HTN caught up with Matt Connor, group chief digital information officer for University Hospitals of Liverpool Group, consisting of Liverpool University Hospitals Trust and Liverpool Women’s and spanning multiple hospital sites. Matt shared insight into the importance of having a cohesive strategy for digital and his views on cyber security – the current threat landscape, priorities for the group, considerations to take around finances for cyber, and more.
Officially, the group was formed at the start of November, but in reality Matt has been working in the joint role since the start of February 2024, and took on the expanded role following five years as chief information officer for Liverpool Women’s.
The group way of working “offers a real opportunity to deliver digital at scale”, Matt reflected, whilst not losing sight of the collaboration taking place on a wider scale with local Liverpool trusts and beyond across Cheshire and Merseyside.
Digital priorities, and balancing innovation with operational needs
Matt highlighted the need to address ‘why’ digital innovations are needed and put in place, summarising: “We need to make life easier for our clinicians, regardless of what system they are using, and we need to remember that patients are always at the core of everything we do. We need to make it easier for them to engage with our services; and the complexity of the different systems across our different sites can make that really difficult. It can result in overly complex processes affecting patient care pathways, with patients having to tell their story more than once.”
“We cannot forget about getting the basics right, if we are to deliver effective digital innovation,” Matt continued. “If we can do things once and at scale, and get to a place where we reach a level of systems convergence and integration, then that will benefit both how we are able to deliver services to a high standard; but also provide a simplified digital and IT offer for our staff and patients alike.”
The “power of collaboration” is also a priority for the group; Matt shared the ambition to develop a single electronic patient record throughout Liverpool, with Liverpool University Hospitals Trust to be the first to implement that EPR in the group’s planned roadmap. Work is underway with NHS England to help this become reality, with the trust working closely with the national team.
In order to support staff in their roles and improve their experiences, the group will prioritise streamlining and simplifying where possible, with Matt acknowledging that whilst group working opens up plenty of benefits, it also brings challenges such as the use of multiple systems and duplicated governance procedures and policies.
“We need to optimise our time and resources so that we can make the most of what we have and make things more efficient for staff across both organisations,” he said. “This is particularly important when it comes to clinicians having a need to access different clinical systems – historically this has been extremely challenging, so we are working on a number of projects designed to improve IT access and simplify our standards across all the sites. We want aligned digital processes, and delivering a consistent reliable serviceand trying to unlock some of the benefits of collaboration between the two organisations.”
However, whilst simplifying is a core priority, Matt noted that it is important to take care that simplification does not take precedence over innovation, with too much focus on streamlining it may lead to missed opportunities to try something new. Here, he underscored the value of data and utilising business intelligence across both organisations as much as possible, to identify opportunities to improve patient outcomes across Liverpool and beyond.
Matt also emphasised the importance of having an engaged clinical workforce when it comes to innovation. “We really do rely on our strong clinical engagement network. We are lucky to have some really excellent clinical and nursing leaders within both organisations, and they help us to prioritise opportunities to innovate as they come along, because they can tell us what will be useful to staff. It’s a real team effort – it’s important to say that and to recognise it.”
Data at the heart of everything
Coming back to the topic of data, Matt reflected: “Data is at the heart of everything – it really reinforces why we do things, it measures our progress against an intended objective, it illustrates the benefits of an initiative or tool. Without data, it’s just a matter of perception, and that can be misleading at times.”
The biggest impact in this space has been seen when the group has “put data at the fingertips of those who really need it”, he continued. As an example, Matt highlighted that the group’s maternity assessment unit had a target indicating that 90 percent of patient triages should be completed within 15 minutes.
“The problem was, this data wasn’t in the hands of the clinicians and maternity staff, so it wasn’t being acted upon,” he said. “People were going about their daily business, doing their jobs and trying to achieve that, but without the oversight of where particular challenges lay when it came to meeting that target. We developed a real-time dashboard placed right in the centre of the department to help tackle this. It was interesting because at first, that dashboard was inaccurate. That was because the data in the system wasn’t always accurate – and that in turn was because the data hadn’t had this value placed on it before and staff are busy, so ensuring that data was inputted and correct wasn’t always prioritised.”
Having the dashboard in place “helped improve that, because staff could see the consequence and meaning of the data they inputted, and over time it had a real impact on the delivery of service. We are now exceeding that target and completing over 90 percent of maternity assessment triages within 15 minutes, consistently. The maternity team is rightfully very proud of that.”
As healthcare moves forward into exploring new ways of providing care, Matt added that population health data “is going to be so important. We need to be able to make the right decisions for our local communities with the funding that we’ve got, so that we can move away from being acute-focused and towards providing the right care in the right setting.”
Cyber security: optimising resources and building capabilities
Matt commented on the complexity of the current landscape when it comes to cyber security, acknowledging geo-political threats as well as the usual cyber threats that exist on a daily basis.
“If we are to be as successful as we can in reducing the risk and minimising the impact on patient services – because we can never truly eradicate that threat – we need to ask how we can make the best use of our resources. That includes staffing, knowledge and financial resource.”
If individual organisations all “go off and do their own thing”, there is a missed opportunity in Matt’s view. He pointed to the national NHS offer around cyber which includes a range of services from free on-site assessments to virtual perimeter security, stating that the resources are “really beneficial to strenhthening the cyber posture of organisations”.
From an ICS perspective, Liverpool has developed its cyber strategy aligned to the national strategy, with a view to making the best of what is already offered nationally and augmenting that to regional needs. “We know, for example, that third party supplier management is a key priority when it comes to cyber, particularly as we move into more cloud-hosted services,” Matt explained. “We are potentially being exposed to new risks in this way, risks we didn’t historically come into contact with. So there is an opportunity here to deliver some of that support at ICS level, and put in some principles around supplier managements. We can baseline where organisations within a footprint may have some commonality and provide economies of working together to address any gaps. We can also better understand risk, as we have a wider picture.”
In this way, the ICS focus on cyber security is very important in Matt’s view, and it comes down to having a clear strategy that organisations can align themselves to.
One programme the ICS has recently invested in, to support 14 trusts across the region, will see the introduction of a healthcare cybersecurity platform from supplier Cynerio. Matt noted this provides “comprehensive visibility into all networked devices across our ICS trusts” and forms part of investment in defences to better protect patient data, minimise vulnerabilities and reduce disruptions to care. Here, the platform is designed to offer continuous monitoring to detect and mitigate threats specific to medical and IoT devices within healthcare environments as well as real-time threat intelligence and automated response mechanisms, “helping us enhance our security posture” Matt added.
In Cheshire and Merseyside, the stance on cyber is that “you are only as strong as your weakest link”. Matt elaborated: “We live in an interconnected NHS world. I don’t think we should be focusing just on getting in tools and systems to solve problems, but rather focusing on developing some capabilities within the ICS to provide wrap-around support to local trusts, augmenting their own capabilities.”
Funding for cyber
Tying into this point, and picking up on the financial side of cyber, Matt noted that funding has typically been capital-fed, which tends to feed into plans to buy more tools. “We end up with a landscape of so many tools, increased complexity and not enough cyber staff to manage them; actually, what we need to do is develop the right capabilities so we can maximise with the resources that we’ve got. With this in mind, it would be more helpful if we had a revenue-based model that would allow us to build for the future.”
It’s not just for the national team to provide funding all the time, he pointed out. “Where we’ve got ICSs working on digital planning across a footprint, there needs to be a sustainable funding models that organisations buy into to allow a degree of centralised resource and capability within the ICS.”
Whilst on the topic of cyber funding, Matt considered how digital leaders can communicate the financial rationale between cyber security investments to colleagues who might not necessarily see the direct impact of the money spent.
“It’s about articulating the risk, and highlighting how it’s about clinical risk management ultimately,” he stated. “In particular, it’s key to have a strong route to the trust board, with strong cyber awareness and the risks articulated and understood at that level.”
Investment in digital tends to come hand-in-hand with a return on investment in terms of delivering perceived benefits, Matt said, whether that benefit is increased efficiency, quality, safety, or a financial benefit. “With cyber, it’s a bit different, because the purpose of cyber is to stop something from potentially happening. That’s why I think it’s a question of articulating that properly. You need to focus on the impact an attack could have on clinical services, and unfortunately the NHS has a number of examples from the past couple of years where clinical services have been significantly disrupted because of a successful cyber attack. Make sure you’ve got really robust cyber planning in place, that you can answer the ‘so what?’ question.”
Something else that can also be overlooked is “really emphasising the ‘secure by design’ principle when buying digital innovations”, Matt added. “When we buy new innovations, are we really considering the cyber requirements at an early stage?” As an example, he pointed out that where previously clinical systems have been hosted internally and locally across different organisations, healthcare is now moving towards convergence with a more centralised cloud-hosted offering capable of servicing the need of many organisations. “It’s good in many ways that this convergence is happening, but are we considering the cyber risk associated at every stage? If this centralised cloud solution is compromised through a cyber attack, the impact will be significantly greater than if an internally hosted solution was hit within one organisation.
Getting the most out of digital: advice for health leaders
When it comes to digital innovations and projects, there is a tendency to view go-live as the “defined outcome”, Matt reflected. “We staff and we fund for that period, based on a programme approach. But if we do that, we end up failing, because we don’t adopt and optimise those systems. When we put new systems in, we’ll get a lot right, but there will also be a lot that we need to shape as we move forwards. So it’s about being committed to digital as a way of life; seeing it as intrinsic and central to the things we do in terms of delivering care. We need to invest in sustainable digital teams for the long term.”
Matt also emphasised the need for collaboration along with the right to fail and try again. “It’s okay to make mistakes. It’s about being open and honest about where we could do things differently, do them better; learn from it.”
Leaders need to “stay true to the course, and see digital as a real enabler”, he concluded. “That means ongoing investment around staffing. That doesn’t just mean ‘digital’ staff, but all roles that have an important part to play in digital transformation moving forwards.”
Many thanks to Matt for taking the time to share his thoughts.
