General Note

NHS Fife acknowledges and agrees with the importance of regular and timely review of policy statements and aims to review policies within the timescales set out. New policies will be subject to a review date of no more than 1 year from the date of first issue.

Reviewed policies will have a review date set that is relevant to the content (advised by the author) but will be no longer than 3 years.

If a policy is past its review date, then the content will remain extant until such time as the policy review is complete and the new version published, or if national policy or legislative changes are made

1.  FUNCTION

The purpose of the policy is to ensure that the procurement of any “Digital Solution”, as defined within the glossary in Appendix 1, within NHS Fife:

• provides best value for money, defined by the Scottish Government as ‘the best balance of cost, quality and sustainability’ (Scottish Government, 2022)
  
  
• complies with relevant legislation including but not limited to:
  • The Procurement Reform (Scotland) Act 2014 (statutory guidance)
  • The Public Contracts (Scotland) Regulations 2015 (legislation.gov.uk)
  • The Procurement (Scotland) Regulations 2016 (legislation.gov.uk)
  • The Public Procurement etc. (EU Exit) (Scotland) (Amendment) Regulations 2020 (legislation.gov.uk)

• is procured in line with guidance from:
  • Scottish Government and relevant bodies e.g. Public Contracts Scotland, sustainable procurement.
  • and documented in line with the Procurement Journey
  • NHS Fife’s Financial Operating Procedure
    
    
• adheres to:
  • any relevant Health Department Letter (HDL) or Chief Executive Letter (CEL)
  • NHS Fife’s current Financial Operating Procedures
  • has been assessed to ensure it complies with all current Security and Data Protection principles, including (but not limited to): - Network Information Systems Directive (NISD), General Data Protection Regulations (GDPR), Record management code of practice, Information Commissioner’s Office (ICO) Accountability Framework.
  • Advice and support provided by the digital procurement team, who are specialists within digital procurement and will ensure the appropriate levels of candour are applied. It is imperative this team support procurements of a digital nature within NHS Fife.

2.  LOCATION

Any area within NHS Fife specified as having a digital requirement including primary care.

3.  RESPONSIBILITY

3.1 Director of Digital & Information

Within Health Boards in Scotland the Director of Digital & Information has appointed responsibility for ensuring a resilient and robust technical infrastructure. They have corporate responsibility to ensure digital systems are procured, implemented and supported in line with all statutory standards and working practices.

3.2 Requester

When requesting a digital solution, the requester must: -

• Ensure they are purchasing within their authorised order limit in line with NHS Fife Financial Operating Procedures.
• Complete the appropriate request via the IT Service Desk
• Ensure financial coding is correct and financial spend is available through liaison with the budget holder (as appropriate).
• When proposing delivery of new functionality or a new solution:
  • Complete the appropriate Digital Health and Care Request form or Information Asset registration form via the IT Service Desk.
  • Engage with the budget holder as per 3.3 to ensure financial coverage.
  • Support completion of all relevant documentation as requested by the Digital and Information team (as per 3.5).
  • Support creation, governance and delivery of business case.
  • Ensure sufficient resource within the service to deliver the change.

When/If delivery of new functionality is approved must: -

• Ensure they engage appropriately with the Digital and Information team to successfully deliver the change.
• Release staff as appropriate to support implementation of the change.
• Ensure System Owner/Information Asset Owner is identified for ongoing Business as Usual delivery.

3.3 Budget Holder

The requesting budget holder must:

On receipt of request: -

• Only approve Digital Solution purchases within their authorised order limit, in line with NHS Fife’s Financial Operating Procedures, Section 11(b).
• Ensure the costs of any new Digital Solution, which is proposed for delivery, includes an optimism bias cost of implementation and ongoing support and has been agreed prior to submission of digital health and care request for consideration.

Following evaluation and financial profiling: -

• Only authorise Digital Solution purchases for which they have budgetary responsibility and can evidence full financial provision for the lifetime of the Digital Solution, this may include ongoing licensing or storage costs.
• Ensure the solution, which is being procured, has obtained Digital & Information approval via the procedures outlined below.
• Provide accurate financial codes where applicable and notify Digital & Information of any amendments to these codes, should they change in future.
• Agree, for any costs which are ongoing Business As Usual, a financial cross charge will be established on an ongoing basis to the appropriate digital code.
• Comply with NHS Fife’s Financial Operating Procedures Section 11, ensuring all relevant documentation is complete prior to formal approval.
• If Endowment/charity funds are being used for digital solutions, ensure there is the ability to procure the digital solution via this option, in line with NHS Fife’s Financial Operating Procedures (Section 17, Endowment Fund) and then complete the Fife Health Charity Request Form. All costs of delivery should be captured and provision for any costs which will not be covered by this request should be outlined before approval.

3.4 Digital Procurement Team

The Digital Procurement Team will:

• Ensure all regulations and standards are followed (as outlined in section 1) and ensure the appropriate procurement route is undertaken.
• Procure via approved Suppliers utilising the National Contracts and Frameworks as per Scottish Government agreements.
• Provide guidance and support to requestors and budget holders in line with this policy.
• Only procure Digital Solutions approved for deployment following evaluation by the Digital teams.
• Ensure best value for Fife, through effective contractual negotiations and ongoing supplier management.
• Review all Digital & Information Procurement Request Forms and ask for resubmission should the Procurement Request Form not be completed in full, ensuring all associated costs are in line with NHS Fife’s Financial Operating Procedures.
• Ensure financial procedures are followed and orders are processed, approved and receipted on time via the appropriate system (PECOS).
• Liaise with the customer to ensure delivery process is smooth, e.g. to the appropriate person and location, based on cost, technical input, size, and the necessity for security and or asset tracking.
• Support ongoing supplier management to ensure suppliers act in accordance with the contractual terms and conditions outlined within their contract.

3.5 Digital & Information Directorate

The relevant Teams within Digital & Information will ensure they:

• Consistently review and evaluate the market to ensure solutions which are implemented within NHS Fife provide best value and usability for NHS Fife and meet the appropriate standards and legislation for use within a Healthcare environment.
• Ensure that any physical goods received are of the standard described at the time of purchase.
• Ensure goods are deployed and managed on an ongoing basis.
• Ensure compliance with the NHS Fife Asset Management policy.
• Ensure physical goods are: -
  • Asset tagged and recorded on the relevant asset register
  • Undergo Portable Appliance Testing (PAT)
  • Configured for use by an appropriately trained member of NHS Fife staff or other partner agency staff
  • Installed in the appropriate environment for the designed use
  • Replaced or upgraded as directed by NHS Fife’s Desktop Replacement Programme in line with the standards set in Sustainable Procurement: the Government Buying Standards (GBS) for office ICT equipment
  • Decommissioned and disposed of in accordance with the Condemnation of IT Hardware Procedure to ensure compliance with The Waste Electrical and Electronic Equipment Regulations 2013 where applicable.

On receipt of Digital Health and Care Request they will: -

• Evaluate the Digital Health and Care Request to consider whether the proposed solution has alignment with existing operational systems or will require a full procurement exercise to be undertaken.
• If a new solution is proposed, support services to complete the relevant documentation to ensure the solution meets all standards and requirements as outlined in section 1 prior to creation of business case and subsequent procurement.
• Support services with delivery of a business case in line with Business Case Process to ensure all costs for the lifetime of the project are known and approved prior to implementation.

Following approval to procure: -

• Support implementation of new solution
• Support transfer and ongoing management (if appropriate) of the system.

4.  OPERATIONAL SYSTEM

General Procurement Principles

The following general principles should be respected in the provision of and engagement with the Digital & Information procurement service:

• All Digital solutions pre-approved by the relevant Digital & Information Department(s) will be listed on the Digital & Information Catalogue.
• Appropriate approval from the relevant Team(s) within Digital & Information is required for any products or services not included in the Digital & Information Catalogue and should be obtained prior to placing an order.
• Purchasing will be sufficiently flexible to allow rapid response to operational requirements and to enable the organisation to take advantage of business opportunities arising from emerging Digital Solutions.

5.  RISK MANAGEMENT

Statement

5.1.1 It is the responsibility of the Line Manager to ensure this policy is deployed within their area of responsibility.

5.1.2 Failure to follow this policy when purchasing Digital Solutions may lead to the solution purchased not being authorised for use within NHS Fife or additional cost being incurred for the running and operating of the Digital Solution(s). This could occur if the solution is not compatible with the existing technical, information governance, information security and records management standards or does not comply with official Government Buying Standards (GBS) for public sector organisations.

5.1.3 If any such purchase is subsequently approved for implementation, this will not be prioritised over planned endeavours unless appropriately signed off as required to support an urgent organisational response or shift in strategic priority i.e., Pandemic response.

5.2 Potential Breaches

5.2.1 These steps should be followed on discovery of a potential breach of the Digital Solutions Procurement Policy i.e., someone has attempted or considered committing to the purchase of a Digital Solution out with due process as outlined in this policy:

• The discoverer should log a call with Digital & Information via the IT Service Desk portal providing as much detail as is available about the potential breach.
• This call should be assigned to the IT Procurement team.
• The IT Procurement team will follow up with the person attempting or considering the purchase to make them aware of this policy and the relevant procedure to follow.

5.2.2 If the correct procedure is followed from this point, then no further action need be taken. If the correct procedure is not followed, or the purchase has already been made, this would be an actual breach, in which case section 5.3. would apply.

5.3 Actual Breaches

5.3.1 These steps should be followed on discovery of an actual breach of the Digital Solutions Procurement Policy i.e., commitment to the purchase of a Digital Solution has been made out with due process as outlined in the policy:

• The discoverer should log a call with Digital & Information via the IT Service Desk portal providing as much detail as is available about the breach.
• This call should be assigned to the IT Procurement team.
• The IT Procurement team should escalate this call for the attention of the Business Manager (BM) for Purchasing, Supply & Installation.
• The BM will attempt to contact the person who has made the purchase to:
  • Obtain as much information as possible about the purchase
  • Obtain any documentation relating to the purchase
  • Advise them of the breach and the subsequent reporting actions to be taken.
• The BM will complete an Incident Reporting form via Datix and assign to the Director of Digital & Information as the Approver.
• The Digital & Information team will assess the solution and determine if there is a potential governance or security risk to the organisation and may remove or block access to the network or cloud operated item until the assurance is provided.
• Upon receiving the Incident Report, the Director of Digital & Information will follow this up with the Director of the Department who has purchased with a request for action/assurance as appropriate to ensure there are no future breaches.
• The investigation may result in action being taken under other policies.
• The Director of Finance should be informed of:
  • any breach referred to Counter Fraud Services.
  • repeated breaches by the same Directorate.
  • Items which have been purchased out with the NHS Fife Financial Operating Procedures.
• Managers or staff who fail to comply with the guidance detailed in this policy could be subject, following full investigation, to disciplinary action

6.  RELATED DOCUMENTS

NHS Fife Financial Operating Procedures

Digital & Information Request Forms

Equipment Request Form

NHS Fife Digital & Information Security Policies

Appendix 1 - Glossary of Terms

Appendix 2 – Approval Routes Based on Purchase Value