Category Archives: e-health

Secrecy is one reason gov’t IT-based projects fail says MP

By Tony Collins

The BBC, in an article on its website about Fujitsu’s legal dispute with the Department of Health, quotes Richard Bacon MP who, as a member of the Public Accounts Committee, has asked countless civil servants about why their department’s IT-based change projects have not met expectations.

Bacon is co-author of a book on government failures, Conundrum, which has a chapter on the National Programme for IT [NPfIT] in the NHS.

In the BBC article Bacon is quoted as saying that the culture of secrecy surrounding IT-based projects is one of the main reasons they keep going so badly – and expensively – wrong.

He says it has been obvious to experts from an early stage that the NPfIT, which was launched by Tony Blair’s government, would be a “train wreck” because the contracts were signed “in an enormous hurry” and contained confidentiality clauses preventing contractors from speaking to the press.

He says the urge to cover things up means that “we never learn from our mistakes because there is learning curve, but when things go wrong with IT the response is to keep it quiet”.

Citing the example of air accident investigations, which are normally conducted in a spirit of openness so lessons can be learned, he says “It is the complete opposite in IT projects, where everyone keeps their heads down and goes hugger-mugger.”

Fujitsu versus Department of Health

Fujitsu sued the Department of Health for £700m after the company was ejected six years early [2008] from a 10-year £896m NPfIT contract signed in January 2004.  The case went to arbitration – and is still in arbitration, largely over the amount the government may be ordered to pay Fujitsu.  Bacon says the amount of the settlement will have to be disclosed.

“I don’t know how the government can honestly keep this number quiet. It simply cannot do it. It is not possible or sensible to keep it quiet when you are spending this much money,” says Bacon.

The BBC article quotes excerpts from a Campaign4Change blog

Government ‘loses £700m NHS IT dispute with Fujitsu’ – BBC News


Has Fujitsu won £700m NHS legal dispute?

By Tony Collins

The Telegraph reports unconfirmed rumours that Fujitsu has thrown a party at the Savoy to celebrate the successful end of its long-running dispute with the NHS over a failed £896m NPfIT contract.

Government officials are being coy about the settlement which implies that Fujitsu has indeed won its legal dispute with the Department of Health, at a potential cost to taxpayers of hundreds of millions of pounds.

Fujitsu sued the DH for £700m after it was ejected from its NPfIT contract to deliver the Cerner Millennium system to NHS trusts in the south of England.

At one point a former ambassador to Japan was said to have been involved in trying to broker an out-of-court settlement with Fujitsu at UK and global level.

But the final cost of the settlement is much higher than any figure agreed, for the Department of Health paid tens, possibly hundreds of millions of pounds, more than market prices for BT to take over from Fujitsu support for NHS trusts in the south of England. The DH paid BT £546m to take over from Fujitsu which triggered a minor Parliamentary inquiry.

A case that couldn’t go to court?

The FT reported in 2011 that Fujitsu and the Department of Health had been unable to resolve their dispute in arbitration and a court case was “almost inevitable”.

But the FT article did not take account of the fact that major government departments do not take large IT suppliers to an open courtroom. Though there have been many legal disputes between IT suppliers and Whitehall they have only once reached an open courtroom [HP versus National Air Traffic Services] – and the case collapsed hours before a senior civil servant was due to take the witness stand.

Nightmare for taxpayers

Now the Telegraph says:

“Unconfirmed reports circulating in the industry suggest that a long-running dispute over the Japan-based Fujitsu’s claim against the NHS for the cancellation of an £896 million contract has finally been settled – in favour of Fujitsu.”

It adds:

“Both Fujitsu and the Cabinet Office, which took over negotiations on the contract from the Department of Health, are refusing to comment. The case went to arbitration after the two sides failed to reach agreement on Fujitsu’s claim for £700 million compensation. Such a pay-out would be the biggest in the 60-year history of the NHS – and a nightmare for taxpayers.”

The government’s legal costs alone were £31.45m by the end of 2012 in the Fujitsu case.

Francis Maude, Cabinet Office minister, is likely to be aware that his officials will face Parliamentary criticisms for keeping quiet about the settlement. The Cabinet Office is supposed to be the home of open government.

Earlier this week the National Audit Office reported that Capgemini and Fujitsu are due to collect a combined profit of about £1.2bn from the “Aspire” outsourcing contract with HM Revenue and Customs.

Richard Bacon, a Conservative member of the Public Accounts Committee is quoted in the Telegraph as saying the settlement with Fujitsu has implications across the public sector. “It should be plain to anyone that we are witnessing systemic failure in the government’s ability to contract.”

What went wrong?

The Department of Health and Fujitsu signed a deal in January 2004 in good faith, but before either side had a clear idea of how difficult it would be to install arguably over-specified systems in hospitals where staff had little time to meet the demands of new technology.

Both sides later tried to renegotiate the contract but talks failed.

In 2008 Fujitsu Services withdrew from the talks because the terms set down by the health service were unaffordable, a director disclosed to MPs.

Fujitsu’s withdrawal prompted the Department of Health to terminate the company’s contract under the NHS’s National Programme for IT (NPfIT).

Fujitsu’s direct losses on the contract at that time – which was in part for the supply and installation of the Cerner “Millennium” system – were understood to be about £340m.

At a hearing of the Public Accounts Committee into the NPfIT,  Peter Hutchinson, Fujitsu’s then group director for UK public services, said that his company had been willing to continue with its original NPfIT contract – even when talks over the contract “re-set” had failed.

“We withdrew from the re-set negotiations. We were still perfectly willing and able to deliver to the original contract,” he said.

Asked by committee MP Richard Bacon why Fujitsu had withdrawn Hutchinson said, “We had tried for a very long period of time to re-set the contract to match what everybody agreed was what the NHS really needed in terms of the contractual format.

“In the end the terms the NHS were willing to agree to we could not have afforded. Whilst we have been very committed to this programme and have put a lot of our time, energy and money behind it we have other stakeholders we have to worry about including our shareholders, our pension funds, our pensioners and the staff who work in the company. There was a limit beyond which we could not go.”

The termination of Fujitsu’s contract left the NHS with a “gaping hole,” said the then chairman of the Public Accounts Committee Edward Leigh.

Thank you to campaigner Dave Orr for drawing my attention to the Telegraph article.


In an era on open government it is probably not right for officials and ministers at the Cabinet Office and the Department of Heath to be allowed to secretly plunge their hands into public coffers to pay Fujitsu for a massive failure that officialdom is too embarrassed to talk about.

Why did the DH in 2008 end Fujitsu’s contract rather than renegotiate its own unrealistic gold-plated contract specifications? Should those who ended the contract be held accountable today for the settlement?

The answer is nobody is accountable in part because the terms of the dispute aren’t known. Nobody knows each side’s arguments. Nobody even knows for certain who has won and who has lost. Possibly the government has paid out hundreds of millions of pounds to Fujitsu on the quiet, for no benefit to taxpayers.

Is this in the spirit of government of the people, by the people, for the people?

Medication errors 6 months after “admin” system goes live

By Tony Collins

When Croydon Health Services NHS Trust went live with Cerner Millennium in October 2013 a spokesman told eHealth Insider:

“The new system will give everyone working at the trust better access to information and an accurate picture of what all of our services are doing. This will allow staff to make quicker, more informed decisions about the care patients need. It will improve the quality, safety and efficiency of care.”

The go-live has indeed brought some benefits. The trust says these include more efficient management of medicines, more detailed patient information being conveyed between shifts and departments, and better management of beds.

But earlier this week Campaign4Change reported on some of the problems associated with the go-live including 50,000 patients on the trust’s waiting list and a “serious incident” declared over diagnostic waits including extended waits for patients with suspected cancer.

Said the trust’s Audit Committee in March 2014 – 6 months after the go-live of the Cerner Millennium Care Records Service [CRS] :

“CRS Millennium Lessons Learned

“KB [COO and Deputy Chief Executive] outlined the context in which the implementation of CRS had taken place from the time the Business case had been approved in 2010 to the commencement of deployment in January 2011 and its subsequent implementation to date.

“She noted the 7 official “go live” dates which were reflected in the lessons learned report many of which fell during a period of organisational change.

“She noted that the deployment in CHS [Croydon Health Services NHS Trust] had been the most comprehensive deployment to take place nationally.

“It was noted that Programme Team had considered the lessons learned from other [NPfIT] Care Records Service deployments as part of the implementation programme at CHS and that there was no evidence of harm to patients despite the challenges around delivery of service.

” However significant operational challenges were experienced and a deep dive into the implementation of CRS was carried out and the findings submitted to the Finance & Performance Committee and the Trust Development Authority.

“In relation to ‘no harm to patients’ SC [Chairman] asked what empirical evidence there was to support the findings of the Deep Dive.

“KB explained from October 2013 to date there were 50,000 patients on the waiting list, but a patient validation exercise had taken place which had confirmed that no patients had come to any harm.

“The potential backlog would be cleared by the end of March but in the meantime those patients on waiting lists would be subject to a further clinical review to ensure that there was no harm.”

In fact the trust is still working through the backlogs; and long waiting times are not the only matters arising from the Cerner Millennium implementation. A medication safety report for the month of March 2004 highlights these lessons:

“The patient was prescribed Furosemide for acute pulmonary oedema on 12/03/2014. The drug was not administered and the reason not documented. On review of the incident, it was identified that there was a mis-communication between both nurses and the fact that they have started using a new computer system had caused confusion which led to the error. Once error identified the dose was given and ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system…

“Third incident was a failure to administer fluids (Normal Saline) in an acute kidney injury patient with an admission creatinine of greater than 700. Again there was confusion with the electronic prescribing system and the nurse thought that patient did not have a drug chart as the electronic prescribing system had gone live whereas in fact there was a paper drug chart for the fluid. The position of the venflon on the patient arm also contributed to the delay. Once error identified the fluids were given but were not running to time and patient improved. Ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system and staff were also briefed about poor documentation of the incident…

“Fourth incident occurred involved a patient prescribed ACS protocol for NSTEMI, Positive trop T. The aspirin 300mg, clopidogrel 300mg and fondaparinux 2.5mg were not administered and not signed for. Omission of medicines was discussed with doctor looking after the patient and the patient did not come to any harm. Omission occurred as agency staff did not know how to use CRS Millennium. On review of incident all staff were briefed on importance of patients being administered medicines on time and in particular a discussion took place between agency staff and for agency staff to have adequate CRS Millennium training. There are champion users nurses on wards who are able to train Agency staff.


Cerner Millennium is provided to the trust under a national contract hosted by the Department of Health and managed via a Local Service Provider (LSP) contract with BT. The contract covers trusts in London and the south of England.

The DH contract expires on 31st October 2015 after which point the DH will no longer fund any of the services currently hosted by them. This includes both the software and licencing costs for Cerner Millennium as well as the BT data storage facilities and other costs.

The DH requires all trusts with Cerner under the NPfIT to commit to an exit strategy before 31st October 2015.


Is Cerner Millennium merely an administrative system as officials at Croydon Health Services NHS Trust claim it is?  The implication is, with an administrative system, that it cannot be involved in any harm to patients. Officials at Connecting for Health when they ran the NPfIT used to describe Cerner Millennium as an administrative system.

It is the deployment of this “admin” system at Croydon that is implicated in medication errors, a waiting list of 50,000 people, and long waits for diagnostic tests for people with suspected cancer.

If Whitehall and NHS officials cannot see the system as other than administrative, this is a mistake that may help to explain why a poor service for patients, which sometimes has serious potential clinical implications,  is so commonplace, even months after go-live.

50,000 on waiting list and cancer test delays after NPfIT go-live

CEO and CIO resign after troubled EHR go-live

By Tony Collins

At the foot of the Blue Ridge Mountains, Georgia, in America’s deep south, about 70 miles from Atlanta, is Athens .

It was named at the turn of the 19th century to associate its university with Aristotle and Plato’s academy in Greece. It is home to the Athens Regional Medical Centre, one of the USA’s top hospitals.

There on 4 May 2014 the Centre went live with what it described as the most meaningful and largest scale information technology system in its 95-year history – a Cerner EHR implementation.

Now the Centre’s CEO James Thaw and CIO Gretchen Tegethoff have resigned. The Centre’s implementation of the electronic health record system seems to have been no more or less successful than at UK hospitals.

The main difference is that more than a dozen doctors complained in a letter to Thaw and Tegethoff.  A doctor leaked their letter to the local paper.

“Medication errors”

The letter said the timescales to install the Cerner EHR system were too “aggressive” and there was a “lack of readiness” among the intended users. They called the system cumbersome.

The letter referred to “medication errors … orders being lost or overlooked … (emergency department) and patients leaving after long waits”. An inpatient wasn’t seen by a physician for five days.

“The Cerner implementation has driven some physicians to drop their active staff privileges at ARMC [Athens Regional Medical Centre],” said the letter. “This has placed an additional burden on the hospitalists, who are already overwhelmed. Other physicians are directing their patients to St. Mary’s (an entirely separate local hospital) for outpatient studies, (emergency room) care, admissions and surgical procedures. … Efforts to rebuild the relationships with patients and physicians (needs) to begin immediately.”

The boldness of the letter has won praise in parts of the wider American health IT community.

It was signed by the centre’s most senior medical representatives: Carolann Eisenhart, president of the medical staff; Joseph T. Johnson, vice president of the medical staff; David M. Sailers, surgery department chair; and, Robert D. Sinyard, medicine department chair.

A doctor who provided the letter to the Athens Banner-Herald refused a request to openly discuss the issues with the computer system and asked to remain anonymous at the urging of his colleagues.

Swift action

One report said that at a meeting of medical staff 200 doctors were “solid in their vote of no confidence in the present hospital administration.”

Last week Thaw wrote in an email to staff: “From the moment our physician leadership expressed concern about the Cerner I.T. conversion process on May 15, we took swift action and significant progress has been made toward resolving the issues raised … Providing outstanding patient care is first and foremost in our minds at Athens Regional, and we have dedicated staff throughout the hospital to make sure the system is functioning as smoothly as possible through this transition.”

UK implications?

The problems at the Athens centre raise questions about whether problematic Cerner installations in the NHS should have consequences for CEOs.  Health IT specialists say that, done well, EHR implementations can improve the chances of a successful recovery. Done badly an EHR implementation can harm patients and contribute to death.

The most recent installations of Cerner in the NHS, at Imperial College Healthcare NHS Trust and Croydon Health Services NHS Trust, follow the pattern of other Cerner EHR go-lives in the NHS where there have been hints of problems but the trusts are refusing to publish a picture of how patients are being affected.

What has gone wrong at Athens Regional?

IT staff, replying to the Banner-Herald’s article, have given informed views on what has gone wrong. It appears that the Athens Regional laid off about a third of the IT staff in February 2014, about three months before go-live.

Past project disasters have shown that organisations often need more, not fewer, IT staff, advisers and helpers, at the time of a major go-live.

A further problem is that there appears to have been little understanding or support among doctors for the changes they would need to make in their business practices to accommodate the new system.  Had the organisation done enough to persuade doctors and nurses of the benefits to them of changing their ways of working?

If clinicians do not support the need for change, they may focus unduly on what is wrong with the new system. An organisation that is inherently secretive and resentful of constructive criticism will further alienate doctors and nurses.

Doctors who fully support an EHR implementation may find ways around problems, without complaining.

One comment on the Banner-Herald website says:

“While I have moved on from Athens Regional, I still have many friends and colleagues that are trying to work through this mess. Here is some information that has been reported to me…

“Medications, labs and diagnostic exams are not getting done in a timely manner or even missed all together. Some of this could be training issues and some system.

“Already over worked clinical staff are having to work many extra hours to get all the information in the system. This obviously takes away from patient care.

“Senior leadership tried to implement the system in half the amount of time that is usually required to do such things, with half the staff needed to do it. Why?

“Despite an environment of fear and intimidation the clinical staff involved with the project warned senior administration that the system was not ready to implement and posed a safety risk.

“I have ex-colleagues that know staff and directors that are involved with the project. They have made a valiant effort to make things right. Apparently an 80 to even a 100 hour work week has been the norm of late.

“Some questions that I have: where does the community hospital board stand with all this? Were they asking the questions that need to be asked? Why would the software company agree to do such a tight timeline? Shouldn’t they have to answer some questions as well?”

“Hopefully, this newspaper will continue to investigate what has happened here and not cave to an institution that spends a lot of money on frequent giant full page ads.

“Please remember there are still good people (staff, managers and administrators) that work at ARMC and I am sure they care about the community they serve and will make sure they provide great patient care.”

“The last three weeks have been very challenging for our physicians, nurses, and staff,” said Athens Regional Foundation Vice President Tammy Gilland. “Parts of the system are working well while others are not. The medical staff leadership has been active in relaying their concerns to the administration and the administration has taken these concerns very seriously. Maintaining the highest quality of patient care has always been the guiding principle of Athens Regional Health System.”

Keeping quiet

NHS trusts go quiet about the effect on patients of EHR implementations despite calls by Robert Francis QC and health secretary Jeremy Hunt for openness when things go wrong.

Imperial College Healthcare NHS Trust, which comprises St Mary’s Paddington, Hammersmith Hospital, Charing Cross Hospital, Queen Charlotte’s and Chelsea Hospital, and Western Eye hospital in Marylebone Road, went live with Cerner– but its managers and CEO are refusing to say what effect the system is having on patients.

An FOI request by eHealth Insider elicited the fact that Imperial College Healthcare had 55 different consultants working on the Cerner Millennium project and 45 Trust staff. The internal budget for electronic patient record deployment was £14m.

Croydon Health Services NHS Trust, which comprises Croydon University Hospital (formerly Mayday) and the Purley War Memorial Hospital, went live with Cerner last year, also under BT’s direction.

The trust has been a little more forthcoming than Imperial about the administrative disruption, unforeseen extra  costs and effects on patients, but Croydon’s officials, like Imperial College Healthcare’s spokespeople,  refuse to give any specific answers to Campaign4Change’s questions on the Cerner implementation.


It was probably unfair of doctors at Athens Regional to judge the Cerner system so soon after go-live but their fierce reaction is a reminder that doctors exist to help patients, not spend time getting to grips with common-good IT systems.

Would an NHS CEO resign after a rebellion by UK doctors over a problematic EHR implementation? It’s highly unlikely – especially if trusts can stop news leaking out of the effects on patients. In the NHS that’s easy to do.

Athens Regional CEO resigns

A tragic outcome for Cerner Millennium implementation?

Athens Regional is addressing computer problems encountered by doctors

Athens Regional is addressing computer problems after patients put at risk

CEO forced out?


BT earns £1.3bn extra from “dismantled” NHS IT scheme

By Tony Collins

The Department of Health paid BT £1.3bn more from the “dismantled” NHS IT contracts than the company first expected.

In 2004 BT expected £2.1bn from its contracts under the NHS IT scheme, the National Programme for IT. In fact BT’s payments totalled  £3.4bn to March 2013, according to information contained in a DH letter to the Public Accounts Committee.  The DH’s letter has gone unpublicised until now.

The size of the payments to BT, in the light of financial pressures elsewhere in the NHS, indicate that Connecting for Health, and its successor the Health and Social Care Information Centre,  regard BT’s data spine, the N3 broadband network,  and Cerner and Rio patient administration systems as indispensable.

The Public Accounts Committee has described the NHS IT scheme, the NPfIT,  as a “failed” programme.

Though important parts of BT’s work on the scheme have been successful, a national care records service in which an individual’s electronic patient record can be accessed across  the NHS, hasn’t materialised.

A cut-down version, the Summary Care Record, exists but the NHS and MPs regarded the creation of a detailed national electronic patient record as the main reason for the National Programme for IT.

Despite the extra money  is delivering far fewer Cerner Millennium systems to London’s acute trusts than originally intended, and none of the GP systems.

Payments to BT

After BT won three NPfIT contracts in 2003, the company said in its annual report of 2004 that the deals would be worth a total of £2.1 billion. The NHS deals were among “some of the largest BT has ever won”, said BT’s  2004 annual report. 

Now the DH’s letter to the Public Accounts Committee shows the amounts paid under NPfIT contracts to March 2013: 

  • N3 broadband network  – £937.7 m [BT]. Original contract value £533m.
  • Spine (including Secondary Uses Service)   £1.083.8m [BT]. Original contract value £620m.
  • Core contracts for local clinical systems in London (London Programme for IT, formerly part of the NPfIT ) –  £865.9m [BT]. Original contract value £996m. BT is delivering to far fewer trusts than it originally envisaged.
  •  Core contracts for the south of England – £586.3m. [BT]. No payments were due to BT for the south of England in the original contracts. BT replaced Fujitsu as the local service provider in the south. The DH spent a total of 737.3m on NPfIT contracts in the south of England to March 2013 but of this £151m had been paid to Fujitsu. The Fujitsu NPfIT local service provider contract is the subject of a protracted legal dispute between the company and the DH.

MP Richard Bacon, a member of the Public Accounts Committee, has criticised the size of some of the payments to BT.

Further payments are due to BT under the NPfIT contracts and it may also receive new payments for work under the project.


BT’s stunning financial success from the NHS IT scheme shows the value, from a supplier’s perspective, of getting a foot in the door. For some time it has been a monopoly supplier to the NHS. Its grip on the NHS, the HSCIC and the Department of Health, could be diminished if the HSCIC split up its work and awarded a set of new contracts. That is unlikely to happen. Indeed the signs are that some Whitehall officials would like to tie in the NHS to BT for the foreseeable future.

NHS database: is it a top IT priority?

By Tony Collins

It’s called the NHS database but the new “giant” medical records system is to be run by the Health and Social Care Information Centre, largely for the benefit of researchers.

Though it may help patients in the longer term, say by helping to identify what treatments work and don’t, it is arguably not the NHS’s most immediate IT priority.

I said on BBC R4’s Today programme this morning that a top NHS IT priority is providing secure links to health records so that patients with acute and chronic illnesses can be treated in one part of the NHS one week and another part of the health service the following week – perhaps in a different county – and have their updated records accessible wherever they go.

At present patients with multiple problems can end up being treated in different NHS or non-NHS centres without each organisation knowing what the other is doing.  This is dangerous for patients and gives the impression the NHS is technologically backwards.

Links can be made to existing medical records – there are millions of electronic records already in the NHS – without creating a big central database. The records can reside where they are at the moment, inside and outside the NHS, and be linked to securely by clinicians and nurses, subject to the patient’s specific consent.

Indeed patients should be able to look at their record online and correct any mistakes.

Research database

My comment on BBC R4 Today that a research database is a good idea has brought a mixed response – understandably, because are risks. We need some facts from the Health and Social Care Information Centre on who is going to run the database, and how information will be made genuinely anonymous.

The HSCIC concedes in its information material that some patient information on the database will be potentially identifiable, but it implies this is acceptable if the organisations using the data can be trusted.

Why must information be potentially identifiable? And to what extent can the HSCIC be trusted to run the database? It is, after all, managing contracts under the National Programme for IT, a scheme which Jeremy Hunt called a “huge disaster”.

How much extra will be paid to BT which runs the SUS database under the “dismantled” NPfIT? It is likely that BT’s Spine and SUS-related work will link into the new “NHS database”. Have any new contracts gone to open competitive tender?

Hospital group wins $106m settlement in Cerner dispute

By Tony Collins

 A US health organisation Trinity Medical Centre has won a $106m settlement in  a legal dispute with Cerner, which is one the main suppliers of patient record systems to NHS trusts in London and the south.

Under the NPfIT BT has installed Cerner at trusts that include the Royal Free, London, Barnet and Chase Farm Hospitals NHS Trust, Weston Area Health NHS Trust, Barts Health NHS Trust, North Bristol NHS Trust and more recently at Croydon Health Services NHS Trust.

The Wall St Journal says a clinical patient accounting program Trinity bought from Cerner in 2008 was defective and didn’t deliver the promised benefits, which Cerner disputed. Trinity sought about $240m in damages; Cerner estimated $4m.

The companies agreed to submit the dispute to arbitration which began in October 2013.

Cerner said it “strongly disagrees” with the award and believes the claim was based on unique circumstances. It called the award the only material judgment against Cerner in its 34-year history.

US lawyer Michael Dagley says his firm won a $106m settlement for North Dakota-based Trinity Medical Centre in an arbitration case against Cerner.

The firm says that Trinity alleged in 2012 that patient accounting software and other services purchased from Cerner were defective, producing thousands of billing errors.

“We think it’s tremendously significant because it represents the first major victory that we’re aware of by a health care provider against a software vendor,” Dagley said in a statement.

“Providers are under pressure to automate and vendors are under pressure to offer integrated products. Providers want one vendor for all their IT needs, so the vendors have this incentive to deliver software to the market as quickly as possible, and that can lead to products being introduced that are immature and defective, which in health care, can cause tremendous damage.”

Last year Cerner said it believed the chance of a material loss related to the matter was remote and it had 147 hospitals and 735 clinics using the patient accounting program.

Despite the settlement Cerner’s share price has held up well.

Trinity Medical Centre is a non-profit organisation with about 2,700 employees.

Dare anyone criticise this IT project – with the CEO as leader?

By Tony Collins

Croydon Health Services NHS Trust has had mixed success with its go-live of the Cerner Millennium system.

It is said to be a technical success but last week board members of the Croydon Clinical Commissioning Group expressed concerns about ongoing problems with the system.

Fouzia Harrington, director of quality and governance told the Croydon Advertiser: “The implementation [of Cerner] itself went well in technical terms, but there have been some implications about how it has been used by staff.

“It’s had far more impact in terms of the time it takes to book people in, for example. There have also been implications in terms of lost information about patients.

“There has been a lack of information about hospital activity, which has an impact on finances and, potentially,the quality of services patients are receiving…”

David Hughes, a lay member of the board, was not satisfied with that reassurance.

“You say that no harm has occurred,” he said,  “but while we’ve had no direct incident so far, patient care has definitely suffered.

“You talk about increased waiting times and there’s a risk that harm may occur because of the difficulty in getting in touch with clinicians who actually know what is going on with the patient.

“I’m very concerned from a quality point of view that our main provider has a serious problem with its information systems.”

Hughes called for action. Although the trust may not be aware of an incident yet it may “come out through further investigation that there has been”.

Some waiting times have increased,  the CCG cannot be certain of exact levels of activity at the hospital, and missing information has made it difficult to commission some services.

The concerns were raised at a board meeting on Tuesday.

Dr Tony Brzezicki, chairman of the CCG, said new system would eventually lead to improvements.  “Hospital patients had five sets of notes before. That in itself posed a risk that Cerner will mitigate,” he said.

“However, there have been administrative delays which mean longer waiting times for patients.There are also issues for the service to primary care which is a significant risk. Some of the problems have been resolved though I am concerned at the time scale because they are certainly impacting on my practice.”


John Goulston is the Croydon Health Services NHS Trust CEO. One of his previous jobs was as Programme Director of the London Programme for IT at NHS London. The LPfIT was formerly part of the National Programme for IT. 

As well as CEO, he chairs the trust’s Informatics Programme Board which has taken charge of bringing Cerner Millennium to Croydon’s community health services and the local University Hospital, formerly the Mayday.

Goulston reported to his board that the Cerner go-live – on 30 September and 1 October last year – was a success.

“Our partners Cerner, BT and Ideal have commented that the Trust has undertaken one of the most efficient roll-outs of the system they have worked on, with more users adopting the system more quickly and efficiently than other trusts … the success we have achieved to date is the result of the efforts of every single system user and all staff members,” said Goulston.

Goulston has said the trust deployed the “largest number of clinical applications in a single implementation in the NHS”. 

The Department of Health provided central funding, and the trust paid for implementation “overheads”.  The Health and Social Care Information Centre was the trust’s partner for the go-live.

The Croydon Advertiser asked Croydon Health Servicesa series of questions about Cerner, including its cost to the NHS, but was sent a short statement.

A spokesman told the Advertiser the system would improve patient administration and means that nurses have access to “quality, detailed information” when delivering care.

He added: “During the initial switch over of systems in September while staff were getting used to the system, some patients did need to wait slightly longer to check in for their clinic appointments.

“The trust has maintained and surpassed our 18 week referral to treatment targets from the initial roll out.”

Croydon’s response

Campaign4Change put some questions to the Croydon trust. These are the questions and its responses: .

Is the trust being completely open – taking seriously the duty of candour –  about problems arising from the Cerner Millennium go-live?

“The Trust takes its duty of candour on all issues very seriously; we believe that transparency is essential in running a modern NHS organisation. We are held to account by our board at public meetings, where the public are able to attend and question our senior management team, by our local health overview and scrutiny committee and our commissioners.

“Recent press coverage on CRS Millennium appeared in the local press when the system was discussed in a public meeting of our commissioners.”

As the CEO is leading the Cerner Millennium project, does this make it difficult for trust staff and trust directors to say anything even mildly critical about the implementation?

“Staff opinions on the implementation of CRS Millennium, both positive and negative, are welcomed by the Trust. Staff have given their frank opinions of the system directly to the Chief Executive both in our monthly all staff meetings and at the open staff engagement surgeries held by our Chief Executive and Chairman. All staff opinions are taken seriously and are acted upon appropriately.”

Given the CEO’s enthusiasm for the implementation is there a special onus on the press office to defend the implementation and play down problems? [I note that the Croydon Advertiser implied its questions had not been answered, and that the Trust gave a short statement instead.]

“The communications team respond to and facilitate a large number of external requests, including from the media, in a transparent, timely and appropriate manner. This same approach is followed on questions about CRS Millennium.

“CRS Millennium will bring about many improvements to patient care and Trust efficiency and we are enthusiastic about communicating these; it is unfortunate that recent press coverage did not consider these positive benefits in any depth.”

A comment on the Croydon Advertiser’s website says:

“When I checked in to out-patients I supplied all my personal details; however the post code I gave was declared invalid by the new system. That filled me with confidence. I also gave my contact as a mobile; however they tried to ring me using an old landline number.”


It’s generally accepted that having a high-level sponsor for an IT project is essential but when the lead is the CEO, does that make it difficult for people to challenge and constructively criticise?

A “good news” culture tends to prevail – as happened on Universal Credit, on the BBC’s Digital Media Initiative, and within the Department of Health on the NPfIT. Nobody dared to speak the whole truth to power. The truth tends to surface only when a new administration takes over or, in the case of Universal Credit, the minister obtained his own independent reports on project progress.

Campaign4Change put it to the Croydon trust that board directors see reports on the Cerner implementation only every two months and much can happen in the intervening period. This it did not deny.

Even if the trust’s directors met daily would they dare to challenge the CEO? And will the full facts  ever emerge? Things could be much better than CCG directors believe  – or much worse.

After nearly every major NPfIT implementation of the Cerner Millennium system in London and beyond (such as North Bristol) the facts were scarce, and reassurances that no patients had come to harm were plentiful. 

Here we go again?


Should lessons have been learned from these Cerner go-lives?

Barts and The London

Royal Free Hampstead

Weston Area Health Trust

Milton Keynes Hospital NHS Trust

Worthing and Southlands

Barnet and Chase Farm Hospitals NHS Trust

Nuffield Orthopaedic

North Bristol.

St George’s Healthcare NHS Trust

University Hospitals of Morecambe Bay NHS Foundation Trust

Birmingham Women’s Foundation Trust

NHS Bury

GPs asked to contact hundreds of patients who may have missed treatment after hospital’s cancer referrals blunder  – Pulse

London LMCs alert over Imperial cancer waits mix-up – Pulse.

GPs kept in the dark over hospital cancer blunder – Pulse

 IT system has increased waiting times and led to lost patient data.

Patient records go-live success – or NPfIT failure

When “life and death” NHS IT goes down

By Tony Collins

Almost unnoticed outside the NHS an email was circulated by health officials last weekend about a national “severity 1″ incident involving the Electronic Prescription Service, running on BT’s data Spine .

“The EPS [electronic prescriptions service] database is currently experiencing severe degradation of performance. … BT engineers [are] currently investigating with the database application support team,” said the email.

A severity 1 or 2 incident, which involves a temporary loss of, or disruption to, the Spine or other national NHS system,  is not unusual, according to a succession of emails forwarded to Campaign4Change.

The Department of Health defines a severity 1 incident as a  failure that has the potential to:

— have a significant adverse impact on the provision of the service to a large number of users; or

— have a significant adverse impact on the delivery of patient care to a large number of patients; or

— cause significant financial loss and/or disruption to NHS Connecting for Health [now the Health and Social Care Information Centre], or the NHS; or

— result in any material loss or corruption of health data, or in the provision of incorrect data to an end user.

The Health and Social Care Information Centre, which manages BT’s Spine and other former NPfIT contracts, reports that the spine availability is 99.9% or 100%. But the HSCIC’s emails tell a story of service outage or disruption that is almost routine.

If the spine and other national services  are really available 99.9% of the time, is that good enough for the NHS, especially when ministers and officials are increasingly expecting clinicians and nurses to depend on electronic patient records and electronic prescriptions?  In short, are national NHS IT systems up to the job?

NHS staff access the spine tens of millions of times every month, often to trace patients before accessing their electronic records.  The spine is pivotal to the use of patient records held on Rio and Cerner Millennium systems in London. It is critical to the operation of Choose and Book, the Summary Care Record, Electronic Prescription Service pharmacy systems, GP2GP, iPM/Lorenzo, and the Personal Demographics Service.

According to a Department of Health letter sent to the Public Accounts Committee, payments to BT for the Spine totalled £1.08bn by March 2013.

BT says on its website that its 10-year NHS Spine contract involves developing systems and software to support more than 899,000 registered NHS users. The HSCIC says the Spine is used and supported 24 hours a day, 365 days a day.

“There is a huge amount of industrial-strength robustness, availability, disaster recovery, that you cannot get someplace else,” said a BT executive when he appeared before MPs in May 2011.

Life and death  

Sir David Nicholson spoke of the importance of the spine and other national NHS systems at a hearing of the Public Accounts Committee in 2011. He said they were

“providing services that literally mean life and death to patients today … So the Spine, and all those things, provides really, really important services for our patients…”

When Croydon Health Services NHS Trust went live with a Cerner Millennium patient records system at the end of September a “significant network downtime” – of BT’s N3 network – had an effect on patients.

A trust board paper, dated 25 November 2013 says:

“CRS Millennium (Cerner) Deployment -Network downtime – Week 1.  In particular, the significant network downtime in week 1 (BT N3 problem) led to no electronic access to Pathology and Radiology which resulted in longer waits for patients in the Emergency Department (ED) leading to a large number of breaches. This was a BT N3 problem which has been rectified with BT …”

Below are some of the emails passed to Campaign4Change in the past four months. Written by the Health and Social Care Information, the emails alert NHS users to outages or disruption to GP or national NHS IT systems.

Some HSCIC messages of disruption to service

October 2013

Severity 2
CQRS has not received a number of participation status messages.
Also affecting: GPES
CQRS Users are not able to manually submit specific information, this will impact the users’ business process for entry of achievement data.
Following a configuration change by the GPES Business Unit a specific code has now been added to the GPET-Q Database. We are currently awaiting confirmation that the addition of the relevant code has been successful. Discussions are taking place regarding the re-submission of status messages. HSCIC conference calls are on-going.

[A severity 2 service failure is a failure [that] has the potential to:

– have a significant adverse impact on the provision of the service to a small or moderate number of service users; or

– have a moderate adverse impact on the delivery of patient care to a significant number of service users; or

– have a significant adverse impact on the delivery of patient care to a small or moderate number of patients; or

– have a moderate adverse impact on the delivery of patient care to a high number of patients; or

– cause a financial loss and/or disruption … which is more than trivial but less severe than the significant financial loss described in the definition of a Severity 1 service failure.]


Severity 2
BT Spine
Intermittent performance issues on TSPINE.
BT Spine have confirmed that the incident has been resolved and users are able to perform routine business processes without delays.

November 2013

Severity 1
BT Spine
Users are unable to log into PDS.
All sites are currently unable to access PDS, this is causing a delay to normal services.
BT Spine are working to restore service.


Severity 2
BT Spine
National EPS users.
Slow performance on reliable and unreliable messages for EPS.
This is causing delays to routine business processes as some users may be experiencing slow performance with the EPS service.
BT investigating.


Severity 2
BT Spine
Slow performance on EPS Messaging.
This is causing delays to routine business processes as some users may be experiencing slow performance with the EPS service.
BT moved the database to an alternate node following application server restarts. This temporarily restored normal message response times however performance has started to degrade again. BT Investigation continues.

Severity 1
Multiple users were unable to log in to the Choose & Book application.
ATOS made some network configuration changes overnight 19th/20th November which restored service. After a period of monitoring throughout the day yesterday the service has remained stable and at expected levels. Further activities and investigation will be carried out by several resolver teams which will be scheduled through change management.

Severity 2
BT Spine
Slow performance on EPS Messaging.
No further issues of slow response times with EPS messaging have occurred today. BT Spine to continue root cause investigation.


Severity 2
Cegedim RX
Cegedim RX – Users are experiencing slow performance in EPS 1 and EPS 2.
Users are experiencing slow performance and delays to routine business processes when using EPS 1 and EPS 2.
Following a restart of application services, traffic has improved for all new EPS messages. However there is a backlog of EPS messages which may cause delays to routine business processes. Cegedim RX to continue to investigate.


December 2012

Severity 1
BT Spine
Performance issues have been detected with the transaction messaging system (TMS).
Also affecting: Choose and Book, GP2GP
This may cause delays to routine business processes. This may have an effect on all Spine related systems. This includes PDS, Choose and Book, PSIS, SCR, ACF Services.
This has been resolved but BT are currently monitoring performance. Further investigation is required by BT into the root cause.


Severity 2
DTS has not processed a CQRS payment file.
Also affecting: GPES
This is causing delays to routine business processes.
GDIT are currently developing a fix which will be rolled out tomorrow evening, pending successful testing.

January 2014

Severity 1
BT Spine
TMS reliable messaging unavailable.
TMS reliable messaging unavailable and users having to implement manual workarounds.
Issues experienced due to a planned change overrunning, BT Spine continue to implement the transition activity in order to restore service.


Severity 2
BT Spine
Users have experienced intermittent issues with the creation and cancellation of smartcards in CMS [Card Management Service for managing smartcards].
This is intermittently causing delays to routine business processes as some users have been unable to create, cancel, cut or print cards in CMS.
Users may experience issues with the creation and cancellation of cards in CMS. BT have identified a fix for the issue which is currently undergoing testing prior to deployment into the live environment.


Severity 2
BT Spine
The maternity browser was unavailable within NN4B.
BT identified a problematic server which was recycled to restore system functionality.


Spine scheduled outage for essential maintenance activity.

During critical work to migrate to a new storage solution on Spine an issue was experienced on the Transaction Messaging Service (TMS) in September of this year. The issue resulted in BT failing over the TMS database from its usual site on Live B to Live A to restore service. The failover was completed well within the Service Level Agreement and no detrimental long term impacts to the service were incurred.

On the 15th January 2014 between approximately 22:00-23:30, HSCIC, in conjunction with BT, are planning to relocate the TMS database back to Live B, this is for several critical reasons:

  1. The issues experienced, which prompted the failover, are fully resolved and will not be experienced again as the storage migration work is now complete.
  2. The Spine service is designed to operate with all databases running on Live B so this work supports the optimum configuration for the service.
  3. Most critically the transition for all data on Spine to Spine2 has been designed to operate from a standby site with no live databases on it. Therefore to support the Spine2 transition this work is absolutely essential.

In order to facilitate a safe relocation of the database a 1.5 hour outage is required to TMS. The impact of this to Spine is significant and results in effectively an outage for Spine and its interfaces to connecting systems for that period. The time and date is aimed at the lowest times of utilisation for Spine, to minimise impact to end users, as well as not impacting critical batch processing and Choose & Book slot polls.


Date & Time

Change Start Change Finish Services Affected Outage Duration
15/01/2013 22:00 15/01/2013 23:30 Transaction Messaging Service (TMS) 1.5 hours
Service  Impact Description
Choose and Book The Choose and Book service will be available but functionality will be limited until the TMS database has switched over.Users of the web application will experience limited retrievals during the outage window.The system will not be able to create shared-secret for patients who have not been referred via Choose and Book before.Service Providers will be unable to:
  • Perform clinic re-structures and re-arrange appointments for patients for directly bookable services
  • Send DNA messages to Choose and Book.

For directly bookable services the following functionality will be unavailable:

  • Booking appointments
  • Rearranging appointments
  • Creating new patient accounts

Choose & Book systems will need to queue the messages and resend to Spine once the TMS service is enabled.

Due to the timing of the outage slot polls will not be affected.

Summary Care Record application (SCRa) The SCRa application will be available but functionality will be limited until the TMS database has switched over. Simple traces can be completed on PDS data but users will be unable to perform any PSIS updates (e.g. GP summary updates)
DSA The DSA application will be available but functionality will be limited until the TMS database has switched over.Simple traces can be completed on PDS data but users will be unable to perform any PSIS updates (e.g. GP summary updates).
Electronic Prescription Service (EPS)Pharmacy Systems Reliable messaging will be unavailable for the duration of the switchover work as the TMS service will be suspended dual site. All messages received from EPS systems will be rejected and not go into retry.EPS systems will need to queue the messages and resend to Spine once the TMS service is enabled.
EPS Batch The PPA response for any “claim” messages will not be sent to PPA/PPD. However, EPS will send those response(s) again when the retry jobs are re-activated after the switchover exercise is over. Response for any “claim” messages will not be received until after the switchover. Retry jobs will resend the responses once the TMS service is enabled.
Existing Service Providers (ESPs) There will be varying impacts depending on the product, release version and Spine compliant modules of the solution.ESP systems will need to queue the messages and resend to Spine once the TMS service is enabled.
GP2GP GP2GP will be unavailable until the TMS database has switched over.GP2GP systems will need to queue the messages and resend to Spine once the TMS service is enabled.
GP Extraction Service (GPES) GPES functionality will be unavailable until the TMS database has switched over.Messages will be queued on Spine and processed once the TMS service is restored.
GP Systems Functionality for Choose & Book, EPS and GP2GP, SCR will be limited until the TMS database has switched over.For Choose & Book directly bookable services the following functionality will be unavailable:
  • Booking appointments
  • Rearranging appointments
  • Creating new patient accounts

Systems will need to queue the messages and resend to Spine once the TMS service is enabled.

iPM/Lorenzo The real-time connection to Spine will be unavailable during the TMS outage. However both systems can be disconnected from Spine and operate without synchronised PDS data.iPM/Lorenzo will need to queue the messages and resend to Spine once the TMS service is enabled.
Millennium An outage of PDS reliable messaging will impact Millennium users.Users will be unable to:
  • trace patients
  • register new patients on PDS
  • book or reschedule appointments

Millennium will need to queue the messages and resend to Spine once the TMS service is enabled.

NN4B Trusts will need to be aware that during the outage NHS numbers cannot be generated, new-births cannot be registered and blood-spot labels cannot be generated and should plan accordingly.All birth notifications will be queued and processed once the TMS service is enabled.
Personal Demographics Service (PDS) Simple traces can be completed on PDS data.PDS reliable messaging will be unavailable until the TMS database has switched over.
RiO Users will be unable to:
  • trace patients
  • register new patients
  • book or reschedule appointments

The RiO system will need to queue the messages and resend to Spine once the TMS service is enabled.

TMS Event Service (TES) The majority of TES functionality will be unavailable during the outage.Trusts will need to be aware EPS, Death notifications, and Patient Care Provision Notifications (change of pharmacy) will be queued and sent to the receiving systems once the TMS service is restored.Any impacted notifications will be queued and sent to the receiving systems once TMS is restored.
TMS Batch (DBS, CHRIS, ONS) DBS will be unavailable until the TMS database has switched over (DBS processing will be suspended for the duration of the exercise).As the TMS switchover will be scheduled to start at 22:00, CHRIS batch should complete before the outage starts (CHRIS batch runs at 20:00 nightly).ONS processing will start at 18:00 nightly. If it doesn’t complete before 22:00, the messages will be queued and processed once the TMS service is restored.


Severity 2
BT Spine
Users are unable to grant worklist items within UIM.
This is causing delays to routine business processes as users are unable to complete their worklist items within the UIM application.
BT investigating.


Severity 1
BT Spine
The EPS database is currently experiencing severe degradation of performance.
Delays to routine business processes.
BT engineers currently investigating with the database application support team.


David Nicholson is right. The NHS has become dependent on systems such as the Spine. But can doctors ever trust any aspect of the safety of patients to systems that are not available 24×7 as they need to be in a national health service?

It appears that BT and other suppliers have not been in breach of service level agreements, and the HSCIC has a good relationship with the companies.  But does the HSCIC have too great an interest in not finding fault with its suppliers or the contracts, for finding fault  could draw attention to any defects in a service for which the HSCIC is responsible?

Have national NHS IT suppliers a strong enough commercial or reputational interest  in avoiding  a disruption or loss of service, so long as they keep within their service level agreements? 

If nobody sees anything wrong with the reliability of existing national NHS IT services improvements are unlikely. Diane Vaughan’s book on the culture and organisation of NASA shows that experts in a big organisation can do everything right according to the rules  and procedures – and still have a disastrous outcome.

MP calls for candour after Cerner NPfIT go-live at Croydon

By Tony Collins

Richard Bacon, a long-standing member of the House of Commons’ Public Accounts Committee, has called on Croydon Health Services NHS Trust to be more open about problems it faces after deploying a Cerner Millennium patient records system at the end of September.

The installation was carried out by BT under the London Programme for IT – a branch of the NPfIT.  The Health and Social Care Information Centre, which has taken on BT and CSC contracts under the NPfIT, was the trust’s partner for the Cerner deployment.

Bacon has closely followed the NPfIT and written a chapter on it in his book, “Conundrum: Why every government gets things wrong and what we can do about it” which he co-wrote with Christopher Hope, the Telegraph’s senior political correspondent.

According to fragments of information in Croydon Health Services’ latest board papers, dated 25 November 2013, the trust has faced a series of problems after the NPfIT Cerner go-live.

They included:

–  N3 Network downtime and waiting time breaches.

 Excessive waits for patients in A&E

 Going over budget.

– Significant loss of income.

 A bid to recover Cerner costs.

– A need for HSCIC support for delays. 

-A need for extra investment in Cerner to “stabilise the operational position”

The trust has not published any specific report on the implementation’s problemsNow Bacon says it is “unacceptable for any trust not to disclose the problems it faces – and possibly patients face – after a major IT implementation such as Cerner”.

He adds:

“If these implementations go wrong they can affect the safety of patients.  We know this from some NPfIT deployments at other  trusts. For Croydon to say that board members have been kept informed of the potential risks of the Cerner implementation through the “Corporate Risk and Board Assurance Framework”  is not reassuring.

“This is putting a matter of importance in the small print. Indeed, for officials to brief board members on the potential risks, rather than actual events, is also of concern.

“Patients need to know that Croydon takes a duty of candour seriously. If the Trust cannot be open about its IT-related problems, how can we be sure it will be open about anything else to do with patient safety?”

Patient records go-live “success” – or a new NPfIT failure