Digital & Innovation Services (D&I)
University Hospitals Plymouth NHS Trust’s Digital & Innovation department (D&I) provides ICT support and services to approximately 11,000 users across multiple organisations in the Plymouth Health Community, including:
- University Hospitals Plymouth NHS Trust
- Livewell South West
- Harbour Drug & Alcohol Services
- Sentinel Healthcare SouthWest CIC
- Youth Enquiry Service (Plymouth) Ltd
Our service is designed using ITIL® methodologies and projects are managed in accordance with PRINCE2. D&I is a multi-discipline department consisting of over 150 employees with a range of teams.
UHP Digital Strategy
The Trust does not yet have a trust wide EPR solution but is building a business case to obtain one.
Senior Management Team
- Lee Pester –Chief Information Officer
- Mandy Stewart – Chief D&I Business & Governance Officer
- Katie Greenhill – Chief D&I Support Officer
- Jason Scott – Chief D&I Technology Officer
- Paul Denton – D&I Programme Manager
- Mac Armstrong – Chief Clinical Information Officer (CCIO)
- Sarah Dormor – Chief Nursing Information Officer (CNIO)
- Nanette Bothma – Chief Medical Information Officer (CMIO)
- Duncan Cripps – Chief Clinical Support Services Information Officer (CCSSIO)
- Sally King – Chief Clinical Support Services Information Officer (CCSSIO)
Contact us: firstname.lastname@example.org
D&I Organisational Chart
Chief Information Officer at top with Chief D&I Technology Officer, Chief D&I Support Officer, D&I Digital Programme Manager, Chief D&I Business & Governance Officer in a line below.
The Purchasing activity for University Hospitals Plymouth NHS Trust, D&I department will be undertaken in accordance with UK law, regulations and directives, and the Trust's Standing Financial Instructions with purchase orders being based on achieving value for money.
All contracts above the currently applicable threshold are legally required to be advertised in the Official Journal of the European Journal (OJEU), in accordance with EC and GATT rules on public procurement, and to comply with the White Paper on Standards, Quality and International Competitiveness (CMND 8621).
In support of the Trust's requirement to offer an open and transparent process within D&I procurement, the below list provides a description of key contracts along with anticipated expiry dates.
For any current tender opportunities please see https://plymouthhospitals.bravosolution.co.uk/nhs_collaborative/web/login.html
Some of the software systems that the Trust uses will store person identifiable data in accordance with UK GDPR rules. Where suppliers are contracted to provide such systems they are required to act responsibly on behalf of the Trust (Data Controller) as a nominated Data Processor. The Trust has a team who are are responsible for Information Governance, all new and existing suppliers should visit their web pages (https://www.plymouthhospitals.nhs.uk/information-governance) to make themselves aware of the duties they have, which will also be included in contractual agreements.
Cyber security and the Freedom of Information Act 2000
University Hospitals Plymouth NHS Trust has following careful consideration of its experts concluded that it will refuse requests that ask about cybercrime events or ask for information that assists criminals.
The Trust, following a public interest test considers such information exempt from supply in compliance with both:
· section 31.-(1)(a) the Law enforcement exemption about the prevention and detection of crime
· section 38-(1) (a) and (b) the Health and Safety exemption
Additionally; the Trust will neither confirm nor deny it holds information in compliance with sections 31.(3) and 38(2). This is because the revealing of facts enables others to utilise such data to identify weaknesses or strengths. Please refer to our rationale.
All future requests for similar information will be referred to this statement and considered exempt from supply in accordance with section 21.-(1) - information accessible by other means. This avoids the need for repeated responses that are substantially the same.
The Trust seeks to be an open organisation and makes much non personal information available to the public as possible, however it will not jeopardise the care of its patients and staff if making information public put them in danger.
These exemptions apply because disclosing details of our security arrangements could prejudice the security and integrity of the Trust’s network and increase the risk of unauthorised access to information held by the Trust, much of which is confidential and sensitive. The level of detail that would be released would enable external parties, who are not privy to the confidential aspects of Trust’s IT systems, knowledge of our security equipment and by association its integrated network security. The Trust employs a range of security tools to mitigate the risk from different types of security threats. Firewalls, Intruder Detection Devices Antivirus and other products form a mesh of security that protects the Plymouth NHS Network and data, the more of these vectors that are known, the weaker the security of the network protection. There is a real risk that this knowledge could assist external parties in attempting a cyber-attack/hack into the Plymouth NHS Network. The anticipated harm from this is a breach of data protection (failure to adequately protect information resulting in an unauthorised disclosure), data loss, and disruption to patient care through a loss of IT services. The severity of harm is extensive with millions of patient records put at risk of unauthorised disclosure.
Systems failure endangers the physical or mental health and safety of patients and staff. Examples were frequently reported throughout the media following the WannaCry attack on various parts of the NHS and other organisations. The impact on the NHS has since been the subject of further investigations by both the press and educational institutions and their findings validate the approach we have taken.
The Trust has consistently applied both section 31 and 38 to all “Right to know” requests received this financial year and will do so in the future. The responses to such questions are displayed within the Trust’s disclosure log. To avoid processing substantially similar requests, we will refer any new applicants to this standard explanation, when applicable.
Those with legitimate business enquiries should contact the ICT’s Procurement team using this email address:email@example.com rather than make Freedom of Information Act requests.
If you are unhappy with this approach, you have the right to complain. This should be in writing to the address below or preferably by email to firstname.lastname@example.org. We will then arrange for an independent appeal.
University Hospitals Plymouth NHS Trust
Freedom of Information Manager
Information Governance Team
Ground Floor, Brittany House
If you remain dissatisfied with the outcome of the appeal, then you have the right to appeal again to the Information Commissioner at:
Information Commissioner’s Office
Tel: 0303 123 1113