HSE Technology and Transformation Committee Meeting Minutes 17 October 2022

Members Present

Tim Hynes (Chair), Barry Lowry, Martin McCormack

Apologies

Rosaleen Killalea, Fergus O’Kelly, Brendan Whelan

HSE Executive Attendance

Dean Sullivan (Chief Strategy Officer), John Ward (Interim Chief Technology Transformation Officer), Niamh Drew (Deputy Corporate Secretary).

Joined the Meeting

Patrick Lynch (ND Governance and Risk – Item 6), Joe Ryan (ND Operational Performance and Integration – Item 7), Mark Brennock (ND Communications – Item 7), Fidelma Browne (AND Communications – Item 7)

Minutes reflect the order in which items were considered and are numbered in accordance with the original agenda. All performance/activity data used in this document refers to the latest information available at the time.

1.1 Introductions Committee Members / EMT

The Chair welcomed members to the first formal meeting of the committee and thanked them for joining. He noted that more external members will be appointed to the committee, ideally with tech and patient advocacy backgrounds.

2.1 Declarations of Interest

No conflicts of interest were declared.

2.2 Committee Meeting Dates 2023

The proposed meeting dates for 2023 circulated in advance of the meeting were agreed subject to some minor changes. It was agreed that a workshop on key priorities and 1-2 formal meetings would be scheduled within the remainder of 2022.

3.1 Committee Terms of Reference

The Committee reviewed the Terms of Reference which had been circulated in advance of the meeting. Regarding communication, it was noted that communication from the committee should be clear, purposeful and coordinated. The importance of defining what a strategic project/initiative was raised, is in order to assess which projects and initiatives should be prioritised by the committee. It was suggested that at the workshop this would be discussed further, as well as how success would be measured. The Committee also agreed that its goals should align with the Board’s and Minister’s priorities.

3.2 Goals for the Committee

The goals for the committee were discussed. The committee agreed that goals should be focused on the outcome, rather than the activity, and that the outcomes should be measurable and culture shaping. It was also agreed that its goals should outline a clear purpose for technology in the HSE, and that the HSE should take a fundamentally different approach with technology. It was noted that the agreed goals should be in plain English and high level so that they are clear. The Committee also emphasised the intent to drive the T&T portfolio towards greater alignment with the HSE Corporate Plan as well as Board and Ministerial priorities. The Committee suggested that a workshop should be held in the coming weeks to discuss this further and this would remain a focus on the Committees work.

The Committee agreed to hold a workshop prior to Christmas to gain a better understanding and discussion on the role and work of the Committee.

4.1 Introduction - verbal

The CSO provided the Committee with an introductory briefing on the function of the HSE Strategy office, highlighting the areas in which engagement with technology will be most important. In relation to the development and rollout of new tech projects, the Committee highlighted that the CSO office generally needs to ensure clarity of vision; clinician buy-in; broad integration; and a focus on patient centred outcomes.

4.2 Overview of Digital Innovation

4.3 Overview of Key Service Reforms

An overview of Digital Innovation and Key Service Reforms was provided as set out in the briefing papers circulated to the Committee prior to the meeting for consideration. The papers provided an overview in relation to the current status and next steps for Digital Innovation within the HSE including areas such as: Education and Awareness; New Business and Care Models; and next steps for the organisation. It was highlighted that significant progress has been made in recent years to establish an innovation ‘footprint’ within the HSE.

The CSO advised that a number of key reform programmes are being progressed by the HSE. These programmes are seeking to address long standing strategic challenges faced by the Health Service including long waiting lists for scheduled care in hospital and community settings; long waits in Emergency Departments; and very high occupancy levels. The briefing provided an overview of key reforms (Enhanced Community Care, Mental Health, Disabilities and Scheduled care), an overview of what success looks like, reporting arrangements and opportunities for technology and innovation to support reform.

The Committee noted the position in relation to both digital innovation and key service reforms. It was requested that the Committee be provided with an organisational chart which will outline the governance structure falling under both the CSO and the CTTO and highlight where various responsibilities fall. The CSO was also requested to provide an assessment of the many projects currently underway in this area, and also to provide information on the health performance visualisation platform.

5.1 Introduction - verbal

The interim CTTO provided an introductory briefing to eHealth in the HSE. He provided a definition of eHealth broadly and with reference to the HSE eHealth Vision, highlighting that the footprint of eHealth across the healthcare system is largely made of: centrally delivered services to HGs and CHOs; Central IT management; maturing set of delivery platforms; and products aligned to major National programmes while support for local services is limited. He advised that this will shift in 2023 with the 4

emergence of the Regional Health Areas and a federated operating model. The Committee requested that the interim CTTO provide information on the 956 projects mentioned which are capital-funded in the National Service Plan.

5.2 IT and Cyber Programme

The interim CTTO advised the Committee that in relation to the final Report of the Cyber Post Incident Review [PIR] in November 2021, an implementation programme was established to give effect to the Report’s recommendations. Four programmes sit under the overall implementation programme, one of which is the Cyber and ICT Transformation Programme. The interim CTTO advised that, as part of the Cyber Programme, DPER have approved the recruitment of a permanent CTTO and Chief Information Security Officer (CISO). The draft CTTO job description was considered by the Committee, and it was agreed that Committee members would revert to the secretariat with suggested amendments. The Committee emphasised that there must be clarity in relation to the governance structure in this area by the end of the year as the role of the CTTO is a critical role to lead the transformation of the HSE’s eHealth and Disruptive Technologies capability as well as strengthening the organisation’s overall cyber protections.

NDGR joined the meeting.

6.1 Q3 2022 Report: Risk 11 Digital Environment and Cyber Failure

The ND GR outlined the individual vulnerabilities relating to this risk and noted the current rating of 20.

The Interim CTTO noted that a threat briefing is undertaken fortnightly to report on vulnerabilities, which was welcomed by the Committee. It was agreed that a similar session on such individual vulnerabilities would be planned by the CTTO for the Committee.

NDGR left the meeting.

ND OPI, ND Communications and Fidelma Browne joined the meeting.

7.1 Data Subject Notification – Cyber Attack Report

The Committee received a briefing on upcoming Data Subject Notification as set out in the briefing papers circulated to the Committee prior to the meeting. The ND OPI confirmed that the HSE engaged An Garda Síochána, cyber security, legal and technical experts to assist it in retrieving the data, processing it to identify affected data subjects and developing the necessary IT systems and processes to support the notification process. He noted that a number of steps have been undertaken and/or coordinated by the Legal and Data Protection Group since the date of the Cyber-Attack and that the process has been complex and comprehensive.

Following consideration of the briefing with the ND OPI, the Committee welcomed progress made to date and recommended that this report be shared with the Performance and Delivery Committee and the Board.

ND OPI, ND Communications and Fidelma Browne left the meeting.

8.1 Agree the meeting cadence and reporting requirements

The Committee briefly discussed how administration for the meetings will run and agreed the relevant communication channels.

Nothing was raised under this item.

The meeting concluded at 13:15.