A digital update shared in Black Country Healthcare’s September board meeting has outlined progress made around digital objectives, reflections from the trust’s digital maturity assessment, cyber security, and current uses of emerging tech including AI and ambient voice.
Digital Maturity Assessment
The trust’s annual Digital Maturity Assessment (DMA) demonstrates “iterative improvement year on year” with investments leading to “good impact”, according to the board, even with two-year investments such as EPMA yet to be fully implemented. Work has been undertaken to improve network resilience and reduce technical debt, as well as to focus on clinical safety, digitise observations, and enhance digital leadership. A “significant jump” in maturity is expected from the 2026 DMA, when investments in bed management, patient portal, and EPMA are reflected, and there are further opportunities around electronic referrals, pathology messaging, and greater integration of AI.
“There are some elements of the DMA that we will not be able to achieve due to the limitations of our current system providers; for example we are unable to integrate our two EPR systems and so our score for EPR will always be capped at 3,” the board states. “We remain the least digitally mature organisation within the ICB overall, alongside West Midlands Ambulance. The inconsistent adoption and utilisation of our RiO EPR is causing delays, inefficiencies, increased admin and sub-optimal outcomes.”
Cyber security
Over the last quarter, Black Country Healthcare reports experiencing “a four-fold increase” in attempted cyber breaches, sharing network defence metrics showing 1,236 malicious attempts blocked, 1,684 detected, with 73 percent blocked at the perimeter. “Stringent” patch management and access control processes are in place, and cyber security awareness is embedded within staff training, with the trust engaging in exercises to support staff in spotting malware threats and maintaining responsible credential management. Multi-Factor Authentication (MFA) coverage is at 99 percent for NHS Connect (365) and supplier accounts, and 98 percent of endpoints are protected, with backup and recovery processes in place.
Work on awareness has included cyber security campaigns and penetration testing, which reportedly identified 37 “actionable findings”, offering opportunities to improve internal skills. A phishing simulation was conducted in March 2025, with the trust highlighting that the rate of users clicking phishing links and entering data “has dropped significantly compared to previous years, with a 97 percent reduction in data entry incidents”. A Security Information and Event Management solution has been introduced to improve real-time monitoring and detection of threats, and a Cloud Security Access Broker has resulted in improved monitoring of web, cloud, and AI activity.
Areas identified for improvement include shadow IT and AI, with Black Country noting risks around “the proliferation of unsanctioned applications and AI tools”. End-of-life systems, user awareness, patching and asset compliance, and supplier access and remote connectivity, are other upcoming areas of focus.
Artificial intelligence
A trust AI oversight committee has been established, with members including the associate director of performance improvement and planning, digital clinical officers from the clinical informatics team, the CCIO, and the head of cyber security; and chaired by the assistant director of safeguarding “to ensure it is user driven and led”. At present, the committee is reportedly monitoring ambient voice adoption and performance, and has recently produced a position statement and AI acceptable use policy. The trust has also introduced Trust Layer to monitor its AI usage, which shows ChatGPT used 27,383 times; Microsoft Copilot used 8,898 times; Canva used 2,533 times; and OpenAI used 1,126 times, over a 30-day period.
The board shares findings from its recent Copilot utilisation report, covering deployment to 235 users. It highlights use cases across transcription, summary generation, action log maintenance, and meeting minutes. For structured outputs including document summaries and newsletters, its use “can translate into savings of three to five hours”, it notes, with the most significant time savings of around five hours per week to be found by those managing multiple meeting transcriptions, repetitive documentation, and complex reporting tasks. Challenges are also listed, such as concerns about accuracy in transcripts, difficulties with crafting effective prompts, and limited integration with certain applications.
Copilot’s voice-based features have offered value in clinical environments, but a shortage of licenses means the trust cannot continue their use. “Given the clear productivity gains and positive feedback across multiple departments, it is recommended that the organisation increase the number of Microsoft 365 Copilot licenses,” the board states. “This is particularly important in clinical environments, where adoption has been hampered by license shortages despite evident demand and demonstrated benefits in speed, quality, and governance.”
The trust is also said to be “actively exploring” ambient voice solutions to support clinical workflows, and is in discussion with four suppliers with a view to initiating some six-month pilots. “As part of the supplier analysis and assessment process a 37 point checklist has been sent to prospective suppliers to allow like for like comparison,” the board states.
Other digital updates
Black Country Healthcare is aiming to remove Windows 10 devices from active infrastructure by October 2025, and has been deploying Windows 11 since January 2025. The trust’s single sign-on solution project is in its closing phase, having onboarded 4,800 users to date, reducing time spent on authentication and enhancing security. An integrated Smart Card solution has been deployed to ensure compliance with NHSE rules on access to electronic health records, with 4,650 virtual smart cards created so far. Work is underway with an external partner on Power BI dashboards, and a plan is being finalised to develop these for wider consumption across the trust.
Wider trend: digital progress and priorities from across the NHS
The NHS England board meeting this month discussed the need for consistency in digital delivery, an optimal operating model to balance local delivery with national standards, and noted the ongoing risks in digital, data, and technology, such as cyber threats and innovation uptake. Consistency in digital delivery was a theme emerging from the data, digital and technology committee, along with cyber security, which remains a “significant concern within and beyond the NHS”. The committee is working with the Department of Health and Social Care, focusing on developing the optimal operating model to balance local delivery with national standards, and discussing how to refine transition options for critical national systems.
In a letter to integrated care boards and NHS trusts, Sir James Mackey, chief executive officer at NHS England, has outlined expectations for providers on performance and finance for the year ahead, and how the 10 year health plan can be realised. Sir Mackey notes the particular focus on how “technology and digital solutions are going to be vital for longer term transformation and unlocking our productivity”, adding that “cutting back on investments in these areas to help with short-term challenges will undermine longer-term sustainability and improvement”.
A joint executive team has been announced across the Department of Health and Social Care and NHS England, to offer unified leadership as part of the transition to a single organisation. The joint executive team will help bring policy and delivery from both organisations together, managing directors from related work areas from 3 November 2025. Joint regional teams have also been established to focus on local delivery, improvement, and performance.
