§ Mr. McAllionTo ask the Secretary of State for Scotland on what date a circular based on DBI Associates Ltd.'s report on NHS information and computer systems was issued to the general manager of the national breast screening service in Scotland; and what action has been taken to date on that circular by that manager.
§ Lord James Douglas-Hamilton[holding answer 13 March 1995]: The Scottish breast screening programme information system is supported by the computer centre which serves the Common Services Agency.
NHS management executive letter (1992) 45 entitled "Computer Security Guidelines", based on the DBI Associates Ltd.'s report, was issued in September 1992 to all health board general managers, the general manager of the CSA, NHS trust chief executives and unit general managers. It was also copied to all IT directors and computer centre managers.
A full external review of the SBSP information system was carried out in 1992–93 and it was confirmed that the system was working satisfactorily in all its components, including the call-re-call system.
§ Mr. McAllionTo ask the Secretary of State for Scotland what actions he took to ensure that all of the recommendations in DBI Associates Ltd.'s report on NHS information and computer systems were acted upon by NHS managers in Scotland.
§ Lord James Douglas-Hamilton[holding answer 13 March 1995]: Computer security guidelines were issued under NHS MEL(1992)45 in September 1992. The circular notified health boards, NHS trusts and NHS computer centres of the outcome of the DBI study, offered guidance in the form of a guidance booklet and indicated what action was required.
A formal statement of security policy for the NHS in Scotland was agreed and issued in May 1993 under circular NHS MEL(1993)59. This spelled out the roles and responsibilities required within health boards and NHS trusts.
Under the security policy, all health boards and NHS trusts were required to appoint an IT security officer and 635W his duties were detailed. Health systems division also took steps to appoint an IT security specialist to enable the management executive to develop central guidance and advice.
A detailed IT security manual was produced by Health Systems Division and issued under circular NHS MEL(1994)75 in August 1994. The manual is intended for all staff involved in any aspect of IT systems.
Health systems division has sponsored further studies at eight national health service in Scotland sites in 1994–95.
§ Mr. McAllionTo ask the Secretary of State for Scotland if he will place in the Library a copy of the report on NHS information and computer systems carried out by DBI Associates Ltd. for the NHS management executive in Scotland.
§ Lord James Douglas-Hamilton[holding answer 13 March 1995]: A copy of the DBI Associates Ltd.'s report "IT Security Review for the DIS" is being placed in the Library of both Houses together with:
- a) Management executive letter (1992) 45 attaching the document "IT Security Guidelines".
- b) Management executive letter (1993) 59 attaching the document "IT Security Policy".
- c) Management executive letter (1994) 75 attaching the documents comprising the "IT Security Manual".
The management executive letters have been extensively circulated within the NHS in Scotland.
§ Mr. Charles KennedyTo ask the Secretary of State for Scotland if the advice to be issued in April to health boards and trusts by the NHS national working group on the market testing of information technology services will be advisory or mandatory; and if he will make a statement.
§ Lord James Douglas-Hamilton[holding answer 12 March 1992]: As part of the market testing of computer services, a formal procurement exercise is underway involving three potential commercial suppliers and an in-house hid. The customers have, of course, been involved in the procurement process. Before best and final offers are invited from suppliers who have demonstrated their ability to meet NHS in Scotland requirements, health hoards and trusts will state, on an individual basis, the services they require from the successful supplier. On receipt of best and final offers the national working group will evaluate the offers and recommend a winning supplier for each area. Health boards and NHS trusts will sign individual contract documents with the successful supplier for the services they have specified. It will be for each health board and NHS trust to decide whether it will sign the contract documents.
§ Mr. Charles KennedyTo ask the Secretary of State for Scotland if he will list the membership of the NHS national working group on the market testing of information technology services:
§ Lord James Douglas-Hamilton[holding answer 13 March 1995]: The membership of the NHS working group on computer services is as follows:
636W
Mr. L. E. Peterken Chairman Director of Special Projects Mr. R. Calderwood Chief Executive Southern General NHS Trust Miss L. Barrie General Manager Tayside Health Board Mr. J. Hudson Director of Finance Tayside Health Board
Mr. I. C. Smith General Manager Argyll and Clyde Health Board Mr. F. Gibb Acting General Manager Common Services Agency Mr. D. Wright Director of Acute Care Purchasing Highland Health Board Mr. J. Owens Chief Executive Royal Infirmary of Edinburgh NHS Trust Mr. M. Ord Chief Executive Fife Health Care NHS Trust Mr. C. Knox Head of Computing and IT Strategy Management Executive Mr. D. Hogg Branch Head Management Executive National working group meetings are also attended by the chairman and project managers for each of the three package areas as follows:
North/North East Chairman Mr. R. Fletcher—Chief Executive Angus NHS Trust Project Manager Mrs. R. Jack—IS Director Grampain Health Mr. M. Murray Grampian Health Board West Chairman Mr. K. Brewer—Chief Executive Renfrewshire Healthcare NHS Trust Project Manager Mr. W. Hart Greater Glasgow Health Board Central Chairman Mr. K. Thomson—Chief Executive Law Hospital NHS Trust Project Manager Mr. M. Cook Lothian Health Board
§ Mr. Charles KennedyTo ask the Secretary of State for Scotland what guidance has been issued centrally to health boards and trusts in respect of market testing of NHS information technology services and if he will make a statement.
§ Lord James Douglas-Hamilton[holding answer 15 March 1995]: The fundamental guidance to health boards and trusts on market testing is contained in the NHS circular GEN(1993)13 "Market Testing in the NHS".
In the course of market testing of the NHS computer services, the national working group on computer services has ensured that health boards and NHS trusts have been kept up to date with the progress of the exercise, the actions required of boards and trusts and the issues which have arisen.
Advice has been available to the NHS in Scotland through the central legal office on contractual matters and from the CCTA on procurement issues. The procurement is being conducted in accordance with EC procurement regulations.
Guidance to health boards and trusts has also been directed through local implementation groups for each of the three package areas—north/north-east, west and central—under which the service requirements of each individual board and trust have been co-ordinated arid discussions and negotiations with potential suppliers have been held.