When Will Smart took up the role of NHS England CIO in 2016, he did so with the view that three years would be enough time to make a difference to the NHS’s technical landscape.

Having played a central role in both the Global Digital Exemplar (GDE) and Local Health and Care Record Exemplar (LHCRE) programmes, it’s fair to say that Smart has overseen some of the most ambitious and influential digital change programmes in the NHS’s recent history.

For him, the GDE programme in particular served as proof that NHS organisations were capable of massively shaking up their approach to care delivery, with digital at the forefront.

“To be blunt, I think three years ago it wasn’t clear that the NHS could really do this stuff,” Smart tells Digital Health News.

“Cambridge [University Hospitals NHS Foundation Trust] was the only example of an organisation that had really digitised – and that was not without its problems.

“It was always a longer-term programme, but I think in three years we’ve demonstrated in a number of organisations that the NHS is actually capable of doing digital very well.”

It’s not just the ability of NHS organisations to dazzle with tech that stands out for Smart – it’s the cultural change that has come with it.

“It’s been really good to see the take-up of the NHS beginning to try to learn lessons from other organisation that have done things that have been successful. That feels like a real change in culture,” he reflects.

“That programme feels to me to be the model to actually diffuse this kind of innovation, so I’m very proud of that.”

Smart reflects fondly on NHS England’s LHCRE programme – the ongoing effort to create regional hubs where electronic health records are shared across NHS care settings – for many of the same reasons.

“It is showing that organisations in localities are able to work really effectively together, with the model of local leadership and national support and coordination,” he explains.

“I think, again, it is a different way to doing technology to the ways that we’ve done before, which have either been completely centralised and top-down, or, post-2010, just letting the local service get on and just kind to work out how to do it itself.”

The future of flagship programmes

NHS England and NHSX have maintained their commitment to the LHCRE programme, although there is suggestion that the approach to rolling out shared care records could change.

National CCIO, Simon Eccles, has publicly stated that the rollout of LHCREs may “adapt to the learning” from the GDE programme, whereby investment is prioritised into the most digitally-mature trusts – an approach that has seen the least-developed trusts left somewhat as an afterthought.

Being the case, could NHS England’s flagship initiatives be due for a shake-up?

“Anything can change,” says Smart.

“As we go further through the programme, there are always things we need to think about.

“One of the areas that I think we haven’t yet really cracked is how you take the least mature trusts and what interventions we need to make to support them, so that they’re capable of affecting the change that’s required.

“That’s thinking that I know is happening, and that might slightly change the programme.”

But Smart is confident that neither GDEs nor LHCREs will be disappearing from NHS lexicon any time soon. “Both programmes are still supported, and both programmes will continue,” he says.

“Clearly the spending review and the small thing of an election will need to play through, but I don’t doubt there is commitment to them.”

Learning from WannaCry

One of Smart’s most notable contributions during his time as national CIO was his “lessons learned” review of 2017’s WannaCry incident, which cast light on the alarming unreadiness of NHS organisations to deal with large-scale cyber-attacks.

Included in the report were 22 recommendations for shoring up cyber security in the NHS to ensure a similar attack could not endanger patient safety – or leave the Department of Health and Social Care with another £92m bill.

Yet the response to Smart’s review was slow, drawing criticism from the Government’s Public Accounts Committee about the pace at which lessons learned from WannaCry were put into action.

Despite this, Smart feels that his advice has been heeded – “in broad terms”, at least.

“As a result of [the review] we have found national funding for Windows 10 licensing and ATP (active threat protection) for every NHS organisation,” he says.

“I’ve had conversations with the secretary of state and I’ve been involved in the most senior group in the Department of Health discussions on cyber security, so certainly it’s something that’s taken seriously.

“But it’s a complex and difficult area, particularly because, like so much of this agenda, it’s about change being enacted within local organisations.”

Smart also points to tensions associated with national teams setting priorities that don’t always marry up with local objectives.

“Some of that’s about money, some of it’s about standards, some of it is about capability and capacity.

“A lot of organisations are doing a lot of work and making real differences, but it’s not an easy area to report to.

“The other side is, we don’t talk about it because it’s not always very helpful to be waving a flag saying, ‘look at all the great stuff we’re doing around cyber security.’”

Making for the door

The merger of NHS England and Improvement and the subsequent formation of NHSX earlier this year led to a substantial shake-up of IT leadership, with Juliet Bauer, Matthew Swindells, Inderjit Singh and Rob Shaw all having left their posts within the past 12 months.

With NHS IT leaders practically forming a conga line out the door, it would be remiss to ask whether there was more to the story.

Smart insists there’s nothing to read into. “There’s always churn and always movement in any organisation,” he says.

“Matthew’s (Swindells) departure was a result of internal NHS England and NHS Improvement discussion as I understand it, and the integration of those two organisations.

“I don’t think they’re connected; I think it just it just tells you that things change, and people take the decision to move on.

“With the creation of NHSX, you are faced with, do you commit to another three years under NHSX, or do you take the opportunity to do something different? I took the opportunity to do something different.”

One of the most pertinent issues faced by organisations going through changes in IT leaderships is the question of how consistency is maintained, and work efforts preserved.

Smart offers up the following: “I think the advice has to be: talk to people, understand history, understand objectives, and take time to reflect on what’s working, and thoughtfully make changes. I think that’s true of anybody entering into any job – I don’t think that’s specific to tech and NHSX.”

“To be fair to [NHSX CEO] Matthew Gould, he has retained a number of the people who have been working on the programme for a while. And most of the work is not done by people like me sitting at the top of the organisation: it’s done by the hundreds of people in the centre and on the frontline, who are getting on and doing the work.”

Defining responsibilities

Put to him that the addition of NHSX could further blur the lines of who is responsible for what, Smart maintains that its formation was the right thing to do “in principle,” but acknowledges that more work is needed to define the two.

“I think in particular the relationship between NHSX and NHS Digital probably needs to be clarified and be clearer,” he says.

“I think in principle there is an understanding as to what the relationship is: NHSX is there as a strategy, policy and standards organisation; NHS Digital are there as the execution body, the people who actually do the delivery.

“I think the biggest risk currently is, as with any reorganisation and restructure, it can take attention away from business at hand and lead to a focus on ‘deck chairs’ and where they’re sitting.

“The critical part of all of this is continuing to execute the strategy.”