Information Management Technology IMT Strategy Northamptonshire Healthcare Foundation

Information Management & Technology (IM&T) Strategy Northamptonshire Healthcare Foundation NHS Trust 2019 - 2023

INTRODUCTION: This strategy defines how IM&T will utilise expertise relating to nationally mandated requirements and expectations relating to IT combined with expertise in NHFT’s technical landscape to provide an effective, secure and resilient core IM&T services. Context: In developing this IM&T Strategy clear direction has been taken from national and local policy and best practice and with particular regards to: • • NHFT Strategic Plan: 2018 – 2023 and Northamptonshire Health and Care Partnership (NHCP) Digital Transformation Programme. Strategic ambitions: It is vital to the Trusts ability to sustain and grow that it receives an effective, value for money core IM&T service that continually seeks to drive down cost and make savings, whilst ensuring an up to date and resilient infrastructure and support service. Inherent to an effective core service is the delivery of the following functions: • Resilience of systems: • Continual review of the resilience of the network – with updates, upgrades and replacements as required. It should be noted that this strategy and the principles and ambitions described in it are critical enablers to the delivery of the Trusts Digital Transformation Strategy. • • Current and supported versions of software: Continual review of the software in use – with updates, upgrades as required. • Effective clinical risk management: in line with DCB 0160 and DCB 0129. • Effective change management controls: to protect the safety of live systems and networks. Monitoring delivery: • A financial framework: that ensures the procurement of best value solutions for all IT related requirements including licensing and support contracts. The strategy will be reviewed, as a minimum, annually via the IM&T Programme Board and more frequently should there be a shift in the health and care landscape in which it is set. • Compliance: a service that delivers in line with statutory, national and benchmarked best practice. • Transparent project management: project controls, including effective resource management. Delivery will be driven via annual Operational Plans that will be presented to the IM&T Programme board for approval, with progress against plan a standing agenda item. • Privacy and security of data: effective information governance and security of data in use, storage and transmission (sharing). • Maximum value from assets: best value and optimum benefit from the existing broad foundation of solutions in use • User support: that is accessible and learns from user feedback

Digital Achievements 18/19: As a foundation to the strategy IM&T has been working alongside services to constantly support and develop services through digital innovation.

STRATEGIC DRIVERS: NATIONAL NHS Long Term Plan The NHS Long Term Plan 2019 sets out a 10 -year programme of phased improvements to NHS services and outcomes. Sustainability and Transformation Partnerships (STPs)/Integrated Care Systems (ICSs) are required to take to create five-year strategic plans by November 2019 covering the period 2019/20 to 2023/24. Within these plans systems are required to set out how they will increase the use of digital tools to transform how outpatient services are offered and provide more options for virtual outpatient appointments. Also how they will increase the focus on population health and support the delivery of Universal Personalised Care. In addition the Long Term Plan requires GP Practices to be in Primary Care Networks (PCNs) by June 2019. PCNs will work with other community, social care, hospital, pharmacy and voluntary organisations to provide proactive, personalised integrated health & social care. Future of Healthcare: Our vision for digital, data and technology in health and care, 2018. This document, alongside NHS Digital - Internet First Policy & Guidance 2019 defines the architectural principles that NHS organisations should adhere to in delivering the government’s vision for the use of technology, digital and data within health and care. The General Data Protection Regulation (GDPR) GDPR is a regulation in EU law relating to data protection and privacy for all individuals of the EU. As such it is the basis of the NHS legal framework for data protection and consent. The Data, Security & Protection (DSP) Toolkit The DSP Toolkit describes the 10 national data guardian standards that all organisations with access to NHS patient data and systems must adhere to. These standards are specific in nature and range from access control systems to the management of obsolescent technology and supplier management.

STRATEGIC DRIVERS: LOCAL Northamptonshire Health & Care Partnership (NHCP) The Northamptonshire Health & Care Partnership is the local mechanism for delivery of the NHS Long Term Plan. Northamptonshire Digital Transformation Board is the digital delivery mechanism for the NHCP service transformation plan. It is looking to deliver a range of initiatives aimed at enhancing the IT capabilities of organisations and putting in place a sustainable and shared infrastructure to facilitate the exchange of data between organisations to help meet the target of becoming paperless by 2020 and to deliver a Northamptonshire Shared Care record to support the delivery of integrated care. Delivering our strategy: for you, with you (NHFT) NHFT’s Vision is to be “a leading provider of outstanding, compassionate care”. The Trusts focus to deliver this ambition is focused the DIGBQ strategy five strategic themes: Develop in partnership - we will Develop partnerships with other to deliver better value services; Innovate - we will innovate to help us introduce more effective and efficient ways of working Grow our staff capability - We will Grow to become an employer of choice and a great place to work Build a sustainable organisation - Build a sustainable organisation with effective estate, IM&T & support services Quality - We will provide high Quality, safe and compassionate services. Carter Report, 2016, “Operational productivity and performance in English NHS acute hospitals: Unwarranted variations” Trust has a requirement to: • Continually evaluate corporate practices and systems in use to ensure that they deliver maximum return on investment and efficiency in use. • Review non clinical estate and minimise costs by adopting flexible working practices including home based working, hot desking and alternative approaches to meetings and conferences that avoid the expense associated with meeting room estate and travel costs • Explore alternative models to minimise the cost of corporate support functions

STRATEGIC DELIVERABLE 1: PRIVACY AND SECURITY 1. Context: Privacy It is critical that NHFT maintains trust in how we hold, share and use data. Nationally mandated standards, guidance and frameworks are clear regarding the information governance principles and practice required to underpin the delivery of the best services and outcomes that meet user needs. Security We need to maintain a safe and secure data infrastructure. To do so NHFTs digital architecture needs to be underpinned by adherence to nationally mandated data and cyber security standards. 2. Strategic Principles: • We will; • Provide expert knowledge to the Trust executive regarding best practice relating to compliance with national information governance and cyber security best practice. • Ensure that our practice is informed at all times by the requirements of: – GDPR, as the basis for the NHS’s legal framework for data protection and consent and – The Data Security & Protection (DSP) Toolkit national data guardian standards • Work with the Trust executive team to develop IG and cyber security action/improvement plans and deliver them on behalf of the Trust. • Develop and maintain policy and procedures related to cyber security and IG on behalf of the trust • Strive to work with colleagues across the county to share knowledge, experience and practice and to work together to proactively identify vulnerabilities. • Support all staff to be able to be open with patients about how their information is used so that they have confidence that it is legal, safe and secure. 3. Strategic deliverables: ü By summer 2021, 100% compliance with mandated cyber security standards, exploring the Cyber Security Support Model programme to support delivery. ü Implementation of Microsoft Advanced Threat Protection and the migration to Windows 10 by June 2021 ü Access services provided by the national Cyber Security Operations Centre (CSOC) regarding cyber threats

STRATEGIC DELIVERABLE 2: ARCHITECTURAL PRINCIPLES 1. Context: NHFTs, as a member of Northamptonshire Health and Care Partnership and partner organisation to Primary Care Networks requires an infrastructure that enables delivery of the ambition for joined up care across organisations (including hospitals, GPs, pharmacies, social care). To deliver these joined up models of care and to ensure that patients don’t have to repeat their medical history or care needs to different people we need to work with partner organisations to deliver interoperability between systems, using open standards for data. ü Internet first “Our health and care system will never be a centralised service ……… and so too should its infrastructure not be centralised. But appropriate access to our data from any part of it – like you can access your email from anywhere, as long as you have the right passwords – is an important part of delivering care and staying healthy where we want to be. When we adopt internet standards and protocols for our networks and digital services we maximise the amount of technologies and digital services that will work for us and for those we care for. ” * ü Cloud first “We will start with the assumption that all our services should run in the cloud with locally managed servers as an exception so that: § we have increased resilience by working with third party suppliers § we can share data to increase security – and only those with appropriate access are able to see the data they need § the commodity services we use, like word processing, should be continually upgraded and improved – without massive migration projects” * * The Future of Healthcare: Our vision for digital, data and technology in health and care, 2018

STRATEGIC DELIVERABLE 2: ARCHITECTURAL PRINCIPLES 2. Strategic Principles: • We will: • Deliver robust, comprehensive roadmaps, supported by investment plans, that are consistent with the national Tech Vision (as defined in “The Future of Healthcare: Our vision for digital, data and technology in health and care, 2018”) and which underpin NHFT’s and Northamptonshire Health and Care Partnership digital transformation plans. • Adopt an approach based on: – IT system convergence to reduce unnecessary duplication and costs – Cloud First – Internet First • Through effective contracting and licensing frameworks ensure that the Trust has a reliable and resilient network that is fully licenced and appropriately supported • Maintain up to date knowledge of technologies to ensure that we utilise those we already have to maximum potential and make recommendations for investment in new, when it will be of benefit to the Trust • In line with NHFTs operational strategy - drive value for money by ensuring that the infrastructure that we build, the hardware we procure and the support that we have in place from external suppliers “is ‘just right’ (not over or under delivered)” • Grow our technologies in line with supplier roadmaps to ensure that we are proactive and not reactive to the need for system upgrades, investment etc.

STRATEGIC DELIVERABLE 2: ARCHITECTURAL PRINCIPLES 3. Strategic deliverables: • Continually review roadmaps and associated investment plans ensuring that they remain consistent with the national Tech Vision and with NHFT’s and Northamptonshire Health and Care Partnership’s digital transformation plans and the national requirement to digitise to core standards by 2024 • Work with partners to deliver the local capability required to deliver a core level of digitisation across the system and local sharing of records to support integrated care by 2024 • Via the Northamptonshire Digital Transformation Programme move to a position where staff can access the Trust network at any health and care location in the county and in the longer term anywhere in the county. • Via the IM&T Programme Board work to support delivery of the national ambition that “all community based staff to perform their role by delivering access to the mobile digital services required to support them to perform their role by 2021/22”. • Exploring opportunities for convergence IM&T will work with the Trusts strategic team to explore the potential efficiencies and additional value realisable from all software in use across all service areas of the organisation – corporate and clinical. • Deliver the Trust a telephony solution that meets the current and foreseeable unified communication requirements of the Trust. • Work in partnership with the Estates team so that the Trust can be assured that estates plans have the benefit of the network team’s expertise relating to the connectivity of sites so that wherever possible new service models are not delayed awaiting install of infrastructure and to ensure that infrastructure “hubs” are appropriately located within Trust estate

STRATEGIC DELIVERABLE 3: HARDWARE & PROCUREMENT 1. Context: “We want staff who work in the health and care system to have technology that helps them to do their jobs effectively, and for NHS and social care organisations – and taxpayers – to get the best value for money” * 2. Strategic Principles: • We will: • Adhere to controls and use approved commercial vehicles such as frameworks when procuring software to ensure compliance with common standards, a competitive market and value for money. • Deliver a best practice asset management approach that covers the lifecycle of the assets in use. • Ensure that any locally developed or procured services meet the mandatory technical standards due to be defined by NHSX, thereby ensuring full interoperability with the national infrastructure and other local services • Support staff in the use of the technologies required to undertake their role and deliver training programmes to support delivery of hardware new to the trust 3. Strategic deliverables: ü An asset management framework approved by the IM&T Programme Board ü Procedures in place across all NHFT Procurement teams and monitored via the IM&T Programme Board to ensure that systems are in place (and adhered to) to avoid staff initiating the procurement of licenses or software without the correct appraisal and approval ü Work with operational leads of the Trust to ensure that every member of staff has access to IT equipment that is fit for purpose ü Provide technical expertise in the procurement of IT related hardware and software contracts to ensure that the Trust is an informed customer realising value for money and flexibility via all contracts in place. ü Deliver a self-service first approach to end user support that delivers in line with SLAs and KPIs ü Legal compliance e. g. licensing * “The Future of Healthcare: Our vision for digital, data and technology in health and care, 2018”

STRATEGIC DELIVERABLE 4: CLINICAL SYSTEM SUPPORT 1. Context: To avoid harm to patients it is essential that we ensure that the electronic patient records (EPR) , clinical systems, and healthcare related technologies used by our operational teams are safe. The Health & Social Care Act 2012 sets out the Information Standards (DCB 0160 & 0129) which in turn define the requirements to which the NHS and those with whom it commissions services and its IT System Suppliers MUST conform. The Clinical Risk Management System is the delivery mechanism for these safety standards and covers the entire lifecycle of the technology in use and ensuring robust systems are in place for identifying and addressing patient safety risks associated with health IT systems. 2. Strategic Principles: We will: • Establish patient safety as the absolute priority in all that we do. • • Seek to improve clinical safety through the use of information and technology. Deliver maximum value and sustainability from existing clinical systems. • Procure, deploy, manage and decommission software in line with DCB 0160 and DCB 0129. • Adopt all mandated and “should have” roles and responsibilities required to demonstrate a safe, managed approach to the security, design, deployment and use of health related software and ensure that they are embedded in relevant governance processes. • Manage changes to live systems in accordance with change management best practice. • Seek to introduce systems that are intuitive to use but supported by user education, information and support that is accessible when required • Seek user feedback and reflect, learn from and act on feedback received • Continue to strive for excellence in end user training

STRATEGIC DELIVERABLE 4: CLINICAL SYSTEM SUPPORT 3. Strategic deliverables: ü Structure of Systm. One health record : § Work with the clinical and operational leads of the Trust to ensure that the Systm. One healthcare record keeps pace with professional best practice and national and local record keeping requirements and remains a fit for purpose health record for the Trust. § Work with Trust clinical leads to review the health record structure to ensure that as new service models are introduced we ensure there is clarity as to: § The content that constitutes a safe record – what is the value of the information documented, what is the non -value added that is mandated and the non-value added that we could stop recording (if any)? § Overlap in assessment and documentation so that we can streamline care and avoid duplication § Provide specialist IM&T clinical guidance to the heath records governance function of the Trust. ü IM&T Clinical Risk Management Framework § § § ü Define, manage and maintain NHFTs Clinical Risk Management System Define the mandated and “should have” roles and responsibilities required to demonstrate a safe, managed approach to the security, safe design, deployment and use of health records. Work worth the Trust executive team to continue to embed these roles within wider trust governance structures. Embed the role of Clinical Safety Officer so that the organisation is fully compliant with DCB 0160 Clinical coding § § Deliver an inpatient ICD 10 clinical coding function for the Trust , monitoring standards and learning lessons via participation in an annual external audit Deliver a project to transition to Sno. Med CT

STRATEGIC DELIVERABLE 4: CLINICAL SYSTEM SUPPORT 3. Strategic deliverables (continued): ü ü User support: § Deliver a Training Strategy which defines an approach that: § Offers support materials via a variety of mediums to reflect a variety of learning styles § Seeks learner feedback at each episode of learning and use the feedback received to reflect upon the service offered and inform training strategy § Deliver a responsive service to Trust staff as defined and measured by performance against SLAs and KPIs § Adopt a self-service first approach to support. § Work with professional and operational leads to further embed the principle of super users so that first line support is delivered, wherever possible, from within service § Provide specialist IM&T clinical guidance to the heath records governance function of the Trust. § Investigating the opportunities for and benefits of centralising the knowledge base and resource for clinical e. System support Health records management § § § Work with clinical leads to develop the Health Records management Policy and procedures for the Trust Deliver the health records function for the Trust for paper based and legacy system records Delivering innovative tools to support the tracking and accessing of archived records Safe decommissioning of electronic record solutions Embed the role of Clinical Safety Officer so that the organisation is fully compliant with DCB 0160

STRATEGIC DELIVERABLE 5: PROJECTS 1. Context: NHFT continually strives to improve services to remain an outstanding provider of services to the population that it serves. In addition as a member of the Northamptonshire Health & Care Partnership NHFT is continually working in partnership to review and enhance models of care delivery to meet the expectations defined in the NHS Long Term Plan. This constantly evolving landscape requires an agile project resource skilled in the delivery of IT & clinical system related projects. 2. Strategic Principles: We will: § Deliver transparency in the resourcing of projects and programmes • Work in partnership to drive efficient us e of project resource in a context of fluidity of requirements and priorities • Ensure strong project and programme governance whilst remaining agile in our approach. 3. Strategic deliverables: ü Transparency in the resourcing of projects and programmes via Project Control & PROMPT (Project Resource Management Tool) ü Governance of IM&T projects and programmes via formal scheduling meetings and reports by exception to the IM&T Programme Board ü A project delivery and management team skilled in delivery of IM&T related projects and in project delivery methodologies ü Managing enabling NHFT to make effective use of the project hours available to them ü Representing NHFT in the system wide agenda

STRATEGIC DELIVERABLE 6: DEVELOPMENT & DATA 1. Context: NHCP Strategic Plan describes the requirement to shift focus from care of ill health to prevention and anticipatory care; “self-care”; and personalised packages of care To achieve this the Trust and the county will be required to: § “find” the patient, as opposed to the patient presenting for care. § “know” the people who consume its services – the prevention, lifestyle and health support services that they require now and in the medium and long term. 2. Strategic Principles: We will: • Work with the Trust Performance team as members of the Northamptonshire Digital Transformation Programme to support the NCHP in delivery of a population health management approach • Work as members of the Northamptonshire Digital Transformation Programme to ensure that health and care leaders can use digital information to make informed decisions • Further explore opportunities to develop the MIS (Management Information System) ensuring it continues to address the Trusts priorities • Where specialist systems are required we will strive to deliver integration between systems to avoid duplication and minimise risk 3. Strategic deliverables: IM&T will: ü Working closely with the Performance Team t o develop, deliver and manage the MIS on behalf of the Trust ü Work as members of the Northamptonshire Digital Transformation Programme to deliver Northamptonshire Integration Engine (NIE) ü Work as members of the Northamptonshire Digital Transformation Programme to deliver Northamptonshire Analytical Reporting Platform (NARP) ü Ad hoc provision of applications to support adult care & corporate services ü Deliver an integration engine for NHFT

STRATEGIC DELIVERABLE 7: BUSINESS CONTINUITY & DISASTER RECOVERY 1. Context: NHFT requires an IM&T service that is : ü as resilient as possible in the face of disruptive incidents. ü In the deployment of new technologies works with services to develop business continuity plans for the loss of those technologies during a disruptive event 2. Strategic Principles: We will: • Strive to minimise, as far as is possible, disruption to clients, customers, employees, and services during a disruptive incident • Work with the business continuity lead for NHFT to develop, maintain and test business continuity and disaster recovery plans for IM&T service lines and systems that support the organisation to: • Respond to a disruptive incident (incident management) • Maintain delivery of critical activities/services during an incident (business continuity) • Return to ‘business as usual’ (resumption and recovery) as soon as possible after a disruptive event • Ensure that services have developed business continuity plans prior to introducing new technologies to services 3. Strategic deliverables: IM&T will work closely with the Trusts business continuity and disaster recovery lead to: ü Develop and manage the IM&T Disaster Recovery Plan for the Trust reviewing it annually ü Develop and manage the IM&T Business Continuity Plan for the Trust testing and reviewing it annually in line with best practice. ü Include as a mandatory item in project scopes the requirement for business continuity plans within services prior to go-live with new technologies or movement of Trust services to new locations.

IM&T QUALITY STRATEGY The IM&T quality strategy is based upon the NHFT clinical quality strategy and as such focuses on the following key requirements of an IM&T service that is: ü Well led ü Responsive ü Safe ü Effective These quality “criteria” provide a reference point to ensure that the service remains focused on the needs of the users of the service.

QUALITY STRATEGY: Well led & responsive Well led: Responsive: IM&T will: ü Understand the industry in which we operate, the environment in which we work & the needs of the organisation for whom we provide a service IM&T will: ü Be responsive to changing demands arising from changes to organisational structure, service models and processes ü Demonstrate evidence based decision making ü Have effective frameworks in place for management of the service ü Ensure that we have clearly defined roles and responsibilities and a culture of respect for each team members knowledge and expertise ü Be honest and transparent and lead by example ü "Know" the Trust in-order to react appropriately to the organisations needs ü Have a flexible skill set and structure to allow adaptability in the face of changing demands ü Ensure that systems are in place to avoid a crisis, whilst being responsive should a crisis occur and advising of the circumstances in which the service can only be reactive ü Strive to be fair and equitable , providing immediate and appropriate feedback ü Be transparent in managing expectations and resources so that the Trust is assured of a responsive service ü Be self aware, seek regular feedback from staff and act on that feedback ü Have the right systems in the right place that are; intuitive, easy to use and seek feedback to inform improvement ü Strive for a culture in which knowledge and skills matter more than seniority ü Monitor avoidable contacts to ensure efficiency and develop self service systems wherever possible ü Instil a no blame culture that fosters a service that constantly learns and develops ü Seek early engagement from the Trust to ensure the appropriate response to change and/or work packages

QUALITY STRATEGY: Effective An effective IM&T service needs to aspire to meet the needs of the various users of the technology. The various requirements are summarised in the table below paraphrased in the context of each category of user. Service user I want to confident that my care will be safe because the people caring for me have access to my information when they need it My record belongs to me not the person looking after me and I understand how my information gets used I give my details once and do not have to answer repeated questions about my care wherever I go I am confident that people are able to actively identify the risks to my health and well being and can contact me to ensure I get the services I need I can use technology to support my own care at home if I choose to Staff I want it to: work and if it doesn't I want it repaired quickly be easy to use give me back the information that I need, when and where I need it know that the equipment/systems that I have been given protect me from loss of data and from accessing unsafe content be informed about the cyber security risk and what I should do / not do be engaged in and communicated with regarding any changes to the systems or equipment that I use I want support available when I need it so that I can carry on with my work Trust We require a trusted partner that: Is transparent about cost and the associated activity level and quality of service so that we can achieve value for money Delivers all business requirements for IM&T across all service areas (corporate, clinical , estates etc. ) Drives the interoperability necessary to enable new shared service models Assists the organisation in delivering the CIP Enables closer working partnerships with the county and borough councils IM&T Other agencies We require a trusting partner that: Considers IM&T an equal partner so that the specialist knowledge and expertise of the team can be exploited to assist the Trust to deliver its business objectives Facilitates a joint strategic planning approach by requiring IM&T involvement at all key Trust forums Adopts a governance model that allows the IM&T senior team to act on behalf of NHFT at agreed forums and in agreed work packages Ensures that all staff have the basic IT skills required to enable them to make safe us of the technology deployed within the Trust We need a knowledgeable partner to deliver: Effective, efficient seamless pathways of care Joint exploration of the opportunities, via a shared approach to technology, to deliver health prevention, well being and self care models of service delivery

QUALITY STRATEGY: Safe NETWORK & INFRASTRUCTURE SECURITY INFORMATION GOVERNANCE CONTRACT & LICENSING MANAGEMENT RECORD STRUCTURE, SYSTEM DESIGN & ASSURANCE INFORMATION SECURITY Summary areas of responsibility The table below summarises the tiers of IM&T related areas of responsibility, expertise and the specialist roles related to the safety and security of the software, hardware, infrastructure & health record. Must have – Specialist roles (MH) Should have – Specialist roles (SH) Areas of expertise Encryption & Anti-virus Email filtering & quarantine Web filtering & quarantine Monitoring tools Chief Information Officer (CIO) – MH Senior Information Risk Owner (SIRO) MH Patient identifiable level information – its storage, access to it, the sharing of it and its use. Caldicott principles Data Protection Act & GDPR Record retention Encryption standards Subject access requests Caldecott Guardian - MH Data Protection Officer - MH Senior Information Risk Owner (SIRO) – MH Information Asset owners - MH Security of data In transit In storage At integration Specialist knowledge of: Electronic patient records (EPRs) & associated technologies Clinical record keeping requirements, local standards & professional guidelines Clinical Safety Management Systems Clinical risk management in the use of EPRs & associated technologies Contracting procedures and processes that safeguard the resilience and security of systems in use throughout the lifecycle of the asset Clinical & operational practice Health record keeping best practice: o Professional standards o National requirements DSB 0160 & DSB 0129 Human risk factors in the use of digital technologies in health EPR record structure, design, coding & development Contract management NHS Procurement Procedures Licensing of software Chief Clinical Information Officer (CCIO) – SH Clinical Safety Officer (CSO) – MH Accredited clinicians in safer design & implementation of clinical IT systems MH Not applicable Key IM&T related processes & procedures Back-ups & patching Email, web filtering & quarantine Installation & support of monitoring tools MDM solution ZEN Group policies and access controls Encryption & anti-virus Standard image provision Information Governance Training Data & Security Protection (DSP) Toolkit IG advice & guidance Access to health records requests FOI requests Privacy Impact Assessments IG audit programmes Supplier contract reviews Application of DSB 0160 & DSB 0129 IM&T Clinical Risk Management System IM&T Change Management Process Project management assurance process EPR training Incident management Risk management and lessons learned Licence management Contract management including maintenance & support arrangements Hardware replacement cycle Compliance with procurement frameworks

ASSURANCE: Assurance roles Required assurance roles are summarised in table above. These roles, which include Chief Clinical Information Officer (CCIO), Chief Information Officer (CIO), Senior Responsible Information Officer (SIRO), Clinical Safety Officer (CSO) and Data Protection Officer (DPO) are embedded in Trust processes and at Trust forums to ensuring that appropriate assurances are in place regarding the technology in use and the data that it holds and/or processes. Assurance frameworks The IM&T service has three distinct relationships with the Trust: • The business relationship The partnership arrangement between LGSS and NHFT is jointly managed and monitored via the IM&T Programme Board, supported by regular contract review meetings. • The clinical assurance relationship The IM&T clinical team will work with operational clinical leads to ensure that the electronic record remains a fit for purpose health record for the organisation and that all software used in the delivery of healthcare is deployed and managed in line with DCB 0160 and 0129 • The Strategic relationship IM&T will work with the strategic leadership team of the Trust to ensure that the organisations benefits from the full potential of IM&T as a strategic partner in delivery of the Northamptonshire Health and Care Partnership and the Trusts Digital Transformation plans. The assurance flows are described in the diagrams below.

ASSURANCE: Frameworks 1. ASSURANCE FRAMEWORK: BUSINESS RELATIONSHIP 2. ASSURANCE FRAMEWORK: CLINICAL RELATIONSHIP 3. ASSURANCE FRAMEWORK: STRATEGIC RELATIONSHIP

Document controls: Document Purpose This strategy documents defines the principles that will guide the IM&T core service strategic approach when delivering the technology requirements of the Trust for the period 2019 – 2023. This strategy supports delivery of the NHFT Digital Transformation Strategy and hence Northamptonshire Digital Transformation Strategy Audience All IM&T staff NHFT senior management team LGSS senior management team Superseded documents Given the formation of the NHFT Digital transformation Board and associated strategy and objectives the previous IM&T Strategy has been reviewed and is superseded by this document. Version Approvals Distribution Formal review date Role & Name Signature NHFT Director of Finance Via IM&T Programme Board minutes Director for Information Management & Technology, NHFT Via IM&T Programme Board minutes NHFT IM&T Programme Board NHFT Transformation Committee LGSS Management Board September 2020 Date Approved