Tech News : 1.5 Million Seat NHS IT Support Deal

Microsoft and NHS England have announced the signing of new five-year contract whereby Microsoft (via a major reseller) will roll out the Microsoft 365 cloud-based online productivity suite to 1.5 million NHS staff.

Trusted Relationship Continues 

Coinciding with the 75th Anniversary of the NHS, Microsoft says the partnership, through a contract awarded to the reseller, will see it supply digital solutions – Microsoft’s 365 suite and security tools – to NHS organisations all over the country. The contract is believed to be worth £775 million (£930 million with VAT), is seen as the next step in a “trusted relationship” over decades.

Improving Collaboration, & Modernising 

The reseller which described the deal as “money saving” says that it will mean that NHS workers (doctors, nurses, clinicians, and support staff) will now be able to benefit from the full suite of Microsoft 365 workplace productivity apps, which will make collaboration easier and maximise time for care.

The reseller’s managing director said the deal will with NHS England will provide: “A platform for future innovation in healthcare”, and that the five-year contract “highlights the breadth and depth of skills [they] bring in managing, advising, and supporting the NHS to utilise secure cloud platforms, analytics, and apps”. 

Clare Barclay, Chief Executive Officer, Microsoft UK, said: “This agreement will ensure that NHS organisations can deliver efficiency, reform ways of working through collaboration tools and build resilience through a modern, secure cloud-based infrastructure”. 

Money Saving 

The money saving aspect of the deployment contract comes from negotiating one single, national NHS contract rather than, as in the past, negotiating separate software licences with different prices with each individual healthcare trust. John Quinn, Chief Information Officer at NHS England said the new contract is “a further great example of the NHS using our collective buying power to secure market-leading products at a reduced cost for taxpayers”. 

That said, the contract was only signed after £8m had been spent on emergency one-month extensions to previous arrangements.

Follows The Teams National Deal In 2020 

This new national deal follows the first national deal in March 2020 whereby the Microsoft Teams app was made available to all NHS staff, saving users an estimated 17 million hours of time by being able to have virtual meetings.

What Does This Mean For Your Business? 

For NHS England, the collective deal with an already familiar major Microsoft re-seller is a way of building on the success of the previous 2020 deal, moving more to the cloud, and improving the type of collaborative working that the NHS needs. Also, the deal brings modernisation, scope for innovation, and the kind of updated security that the NHS needs – health organisations with outdated security have been targets for cyber criminals in recent years. For the reseller, a near billion-pound new deal with a massive existing client is clearly good news and brings the security of continuing close relationship. For Microsoft, already dominant in this area, it’s another high-profile endorsement of its products that’s bought good publicity and enhanced an already profitable relationship through its resellers. With the NHS once more known to be the biggest purchaser of fax machines, this deal marks another big step towards modernisation of the tech aspects of its operation that could benefit all stakeholders.

Tech News : 20 NHS Trusts Shared Personal Data With Facebook

An Observer investigation has reported uncovering evidence that 20 NHS Trusts have been collecting data about patients’ medical conditions and sharing it with Facebook.

Using A Covert Tracking Tool 

The newspaper’s investigation found that over several years, the trusts have been using the Meta Pixel analytics tool to collect patient browsing data on their websites. The kind of data collected includes page views, buttons clicked, and keywords searched. This data can be matched with IP address and Facebook accounts to identify individuals and reveal their personal medical details.

Sharing this collected personal data, albeit unknowingly, with Facebook’s parent company without the consent of NHS Trust website users and, therefore, illegally (data protection/GDPR) is a breach of privacy rights.

Meta Pixel 

The Meta Pixel analytics tool is a piece of code which enables website owners to track visitor activities on their website, helps identify Facebook and Instagram users and see how they interacted with the content on your website. This information can then be used for targeted advertising.

17 Have Now Removed It 

It’s been reported that since the details of the newspaper’s investigation were made public, 17 of the 20 NHS trusts identified as using the Meta Pixel tool have now removed it from their website, with 8 of those trusts issuing an apology.

The UK’s Infromation Commissioner’s Office (ICO) is now reported to have begun an investigation into the activities of the trust.


Under the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), organisations processing personal data must obtain lawful grounds for processing, which typically includes obtaining user consent. Personal data is any information that can directly or indirectly identify an individual.

An NHS trust using an analytics tool like Meta Pixel on their website to collect and share personal data without obtaining user consent, could potentially be illegal and both the NHS trust and the analytics tool provider (Meta) have responsibilities under data protection laws.

The GDPR and the UK Data Protection Act require organisations to provide transparent information to individuals about the collection and use of their personal data, including the purposes of processing and any third parties with whom the data is shared. Individuals must be given the opportunity to provide informed consent before their personal data is collected, unless another lawful basis for processing applies.

What Does This Mean For Your Business? 

The recent revelation that 20 NHS Trusts have been collecting and sharing personal data with Facebook through the use of the Meta Pixel analytics tool raises important lessons for businesses regarding their data protection practices. The Trusts’ actions, conducted without user consent, appear to represent a breach of privacy rights and potentially violate data protection laws, including the UK Data Protection Act 2018 and GDPR.

The Meta Pixel analytics tool, although widely used as an advertising effectiveness measurement tool, can have unintended consequences when it comes to personal data, such as medical data, and data privacy. The amount of information shared through this tool is often underestimated, and the implications for the NHS trusts could be severe. As several online commentators have pointed out, the trusts may have known little about how the Meta Pixel tool works and, therefore, collected, and shared user data unwittingly, however ignorance is unlikely to stand up as an excuse.

It is, of course encouraging that in response to the investigation, 17 out of the 20 identified NHS Trusts have at least removed the Meta Pixel tool from their websites, with some going on to issue apologies. To avoid similar privacy breaches and maintain the trust of customers, businesses should take immediate action.

Examples of how businesses could ensure their data protection compliance as regards their website and any tools used could include establishing a cross-functional data protection team with members from legal, technology, and marketing, and with the support of senior management. They could also conduct a thorough analysis of all data collected and transferred by websites and apps and identify the data necessary for their operations and ensure that legal grounds (such as consent) are in place for collecting and processing that data. For most smaller businesses it’s a case of remembering to stay on top of data protection matters, check what any tools are collecting and keep the importance of consent top-of-mind.

The implications for Meta of the newspaper’s report and the impending ICO investigation are significant as well. The incident highlights the need for greater transparency and understanding of the tools and services offered by companies like Meta, especially when it comes to sensitive topics and personal data. Privacy concerns arise when information from browsing habits is shared with social media platforms. Meta must address these concerns and ensure that the data collected through its tools is handled in accordance with data protection laws and user consent.

Overall, this case emphasises the importance of data protection compliance, informed consent, and transparency in the handling of personal data. Businesses must prioritise privacy and data security to maintain customer trust and avoid legal consequences.