile and ownership, which needs to be considered in order to avoid increasing the attack surface for cyber criminals to target. 

Jamie Brummell, Socura Co-Founder and CTO, adds: “The growing cybercrime economy has helped foment a new breed of advanced, targeted attacks using techniques that were once the preserve of only a few APT groups. Health and care organisations are not immune to this threat. With the help of prompt patching, anti-malware on end user devices, regular end user training, network segmentation, and strict user access controls commodity threats can be repelled. However, IT security leaders must go one step further in their efforts by moving beyond prevention alone, to also focus on detection and response.” 

Commentary: Dr Raj Kumar, Chief Clinician for Informatics, NHS Digital 

In the year of the pandemic, I have often reflected on my 28-year career as a doctor in the NHS. Whilst I love my main role of being a practicing frontline clinician, my part-time role in clinical informatics at NHS Digital gives me a refreshing break each week to do something connected but completely different. 

Life as a clinical informatician is never boring. Every day is different. One day might require a safety review of a product or system and extensive assessment to ensure the product is fit for purpose, safe for patients and for national roll out. On another day the focus may be on user engagement and working with patients, citizens and clinicians to understand their needs from digital health technology so we can build those requirements into our programmes and services. 

Then of course there is the data. We all know that ‘data saves lives’ and as clinicians in NHS Digital we have a huge responsibility for that data and its use. The settings for our work change too. We often find ourselves in hospitals, with patient groups, in GP surgeries and many other places, not just in the office.  

The role that information technology plays in supporting safe, effective and joined up care across health and social care organisations is going to occupy the transformation agenda for the next 2 to 3 decades. 

Commentary: Marc Chang, CEO and Founder of Socura 

The proliferation of connected devices is exposing health trusts to the risk of “cyber physical” attacks, where virtual threats have a real world impact on patients. Coupled with resource and funding constraints, health and care organisations face widening visibility gaps, exposing them to ever more sophisticated, targeted threats. 

An explosion in remote working endpoints and new technology investments brought about by the pandemic has created fresh security challenges and potential blind spots. With medical consultations being moved onto digital channels and VPNs turning into remote working bottlenecks, many health and care organisations are struggling to deploy patches and updates, or maintain visibility of remote endpoints. 

Our recent insights paper emphasises another pressing challenge. Organisations like the NHS are putting data into cloud environments from multiple vendors and, as a result, the detection and response to threats requires even more focus and investment to protect dispersed systems and data. Greater cloud adoption changes the risk profile and ownership, which needs to be considered in order to avoid increasing the attack surface for cyber criminals to target. 

Commentary: Satpal Biant, Head of Public Sector at SAP 

Next July the NHS will celebrate its 73rd birthday. Further distribution of Covid-19 vaccines will make it a less gloomy occasion than last year’s, but there can be no doubt that the forces unleashed by the pandemic – most importantly digitalisation – will continue to reshape the institution. 

Digitalisation is causing upheaval across society – from videoconferencing disrupting traditional ways of working to the rise of dark kitchens in hospitality and the boom of ecommerce overtaking high street shops. And as identified by the 2020/21 NHS People Plan, this digital disruption has gone right to the heart of the NHS as well. 

The impact of the disruption will last beyond the pandemic. Of course, digitising an institution like the NHS is even more difficult than a retail chain. The past year has shaken the healthcare sector – but 2021 and 2022 will be where the NHS can regroup, adapt, and plot a path to the future. To get there I believe there are three key technological priorities the NHS should focus on for the next 12 months – coordination and interoperability; cybersecurity; and innovation and intelligent automation. 

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Subscribe to our newsletter

Don't miss new updates on your email
Scroll to Top