NHS Scotland “cannot afford to drop the pace” of digital transformation as it emerges from the pandemic, according to a former health tech boss.

Deryck Mitchelson, who stepped down from his role as director of national digital and chief information security officer (CISO) at NHS National Services Scotland (NSS) in January, believes that Covid has delivered an “amazing platform to now kick forward digitally”.

The new field CISO and C-Suite advisor at leading global cybersecurity firm Check Point Software, says the health service must continue to be “brave and bold” in its approach to digital.

His comments come after he led a team of 400 staff at NSS to deliver major technological solutions to the virus – including the national vaccination scheduling portal, and the apps for contact tracing, ‘check in’, and the Covid passport.

Speaking about the future of innovation in the NHS, Mitchelson, says: “I would hate to see us slowing down, the investment money slowing down, and everything starting to go to more committees to actually get agreements – ‘Can we do something? What’s the right strategy? What’s the delivery plan?’

“I understand the importance of making sure that we fully engage with everyone around the ethics of what we’re doing and the Information Commissioner’s Office around how we protect everything. These conversations are all absolutely fine, but I think we need to continue at the same pace that we’ve been doing.

“I get that it’s very risk adverse, because it’s patients’ lives and it’s patients’ information that is at the back of all this. But I think Covid has shown that you can do both – you can innovate, you can go at pace, you can take risks – but you can still keep everyone in Scotland safe and deliver great services.”

Mitchelson, who joined the NHS in August 2018, would like to see the technologies put in place by NSS during the pandemic expanded to create a “digital front door” to the health service.

The digital front door is one of the key aims outlined in the Scottish Government’s refreshed digital health and care strategy.

The idea is to create “a safe, simple and secure digital app” which will allow people to navigate their way through services, supporting them to access information and services directly, and access and contribute to their own health and care information.

The new service will be built on a “common approach” to online identity, where personal data is controlled by the individual and people are able to authenticate their identity.

Mitchelson says: “My hope for the NHS is that they do truly embrace what we’ve got, because what’s been built for Covid has been built very well. It hasn’t been thrown together.

“We haven’t cut corners. We’ve actually properly implemented enterprise grade solutions that could sit at the heart of health and care and sit at the heart of our digital pathways for providing services.

“We’ve done things very quickly by buying systems and services, and by deploying through agile methods

“We’ve got to start building that technology out, for example, as a digital front door, and not start building alternative front doors and suddenly having to then start switching off pieces of technology that we’ve actually built.”

He adds: “It’s just making sure that we’re now brave enough and bold enough to build upon that and actually say, ‘Yes, these are the technologies that we’re going to use for the future’.”

But how would this work in practice? He uses the National Vaccination Scheduling Service (NVSS) developed by NSS as an example. The platform, which was originally designed to allow users to reschedule their vaccination appointment, has been continuously improved throughout the pandemic.

People can now use it to book a vaccination appointment rather than just reschedule. They can also view their full Covid vaccination history.

But Mitchelson believes “much more” could be done. “We’ve got 4.5 million people that are signed up to use that service. And it is what we call API driven – so it’s all open standards, meaning it’s very easy to add services behind that.”

API – application programming interface – is a tool set that helps programmers to create software.

Mitchelson paints a – for now – hypothetical picture: “It could do any appointing, because an appointment is an appointment. It doesn’t matter if you’re trying to get appointment with a GP or an appointment with your local hospital.

“So we could start to expand that out. We could iterate, we could add small services on the back of it. And given that you’re able to see your vaccination record, it would be very easy to actually add to that so you could see things like test results, and other parts of your medical record.

“I suspect we could do some of these things within a small number of months – not years.”

He adds: “I would then look to tighten up the verification for these services, so I would use the identity service that we bought for the Covid status app, and plug that into the vaccination scheduling portal as well.”

The Covid status app, which provides a digital record of users’ vaccination status, was developed by Danish IT firm Netcompany last June, who built in a verification identification service at NSS’ request.

But Mitchelson is disappointed by what he sees as a lack of ambition displayed by Scotland’s health chief Humza Yousaf.

He says: “A lot gets said around the work that was done with the Near Me video consultation service, but I’d want to go much further than that. I’m not convinced that the cabinet secretary for health is bold enough with his vision of digital.

“That’s a great piece of innovation to be able to do that using a web browser – but you know, let’s be honest, we’ve been using FaceTime on mobile phones for years and years since the iPhone came out – and suddenly, you can do a video consultation.”

He would like to see the virtual appointment connected to one of the new “digital front door portals”,  allowing people to speak to their GP or consultant remotely and manage all of their health and care pathways in the same place.

“And then behind there, you can have things like your information, the ability to look up certain conditions, get access to leaflets, advice, physiotherapy, test results etc.”

With too many ideas for the future of health tech to include in this article – Mitchelson’s passion for the role he held is clear. Why did he decide to leave?

He says: “It’s been absolutely fantastic working for National Services Scotland – they’re probably the most caring employer I’ve ever worked for, and an employer that’s given me space to go and innovate and deliver and succeed and transform, without being micromanaged or having to take much in the way of direction.”

But, he says: “I’d always intended on coming in for three to four years to try to deliver quite a lot of transformational change, and then probably head back into industry, so it felt like the right time.”

Before joining NSS, Mitchelson was CISO at global research and consultancy business Wood Mackenzie. In previous roles, he led the delivery of IT solutions at the Scottish Prison Service and publishing company DC Thomson.

“On top of that,” he says. “I did have a health issue last year.” He was forced to take some time off work in October following a bike accident which led to broken ribs, a depressed lung, pneumonia and two visits to the hospital.

Fully recovered now, with a renewed appreciation for the health service, he adds: “I was keen to get back into the daily hustle and grind of working in the private sector. And I’m absolutely certain that Check Point will get a lot of blood, sweat and tears from me.”

It comes as no surprise to learn that Mitchelson was in high demand, considering various cloud-based roles in global companies last summer. But it was Check Point – headquartered in Tel Aviv, Israel with more than 5,200 staff worldwide – which won him over with its cyber credentials.

He says: “Security has always been something that’s been part of my DNA. So very much when I started thinking about what I wanted to do next, I decided, you know what? At the moment, security is probably one of the most important things that sits across everything we do.

“It’s got such a big impact. We’ve seen that across the NHS, in the three years that I’ve been in here. And not a day goes by that I don’t see something else where there is a security impact or security compromise or a security breach.

“So, being able to give back across a wide variety of organisations with the expertise that Check Point has was very much the draw.”

From his home in rural Angus, Mitchelson will be working alongside a handful of CISOs from around the world and reporting to a vice president based in Munich. He is hopeful that the English language will suffice. “If they try and get into anything more than that, or I guess a small amount of French or German, I’ll probably struggle,” he laughs.

As Scotland prepares to drop all legal restrictions and officially “live with Covid” from 21 March, Mitchelson is excited to see the NHS embark on a new kind of digital journey.

“The resources we’ve got that have been working on the Covid digital response can now start to work on our health and care digitalisation and transformation,” he says. “And that’s what’s needed.”