Lessons learnt at Live Services in NHS Digital

We spoke with Sam Robinson, Associate Director of Live Services at NHS Digital, about her current priorities and the challenges of managing national digital infrastructure when considering digital transformation and the importance of getting the basics right.

ITGL is a technology consultancy and award-winning specialist public sector provider. We work in partnership with many NHS trusts.

[ITGL] Thank you, Sam, for your time today. At ITGL we spend much of our time working on digital transformation and cybersecurity for our public sector clients. Where are you on your particular digital journey, and what challenges both technological and cultural have you faced?

[SR] Operations resilience is my main focus. My teams support the critical infrastructure and services that are being used to deliver many of the Covid response services, and also many services that the wider NHS depends on. There is no room for these services to be unavailable when they are supporting national testing, or the vaccination service to the public. These services have been built to high quality rapidly and it is the job of my team to ensure they continue to be reliable and always available when they are needed. Looking to the future, when people talk about newer technology such as AI and robotics they often overlook the challenges of combining that vision with legacy technology. There needs to be a recognition of the required investment in reliable and secure infrastructure and getting the basics right.

That investment in infrastructure can be things like making sure that we can move into secure cloud hosted environments, and that in parallel we understand our ability to support them. We’re now pushing really hard for ‘IT operations by design’, meaning the operations and ongoing maintenance of any technology is built in from the outset and is just as important as the design and features of the systems. We need to live with the reality that there will be a constant demand to create or procure new apps but this creates demands on IT teams who need to support these technologies in the long term.

It’s about doing things right from the beginning when it comes to technology and transformation, planning for the life-cycle of the IT services rather than simply chasing the latest technology. Yes, it may be the future, but what’s it going to sit on? When algorithms or critical services aren’t available, what is your business continuity?

If you digitize the NHS to the point that we’re genuinely paperless and our junior doctors have been trained and educated using digital support and decision learning tools, your workforce can no longer revert to paper as they could today. You have no room for service disruption. It’s not four nines availability, it’s 100% availability – and that’s mindset, cultural and education as well as technology. IT and digital in some parts of the NHS are treated as a ‘nice to have’ as opposed to it being part of the service fabric.

[ITGL] Yes, this is a familiar story to us, though it’s a good reminder that in the world of healthcare, service availability is becoming critical to the delivery of patient care. The IT foundation is fundamental to any sustainable future progress along the digital journey – it needs seamless connectivity and pervasive security before we get on to the shiny new tech and enticing apps. The security risks with IoT devices and shadow IT are all too real and the network needs to be aware of this and handle such risks effectively.

[SR] Yes, and can you get on to it? You talk about single sign-on, if you went to many hospitals, there will be multiple logins and passwords for each user and disconnected services everywhere. If a user finds it difficult to access systems, it reduces the benefits the systems provide and provides a really frustrating experience for the end user. If a service is unavailable due to an outage, this can pose a potential clinical risk.

[ITGL] This is the classic trade-off between having your IT systems sufficiently secure to meet almost all threats, and yet still being usable by the users. At ITGL we spend quite some time analysing the vulnerabilities that these compromises introduce, and ensuring they’re sufficiently mitigated.

We’ve also championed dark web traffic analysis and dark web chatter monitoring to gain advance warning of impending ransomware cyberattacks. It’s years now since WannaCry but does the potential for ransomware keep you awake at night?

[SR] We have an excellent Cyber Security Operations Centre that responds to all cyber incidents and who also proactively lead work to reduce risk. However, the threat is always there. We are the trusted body that looks after patient data, and we run critical national infrastructure so of course cyber security is absolutely fundamental to our work.

[ITGL] So would it be fair to say that your focus is almost totally absorbed by the needs of data security, cybersecurity in general, and the fundamentals of a solid IT infrastructure?

[SR] My personal focus is not on cyber, that’s handled elsewhere – but yes you always have to have your eye on what’s coming down the path. Absolutely, artificial intelligence is important, but it is predicated on solid infrastructure and also data quality. If you get any of those things wrong from the outset, you risk having an unreliable or unsecure service.

The immediate priority should be investment in this infrastructure, getting the basics right. You need to be focused on where you’re going in the future – that’s why the basics are so important. The work in IT operations is often invisible – until things go wrong. I’m trying to lift the profile of its importance so the services of the future are built on solid foundations.

[ITGL] Given this focus, how are you finding the task of recruitment?

[SR] There are simply not enough people in the NHS with the right skills to deliver what is needed throughout the health and care system. Therefore, we need intelligent suppliers to come in and provide a service which can address these skills gaps as well as providing the technology and infrastructure. I think there is an opportunity to work alongside suppliers to build graduate and apprentice academies that can grow the skills that both the suppliers and the NHS need.

[ITGL] This is one of the reasons behind our push to provide security and network management as managed services. It’s simply logistically impossible for all organisations to have their own expert teams given the limited number of engineers.

As we finish, out of the various topics we’ve discussed, what would be the one message you would like to stress?

[SR] My main message is it’s about getting the basics right in IT operations, infrastructure, network and security. You’ve got to be clinically safe as a lot of these applications are used to support the delivery of patient care and thus become categorized as a medical device, which imposes a whole new level of compliance.

I love health IT, I’ve loved it for so long because it’s so interesting, so exciting and so difficult! The difficulty comes from the complexity of the environment we work in. You’ve got different commissioners, different stakeholders, different secretaries of state, different everything. The NHS never stops – there’s no room to rest!

[ITGL] Thank you, Sam. It’s been really interesting and illuminating to see things from your perspective.