Information requested
I am writing to request information under freedom of information legislation, regarding your organisation's use of artificial intelligence (AI) technology/technologies.
I would be grateful if you could provide the following detail:
AI Systems in use
A list of tools, platforms or systems currently deployed or being piloted/trialled.
The purpose and function of each of the above.
The departments or services where these are operational.
Procurement and development
Details of any contracts, tenders or partnerships with external providers for AI solutions.
Total expenditure on AI related technologies over the past three financial years, broken down by year.
Governance and Ethical Oversight
Copies of, or information relating to, any internal policies, frameworks or guidance documents relating to the use of AI.
Any ethical review processes or risk assessments conducted prior to deployment.
Details of any group responsible for the oversight of AI use within your organisation.
Impact on Workforce
Any assessments, reports or internal communications regarding the impact of AI on staffing levels, job roles or workforce planning (including recruitment, redundancy).
Information on any roles that have been automated, restructured or made redundant due to AI implementation.
Details of any training, redeployment or upskilling initiatives offered to staff in response to the adoption of AI.
Any consultations with trade unions or staff representatives regarding AI-related changes.
Performance and Evaluation
Evaluations, audits or performance reviews of AI systems, as referenced in section 1.
Evidence of how AI systems have affected service delivery, decision-making or operational efficiency.
Data protection and privacy
Types of data used to train or operate AI systems, including whether this data is synthetic or not.
Measures in place to ensure compliance with data protection legislation, including the DPA 2018 and UK GDPR.
Procedures for handling bias, transparency and accountability in AI decision-making.
NHSCFA response
1) AI Systems in use
A list of tools, platforms or systems currently deployed or being piloted/trialled.
- Copilot 365
- various cyber security tools e.g. MS Defender.
The purpose and function of each of the above.
- General business use
- Cyber risk reduction
The departments or services where these are operational.
All members of staff in all business areas.
2) Procurement and development
Details of any contracts, tenders or partnerships with external providers for AI solutions.
CSP supplied licenses for Copilot 365
Total expenditure on AI related technologies over the past three financial years, broken down by year.
2022-3 - Nil
2023-4 - Nil
2024-5 – 20k
3) Governance and Ethical Oversight
Copies of, or information relating to, any internal policies, frameworks or guidance documents relating to the use of AI.
An Acceptable Use Policy is currently in development to include use of AI. The document is intended for future publication. Under Section 22(1) of the Act the Authority is not required to communicate the information held in relation to this. The full wording to this exemption is included in Annex A of this letter.
Any ethical review processes or risk assessments conducted prior to deployment.
In development.
The AI Ethics policy is currently under review by the Authority. The document is intended for future publication. Under Section 22(1) of the Act the Authority is not required to communicate the information held in relation to this. The full wording to this exemption is included in Annex A of this letter.
Details of any group responsible for the oversight of AI use within your organisation.
An AI Working Group is in place with Board Director and Senior Management membership and sponsorship. Specialists in AI e.g. Data Scientists.
4) Impact on Workforce
Any assessments, reports or internal communications regarding the impact of AI on staffing levels, job roles or workforce planning (including recruitment, redundancy).
The information is not held. The introduction of AI is anticipated to have efficiency benefits. Any impact on workforce planning will be assessed in due course.
Information on any roles that have been automated, restructured or made redundant due to AI implementation.
The information is not held
Details of any training, redeployment or upskilling initiatives offered to staff in response to the adoption of AI.
The Copilot training to be made available to all staff
Any consultations with trade unions or staff representatives regarding AI-related changes.
No consultations are in progress.
5) Performance and Evaluation
Evaluations, audits or performance reviews of AI systems, as referenced in section.
No evaluations, audits or performance review are held. The Copilot 365 project is in deployment stage.
Evidence of how AI systems have affected service delivery, decision-making or operational efficiency.
The information is not held.
6) Data protection and privacy
Types of data used to train or operate AI systems, including whether this data is synthetic or not.
Internal data only for Copilot 365.
Measures in place to ensure compliance with data protection legislation, including the DPA 2018 and UK GDPR.
The NHS Counter Fraud Authority publishes policies for data protection compliance on its website:
Corporate publications | About | NHSCFA
A Data Protection Impact Assessment is currently in progress. This document is intended for future publication. Under Section 22(1) of the Act the Authority is not required to communicate information held in relation to this. The full wording to this exemption is included in Annex A of this response.
Procedures for handling bias, transparency and accountability in AI decision-making.