Category Archives: Department of Health

Uupublished plan to throw another £13bn at the NHS’s IT problems?

By Tony Collins

The Health Service Journal yesterday revealed details of NHS IT investment plans that have been costed at about £12.9bn over the next five years.

The HSJ’s award-winning technology correspondent Ben Heather  says the sums currently involved – which could reduce as proposals are “reined in” – are on a par with the notorious National Programme for IT in the NHS.

He says that officials working on the plan have produced an estimate of between £10.9bn and £12.9bn for the cost of supporting proposals across 15 long-term plan “workstreams” ranging from creating personalised care to improving cancer survival.

The figures form part of the work of the digital and technology workstream for the long term plan, which is being developed by NHS England and NHS Improvement.

“The sum would be on par with the National Programme for IT, the most expensive push to improve IT systems in NHS history and an infamously costly and troubled project. It is likely to reduce substantially, however, as ambitions for the plan are negotiated and reined in over coming weeks.”

The plan is due to be published in late November or early December. The health secretary is known to be a keen advocate of new IT-related investments.

It is likely that a sizeable portion of the new £20bn planned for the NHS – which will be financed partly by tax increases that are due to be announced in the budget later this month – will go on NHS technology.

But the Health Service Journal suggests the investments will be controlled centrally, which may be a bad sign given that one of the major flaws in the failed £13bn NPfIT was that money was controlled centrally rather than by local groups of doctors and nurses.

Comment

On the face of it the current investment proposals bear no resemblance to the NHS IT programme NPfIT which was “dismantled” in 2011.

The NPfIT comprised a handful of specific major projects that were to be implemented nationally under the umbrella of “ruthless standardisation”.

The current proposals look very different. The investments fall into vague categories such as digitalising secondary care, improvements to IT infrastructure, data gathering and analytics.

The proposals have all the appearance of a different way the NHS has found to waste vast sums of public money.

It has never been acknowledged by the Treasury, NHS England or the Department of Health that the NPfIT wasted billions on spending that was invisible to the public, such as numerous consultants, years of globe-trotting by officials, first-class hotels across the world, sponsored conferences and unreported funds for marketing items that included DVDs and board games designed especially to promote the IT programme.

For officials, there’s nothing more exciting than going to work on a £13bn technology programme where money flows more freely than water. It’s no wonder officialdom is lobbying for the money.

No doubt it will be easy for officials to obtain the new billions. At any time in the recent history of the NHS it would have been easy on paper to justify £13bn for new NHS technology. Much of the £13bn could be justified simply enough by submitting plans to HM Treasury to modernise what already exists.

It was easy to justify the NPfIT. Tony Blair approved it at a Downing Street meeting that lasted 40 minutes. Computer Weekly obtained minutes of the Downing Street meeting after various FOI appeals.

But the NHS needs £13bn to be spent wisely on technology. The last thing the NHS needs is for Whitehall officials to be involved. History shows that Whitehall has the reverse Midas touch when it comes to major NHS IT investments. It is local groups of doctors and nurses who know how to spend the money wisely.

If either NHS England or the Department of Health and Social Care is involved in the new proposals for NHS IT investments – and they both are – it’s almost certain the new plans will end up as costly failures.

How would the public feel if they realised that a sizeable portion of their increased taxes for the NHS is almost certainly destined for the dustbin marked “mismanaged Whitehall IT schemes”.

Revealed: Officials’ £13bn funding ask to modernise NHS IT

Another NPfIT scandal in the making?

Advertisements

£20bn for the NHS? – not spent like this please

Johnathan Lewis, CEO Capita (right) and Simon Stevens, Chief Executive, NHS England (left) at Monday’s Public Accounts Committee.

By Tony Collins

Capita apologies for working “blind” on NHS outsourcing contract – but no humility from NHS England

Capita’s CEO Johnathan Lewis was contrite and authoritative when he appeared before public accounts MPs in the House of Commons on Monday.

He apologised unreservedly for what the committee chairwoman Meg Hillier called “a shambles”, which was Capita’s £330 seven to ten-year contract to run a range of services for GPs, dentists and ophthalmologists, as well as handle invitations and test results for cervical screening.

Capita’s Primary Care Support Services contract began in 2015 and complaints about the service from medical practitioners began to flow months later.

Capita made mistakes, said Lewis who was supported by his colleague Stephen Sharp, who reports directly to Lewis on public sector contracts. One mistake was that Capita tried to save money too soon by folding the work of 47 local NHS offices with 1650 staff into three offices without fully understanding that each office had a different way of working and a different way of delivering NHS services.

[A similar mistake helped to floor the £10bn National Programme for IT in the NHS (NPfIT), where suppliers and Whitehall officials tried unsuccessfully to use computers to standardise working practices and services in hundreds of hospitals before they fully understood the widely-different approaches of each hospital.]

Lewis told the Public Accounts Committee on Monday,

“This was an extremely complex outsourcing of services that I think both parties would recognise were not fully understood when the work was outsourced – the volumes, the scope, the fact that the service was being delivered in different ways across the different regions that became NHS England. At the same time I recognise the pressure NHS England were under to reduce costs and hence the pressure on them to outsource.”

His colleague Stephen Sharp added,

“I think mistakes were made. During the bid stage, NHS England did say there were some inconsistencies and differences within the various operations. But once Capita got into all the offices and looked at it, the inconsistencies and differences were not inconsequential. It was more or less 45 different services being run from 45 different offices, so the closure programme, which we adhered to and carried on with, we maybe should have stopped. We just made the problem worse as we went along.”

Why didn’t you stop the office closures, asked Conservative MP Anne Marie Morris who added that “even the NHS said, ‘We think you need to stop’.”

Sharp replied,

“We were actually working blind for a period of time. It was only once the service had been running under our control for a few months that complaints started to come in and we started to see visibility that there were bigger issues than we thought there were.”

With hindsight he said he would not have closed offices “until we had got the procedures operating on a national basis”. He conceded that if NHS England and Capita had deferred closing offices, the first two years of savings of about £60m would not have been achieved.

Capita’s losses of £140m

Lewis said that Capita had invested £125m in the contract but, given the loss of profit margin, the losses would be closer to £140m. “We will not make money over the life of this contract,” said Lewis.

An MP asked: why not walk away?

Lewis replied, “Because we made a commitment to deliver this service and reputations depend on that commitment. We see the public sector as a segment of our market that helps us achieve a diversified revenue base. It is a segment where we have services and solutions, where we can create value for the taxpayer and that is why it is an attractive segment.”

Capita is now meeting 41 of the 45 KPIs and, though the company is making good progress against the remaining four KPIs, it doesn’t change the fact that “our initial execution on this contract was not good and for that we apologise unreservedly,” said Lewis.

There were failings on the part of NHS England too. Health officials were so anxious to achieve the savings from closing offices and replacing old IT that couldn’t be relied on that they failed to test new national, standardised working practices and services before they asked a supplier to implement this strategy.

The result was that officials at NHS England had no clear idea of how much work they were outsourcing. They left due diligence to Capita; and Capita admitted at the hearing it did not do enough due diligence at the bid stage. If it had understood how much work was involved it would have bid a higher price or not bid at all.

NHS England also failed to involve most of the potential end-users – GPs, dentists and ophthalmologists in the design and planning of new services that would directly affect them such as pensions and payments.

Lewis said.

“There are other stakeholders that have historically not been brought into this process to the extent that they should have been, such as the BMA [British Medical Association] in how we might implement the digitisation of pension payments and the management of its pensions, or the Confederation of Dental Employers with regard to ophthalmic payments.

“We want to bring them into the process in ways that they have not been historically because we think that that will ultimately lead to a more successful roll out of the technology… They rightly have influence over the process. If we are going to roll out a process for digitising the 20,000 paper documents that cover the process by which you get refunded for an ophthalmic prescription today, surely those people need to be involved in the final roll-out and configuration of that solution.”

Absence of humility?

When MPs questioned the top official at NHS England, Simon Stevens, there was little sign of humility, contrition or regret. He left an impression that the same problems could end up being repeated by a different supplier under a different contract. One Conservative MP Bim Afolami found himself “sticking up for Capita”.

Afolami said,

“Do you feel, Mr Stevens, that criticism of this contract is in any way unfair on Capita? The more I hear, the more I feel that Capita has taken the sharp end of this and NHS England, despite slight reputational difficulty, has saved £60 million. To what extent do you feel that you should take more of the blame here and Capita should take less of it?”

Stevens emphasised the £60m savings but made no mention any of the contract’s specific problems such as the thousands of patient records that went missing, dozens of women left off cancer-screening lists, the qualified GPs who were unable to work for months while the system delayed verifying their entitlement to go onto a “National Performers List”, the GPs who ran short of basic supplies or the GPs and ophthalmologists who suffered financial detriment because of delayed payments.

Said Stevens,

“First, let me say that this has clearly been a rocky road, and the National Audit Office accurately described the bumps along the way, which are regrettable. That should not obscure the fact that, notwithstanding the economic pain that Capita has experienced, the contract has saved taxpayers £60 million in lower administrative costs in the National Health Service over the first two years of its life … that £60 million of savings is not to be sniffed at; it is the equivalent of 30,000 operations.”

Comment:

Campaign4Change has repeatedly criticised Capita’s performance on Barnet’s outsourcing contract, in part because Capita and the council have been markedly defensive – thin-skinned.

It was refreshing, therefore, to hear Capita’s newish CEO Jonathan Lewis being openly contrite over highly-visible failings in the NHS contract. He gave the impression to public accounts MPs of being a CEO who is determined to put right the failings for the sake of Capita’s reputation. The cost of correcting the problems seemed a secondary consideration.

With Lewis at the helm, Capita’s share price has continued to rise in recent weeks.

Less impressive at Monday’s hearing was Simon Stevens, NHS England’s chief executive, who seemed to imply that NHS England had done nothing wrong.  It was a reaction we’ve come to expect from top civil servants after an IT-related programme disaster. It’s never the fault of officialdom.

The reality is that NHS England was almost as culpable as Capita. NHS England rushed the whole outsourcing exercise – which doomed it from the start. It didn’t listen to critics who warned that primary care support services were too locally diverse and inherently problematic to standardise as part of a national  outsourcing deal.

Instead of first piloting and agreeing with GPs, dentists and ophthalmologists fundamental changes in working practices that would be needed across the country, NHS England went ahead with signing a co-called transformation deal with Capita.

NHS England paid only lip service to engagement with the new system’s end-users in the medical professions. By its own admission Capita, because of its own internal shortcomings, went into the contract blind.

What’s worrying is the way civil servants blithely repeat mistakes of the past and later say they did everything right.

The National Programme for IT in the NHS – NPfIT – failed in part because it was rushed, the implications of “ruthless standardisation” were not fully understood at the outset and there was a lack of proper engagement with potential end-users in hospitals and GP practices. All these same mistakes were made by Capita and NHS England on the Primary Care Support Services contract.

When ordinary human beings become senior civil servants there seems to be a requirement that they lose at a cellular level the facility to express humility and contrition. That loss is replaced by an overly prominent complacency. Whatever goes wrong is not their fault.

Stevens said in essence that NHS England did everything right. Through its unpublished project reviews, the Major Projects Authority – now the Infrastructure and Projects Authority –  endorsed NHS England’ s plans. All the so-called experts gave the outsourcing deal what Stevens called a “thumbs-up”.

It would have been surprising if Stevens had said the public sector was in any way to blame.

At least Capita has learned the lessons. It has a financial interest in doing so.

Ministers can learn from Capita’s candid chief executive

NHS England’s management of Primary Care Support Services contract with Capita – National Audit Office report

Monday’s televised Public Accounts Committee hearing with Capita’s Jonathan Lewis and Simon Stevens of NHS England

Ministers told of major problem on Capita NHS contract more than a year later

By Tony Collins

Today’s Financial Times and other newspapers cover a National Audit Office report into GP clinical notes and correspondence, some of it urgent, that was not directed to the patient’s GP.

The correspondence was archived by Capita under its contract to provide GP support services. But patient notes were still “live”. They included patient invitation letters, treatment/diagnosis notes, test results and documents/referrals marked ‘urgent’.

What isn’t well reported is that ministers were left in the dark about the problems for more than a year. The National Audit Office does not blame anyone – its remit does not include questioning policy decisions – but its report is impressive in setting out of the facts.

Before NHS England outsourced GP support services to Capita in 2015, GPs practices sent correspondence for patients that were not registered at their practice to local primary care services centres, which would attempt to redirect the mail.

By the time Capita took over GP support services on 1 September 2015, GPs were supposed to “return to sender” any correspondence that was sent to them incorrectly – and not send it to primary care services centres that were now run, in part, by Capita.

But some GPs continued to send incorrectly-addressed correspondence to the primary care services centres. Capita’s contract did not require it to redirect clinical correspondence.

An unknown number of GP practices continued to send mail to the centres, expecting the centre’s staff to redirect it. A further complication was that Capita had “transformation” plans to cut costs by closing the primary care services support centres.

Capita made an inventory of all records at each site and shared this with NHS England. The inventories made reference to ‘clinical notes’ but at this point no one identified these notes as live clinical correspondence. Capita stored the correspondence in its archive.

In line with its contract, Capita did not forward the mail. It was not until May 2016 – eight months after Capita took over the primary care services centres – that Capita told a member of NHS England’s primary care support team that there was a problem with an unquantified accumulation of clinical notes.

It was a further five months before Capita formally reported the incident to NHS England. At that time Capita estimated that there was an accumulation of hundreds of thousands of clinical notes. When the National Audit Office questioned Capita on the matter, it replied that, with hindsight, it believes it could have reported the backlog sooner.

In November 2016, Capita and NHS England carried out initial checks on the reported backlog of 580,000 clinical notes. It wasn’t until December 2016 that ministers were informed of problems – more than a year after Capita took over the contract.

Even in December 2016 ministers were not fully informed. Information about a backlog of live clinical notes was within in a number of items in the quarterly ministerial reports. NHS England did not report the matter to the Department of Health until April 2017 – about two years after the problems began.

Even then, officials told ministers that clinical notes had been sampled and were considered “low clinical and patient risk”. But a later study by NHS England’s National Incident Team identified a backlog of 1,811 high priority patient notes such as documents deemed to be related to screening or urgent test results.

The National Audit Office says, “NHS England expects to know by March 2018 whether there has been any harm to patients as a result of the delay in redirecting correspondence. NHS England will investigate further where GPs have identified that there could be potential harm to patients. The review will be led by NHS England’s national clinical directors, with consultant level input where required.”

Last month Richard Vautrey, chairman of British Medical Association’s General Practitioners Committee, wrote to the NHS Chief Executive Simon Stevens criticising a lack of substantial improvement on Capita’s contract to run primary care service centres.

In December, the GP Committee surveyed practices and individual GPs on the Capita contract. The results showed a little improvement across all service lines, when compared to its previous survey in October 2016, but a “significant deterioration” in some services. Vautrey’s letter said,

“While any new organisation takes time to take over services effectively, the situation has gone from bad to worse since Capita took over the PCSE [Primary Care Support England] service almost two and a half years ago …

“This situation is completely unacceptable. As a result of the lack of improvement in the service delivery of PCSE we are now left with no option but to support practices and individual doctors in taking legal routes to seek resolution. While this is taking place, we believe it is imperative that NHS England conducts a transparent and comprehensive review of all policy, procedures and processes used by PCSE across each service line.”

Comment:

It’ll be clear to some who read the NAO report that the problems with urgent patient notes going astray or being put mistakenly into storage, stems from NHS England’s decision to outsource a complex range of GP support services without fully considering – or caring about – what could go wrong.

It’s not yet known if patients have come to harm. It’s clear, though, that patients have been caught in the middle of a major administrative blunder that has complex causes and for which nobody in particular can be held responsible.

That ministers learned of a major failure on a public sector outsourcing deal over a year after live patient notes began to be archived is not surprising.

About four million civil and public servants have strict rules governing confidentiality. There are no requirements for civil and public service openness except when it comes to the Freedom of Information Act which many officials can – and do – easily circumvent.

Even today, the fourth year of Capita’s contract to run GP support services, the implications for patients of what has gone wrong are not yet fully known or understood.

It’s a familiar story: a public sector blunder for which nobody will take responsibility, for which nobody in particular seems to care about, and for which the preoccupation of officialdom will be to continue playing down the implications or not say anything at all.

Why would they be open when there is no effective requirement for it? It’s a truism that serious problems cannot be fixed until they are admitted. In the public sector, serious problems on large IT-related contracts are not usually fixed until the seriousness of the problems can no longer be denied.

For hundreds of years UK governments have struggled to reconcile a theoretical desire for openness with an instinctive and institutional need to hide mistakes. Nothing is likely to change now.

National Audit Office report – Investigation into clinical correspondence handling in the NHS.

Capita under fire again over GP support contract – but NHS England praises “improvements”

By Tony Collins

Hundreds of trainee GPs have not received their salaries from Capita, which is under contract to pay them, reports The Guardian.

Some of the trainees have applied for emergency funds from The Cameron Fund, a charity for the prevention of hardship among GPs and their dependents.

Capita administers training grants for GPs under its wide-ranging £1bn contract with NHS England to provide primary care services.

In November 2016 the then Health minister Nicola Blackwood described failings on Capita’s GP support contract as “entirely unacceptable”. 

She said Capita had inadequately prepared for delivering a “complex transition”.

In response,  Capita said it adding the full-time equivalent of 500 extra staff on the contract.

But in February 2017, after continuing complaints,  the Health Secretary Jeremy Hunt said he would be prepared to end Capita’s contract if necessary.

Since then, though, NHS England has praised “improvements” in the contract, according to Pulse.

Yesterday The Guardian reported extracts from a letter the British Medical Association sent to NHS England on 30 October 2017.

It said some GP practices were “having to pay trainees out of already overstretched practice budgets, or trainees are going months without being paid if the practice cannot cover the shortfall”.

Capita confirmed it had outstanding payments to some trainee GPs but was unable to say how many it is responsible for paying, or how many it has not paid.

It said that it had not received all the information it needed to pay salaries from the relevant employers. A Capita spokesperson told The Guardian that the problems were an inevitable part of “a major transformation project to modernise a localised and unstandardised service”.

It added: “We have made significant investment to deliver improvements and these have been recognised by NHS England and demonstrated through improved service performance and improved customer satisfaction.”

The Cameron Fund’s treasurer Dr David Wrigley described the outsourcing of GP support services as a “botched privatisation”.

“NHS England has commissioned out what was a very efficient service run within the NHS, and now Capita runs this contract in what I’d call another botched privatisation.”

One trainee GP went unpaid two consecutive months.  At the end of October she posted on a private message board for GPs: “Anyone know of how I access hardship funds (quickly) to feed children/pay nursery/mortgage (quickly)?”

Her surgery gave her a loan last month to tide her over but did not have enough surplus funds to do the same thing again.

She said that in the last 24 hours partners have stepped forward and have all taken a pay cut to provide a loan “to get me through the month as they were worried about my family”.

An NHS England spokesperson said it was “holding Capita’s feet to the fire on needed improvements”.

It added: “In the meantime, the lead employer for Health Education England or the GP practice are responsible for paying their GP trainee salaries and are subsequently reimbursed for this. Backlogs are being prioritised by Capita.”

The BMA’s letter to the NHS chief executive Simon Stevens criticises Capita.

“We are disappointed at the lack of progress that has been made … These issues have been ongoing since NHS England commissioned Capita … and it is unacceptable that more progress has not been made to getting these resolved …

Wrigley wants the House of Commons’ public accounts committee to investigate the contract.

“NHS England have known about this for a while and the BMA has been putting constant pressure on, and it’s all promises that it’ll get better but it doesn’t.”

New systems for cervical screening and GP payments and pensions that are also contracted out to Capita are due to go live next July. The BMA has told NHS England that it has “no confidence” in Capita’s ability to deliver the services.

Comment

It’s possible to have some sympathy for Capita which has the daunting task of trying to standardize a wide range of systems for supporting disparate GP support services.

But, as Campiagn4Change has reported many times on Barnet Council’s Capita outsourcing contract, it can be difficult if not impossible to make huge savings in the cost of running services (£40m in the case of the GP support contract), deliver an IT-based transformation based on new investment and provide a healthy profit for the supplier’s shareholders while at the same time making internal efficiency savings.

Capita’s share price is relatively low and under continuing pressure but is holding up reasonably well given the company’s varied problems.

Still, we wonder whether the company can afford to put large sums into sorting out problems on the GP support contract, at Barnet Council and on other well-publicised contracts?

The MoD has ended a Capita contract early, the company faces litigation from the Co-op and its staff are staging nine days of strikes over pensions.

Who’s to blame?

If anyone is to blame in this NHS saga it is NHS England for not fully understanding the scale and complexity of the challenges when it outsourced to Capita.

The first rule of outsourcing is: Don’t outsource a problem.

Doctors warned NHS England against signing the contract. Under financial pressure to do so – it needed the promised savings  – NHS England’s public servants signed the deal.

Those public servants will not be held accountable for their decision. In which case, what’s to stop public and civil servants making the wrong decisions time and again?

Two further questions:

Is NHS England too close to Capita to see the faults?

Do public servants have a vested interest in not criticising their outsourcing suppliers, in case opprobrium falls on both parties? 

Thank you to Zara Pradyer for drawing my attention to the Guardian article.

Hundreds of trainee GPs facing hardship as outsourcing firm Capita fails to pay – The Guardian.

 

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Inside Universal Credit IT – analysis of document the DWP didn’t want published

dwpBy Tony Collins

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP's written submission

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The submission was among the DWP’s written evidence to an FOI Tribunal in February 2016.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

Excerpts from the submission are here.

Analysis and Comment

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

Ian watmore front cover How to fix government IROn this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

universal creditWhen the DWP reluctantly released the 2012 reports in 2016 – and only after an informal request by the then DWP secretary of state Stephen Crabb – pundits were surprised at how prosaic the documents were.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

Need for openness

It’s generally accepted that success in running big IT-enabled change programmes requires openness – with staff and managers, and with external organisations and agencies.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

dwpLines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

How the DWP’s legal submission came about is explained in this separate post.

Were there leaks of particularly sensitive information?

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

Work and Pensions Committee front coverIn 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

DWP headline late and over budget

In 2006 the National Audit Office reported on Whitehall’s general lack of openness in a report entitled “Delivering successful IT-enabled business change”.

The report said,

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great difficulty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free flow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet officials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and find out what is going on in his socialist wonderland.”

Red team

Iain DuncanSmithA lack of reliable information on the state of the Universal Credit IT programme prompted the then secretary of state Iain Duncan Smith to set up his own “red team” review.

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to flee the presidential palace, only to be executed by a firing squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

Said Lord Bach,

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Lord WhittyAnother DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high effort within a bureacucracy, the leader needs “verifiable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

Bad news

Whtehall’s preoccupation with “good news only” goes well beyond the DWP.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

  • Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?
  • In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.
  • More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?
  • Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?
  • AL Kennedy mentioned the “botched” Universal Credit programme  when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

 Excerpts from the DWP submission

Some Twitter comments on this post:

tweet2

tweet3

tweet

tweet4

NHS “Wachter” digital review is delayed – but does it matter?

By Tony Collins

The Wachter review of NHS technology was due to be published in June but has been delayed. Would it matter if it were delayed indefinitely?

A “Yes Minister” programme about a new hospital in North London said it all, perhaps. An enthusiastic NHS official shows the minister round a hospital staffed with 500 administrators. It has the latest technology on the wards.

“It’s one of the best run hospitals in the country,” the NHS official tells the minister, adding that it’s up for the Florence Nightingale award for the standards of hygiene.

“But it has no patients,” says the minister.

Another health official tells the minister,

“First of all, you have to sort out the smooth running of the hospital. Having patients around would be no help at all.” They would just be in the way, adds Sir Humphrey.

In the Wachter’s review’s terms of reference (“Making IT work: harnessing the power of health IT to improve care in England“)  there is a final bullet point that refers, obliquely, to a need to consider patients. Could the Wachter terms of reference have been written by a satirist who wanted to show how it was possible to have a review of NHS IT for the benefit of suppliers, clinical administrators and officialdom but not patients?

The Wachter team will, according to the government,

• Review and articulate the factors impacting the successful adoption of health information systems in secondary and tertiary care in England, drawing relevant comparisons with the US experience;

• Provide a set of recommendations drawing on the key challenges, priorities and opportunities for the health and social care system in England. These recommendations will cover both the high levels features of implementations and the best ways in which to engage clinicians in the adoption and use of such systems.

In making recommendations, the board will consider the following points:

• The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;

• The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.

• The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;

• The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

Yes, there’s the mention of “patients” in the final bullet point.

Existing systems?

nhsSome major IT companies have, for decades, lobbied – often successfully – for much more public investment in NHS technology. Arguably that is not the priority, which is to get existing systems to talk to each other – which would be for the direct benefit of patients whose records do not follow them wherever they are looked at or treated within the NHS.

Unless care and treatment is at a single hospital, the chances of medical records following a patient around different sites, even within the same locality, are slim.

Should a joining up of existing systems be the main single objective for NHS IT? One hospital consultant told me several years ago – and his comment is as relevant today –

“My daughter was under treatment from several consultants and I could never get a joined-up picture. I had to maintain a paper record myself just to get a joined-up picture of what was going on with her treatment.”

Typically one patient will have multiple sets of paper records. Within one hospital, different specialities will keep their own notes. Fall over and break your leg and you have a set of orthopaedic notes; have a baby and you will have a totally different set of notes. Those two sets are rarely joined up.

One clinician told me, “I have never heard a coroner say that a patient died because too much information was shared.”

And a technology specialist who has multiple health problems told me,

“I have different doctors in different places not knowing what each other is doing to me.”

As part of wider research into medical records, I asked a hospital consultant in a large city with three major hospitals whether records were shared at least locally.

“You must be joking. We have three acute hospitals. Three community intermediate teams are in the community. Their records are not joined. There is one private hospital provider. If you get admitted to [one] hospital and then get admitted to [another] the next week your electronic records cannot be seen by the first hospital.  Then if you get admitted to the third hospital the week after, again not under any circumstances will your record be able to be viewed.”

Blood tests have to be repeated, as are x-rays; but despite these sorts of stories of a disjointed NHS, senior health officials, in the countless NHS IT reviews there have been over 30 years, will, it seems, still put the simplest ideas last.

It would not cost much – some estimate less than £100m – to provide secure access to existing medical records from wherever they need to be accessed.

No need for a massive investment in new technology. No need for a central patient database, or a central health record. Information can stay at its present location.  Just bring local information together on local servers and provide secure access.

A locum GP said on the Pulse website recently,

“If you are a member of the Armed Forces, your MO can get access to your (EMIS-based) medical record from anywhere in the world. There is no technical reason why the NHS cannot do this. If need be, the patient could be given a password to permit a GP to see another Surgery’s record.”

New appointments

To avoid having patients clog up super-efficient hospitals, Sir Humphrey would have the Wachter review respond to concerns about a lack of joined up care in the NHS by announcing a set of committees and suggesting the Department of Health and NHS England appoint a new set of senior technologists.

Which is just what has happened.

Last week NHS England announced  “key appointments to help transform how the NHS uses technology and information”. [One of the NHS appointments is that of a Director of Digital Experience, which is not a fictional title, incidentally. Ironically it seems to be the most patient-facing of the new jobs.]

Said the announcement,

“The creation of these roles reflects recommendations in the forthcoming review on the future of NHS information systems by Dr Bob Wachter.

“Rather than appoint a single chief information and technology officer, consistent with the Wachter review the NHS is appointing a senior medical leader as NHS Chief Clinical Information Officer supported by an experienced health IT professional as NHS Chief Information Officer.

“The first NHS Chief Clinical Information Officer will be Professor Keith McNeil, a former transplant specialist who has also held many senior roles in healthcare management around the world, including Chief Executive Officer at Addenbrooke’s Hospital, Cambridge University Hospitals NHS Foundation Trust and Chief Executive Officer at the Royal Brisbane and Women’s Hospital in Australia.

“The new NHS Chief Information Officer will be Will Smart, currently Chief Information Officer at the Royal Free London NHS Foundation Trust. Mr Smart has had an extensive career in IT across the NHS and in the private sector.

“The NHS CCIO and NHS CIO post-holders will act on behalf of the whole NHS to provide strategic leadership, also chairing the National Information Board, and acting as commissioning ‘client’ for the relevant programmes being delivered by NHS Digital (previously known as the Health and Social Care Information Centre).

“The roles will be based at NHS England and will report to Matthew Swindells, National Director: Operations and Information, but the post-holders will also be accountable to NHS Improvement, with responsibility for its technology work with NHS providers.

“In addition, Juliet Bauer has been appointed as Director of Digital Experience at NHS England. She will oversee the transformation of the NHS Choices website and the development and adoption of digital technology for patient ‘supported self-management’, including for people living with long term conditions such as diabetes or asthma. Ms Bauer has led delivery of similar technology programmes in many sectors, including leading the move to take Times Newspapers online…”

Surely a first step, instead of arranging new appointments and committees, and finding ways of spending money on new technology, would be to put in place data sharing agreements between hospitals?

A former trust chief executive told me,

“In primary care, GPs will say the record is theirs. Hospital teams will say it is our information and patient representative groups will say it is about patients and it is their nformation. In maternity services there are patient-held records because it is deemed good practice that mums-to-be should be fully knowledgeable and fully participating in what is happening to them.

“Then you get into complications of Data Protection Act. Some people get very sensitive about sharing information across boundaries: social workers and local authority workers. If you are into long-term continuous care you need primary care, hospital care and social care. Without those being connected you may do half a job or even less than that potentially. There are risks you run if you don’t know the full information.”

He added that the Summary Care Record – a central database of every patient’s allergies, medication and any adverse reactions to drugs, was a “waste of time”.

“You need someone selecting information to go into it [the Summary Care Record]so it is liable to omissions and errors. You need an electronic patient record that has everything available but is searchable. You get quickly to what you want to know. That is important for that particular clinical decision.”

Is it the job of civil servants to make the simple sound complicated?

Years ago, a health minister invited me for an informal meeting at the House of Commons to show me, in confidence, a one-page civil service briefing paper on why it was not possible to use the internet for making patient information accessible anywhere.

The minister was incredulous and wanted my view. The civil service paper said that nobody owned the internet so it couldn’t be used for the transfer of patient records.  If something went wrong, nobody could be blamed.

That banks around the world use the internet to provide secure access to individual bank accounts was not mentioned in the paper, nor the existence of the CHAPS network which, by July 2011, had processed one quadrillion (£1,000,000,000,000,000) pounds.

Did the briefing paper show that the civil service was frightened by the apparent simplicity of sharing patient information on a secure internet connection? If nothing else, the paper showed how health service officials will tend, instinctively, to shun the cheapest solutions. Which may help to explain how the (failed) £10n National Programe for IT came into being in 2002.

Jargon

Radiation_warning_symbolNobody will be surprised if the Wachter review team’s report is laden with  jargon about “delays between technology being introduced and a corresponding rise in output”. It may talk of how new technology could reduce the length of stay by 0.1528 of a bed day per patient, saving a typical hospital £1.8m annually or 7,648 bed days.

It may refer to visions, envisioning fundamental change, establishing best practice as the norm, and a need for adaptive change.

Would it not be better if the review team spoke plainly of the need for a patient with a fractured leg not having to carry a CD of his x-ray images to different NHS sites in a carrier bag?

Some may await the Wachter report with a weary apprehension that its delay – even indefinitely – will make not a jot of difference. Perhaps Professor Wachter will surprise them. We live in hope.

Wachter review terms of reference.

Review of IT in the NHS

https://ukcampaign4change.com/2016/02/09/another-npfit-it-scandal-in-the-making/

Hunt announces Wachter review

What can we learn from the US “hospitalist” model?

Another NPfIT IT scandal in the making?

By Tony Collins

Jeremy Hunt may have forgotten what he told the FT 2013, as reported in the paper on 2 June 2o13.

Referring to the failed National Programme for IT [NPfIT] in the NHS he said at that time,

“It was a huge disaster . . . It was a project that was so huge in its conception but it got more and more specified and over-specified and in the end became impossible to deliver, but we musn’t let that blind us to the opportunities of technology and I think one of my jobs as health secretary is to say, look, we must learn from that and move on but we must not be scared of technology as a result.”

He added, “I’m not signing any big contracts from behind [my] desk; I am encouraging hospitals and clinical commissioning groups and GP practices to make their own investments in technology at the grassroots level.”

Now the Department of Health (and perhaps some large IT suppliers) have encouraged Hunt to find £4bn for spending on technology that is (again) of questionable immediate need.

Says Computing, “A significant part of the paperless NHS plans will involve enabling patients to book services and order prescriptions online, as well as giving them the choice of speaking to their doctor online or via a video link.”

The £4bn, if that’s what it will cost, is much less than the cost of the NPfIT. But are millions to be wasted again?

[NPfIT was originally due to cost £2.3bn over three years from 2003 but is expected to cost £9.8bn over 21 years, to 2024.]

Yesterday (8 February 2016) the Department of Health announced a “review of information technology in the NHS”. Announcing it Hunt said.

“Improving the standard of care patients receive even further means embracing technology and moving towards a fully digital and paperless NHS.

NHS staff do incredible work every day and we must give them and patients the most up-to-date technology – this review will tell us where we need to go further.”

The NPfIT was supposed to give the NHS up-to-date technology – but is that what’s needed?

A more immediate need is for any new millions of central funding (for the cost would be in the tens of millions, not billions) to be spent on the seemingly mundane objective of getting existing systems to talk to each other, so that patients can be treated in different parts of the NHS and have their electronic records go with them.

This doesn’t need a new national programme for IT. Some technologists working in the NHS say it would cost no more than £150m, a small sum by NHS IT standards, to allow patient data to reside where it is but be accessed by secure links anywhere, much as secure links work on the web.

But the review’s terms of reference make only a passing reference to the need for interoperability.

Instead the review will have terms of reference that are arguably vague – just as the objectives for the NPfIT were.

The Department of Health has asked the review board, when making recommendations, to consider the following points:

  • The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;
  • The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.
  • The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;
  • The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

The head of the review board Professor Wachter will report his recommendations to the secretary of state for health and the National Information Board in June 2016.

Members of the National Advisory Group on health IT in England (the review board) are:

  • Robert Wachter, MD, (Chair) Professor and Interim Chairman, Department of Medicine,University of California, San Francisco
  • Julia Adler-Milstein, PhD, Associate Professor, Schools of Information and of Public Health, University of Michigan
  • David Brailer, MD, PhD, CEO, Health Evolution Partners (current); First U.S. National Coordinator for Health IT (2004-6)
  • Sir David Dalton, CEO, Salford Royal NHS Foundation Trust, UK
  • Dave deBronkart, Patient Advocate, known as “e-Patient Dave”
  • Mary Dixon-Woods, MSc, DPhil, Professor of Medical Sociology, University of Leicester, UK
  • Rollin (Terry) Fairbanks, MD, MS, Director, National Center for Human Factors in Healthcare; Emergency Physician, MedStar Health (U.S.)
  • John Halamka, MD, MS, Chief Information Officer, Beth Israel Deaconess Medical Center; Professor, Harvard Medical School
  • Crispin Hebron, Learning Disability Consultant Nurse, NHS Gloucestershire
  • Tim Kelsey, Advisor to UK Government on Health IT
  • Richard Lilford, PhD, MB, Director, Centre for Applied Health Research and Delivery, University of Warwick, UK
  • Christian Nohr, MSc, PhD, Professor, Aalborg University (Denmark)
  • Aziz Sheikh, MD, MSc, Professor of Primary Care Research and Development, University of Edinburgh
  • Christine Sinsky, MD, Vice-President of Professional Satisfaction, AMA; Primary care internist, Dubuque, Iowa
  • Ann Slee, MSc, MRPharmS, ePrescribing Lead for Integrated Digital Care Record and Digital Medicines Strategy, NHS England
  • Lynda Thomas, CEO, MacMillan Cancer Support, UK
  • Wai Keong Wong, MD, PhD, Consultant Haematologist, University College London Hospitals; Inaugural chair, CCIO Leaders Network Advisory Panel
  • Harpreet Sood, MBBS, MPH, Senior Fellow to the Chair and CEO, NHS England and GP Trainee

Comment

Perhaps egged on by one or two major suppliers in behind-the-scenes lobbying, Hunt has apparently found billions to spend on improving NHS IT.

Nobody doubts that NHS IT needs improving.  But nearly all GPs have impressive systems, as do many hospitals.  But the systems don’t talk to each other.

The missing word  from the review board’s terms of reference is interoperability. True, it’s difficult to achieve. And it’s not politically aggrandizing to find money for making existing systems interoperable.

But at present you can have a blood test at the GP, then a separate blood test at the local hospital and the full results won’t go on your electronic record because the GP and hospital are on different systems with no interoperability between them.

If you’re treated at a specialist hospital for one ailment, and at a different hospital 10 to 20 (or say 100) miles away for something else, it may take weeks for your electronic record to reflect your latest treatment.

Separate NHS sites don’t always know what each other is doing to a patient, unless information is faxed or posted between them.

The fax is still one of the NHS’s main modes of cross-county communication. The DoH wants to be rid of the fax machine but it’s indispensable to the smooth running of the NHS, largely because new and existing systems don’t talk to each other.

The trouble with interoperability – apart from the ugliness of the word – is that it is an unattractive concept to some of the major suppliers, and to DoH executives, because it’s cheap, not leading edge and may involve agreements on data sharing.

Getting agreements on anything is not the DoH’s forte. [Unless it’s an agreement to spend more money on new technology, for the sake of having up-to-date technology.]

Last year I broke my ankle in Sussex and went to stay in the West Midlands at a house with a large ground floor and no need to use stairs. There was no communication between my local GP and the NHS in the West Midlands other than  by phone, post or fax, and even then only a summary of healthcare information went on my electronic record.

I had to carry my x-rays on a CD. Then doctors at my local orthopaedic department in Sussex found it difficult to see the PACS images because the hospital’s PCs didn’t have CD players.

A government employee told me this week of a hospital that gave medication to a patient in the hope she would not have an adverse reaction. The hospital did not have access to the patient’s GP records, and the patient was unsure of the name of the medication she’d previously had an allergic reaction to.

Much of the feedback I have had from those who have enjoyed NHS services is that their care and treatment has been impeded by their electronic records not moving with them across different NHS sites.

Mark Leaning, visiting professor, at University College, London, in a paper for health software supplier EMIS, says the NHS is “not doing very well when it comes to delivering a truly connected health system in 2016. That’s bad for patient outcomes.”

That GPs and their local hospital often cannot communicate electronically  is a disgrace given the billions various governments have spent on NHS IT.  It is on interoperability that any new DoH IT money needs to be spent.

Instead,  it seems huge sums will be wasted on the pie-in-the-sky objective of a paperless NHS by 2020. The review board document released today refers to the “ambition of a paper- free health and care system by 2020”.

What’s the point of a paperless NHS if a kaleidoscope of new or existing systems don’t properly communicate?

Congratulations, incidentally, to GP software suppliers TPP and EMIS. They last year announced direct interoperability between their core clinical systems.

Their SystmOne and EMIS Web systems hold the primary care medical records for most of the UK population.

And this month EMIS announced that it has become the first UK clinical systems provider to implement new open standards for interoperability in the NHS.

It says this will enable clinicians using its systems to securely share data with any third party supplier whose systems comply with a published set of open application programme interfaces.

The Department of Health and ministers need to stop announcing things that will never happen such as a paperless NHS and instead focus their attention – and any new IT money – on initiatives that are not subconsciously aimed at either political or commercial gain.

It would be ideal if they, before announcing any new IT initiative, weighed up diligently whether it is any more important, and any more of a priority, than getting existing systems to talk to each other.

Review of information technology in the NHS

EMIS implements open standards

 

Another fine NHS IT mess

By Tony Collins

Today the National Audit Office reports on the General Practice Extraction Service, an IT system that allows patient data to be extracted from all GP practices in England.

The report says that Department of Health officials – who were then working for the NHS Information Centre – signed off and paid for a contract even though the system was unfit for use. The original business case for the system grossly underestimated costs.

And the system was developed using the highest-risk approach for new IT – a combination of agile principles and traditional fixed-price contract.

Some of the officials involved appear to be those who worked for NHS Connecting for Health – the organisation responsible for what has become the UK’s biggest IT-related failure, the £10bn National Programme for IT (NPfIT).

As with the NPfIT it is unlikely anyone responsible for the latest failure will be held accountable or suffer any damage to their career.

The NAO says officials made mistakes in the original procurement. “Contract management contributed to losses of public funds, through asset write-offs and settlements with suppliers.” More public money is needed to improve or replace the system.

Labour MP Meg Hillier MP, the new chairman of the Public Accounts Committee, sums up today’s NAO’s report:

“Failed government IT projects have long been an expensive cliché and, sadly for the taxpayer and service user, this is no exception.

“The expected cost of the General Practice Extraction Service ballooned from £14m to £40m, with at least £5.5m wasted on write-offs and delay costs.

“GPES has managed to provide data for just one customer – NHS England – and the data was received 4 years later than originally planned.

“While taxpayers are left picking up the tab for this failure, customers who could benefit, such as research and clinical audit organisations, are waiting around for the system to deliver what they need to improve our health service.”

Some GPs who do not want patient data to be extracted from their systems – they believe it could compromise their bond of confidentiality with patients – may be pleased the extraction system has failed to work properly.

But their concern about patient confidentiality being compromised will not make the failure of the extraction service any more palatable.

The NAO says it only learned of the failure of the extraction system through its financial audit of the Health and Social Care Information Centre. It learned that the system was not working as expected and that HSCIC had agreed to pay additional charges through a settlement with one of the main suppliers, Atos IT Services UK Ltd.

An NHS Connecting for Health legacy?

Work on the GP Extraction Service project began in 2007, first by the NHS Information Centre, and then by the HSCIC.

The NHS Information Centre closed in 2013 and responsibility transferred to the HSCIC which combines the Department of Health’s informatics functions – previously known as NHS Connecting for Health or CFH – and the former NHS Information Centre.

What went wrong 

The original business case said the extraction service would start in 2009-10, but it took until April 2014 for HSCIC to provide the first data extract to a customer.

Meanwhile other potential users of the system have found alternative sources of patient data in the absence of the HSCIC system.

The NAO says that officials changed the procurement strategy and technical design for the GPES extraction systems during the project. “This contributed to GPES being unable to provide the planned number and range of data extracts.”

The NHS Information Centre contracted with Atos to develop a tool to manage data extraction. In March 2013, the Centre accepted delivery of this system from Atos.

But officials at the HSCIC who took over the system on 1 April 2013 found that it had fundamental design flaws and did not work. “The system test did not reflect the complexity of a ‘real life’ data extract and was not comprehensive enough to identify these problems”.

To work in a ‘real life’ situation, the GPES query system needed to communicate accurately with the four separate extraction systems and other systems relying on its data.  The test officials and Atos agreed was less complex. It did not examine extractions from multiple extraction systems at once.

Nor did the test assess the complete process of extracting and then passing GPES data to third-party systems.

Fixed price and agile – a bad combination

Officials began procuring the GPES query tool in April 2009, using a fixed-price contractual model with ‘agile’ parts. The supplier and officials would agree some of the detailed needs in workshops, after they signed the contract.

But the NAO says there was already evidence in central government at this time that the contractual approach – combining agile with a fixed price – was high risk.

The NAO’s report “Shared Services in the Research Councils”reviewed how research councils had created a shared service centre, where a similarly structured IT contract failed.

In the report, Fujitsu and the shared service centre told the NAO that: “the fixed-rate contract awarded by the project proved to be unsuitable when the customers’ requirements were still unclear.”

The court case of De Beers vs. Atos Origin highlighted a similar failure.

To make matters worse officials relied too heavily on contractors for development and procurement expertise.  And 10 project managers were responsible for GPES between 2008 and 2013.

Once health officials and Atos had signed the query tool contract, they found it difficult to agree the detailed requirements. This delayed development, with Atos needing to start development work while some requirements had yet to be agreed. Officials and Atos agreed to remove some minor components. Others were built but never used by HSCIC.

A Department of Health Gateway 4 review in December 2012 found that difficulties with deciding requirements were possibly exacerbated by development being offshore.

They raised concerns about the project management approach:

“The GPET-Q [query tool] delivery is being project managed using a traditional ‘waterfall’ methodology. Given the degree of bespoke development required and the difficulties with translation of requirements during the elaboration parts of R1, the Review Team considers that, with hindsight, it might have been beneficial to have adopted an Agile Project Management approach instead.”

General Practice Extraction Service – an investigation. NAO report. 

Latest healthcare IT disaster is a reminder of how vital government digital transformation is.

 

What do Ben Bradshaw, Caroline Flint and Andy Burnham have in common?

By Tony Collins

Ben Bradshaw, Caroline Flint and Andy Burnham have in common in their political past something they probably wouldn’t care to draw attention to as they battle for roles in the Labour leadership.

Few people will remember that Bradshaw, Flint and Burnham were advocates – indeed staunch defenders – of what’s arguably the biggest IT-related failure of all time – the £10bn National Programme for IT [NPfIT.

Perhaps it’s unfair to mention their support for such a massive failure at the time of the leadership election.

A counter argument is that politicians should be held to account at some point for public statements they have made in Parliament in defence of a major project – in this case the largest non-military IT-related programme in the world – that many inside and outside the NHS recognised was fundamentally flawed from its outset in 2003.

Bradshaw, Flint and Burnham did concede in their NPfIT-related statements to the House of Commons that the national programme for IT had its flaws, but still they gave it their strong support and continued to attack the programme’s critics.

The following are examples of statements made by Bradshaw, Flint and Burnham in the House of Commons in support of the NPfIT, which was later abandoned.

Bradshaw, then health minister in charge of the NPfIT,  told the House of Commons in February 2008:

“We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme.

“It is important to put on record that those delays were not because of problems with supply, delivery or systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so…

“The health service is moving from being an organisation with fragmented or incomplete information systems to a position where national systems are integrated, record keeping is digital, patients have unprecedented access to their personal health records and health professionals will have the right information at the right time about the right patient.

“As the Health Committee has recognised in its report, the roll-out of new IT systems will save time and money for the NHS and staff, save lives and improve patient care.”

[Even today, 12 years after the launch of the National Programme for IT, the NHS does not have integrated digital records.]

Caroline Flint, then health minister in charge of the NPfIT,  told the House of Commons on 6 June 2007:

“… it is lamentable that a programme that is focused on the delivery of safer and more efficient health care in the NHS in England has been politicised and attacked for short-term partisan gain when, in fact, it is to the benefit of everyone using the NHS in England that the programme is provided with the necessary resources and support to achieve the aims that Conservative Members have acknowledged that they agree with…

“Owing to delays in some areas of the programme, far from it being overspent, there is an underspend, which is perhaps unique for a large IT programme.

“The contracts that were ably put in place in 2003 mean that committed payments are not made to suppliers until delivery has been accepted 45 days after “go live” by end-users.

“We have made advance payments to a number of suppliers to provide efficient financing mechanisms for their work in progress. However, it should be noted that the financing risk has remained with the suppliers and that guarantees for any advance payments have been made by the suppliers to the Government…

“The national programme for IT in the NHS has successfully transferred the financing and completion risk to its suppliers…”

Andy Burnham, then Health Secretary, told the House of Commons on 7 December 2009:

“He [Andrew Lansley] seems to reject the benefits of a national system across the NHS, but we do not. We believe that there are significant benefits from a national health service having a programme of IT that can link up clinicians across the system. We further believe that it is safer for patients if their records can be accessed across the system…” [which hasn’t happened].

Abandoned NHS IT plan has cost £10bn so far