Freedom of Information - Information Technology (IT)

What software product(s) are you using to manage your IT Service Management (e.g. Landesk, ServiceNow, Cherwell, Hornbill etc.)?

Sostenuto

When does the contract with your current service desk provider end?

The contract is due to expire in April 2018

How much does your current ITSM service desk tool cost annually?

Support costs are shared across all of Informatics Merseyside partners at a cost of approx. £2,000 per annum.

When will you be looking to review your current service desk tool?

Informatics Merseyside, our shared service for IT provision procure the initial solution and will advise on re procurement process to all of its partners.


Purchasing Manager – Colin Todd

Head ICT – Christine Cowell

Desktops/Notebook Manager – Matt Leigh

ICT Director - Vacant

Service Delivery Manager – Joe Lewis

Project Managers - Anne-Marie Davies, Donna Porter, Richard Harkness, Shaun Alexander

 

What is your annual ICT spend?

Categories

Actual spend
FY 2016-17

 

Actual spend
FY 2017-18

 

Projected spend
FY 2018-19

Rev (£)

Cap (£)

 

Rev (£)

Cap (£)

 

Rev (£)

Cap (£)

 

Total IT spend (A + B + C + D + E + F)

9929431

1658043

 

8175068

542140

 

9663958

442517

A

Total organisational spend on software (clinical and business related software, office and admin software including licences but excluding implementation and support)

1928185

160947

 

1393567

150365

 

2074799

 

B

Total organisational spend on IT services and support

3292108

0

 

3015777

 

 

5307458

 

C

Total organisational spend on in-house IM&T staff (excluding spend on outsourcing services)

1772156

0

 

1008670

 

 

802021

 

D

Total organisational spend on hardware

1133980

1426741

 

1331184

391775

 

650969

442517

E

Total organisational spend on communications

1107539

70355

 

1090465

 

 

735711

 

F

Other ICT spend (this will include ICT spend which is not captured in above mentioned categories, like other ICT charges, costs related to running services for other NHS bodies, Medical devices, POC testing, etc.)

695463

0

 

335405

 

 

93000

 


What is the current number of staff who use a PC or a laptop within your Trust?

7000

What are the current Microsoft software licences (server and desktop) that you are using?

The Trust is licensed for Windows 10 enterprise via the national agreement on the client side and has a separate Exchange Web Service for core CAL (expiry March 2020).

Also included in the SLA are Windows server Datacenter CAL's which are used on the central vSphere environment.

What is your annual IT spend on Microsoft licences?

Exchange Web Services costs is 281K and it is estimated that a further 100K is spent annually on adhoc server application licenses and Microsoft Office on the desktop

Has your organisation moved, or is planning to move, to the Cloud in the next 12 months?

There are no plans to move to cloud within the next 12 months as the major clinical applications do not support online variants of Microsoft Office.

Are you due to undertake a review of your software estate in the next 12 months?

A review is not likely within the next 12 months as the Trust will be upgrading its estate to Windows 10 and Server 2016.

What is the name of the decision maker for IT spend in your organisation?

Christine Cowell, Head of Informatics and Systems


Do you use an electronic health record (EHR) for your mental health services?

Yes

If so, which EHR is it and who is the provider?

Mersey Care NHS Foundation Trust uses PACIS for the Secure Division.

The Trust is implementing RiO (Servelec HLC) for the Local Division.

The incumbent system for the Local Division is ePEX.

For the Specialist Learning Disabilities Division we have Carenotes from Advanced Health & Care (AHS).

What is the backend stack used by this EHR?

PACIS:SQL Base

ePEX: proprietary database

Carenotes :Microsoft SQL

RiO: Microsoft SQL

Carenotes PACIS and ePEX are hosted internally and RiO is hosted externally

If not, do you have a written strategy and a timeline to introduce an EHR and where can this strategy be accessed?

Not applicable.

If you have an EHR, does it have API’s for third party integration? What are the processes for this integration in your organisation?

Yes our EHR has API’s for third party integration. Process for integration would entail a scoping exercise to identify the technical requirements which would then be undertaken by our integration team. The developed interfaces would then be tested and the development would then be deployed.


The following information is regarding the Trusts Information Technology purchase for the last tax year:

Amount of spend on Medical Grade Computers (EN6060-1 certified medical PCs that are deployed within critical care areas such as theatres, ICU’s/ITU’s/HDU’s, anaesthesia rooms) for the last tax year

Mersey Care NHS Foundation Trust provides specialist mental health services in North West England and beyond. We provide specialist inpatient and community mental health, learning disabilities, addiction services and acquired brain injury services for the people of Liverpool, Sefton and Kirkby, Merseyside.

We also provide secure mental health services for the North West of England, the West Midlands and Wales and specialist learning disability services across Lancashire, Greater Manchester, Cheshire and Merseyside.

 Therefore Mersey Care NHS Foundation Trust does not use this type of computer.

Amount of Spend on carts (COW: computers on wheels / WOW: workstations on wheels) for the last tax year

£0.  The Trust did not buy any carts last year.

Amount of spend on medically certified Mobile Tablets (these are tablets designed specifically with the hospital environment in mind.  Based on medical grade plastics (MICA-071_DS)) for the last tax year

 The Trust does not use these due to the fact that we are a mental health trust.

Amount of Spend on Surgical Displays for use in theatres for the last tax year

Not applicable

Amount of Spend on CIS (Clinical Information System)

£375,000 on EPEX

£300,000 on RiO

£40,000 on PACIS

Would you also kindly provide me with me any additional information of:-

Which Supplier framework you purchase the above through

The Trust uses Crown Commercial Service framework

Which suppliers you currently work with?

EMIS Health & Servelec


Do you have a formal software procurement policy?

The Trust does not have a specific software procurement policy.

If so, could you please send it to me or provide online links to it?

Not applicable

Do you have formalised process for considering pitches for software solutions? If so, what is it?

No

Do you have a preferred marketplace/s?  If so, which one/s

The Trust does not have a preferred marketplace but we tend to use Crown Commercial Services and SBS NHS Frameworks.

Do you have a Chief Clinical Information Officer/Clinical lead for information technology or equivalent post?

Yes

Who currently holds the post?

The Director of Informatics and Performance Improvement.

Up to what level do they have budgetary discretion if any?

£57,000

Do you use any artificial intelligence or machine learning in your mental health service provision?

No

If so, what is it and who is the provider.

Not applicable

Would you consider using third party tools deployed in secure cloud services that can interface with your EHR?

Yes

If so, do you have a policy or specification of which cloud services you permit?

The service should meet all UK and NHS specifications

Do you have a governance policy for this and could you send it to me?

There is no specific governance policy relating to cloud services


Network Provider(s) - Please provide me with the network provider name e.g. EE, Telefonica, Vodafone, Three

Vodafone

Annual Average Spend- Can you please provide me with the average annual spend over the 3 years. If this is a new contract can you please provide the estimated annual spend.

£11,002 average monthly spend for Mobile phones

£5,000 on Mobile broadband per month

Number of Connections- Number of connections for each network provider. Please split the connection into the following, Voice Only, Voice and Data and Data. Please provide me with a figure for each one including if the organisation doesn’t have any.

2648 Mobile connections

344 Smartphones

2304 Mobiles

2673 Mobile broadband connections

Duration of the contract- please state if the contract also includes contract extensions for each provider.

24 month contract

Contract Start Date- please can you provide me with the start date of the signed agreement. Please do not provide me with the framework contract date I require the contract dates of the signed agreement.

Signed 02/02/2015

Contract Expiry Date- please can you provide me with the expiry date of the signed agreement. Please do not provide me with the framework contract date I require the contract dates of the signed agreement. If the contract is rolling please state.

This expired 02/02/2017.  This is currently a rolling contract

Contract Review Date- Please can you provide me with a date on when the organisation plans to review this contract.

An amendment to the current contract is due to be signed on 31 July 2018.

The person within the organisation responsible for this particular contract. Can you send me the full contact details Contact Name, Job Title, Contact Number and direct email address for each network provider? If full contact details cannot be provided please send me their actual job title.

Asim Patel

Joint Chief Information Officer with North West Boroughs, Asmim.patel@merseycare.nhs.uk

This information is for Liverpool Community Services (formally Liverpool Community Health) which is a division of Mersey Care NHS Foundation Trust.  Mersey Care formally acquired Liverpool Community Health NHS Trust on 1 April 2018.

 


For each of the different types of cyber security services can you please provide me with:

Contract 1

Standard Firewall (Network) - firewall service protects your corporate Network from unauthorised access and other internet security threats

Contract 2

Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.

Contract 3

Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.

Who is the existing supplier for this contract?

     Contract 1 - British Telecom

     Contract 2 - Exemption see note below

     Contract 3 - Bytes Software Services

What does the organisation spend for each of contract?

     Contract 1 - £2,880

     Contract 2 - £29,610.50

     Contract 3 - £281,577.97

What is the description of the services provided for each contract?

     Contract 1 - Hardware and licensing support

     Contract 2 - Exemption see note below

     Contract 3 - Management of Microsoft EWS agreement

Primary Brand (ONLY APPLIES TO CONTRACT 1&2)

Mersey Care NHS Foundation Trust (MCFT) has applied Section 31(1)(a) of the Freedom of Information Act 2000 to this request as providing the information you have requested could compromise the security of the NHS network/NHS data.

This exemption is subject to the public interest test and we have taken account the public interest in transparency and in understanding how NHS digital systems function and what the impact of cyber crime may be on NHS systems.  However, we can advise that Mersey Care have assessed that there are significant factors in favour of withholding the information that outweigh those in favour of publication.

Disclosing information about the Trust firewall and anti virus provides useful foot-printing information which would help an attacker to conclude research prior to launching an attack.

Similarly, disclosing the configuration of Trust infrastructure would help an attacker establish what functionality to include in a malicious payload delivered to the Trust.

Providing such information could provide attackers with a valuable insight into MCFT level of resilience, thereby facilitating the commissioning or concealment of crime in relation to fraud, data protection, terrorism etc. As such, it is not in public interest to provide this information.

What is the expiry date of each contract?

     Contract 1 - March 31st 2021

     Contract 2 - 31st March 2019

     Contract 3 - March 31st 2020   

What is the start date of each contract?

     Contract 1 - April 1st 2018

     Contract 2 - 31st March 2019

     Contract 3 - March 31st 2017

What is the contract duration of contract?

     Contract 1 - 3 Years

     Contract 2 - 1 Year

     Contract 3 - 3 Years

The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.

     Contract 1 - Lawrence McBride

     Head of Voice and Data Networks

     NHS Informatics Merseyside

     Saturn House, Knowsley Business Park, Liverpool. L34 9GJ

     Tel:0151 296 7668 Mob:07795 370190

     Lawrence.Mcbride@imerseyside.nhs.uk

     Contract 2 - Joe Lewis

     Service Delivery Manager

     NHS Informatics Merseyside

     Saturn House, Knowsley Business Park, Liverpool, L34 9GJ

     joe.lewis@imerseyside.nhs.uk

     Contract 3 - Matt Leigh

     Desktop Team Manager

     NHS Informatics Merseyside

     Saturn House, Knowsley Business Park, Liverpool, L34 9GJ

     Tel: 0151 296 7031 Mob: 07976775511

     matthew.leigh@imerseyside.nhs.uk

Number of License (ONLY APPLIES TO CONTRACT 3)

     SQLCAL ALNG LicSAPk MVL DvcCAL    84

     CoreCAL ALNG LicSAPk MVL UsrCAL    7000

     SysCtrDatactrCore ALNG LicSAPk MVL 2Lic CoreLic  8

     CISSteDCCore ALNG LicSAPk MVL 2Lic CoreLic   120

     SQLSvrStd ALNG LicSAPk MVL     5

     VisioStd ALNG LicSAPk MVL     3

     WinSvrSTDCore ALNG LicSAPk MVL 2Lic CoreLic   16

     SQLSvrStdCore ALNG LicSAPk MVL 2Lic CoreLic   5

     SQLSvrEntCore ALNG LicSAPk MVL 2Lic CoreLic   2

     WinRmtDsktpSrvcsCAL ALNG SubsVL MVL PerUsr   1200


IM&T organisation structure, including pay bands for each role.

     Please see attached document. 

Annual budget for IM&T staff.

     £2,953,468

Mersey Care has a shared IT service which is provided by NHS Informatics Merseyside


What dictation and audio typing service the Trust currently uses?

WinScribe

How long is the contract for and when is it up for renewal?

The contract start date is 1st March 2017 and is due for renewal on 29th February 2018

Please provide details on the contact person who we can discuss the transcription services with?

Joe Lewis, IT Service Delivery Manager at Joe.Lewis@merseycare.nhs.uk


Please provide information on the manufacturer used, licence expiry and licence cost including duration for each of the following IT security areas within the organisation:

Desktop anti-virus. 

Sophos AV Suite, October 2018, approx. £5,000, a 12 months rolling contract. Kaspersky AV, April 2018, approx. £3,000, a 12 months rolling contract.

Protection of Microsoft Exchange environment (please state if this is not applicable due to the use of NHSmail/NHSmail2.) 

Same as Question 1, above (Sophos Suite)

Email gateway (please state if this is not applicable due to the use of NHSmail/NHSmail2) 

Same as Question 1, above (Sophos Suite)

Web gateway. 

SmoothWall, August 2018, approx. £16,200, 12 months rolling contract

Mobile device management/enterprise mobility management. 

AirWatch, April 2018, approx. £18,500, 12 months rolling contract

Hard disk encryption. 

Sophos SafeGuard. March 2018, approx. £1,800, 12 months rolling contract.

Firewall. 

Virgin Media, April 2018, approx. £148,000, 12 months’ rolling contract. NB. This is an overarching infrastructure contract that also incorporates the items referenced in Questions 8, 9 and 12

Removable media encryption. 

Safend. March 2018, approx. £10,000, 12 months rolling contract.

VPN. 

See Firewall question, above (Virgin Media)

Two factor authentication provider. 

See Firewall question, above (Virgin Media)

Wireless network provider. 

Provided in-house#

Virtual server software provider and number of virtual servers (e.g. VMWare, Hyper-V etc.) 

Provided in-house. Approx 130 servers

VDI software provider and number of VDI instances. 

The Trust does not use VDI.

Network access control solution provider. 

See firewall question, above (Virgin Media)

Security information and event management (SIEM) solution provider. 

The Trust does not use SIEM

The total number of computers within the organisation.

7,550

The total number of smartphones within the organisation.

1,189

The total number of tablet devices within the organisation.

2,725

Details of whether IT security is provided by an in-house team or by a third party – if by a third party please state who provides the service and when the contract expires.

Provided in-house