Category Archives: Department of Health

Civil servant in charge of £9.3bn IT project is not shown internal review report on scheme’s failings.

By Tony Collins

“If people don’t know what you’re doing, they don’t know what you’re doing wrong” – Sir Arnold Robinson, Cabinet Secretary, Yes Minister, episode 1, Open Government.

Home Office officials kept secret from the man in charge of a £9.3bn project a report that showed the scheme in serious trouble.

The Emergency Services Network is being designed to give police, ambulance crew and firemen voice and data communications to replace existing “Airwave” radios.  The Home Office’s permanent secretary Philip Rutnam describes the network under development as a “mission-critical, safety-critical, safety-of-life service”.

But Home Office officials working on the programme did not show an internal review report on the scheme’s problems to either Rutnam or Stephen Webb, the senior responsible owner. They are the two civil servants accountable to Parliament for the project.

Their unawareness of the report made an early rescue of the Emergency Services Network IT programme less likely. The scheme is now several years behind its original schedule, at least £3.1bn over budget and may never work satisfactorily.

The report’s non circulation raises the question of whether Whitehall’s preoccupation with good news and its suppression of the other side of the story is killing off major government IT-based schemes.

With the Emergency Services Network delayed – it was due to start working in 2017 – police, ambulance and fire services are having to make do with the ageing Airwave system which is poor at handling data.

Meanwhile Motorola – which is Airwave’s monopoly supplier and also a main supplier of the Emergency Services Network – is picking up billions of pounds in extra payments to keep Airwave going.

Motorola may continue to receive large extra payments indefinitely if the Emergency Services Network is never implemented to the satisfaction of he emergency services.

EE is due to deliver the network component of the Emergency Services Network. Motorola is due to supply software and systems and Kellogg Brown & Root is the Home Office’s delivery partner in implementing the scheme.

Has Whitehall secrecy over IT reports become a self-parody?

The hidden report in the case of the Emergency Services Network was written in 2016, a year after the scheme started. It said that dialogue between suppliers, notably EE and Motorola, did not start until after the effective delivery dates. Integration is still the main programme risk.

MP SIr Geoffrey Clifton Brown has told the Public Accounts Committee that the report highlighted an absence of clarity regarding dependency on the interface providers, which caused something of an impasse.

He said the report “alluded to the fact that that [a lack of clarity around integration] remains one of the most serious issues and is not showing any signs of resolution”.

Stephen Webb has been in charge of the project since its start but he is the business owner, the so-called “senior responsible owner” rather than the programme’s IT head.

In the private sector, the IT team would be expected to report routinely to a scheme’s business owner.

But in central government, secrecy over internal assurance reports on the progress or otherwise of major IT-related projects is a Whitehall convention that dates back decades.

Such reports are not published or shared internally except on a “need-to-know” basis. It emerged during legal proceedings over the Universal Credit IT programme that IT project teams kept reports secret because they were “paranoid” and “suspicious” of colleagues who might leak documents that indicated the programme was in trouble.

As a result, IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”; and Universal Credit programme papers were watermarked.

The secrecy had no positive effect on the Universal Credit programme which is currently running 11 years behind its original schedule.

Webb has told MPs he was “surprised” not to have seen review report on the Emergency Services Network. He discovered the report’s existence almost by accident when he read about it in a different report written a year later by Simon Ricketts, former Rolls Royce CIO.

This month the Public Accounts Committee criticised the “unhealthy good news” culture at the Home Office. The Committee blamed this culture for the report’s not being shown to Webb.

The Home Office says it doesn’t know why Webb was not shown the “Peter Edwards” report. The following was an exchange at the Public Accounts Committee between MP Sir Geoffrey Clifton-Brown, Webb and Rutnam.

Clifton-Brown: When you did that due diligence, were you aware of the Peter Edwards report prepared in the fourth quarter of 2016?

Rutnam: No, I’m afraid I was not. The Peter Edwards report on what exactly, sorry?

Clifton-Brown: Into the problems with ESN [Emergency Services Network], in particular in relation to suppliers.

Rutnam: I do not recall it. It may have been drawn to my attention, but I’m afraid I do not recall it.

Webb: It was an internal report done on the programme. I have not seen it either.

Clifton-Brown: You have not seen it either, Mr Webb—the documents tell us that. Why have you not seen such an important report? As somebody who was in charge of the team—a senior responsible officer—why had you not seen that report?

Webb: I don’t know. I was surprised to read it in Simon’s report. [Simon Ricketts.]

Chair: Who commissioned it?

Webb: The programme leadership at the time.

Chair: That is the board?

Webb: The programme director. It was a report to him about how he should best improve the governance. I think he probably saw it as a bit of an external assurance. It probably would have been better to share it with me, but that was not done at the time.

Clifton-Brown: “Probably would have been better to share it”? That report said that dialogue between suppliers, notably EE and Motorola, only started after the effective delivery dates. The report highlighted that there was not clarity regarding dependency on the interface providers, and that caused something of an impasse. It also alluded to the fact that that remains one of the most serious issues and is not showing any signs of resolution. That was in 2016, in that report. Had that report been disseminated, would we still be in the position that we are today?

Webb: I think that we would have wanted to bring forward the sort of [independent] review that the Home Secretary commissioned, and we would have done it at an earlier date.

Clifton-Brown: Why did you need to? You would not have needed to commission another review. You could have started getting to the root of the problem there and then if you had seen that report.

Webb: Yes.

Comment:

Webb and Rutman seem highly competent civil servants to judge from the open way they answered the questions of MPs on the Public Accounts Committee.

But they did not design the Emergency Services Network scheme which, clearly, had flawed integration plans even before contracts were awarded.

With no effective challenge internally and everything decided in secret, officials involved in the design did what they thought best and nobody knew then whether they were right or wrong. With hindsight it’s easy to see they were wrong.

But doing everything in secret and with no effective challenge is Whitehall’s  systemically flawed way of working on nearly all major government IT contracts and it explains why they fail routinely.

Extraordinary?

It’s extraordinary – and not extraordinary at all – that the two people accountable to Parliament for the £9.3bn Emergency Services Network were not shown a review report that would have provided an early warning the project was in serious trouble.

Now it’s possible, perhaps even likely, the Emergency Services Network will end up being added to the long list of failures of government IT-based programmes over the last 30 years.

Every project on that list has two things in common: Whitehall’s obsession with good news and the simultaneous suppression of all review reports that could sully the good news picture.

But you cannot run a big IT-based project successfully unless you discuss problems openly. IT projects are about solving problems. If you cannot admit that problems exist you cannot solve them.

When officials keep the problems to themselves, they ensure that ministers can be told all is well. Hence, ministers kept telling Parliament all was well with the £10bn National Programme for IT in the NHS  – until the scheme was eventually dismantled in 2011.

Parliament, the media and the public usually discover the truth only when a project is cancelled, ends up in the High Court or is the subject of a National Audit Office report.

With creative flair, senior civil servants will give Parliament, the National Audit Office and information tribunals a host of reasons why review reports on major projects must be kept confidential.

But they know it’s nonsense. The truth is that civil servants want their good news stories to remain uncontradicted by the disclosure of any internal review reports.

Take the smart meters roll-out. Internal review reports are being kept secret while officials give ministers and the Department for Business, Energy and Industrial Strategy the good news only. Thus, the latest Whitehall report on smart meters says,

“Millions of households and small businesses have made the smart choice to get a smart meter with over 12.8 million1 operating in smart mode across Great Britain. This world leading roll out puts consumers firmly in control of their energy use and will bring an end to estimated bills.”

Nothing is said about millions of homes having had “smart” meters installed that are neither smart nor compatible for the second generation of smart meters which have a set of problems of their own.

The answer?

For more than 30 years the National Audit Office and the Public Accounts Committee have published seemingly unique reports that each highlight a different set of problems. But nobody joins the dots.

Sir Arnold, the Cabinet Secretary said in “Yes Minister“, that open government is a contradiction in terms. “You can be open, or you can have government.

This is more than a line in a TV satire.  It is applied thinking in every layer of the top echelons of civil service.

Collective responsibility means civil servants have little to fear from programme failures. But they care about departmental embarrassment. If reviews into the progress or otherwise of IT-enabled programmes are published, civil servants are likely to be motivated to avoid repeating obvious mistakes of the past. They may be motivated to join the dots.

But continue to keep the review reports secret and new sets of civil servants will, unknowingly each time, treat every project as unique. They will repeat the same mistakes of old and be surprised every time the project collapses.

That the civil service will never allow review reports of IT programmes to be published routinely is a given. If the reports were released, their disclosure of problems and risks could undermine the good news stories ministers, supported by the civil service, want to feel free to publish.

For it’s a Whitehall convention that the civil service will support ministerial statements whether they are accurate or not, balanced or not.

Therefore, with review reports being kept secret and the obsession with good news being wholly supported by the civil service, government’s reputation for delivering successful IT-based programmes is likely to remain tarnished.

And taxpayers, no doubt, will continue to lose billions of pounds on failed schemes.  All because governments and the civil service cannot bring themselves to give Parliament and the media – or even those in charge of multi-billion pound programmes –  the other side of the story.

Home Office’s “unhealthy good news culture” blamed for Emergency Services Network Delays – Civil Service World

Emergency Services Network is an emergency now – The Register

Home Office not on top of emergency services programme – Public Accounts Committee report, July 2019

Advertisements

More public sector IT-related failures for which nobody will be accountable – a solution?

The Times front page – 23 January 2019

By Tony Collins

Criminal trials were delayed, jurors unable to enrol and witness statements inaccessible.

Quoting a tweet by the authoritative @BarristerSecret, the BBC said the “entire digital infrastructure” of courts was “broken for days”.

@BarristerSecret added,

“No accountability, no lessons learned.”

In the Spectator, Matthew Scott, a criminal barrister at Pump Court Chambers, said,

“Nobody seems to know exactly what has gone wrong or, if they do, they do not like to say.”

His Spectator blog was headlined,

The Spectator – 24 Jan 2019

 

 

“The most irritating fault has been for a few days the near total seizure (or ‘major service degradation’ to use the official non-explanation) of the secure email system (‘CJSM’) which for several years now has been the only authorised means of written communication between the Crown Prosecution Service and defence lawyers, probation, prisons, police and others.”

The Law Society Gazette said,

Law Society Gazette – 22 Jan 2019

 

 

 

The Law Society Gazette gave examples of how the problems had caused disruption and angst in the criminal justice system. It said,

“Major disruption that affected multiple Ministry of Justice IT systems last week continues to cause chaos.

“Lawyers on the front line have told the Gazette that trials have been delayed, jurors have been unable to enrol and practitioners have been prevented from confirming attendance that will enable them to get paid.

“Last week the ministry’s digital and technology team said most systems were improving. However, the Gazette has spoken to practitioners whose experiences suggest otherwise.”

A criminal barrister who spent the day in Leicester Crown Court said  none of the court’s computer systems was operational, jurors could not be enrolled, and no advocates could sign into the Ministry of Justice’s XHIBIT system, an online service that logs lawyers’ attendance so they can get paid.

A lawyer at Lincoln Crown Court said the XHIBIT system was down again. The Crown Court Digital Case System, on which all cases are accessed, was also down.

A criminal defence solicitor arrived at Highbury Magistrates’ Court in London at 9.15am, where there were several clients in the cells. But jailers did not know which courts the cases would be heard in and  because there was no wi-fi in the building magistrates had no access to any papers on their ipads before the hearings.

“The Gazette was told that several people attended Scarborough Magistrates’ Court last week to make statutory declarations in respect of driving matters. ‘Most of these people had come suited and booted, with all the anxiety that marks ordinary members of the public out as different from the frequent flyers who regularly come before the courts.

“These poor souls were left hanging around all morning, until 1pm, when they were advised that the systems were still not back up. Two of them agreed to come back on an adjourned date, 14 days later, but one of them explained that he couldn’t take further time off work. He was asked to come back in the afternoon, in the vain hope that the case management system might be back online.”

Former government chief technology officer Andy Beale quoted The Times in a tweet,

 

 

 

In another tweet, Beale said,

 

 

 

The Guardian reported yesterday (28 January 2019) that the Ministry of Justice knew its court computer systems were “obsolete” and “out of support” long before the network went into meltdown, internal documents have revealed.

The MoJ document, entitled Digital & Technology, said, “Historical under-investment in ageing IT systems has built our technical debt to unacceptable levels and we are carrying significant risk that will result in a large-scale data breach if the vulnerabilities are exploited.”

It added, “We have a Technology 2022 strategy, but it is not funded to help us address the long-term issues with current systems and allow us to make best use of new technologies to improve service delivery.”

It referred to a database used by 16 employment tribunal administrative offices in which the “scale of outage” accounted for 33% of incidents over the previous six months. Users were unable to access systems for a “significant number of hours”.

The report cited problems such as “risk of database corrupted leading to data loss; unable to restore service in a timely manner”, and added: “Judges say they will put tribunal activity on hold because of the poor running of the application.”

Government response

In the Commons, the government’s justice minister Lucy Frazer, responding to an urgent Labour request for a statement on the IT problems, was relaxed in her comments. She said the disruption was “intermittent” and the problems were merely “frustrating”. She added,

“The issue that has arisen relates mainly to email systems. There has been minimal disruption, I am told, to the courts system as a whole.”

She said there had been an “infrastructure failure in our supplier’s data centre”.

“The Prison Service has not been affected and—to correct inaccurate reporting—criminals have not gone free as a result of the problem. We have been working closely with our suppliers, Atos and Microsoft, to get our systems working again, and yesterday we had restored services to 180 court sites, including the largest ones.

“Today (23 January 2019), 90% of staff have working computer systems. Work continues to restore services and we expect the remainder of the court sites to be fully operational by the time they open tomorrow morning. We are very disappointed that our suppliers have not yet been able to resolve the network problems in full.

“This afternoon, the permanent secretary, Sir Richard Heaton, will meet the chief executive of Atos and write personally to all members of the judiciary. I am very grateful to all our staff who have been working tirelessly and around the clock, alongside our suppliers, to resolve the issues.”

Labour’s Yasmin Qureshi asked if Microsoft and Atos have paid any penalties to which Frazer gave a vague, non-committal reply,

“… the permanent secretary is meeting the supplier’s chief executive this afternoon and of course we will look carefully at the contracts, which include penalty clauses.”

Frazer later said the problem related to a “server” which raised questions about how the failure of a single server, or servers, could cause widespread chaos in the courts.

Labour’s Steve McCabe said the server problem was not a  single or unusual event.

“… her Department has been receiving reports of failures in the criminal justice secure email service for at least six months now”.

Police systems

The BBC reported last week that problems with a police IT system were causing some criminals to escape justice.

Nine forces in England and Wales use Athena from Northgate Public Services. They are Bedfordshire, Cambridgeshire, Essex, Hertfordshire, Kent, Norfolk, Suffolk, Warwickshire and West Mercia. The system is designed to help speed up the detection of crimes.

But officers told the BBC’s Victoria Derbyshire programme that it crashes regularly and is overly complicated, meaning some cases are not built in time or dropped.

Developers Northgate Public Services apologised for problems “in small areas”, which it said it was fixing.

A joint response from nine police forces said Athena – which has cost £35m over the past 10 years – had been “resilient and stable, although no system is perfect”.

The system was introduced following a government directive for forces to share intelligence after the Soham murders of Holly Wells and Jessica Chapman, in 2002.

Officers said the intelligence-sharing function works well but problems arise when they use the system to build cases for the Crown Prosecution Service.

The delays it causes means officers can struggle to get the information together in time to charge suspects or the cases are not up to a high-enough standard and are dropped.

Serving officers at Bedfordshire, Hertfordshire and Essex told the programme the process could now take up to twice as long.

The BBC did not name any officers who revealed details of the problems because they could face disciplinary action for speaking out. Their comments included:

  • “The first two weeks it (the system) was brought in were the worst two weeks of my entire career. It’s overly bureaucratic. It doesn’t understand the police investigative process at all. From day one, it malfunctioned. Four years on, it is still malfunctioning”
  • “It often requires information that is totally irrelevant and if you miss just one data entry point (like whether a solicitor is male or female), I have to reject the whole case and send it back to the officer”
  • “Even for a simple shoplift, I probably have to press about 50 buttons, with a 30-second minimum loading time between each task”
  • “There have been incidents where charges have been dropped because of the inadequacies of the system. There have been cases of assaults, albeit fairly minor assaults, but these are still people who should be facing criminal charges”
  • “It slows the whole criminal justice system down. At the moment, it is not fit for purpose. This is the most challenging time I have come across. We’re at breaking point already. This has pushed some officers over the edge”
  • “When you’ve got detainees in a custody block who’ve got various illnesses and ailments, medical conditions that are all recorded on there and they need medication at certain times – it became very dangerous because we were unable to access the records”

The nine forces – which also include those in Cambridgeshire, Kent, Norfolk, Suffolk, Warwickshire and West Mercia – said in a joint statement that they had been working with the supplier to identify and correct issues as they arose.

“Over the 12 months up to November 2018, there have only been 72 hours of total downtime and there are detailed plans in place of how to manage business when this occurs.”

Northgate Public Services, which created Athena, said 40,000 officers accessed the system and benefited from improved criminal intelligence.

It said it was working to make improvements to the “complex system”.

“We recognise there are a small number of areas of the solution where improvements can be made and we apologise for any difficulties this has caused.

“We are working hard with the customer and other parties to make these improvements as a priority.”

Comment:

As @BarristerSecret said,

“No accountability, no lessons learned.”

In central and local government, accountability means suppliers sometimes have to pay small penalties. Outsourcing supplier Capita last year paid Barnet Council about £4.2m in compensation for poor performance.

It was a fraction of the hundreds of millions Capita has received from Barnet Council.

Sometimes the opposite happens and it is the supplier that wins money from the government after a failure.

The Home Office sacked Raytheon over problems on an e-borders IT systems and ended up paying Raytheon £224m in compensation.

The Department of Heath ended up paying Fujitsu hundreds of millions of pounds after the supplier’s contract to deliver systems under the National Programme for IT [NPfIT] was ended.

A major failure in one area of the public sector will not  stop or deter officials from awarding the same supplier a major contract in the same or another part of the public sector.

Were a major failure or legal dispute to preclude a supplier from bidding for further UK public sector work, most if not all major suppliers would today have little UK government business.

A solution?

There is an effective way to encourage IT suppliers and the public sector to avoid public service failures. But the senior civil service isn’t interested.

That solution would be to publish – after every major public services failure – a full, independent third-party report into what went wrong and why.

Some senior officials seem unruffled by public criticism or even contempt after a services failure. But particularly in some of the major departments, there is a high-level fear of the full truth emerging after an administrative disaster.  Departments would do almost anything to avoid IT-related failures if reports on the causes were routinely published.

But unless there is a Parliamentary or public clamour for such internal analyses to be published, they will remain hidden or uncommissioned.

When the National Audit Office publishes a report on a departmental failure, the report has usually been agreed and signed off by the department; and it is usually a one-off report.

When public services descend into chaos, as happened in the court service last week, immense pressure falls on the IT teams to restore normal services urgently. But without the routine publication of reports on major IT-related public service failures, where is the motivation for senior officials to avoid chaos in the first place?

House of Commons debate on the courts’ IT failures

Thank you to Celina Bledowska for her tweet alerting me to the criminal justice IT problems.

Uupublished plan to throw another £13bn at the NHS’s IT problems?

By Tony Collins

The Health Service Journal yesterday revealed details of NHS IT investment plans that have been costed at about £12.9bn over the next five years.

The HSJ’s award-winning technology correspondent Ben Heather  says the sums currently involved – which could reduce as proposals are “reined in” – are on a par with the notorious National Programme for IT in the NHS.

He says that officials working on the plan have produced an estimate of between £10.9bn and £12.9bn for the cost of supporting proposals across 15 long-term plan “workstreams” ranging from creating personalised care to improving cancer survival.

The figures form part of the work of the digital and technology workstream for the long term plan, which is being developed by NHS England and NHS Improvement.

“The sum would be on par with the National Programme for IT, the most expensive push to improve IT systems in NHS history and an infamously costly and troubled project. It is likely to reduce substantially, however, as ambitions for the plan are negotiated and reined in over coming weeks.”

The plan is due to be published in late November or early December. The health secretary is known to be a keen advocate of new IT-related investments.

It is likely that a sizeable portion of the new £20bn planned for the NHS – which will be financed partly by tax increases that are due to be announced in the budget later this month – will go on NHS technology.

But the Health Service Journal suggests the investments will be controlled centrally, which may be a bad sign given that one of the major flaws in the failed £13bn NPfIT was that money was controlled centrally rather than by local groups of doctors and nurses.

Comment

On the face of it the current investment proposals bear no resemblance to the NHS IT programme NPfIT which was “dismantled” in 2011.

The NPfIT comprised a handful of specific major projects that were to be implemented nationally under the umbrella of “ruthless standardisation”.

The current proposals look very different. The investments fall into vague categories such as digitalising secondary care, improvements to IT infrastructure, data gathering and analytics.

The proposals have all the appearance of a different way the NHS has found to waste vast sums of public money.

It has never been acknowledged by the Treasury, NHS England or the Department of Health that the NPfIT wasted billions on spending that was invisible to the public, such as numerous consultants, years of globe-trotting by officials, first-class hotels across the world, sponsored conferences and unreported funds for marketing items that included DVDs and board games designed especially to promote the IT programme.

For officials, there’s nothing more exciting than going to work on a £13bn technology programme where money flows more freely than water. It’s no wonder officialdom is lobbying for the money.

No doubt it will be easy for officials to obtain the new billions. At any time in the recent history of the NHS it would have been easy on paper to justify £13bn for new NHS technology. Much of the £13bn could be justified simply enough by submitting plans to HM Treasury to modernise what already exists.

It was easy to justify the NPfIT. Tony Blair approved it at a Downing Street meeting that lasted 40 minutes. Computer Weekly obtained minutes of the Downing Street meeting after various FOI appeals.

But the NHS needs £13bn to be spent wisely on technology. The last thing the NHS needs is for Whitehall officials to be involved. History shows that Whitehall has the reverse Midas touch when it comes to major NHS IT investments. It is local groups of doctors and nurses who know how to spend the money wisely.

If either NHS England or the Department of Health and Social Care is involved in the new proposals for NHS IT investments – and they both are – it’s almost certain the new plans will end up as costly failures.

How would the public feel if they realised that a sizeable portion of their increased taxes for the NHS is almost certainly destined for the dustbin marked “mismanaged Whitehall IT schemes”.

Revealed: Officials’ £13bn funding ask to modernise NHS IT

Another NPfIT scandal in the making?

£20bn for the NHS? – not spent like this please

Johnathan Lewis, CEO Capita (right) and Simon Stevens, Chief Executive, NHS England (left) at Monday’s Public Accounts Committee.

By Tony Collins

Capita apologies for working “blind” on NHS outsourcing contract – but no humility from NHS England

Capita’s CEO Johnathan Lewis was contrite and authoritative when he appeared before public accounts MPs in the House of Commons on Monday.

He apologised unreservedly for what the committee chairwoman Meg Hillier called “a shambles”, which was Capita’s £330 seven to ten-year contract to run a range of services for GPs, dentists and ophthalmologists, as well as handle invitations and test results for cervical screening.

Capita’s Primary Care Support Services contract began in 2015 and complaints about the service from medical practitioners began to flow months later.

Capita made mistakes, said Lewis who was supported by his colleague Stephen Sharp, who reports directly to Lewis on public sector contracts. One mistake was that Capita tried to save money too soon by folding the work of 47 local NHS offices with 1650 staff into three offices without fully understanding that each office had a different way of working and a different way of delivering NHS services.

[A similar mistake helped to floor the £10bn National Programme for IT in the NHS (NPfIT), where suppliers and Whitehall officials tried unsuccessfully to use computers to standardise working practices and services in hundreds of hospitals before they fully understood the widely-different approaches of each hospital.]

Lewis told the Public Accounts Committee on Monday,

“This was an extremely complex outsourcing of services that I think both parties would recognise were not fully understood when the work was outsourced – the volumes, the scope, the fact that the service was being delivered in different ways across the different regions that became NHS England. At the same time I recognise the pressure NHS England were under to reduce costs and hence the pressure on them to outsource.”

His colleague Stephen Sharp added,

“I think mistakes were made. During the bid stage, NHS England did say there were some inconsistencies and differences within the various operations. But once Capita got into all the offices and looked at it, the inconsistencies and differences were not inconsequential. It was more or less 45 different services being run from 45 different offices, so the closure programme, which we adhered to and carried on with, we maybe should have stopped. We just made the problem worse as we went along.”

Why didn’t you stop the office closures, asked Conservative MP Anne Marie Morris who added that “even the NHS said, ‘We think you need to stop’.”

Sharp replied,

“We were actually working blind for a period of time. It was only once the service had been running under our control for a few months that complaints started to come in and we started to see visibility that there were bigger issues than we thought there were.”

With hindsight he said he would not have closed offices “until we had got the procedures operating on a national basis”. He conceded that if NHS England and Capita had deferred closing offices, the first two years of savings of about £60m would not have been achieved.

Capita’s losses of £140m

Lewis said that Capita had invested £125m in the contract but, given the loss of profit margin, the losses would be closer to £140m. “We will not make money over the life of this contract,” said Lewis.

An MP asked: why not walk away?

Lewis replied, “Because we made a commitment to deliver this service and reputations depend on that commitment. We see the public sector as a segment of our market that helps us achieve a diversified revenue base. It is a segment where we have services and solutions, where we can create value for the taxpayer and that is why it is an attractive segment.”

Capita is now meeting 41 of the 45 KPIs and, though the company is making good progress against the remaining four KPIs, it doesn’t change the fact that “our initial execution on this contract was not good and for that we apologise unreservedly,” said Lewis.

There were failings on the part of NHS England too. Health officials were so anxious to achieve the savings from closing offices and replacing old IT that couldn’t be relied on that they failed to test new national, standardised working practices and services before they asked a supplier to implement this strategy.

The result was that officials at NHS England had no clear idea of how much work they were outsourcing. They left due diligence to Capita; and Capita admitted at the hearing it did not do enough due diligence at the bid stage. If it had understood how much work was involved it would have bid a higher price or not bid at all.

NHS England also failed to involve most of the potential end-users – GPs, dentists and ophthalmologists in the design and planning of new services that would directly affect them such as pensions and payments.

Lewis said.

“There are other stakeholders that have historically not been brought into this process to the extent that they should have been, such as the BMA [British Medical Association] in how we might implement the digitisation of pension payments and the management of its pensions, or the Confederation of Dental Employers with regard to ophthalmic payments.

“We want to bring them into the process in ways that they have not been historically because we think that that will ultimately lead to a more successful roll out of the technology… They rightly have influence over the process. If we are going to roll out a process for digitising the 20,000 paper documents that cover the process by which you get refunded for an ophthalmic prescription today, surely those people need to be involved in the final roll-out and configuration of that solution.”

Absence of humility?

When MPs questioned the top official at NHS England, Simon Stevens, there was little sign of humility, contrition or regret. He left an impression that the same problems could end up being repeated by a different supplier under a different contract. One Conservative MP Bim Afolami found himself “sticking up for Capita”.

Afolami said,

“Do you feel, Mr Stevens, that criticism of this contract is in any way unfair on Capita? The more I hear, the more I feel that Capita has taken the sharp end of this and NHS England, despite slight reputational difficulty, has saved £60 million. To what extent do you feel that you should take more of the blame here and Capita should take less of it?”

Stevens emphasised the £60m savings but made no mention any of the contract’s specific problems such as the thousands of patient records that went missing, dozens of women left off cancer-screening lists, the qualified GPs who were unable to work for months while the system delayed verifying their entitlement to go onto a “National Performers List”, the GPs who ran short of basic supplies or the GPs and ophthalmologists who suffered financial detriment because of delayed payments.

Said Stevens,

“First, let me say that this has clearly been a rocky road, and the National Audit Office accurately described the bumps along the way, which are regrettable. That should not obscure the fact that, notwithstanding the economic pain that Capita has experienced, the contract has saved taxpayers £60 million in lower administrative costs in the National Health Service over the first two years of its life … that £60 million of savings is not to be sniffed at; it is the equivalent of 30,000 operations.”

Comment:

Campaign4Change has repeatedly criticised Capita’s performance on Barnet’s outsourcing contract, in part because Capita and the council have been markedly defensive – thin-skinned.

It was refreshing, therefore, to hear Capita’s newish CEO Jonathan Lewis being openly contrite over highly-visible failings in the NHS contract. He gave the impression to public accounts MPs of being a CEO who is determined to put right the failings for the sake of Capita’s reputation. The cost of correcting the problems seemed a secondary consideration.

With Lewis at the helm, Capita’s share price has continued to rise in recent weeks.

Less impressive at Monday’s hearing was Simon Stevens, NHS England’s chief executive, who seemed to imply that NHS England had done nothing wrong.  It was a reaction we’ve come to expect from top civil servants after an IT-related programme disaster. It’s never the fault of officialdom.

The reality is that NHS England was almost as culpable as Capita. NHS England rushed the whole outsourcing exercise – which doomed it from the start. It didn’t listen to critics who warned that primary care support services were too locally diverse and inherently problematic to standardise as part of a national  outsourcing deal.

Instead of first piloting and agreeing with GPs, dentists and ophthalmologists fundamental changes in working practices that would be needed across the country, NHS England went ahead with signing a co-called transformation deal with Capita.

NHS England paid only lip service to engagement with the new system’s end-users in the medical professions. By its own admission Capita, because of its own internal shortcomings, went into the contract blind.

What’s worrying is the way civil servants blithely repeat mistakes of the past and later say they did everything right.

The National Programme for IT in the NHS – NPfIT – failed in part because it was rushed, the implications of “ruthless standardisation” were not fully understood at the outset and there was a lack of proper engagement with potential end-users in hospitals and GP practices. All these same mistakes were made by Capita and NHS England on the Primary Care Support Services contract.

When ordinary human beings become senior civil servants there seems to be a requirement that they lose at a cellular level the facility to express humility and contrition. That loss is replaced by an overly prominent complacency. Whatever goes wrong is not their fault.

Stevens said in essence that NHS England did everything right. Through its unpublished project reviews, the Major Projects Authority – now the Infrastructure and Projects Authority –  endorsed NHS England’ s plans. All the so-called experts gave the outsourcing deal what Stevens called a “thumbs-up”.

It would have been surprising if Stevens had said the public sector was in any way to blame.

At least Capita has learned the lessons. It has a financial interest in doing so.

Ministers can learn from Capita’s candid chief executive

NHS England’s management of Primary Care Support Services contract with Capita – National Audit Office report

Monday’s televised Public Accounts Committee hearing with Capita’s Jonathan Lewis and Simon Stevens of NHS England

Ministers told of major problem on Capita NHS contract more than a year later

By Tony Collins

Today’s Financial Times and other newspapers cover a National Audit Office report into GP clinical notes and correspondence, some of it urgent, that was not directed to the patient’s GP.

The correspondence was archived by Capita under its contract to provide GP support services. But patient notes were still “live”. They included patient invitation letters, treatment/diagnosis notes, test results and documents/referrals marked ‘urgent’.

What isn’t well reported is that ministers were left in the dark about the problems for more than a year. The National Audit Office does not blame anyone – its remit does not include questioning policy decisions – but its report is impressive in setting out of the facts.

Before NHS England outsourced GP support services to Capita in 2015, GPs practices sent correspondence for patients that were not registered at their practice to local primary care services centres, which would attempt to redirect the mail.

By the time Capita took over GP support services on 1 September 2015, GPs were supposed to “return to sender” any correspondence that was sent to them incorrectly – and not send it to primary care services centres that were now run, in part, by Capita.

But some GPs continued to send incorrectly-addressed correspondence to the primary care services centres. Capita’s contract did not require it to redirect clinical correspondence.

An unknown number of GP practices continued to send mail to the centres, expecting the centre’s staff to redirect it. A further complication was that Capita had “transformation” plans to cut costs by closing the primary care services support centres.

Capita made an inventory of all records at each site and shared this with NHS England. The inventories made reference to ‘clinical notes’ but at this point no one identified these notes as live clinical correspondence. Capita stored the correspondence in its archive.

In line with its contract, Capita did not forward the mail. It was not until May 2016 – eight months after Capita took over the primary care services centres – that Capita told a member of NHS England’s primary care support team that there was a problem with an unquantified accumulation of clinical notes.

It was a further five months before Capita formally reported the incident to NHS England. At that time Capita estimated that there was an accumulation of hundreds of thousands of clinical notes. When the National Audit Office questioned Capita on the matter, it replied that, with hindsight, it believes it could have reported the backlog sooner.

In November 2016, Capita and NHS England carried out initial checks on the reported backlog of 580,000 clinical notes. It wasn’t until December 2016 that ministers were informed of problems – more than a year after Capita took over the contract.

Even in December 2016 ministers were not fully informed. Information about a backlog of live clinical notes was within in a number of items in the quarterly ministerial reports. NHS England did not report the matter to the Department of Health until April 2017 – about two years after the problems began.

Even then, officials told ministers that clinical notes had been sampled and were considered “low clinical and patient risk”. But a later study by NHS England’s National Incident Team identified a backlog of 1,811 high priority patient notes such as documents deemed to be related to screening or urgent test results.

The National Audit Office says, “NHS England expects to know by March 2018 whether there has been any harm to patients as a result of the delay in redirecting correspondence. NHS England will investigate further where GPs have identified that there could be potential harm to patients. The review will be led by NHS England’s national clinical directors, with consultant level input where required.”

Last month Richard Vautrey, chairman of British Medical Association’s General Practitioners Committee, wrote to the NHS Chief Executive Simon Stevens criticising a lack of substantial improvement on Capita’s contract to run primary care service centres.

In December, the GP Committee surveyed practices and individual GPs on the Capita contract. The results showed a little improvement across all service lines, when compared to its previous survey in October 2016, but a “significant deterioration” in some services. Vautrey’s letter said,

“While any new organisation takes time to take over services effectively, the situation has gone from bad to worse since Capita took over the PCSE [Primary Care Support England] service almost two and a half years ago …

“This situation is completely unacceptable. As a result of the lack of improvement in the service delivery of PCSE we are now left with no option but to support practices and individual doctors in taking legal routes to seek resolution. While this is taking place, we believe it is imperative that NHS England conducts a transparent and comprehensive review of all policy, procedures and processes used by PCSE across each service line.”

Comment:

It’ll be clear to some who read the NAO report that the problems with urgent patient notes going astray or being put mistakenly into storage, stems from NHS England’s decision to outsource a complex range of GP support services without fully considering – or caring about – what could go wrong.

It’s not yet known if patients have come to harm. It’s clear, though, that patients have been caught in the middle of a major administrative blunder that has complex causes and for which nobody in particular can be held responsible.

That ministers learned of a major failure on a public sector outsourcing deal over a year after live patient notes began to be archived is not surprising.

About four million civil and public servants have strict rules governing confidentiality. There are no requirements for civil and public service openness except when it comes to the Freedom of Information Act which many officials can – and do – easily circumvent.

Even today, the fourth year of Capita’s contract to run GP support services, the implications for patients of what has gone wrong are not yet fully known or understood.

It’s a familiar story: a public sector blunder for which nobody will take responsibility, for which nobody in particular seems to care about, and for which the preoccupation of officialdom will be to continue playing down the implications or not say anything at all.

Why would they be open when there is no effective requirement for it? It’s a truism that serious problems cannot be fixed until they are admitted. In the public sector, serious problems on large IT-related contracts are not usually fixed until the seriousness of the problems can no longer be denied.

For hundreds of years UK governments have struggled to reconcile a theoretical desire for openness with an instinctive and institutional need to hide mistakes. Nothing is likely to change now.

National Audit Office report – Investigation into clinical correspondence handling in the NHS.

Capita under fire again over GP support contract – but NHS England praises “improvements”

By Tony Collins

Hundreds of trainee GPs have not received their salaries from Capita, which is under contract to pay them, reports The Guardian.

Some of the trainees have applied for emergency funds from The Cameron Fund, a charity for the prevention of hardship among GPs and their dependents.

Capita administers training grants for GPs under its wide-ranging £1bn contract with NHS England to provide primary care services.

In November 2016 the then Health minister Nicola Blackwood described failings on Capita’s GP support contract as “entirely unacceptable”. 

She said Capita had inadequately prepared for delivering a “complex transition”.

In response,  Capita said it adding the full-time equivalent of 500 extra staff on the contract.

But in February 2017, after continuing complaints,  the Health Secretary Jeremy Hunt said he would be prepared to end Capita’s contract if necessary.

Since then, though, NHS England has praised “improvements” in the contract, according to Pulse.

Yesterday The Guardian reported extracts from a letter the British Medical Association sent to NHS England on 30 October 2017.

It said some GP practices were “having to pay trainees out of already overstretched practice budgets, or trainees are going months without being paid if the practice cannot cover the shortfall”.

Capita confirmed it had outstanding payments to some trainee GPs but was unable to say how many it is responsible for paying, or how many it has not paid.

It said that it had not received all the information it needed to pay salaries from the relevant employers. A Capita spokesperson told The Guardian that the problems were an inevitable part of “a major transformation project to modernise a localised and unstandardised service”.

It added: “We have made significant investment to deliver improvements and these have been recognised by NHS England and demonstrated through improved service performance and improved customer satisfaction.”

The Cameron Fund’s treasurer Dr David Wrigley described the outsourcing of GP support services as a “botched privatisation”.

“NHS England has commissioned out what was a very efficient service run within the NHS, and now Capita runs this contract in what I’d call another botched privatisation.”

One trainee GP went unpaid two consecutive months.  At the end of October she posted on a private message board for GPs: “Anyone know of how I access hardship funds (quickly) to feed children/pay nursery/mortgage (quickly)?”

Her surgery gave her a loan last month to tide her over but did not have enough surplus funds to do the same thing again.

She said that in the last 24 hours partners have stepped forward and have all taken a pay cut to provide a loan “to get me through the month as they were worried about my family”.

An NHS England spokesperson said it was “holding Capita’s feet to the fire on needed improvements”.

It added: “In the meantime, the lead employer for Health Education England or the GP practice are responsible for paying their GP trainee salaries and are subsequently reimbursed for this. Backlogs are being prioritised by Capita.”

The BMA’s letter to the NHS chief executive Simon Stevens criticises Capita.

“We are disappointed at the lack of progress that has been made … These issues have been ongoing since NHS England commissioned Capita … and it is unacceptable that more progress has not been made to getting these resolved …

Wrigley wants the House of Commons’ public accounts committee to investigate the contract.

“NHS England have known about this for a while and the BMA has been putting constant pressure on, and it’s all promises that it’ll get better but it doesn’t.”

New systems for cervical screening and GP payments and pensions that are also contracted out to Capita are due to go live next July. The BMA has told NHS England that it has “no confidence” in Capita’s ability to deliver the services.

Comment

It’s possible to have some sympathy for Capita which has the daunting task of trying to standardize a wide range of systems for supporting disparate GP support services.

But, as Campiagn4Change has reported many times on Barnet Council’s Capita outsourcing contract, it can be difficult if not impossible to make huge savings in the cost of running services (£40m in the case of the GP support contract), deliver an IT-based transformation based on new investment and provide a healthy profit for the supplier’s shareholders while at the same time making internal efficiency savings.

Capita’s share price is relatively low and under continuing pressure but is holding up reasonably well given the company’s varied problems.

Still, we wonder whether the company can afford to put large sums into sorting out problems on the GP support contract, at Barnet Council and on other well-publicised contracts?

The MoD has ended a Capita contract early, the company faces litigation from the Co-op and its staff are staging nine days of strikes over pensions.

Who’s to blame?

If anyone is to blame in this NHS saga it is NHS England for not fully understanding the scale and complexity of the challenges when it outsourced to Capita.

The first rule of outsourcing is: Don’t outsource a problem.

Doctors warned NHS England against signing the contract. Under financial pressure to do so – it needed the promised savings  – NHS England’s public servants signed the deal.

Those public servants will not be held accountable for their decision. In which case, what’s to stop public and civil servants making the wrong decisions time and again?

Two further questions:

Is NHS England too close to Capita to see the faults?

Do public servants have a vested interest in not criticising their outsourcing suppliers, in case opprobrium falls on both parties? 

Thank you to Zara Pradyer for drawing my attention to the Guardian article.

Hundreds of trainee GPs facing hardship as outsourcing firm Capita fails to pay – The Guardian.

 

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Inside Universal Credit IT – analysis of document the DWP didn’t want published

dwpBy Tony Collins

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP's written submission

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The submission was among the DWP’s written evidence to an FOI Tribunal in February 2016.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

Excerpts from the submission are here.

Analysis and Comment

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

Ian watmore front cover How to fix government IROn this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

universal creditWhen the DWP reluctantly released the 2012 reports in 2016 – and only after an informal request by the then DWP secretary of state Stephen Crabb – pundits were surprised at how prosaic the documents were.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

Need for openness

It’s generally accepted that success in running big IT-enabled change programmes requires openness – with staff and managers, and with external organisations and agencies.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

dwpLines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

How the DWP’s legal submission came about is explained in this separate post.

Were there leaks of particularly sensitive information?

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

Work and Pensions Committee front coverIn 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

DWP headline late and over budget

In 2006 the National Audit Office reported on Whitehall’s general lack of openness in a report entitled “Delivering successful IT-enabled business change”.

The report said,

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great difficulty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free flow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet officials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and find out what is going on in his socialist wonderland.”

Red team

Iain DuncanSmithA lack of reliable information on the state of the Universal Credit IT programme prompted the then secretary of state Iain Duncan Smith to set up his own “red team” review.

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to flee the presidential palace, only to be executed by a firing squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

Said Lord Bach,

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Lord WhittyAnother DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high effort within a bureacucracy, the leader needs “verifiable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

Bad news

Whtehall’s preoccupation with “good news only” goes well beyond the DWP.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

  • Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?
  • In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.
  • More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?
  • Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?
  • AL Kennedy mentioned the “botched” Universal Credit programme  when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

 Excerpts from the DWP submission

Some Twitter comments on this post:

tweet2

tweet3

tweet

tweet4

NHS “Wachter” digital review is delayed – but does it matter?

By Tony Collins

The Wachter review of NHS technology was due to be published in June but has been delayed. Would it matter if it were delayed indefinitely?

A “Yes Minister” programme about a new hospital in North London said it all, perhaps. An enthusiastic NHS official shows the minister round a hospital staffed with 500 administrators. It has the latest technology on the wards.

“It’s one of the best run hospitals in the country,” the NHS official tells the minister, adding that it’s up for the Florence Nightingale award for the standards of hygiene.

“But it has no patients,” says the minister.

Another health official tells the minister,

“First of all, you have to sort out the smooth running of the hospital. Having patients around would be no help at all.” They would just be in the way, adds Sir Humphrey.

In the Wachter’s review’s terms of reference (“Making IT work: harnessing the power of health IT to improve care in England“)  there is a final bullet point that refers, obliquely, to a need to consider patients. Could the Wachter terms of reference have been written by a satirist who wanted to show how it was possible to have a review of NHS IT for the benefit of suppliers, clinical administrators and officialdom but not patients?

The Wachter team will, according to the government,

• Review and articulate the factors impacting the successful adoption of health information systems in secondary and tertiary care in England, drawing relevant comparisons with the US experience;

• Provide a set of recommendations drawing on the key challenges, priorities and opportunities for the health and social care system in England. These recommendations will cover both the high levels features of implementations and the best ways in which to engage clinicians in the adoption and use of such systems.

In making recommendations, the board will consider the following points:

• The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;

• The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.

• The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;

• The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

Yes, there’s the mention of “patients” in the final bullet point.

Existing systems?

nhsSome major IT companies have, for decades, lobbied – often successfully – for much more public investment in NHS technology. Arguably that is not the priority, which is to get existing systems to talk to each other – which would be for the direct benefit of patients whose records do not follow them wherever they are looked at or treated within the NHS.

Unless care and treatment is at a single hospital, the chances of medical records following a patient around different sites, even within the same locality, are slim.

Should a joining up of existing systems be the main single objective for NHS IT? One hospital consultant told me several years ago – and his comment is as relevant today –

“My daughter was under treatment from several consultants and I could never get a joined-up picture. I had to maintain a paper record myself just to get a joined-up picture of what was going on with her treatment.”

Typically one patient will have multiple sets of paper records. Within one hospital, different specialities will keep their own notes. Fall over and break your leg and you have a set of orthopaedic notes; have a baby and you will have a totally different set of notes. Those two sets are rarely joined up.

One clinician told me, “I have never heard a coroner say that a patient died because too much information was shared.”

And a technology specialist who has multiple health problems told me,

“I have different doctors in different places not knowing what each other is doing to me.”

As part of wider research into medical records, I asked a hospital consultant in a large city with three major hospitals whether records were shared at least locally.

“You must be joking. We have three acute hospitals. Three community intermediate teams are in the community. Their records are not joined. There is one private hospital provider. If you get admitted to [one] hospital and then get admitted to [another] the next week your electronic records cannot be seen by the first hospital.  Then if you get admitted to the third hospital the week after, again not under any circumstances will your record be able to be viewed.”

Blood tests have to be repeated, as are x-rays; but despite these sorts of stories of a disjointed NHS, senior health officials, in the countless NHS IT reviews there have been over 30 years, will, it seems, still put the simplest ideas last.

It would not cost much – some estimate less than £100m – to provide secure access to existing medical records from wherever they need to be accessed.

No need for a massive investment in new technology. No need for a central patient database, or a central health record. Information can stay at its present location.  Just bring local information together on local servers and provide secure access.

A locum GP said on the Pulse website recently,

“If you are a member of the Armed Forces, your MO can get access to your (EMIS-based) medical record from anywhere in the world. There is no technical reason why the NHS cannot do this. If need be, the patient could be given a password to permit a GP to see another Surgery’s record.”

New appointments

To avoid having patients clog up super-efficient hospitals, Sir Humphrey would have the Wachter review respond to concerns about a lack of joined up care in the NHS by announcing a set of committees and suggesting the Department of Health and NHS England appoint a new set of senior technologists.

Which is just what has happened.

Last week NHS England announced  “key appointments to help transform how the NHS uses technology and information”. [One of the NHS appointments is that of a Director of Digital Experience, which is not a fictional title, incidentally. Ironically it seems to be the most patient-facing of the new jobs.]

Said the announcement,

“The creation of these roles reflects recommendations in the forthcoming review on the future of NHS information systems by Dr Bob Wachter.

“Rather than appoint a single chief information and technology officer, consistent with the Wachter review the NHS is appointing a senior medical leader as NHS Chief Clinical Information Officer supported by an experienced health IT professional as NHS Chief Information Officer.

“The first NHS Chief Clinical Information Officer will be Professor Keith McNeil, a former transplant specialist who has also held many senior roles in healthcare management around the world, including Chief Executive Officer at Addenbrooke’s Hospital, Cambridge University Hospitals NHS Foundation Trust and Chief Executive Officer at the Royal Brisbane and Women’s Hospital in Australia.

“The new NHS Chief Information Officer will be Will Smart, currently Chief Information Officer at the Royal Free London NHS Foundation Trust. Mr Smart has had an extensive career in IT across the NHS and in the private sector.

“The NHS CCIO and NHS CIO post-holders will act on behalf of the whole NHS to provide strategic leadership, also chairing the National Information Board, and acting as commissioning ‘client’ for the relevant programmes being delivered by NHS Digital (previously known as the Health and Social Care Information Centre).

“The roles will be based at NHS England and will report to Matthew Swindells, National Director: Operations and Information, but the post-holders will also be accountable to NHS Improvement, with responsibility for its technology work with NHS providers.

“In addition, Juliet Bauer has been appointed as Director of Digital Experience at NHS England. She will oversee the transformation of the NHS Choices website and the development and adoption of digital technology for patient ‘supported self-management’, including for people living with long term conditions such as diabetes or asthma. Ms Bauer has led delivery of similar technology programmes in many sectors, including leading the move to take Times Newspapers online…”

Surely a first step, instead of arranging new appointments and committees, and finding ways of spending money on new technology, would be to put in place data sharing agreements between hospitals?

A former trust chief executive told me,

“In primary care, GPs will say the record is theirs. Hospital teams will say it is our information and patient representative groups will say it is about patients and it is their nformation. In maternity services there are patient-held records because it is deemed good practice that mums-to-be should be fully knowledgeable and fully participating in what is happening to them.

“Then you get into complications of Data Protection Act. Some people get very sensitive about sharing information across boundaries: social workers and local authority workers. If you are into long-term continuous care you need primary care, hospital care and social care. Without those being connected you may do half a job or even less than that potentially. There are risks you run if you don’t know the full information.”

He added that the Summary Care Record – a central database of every patient’s allergies, medication and any adverse reactions to drugs, was a “waste of time”.

“You need someone selecting information to go into it [the Summary Care Record]so it is liable to omissions and errors. You need an electronic patient record that has everything available but is searchable. You get quickly to what you want to know. That is important for that particular clinical decision.”

Is it the job of civil servants to make the simple sound complicated?

Years ago, a health minister invited me for an informal meeting at the House of Commons to show me, in confidence, a one-page civil service briefing paper on why it was not possible to use the internet for making patient information accessible anywhere.

The minister was incredulous and wanted my view. The civil service paper said that nobody owned the internet so it couldn’t be used for the transfer of patient records.  If something went wrong, nobody could be blamed.

That banks around the world use the internet to provide secure access to individual bank accounts was not mentioned in the paper, nor the existence of the CHAPS network which, by July 2011, had processed one quadrillion (£1,000,000,000,000,000) pounds.

Did the briefing paper show that the civil service was frightened by the apparent simplicity of sharing patient information on a secure internet connection? If nothing else, the paper showed how health service officials will tend, instinctively, to shun the cheapest solutions. Which may help to explain how the (failed) £10n National Programe for IT came into being in 2002.

Jargon

Radiation_warning_symbolNobody will be surprised if the Wachter review team’s report is laden with  jargon about “delays between technology being introduced and a corresponding rise in output”. It may talk of how new technology could reduce the length of stay by 0.1528 of a bed day per patient, saving a typical hospital £1.8m annually or 7,648 bed days.

It may refer to visions, envisioning fundamental change, establishing best practice as the norm, and a need for adaptive change.

Would it not be better if the review team spoke plainly of the need for a patient with a fractured leg not having to carry a CD of his x-ray images to different NHS sites in a carrier bag?

Some may await the Wachter report with a weary apprehension that its delay – even indefinitely – will make not a jot of difference. Perhaps Professor Wachter will surprise them. We live in hope.

Wachter review terms of reference.

Review of IT in the NHS

https://ukcampaign4change.com/2016/02/09/another-npfit-it-scandal-in-the-making/

Hunt announces Wachter review

What can we learn from the US “hospitalist” model?

Another NPfIT IT scandal in the making?

By Tony Collins

Jeremy Hunt may have forgotten what he told the FT 2013, as reported in the paper on 2 June 2o13.

Referring to the failed National Programme for IT [NPfIT] in the NHS he said at that time,

“It was a huge disaster . . . It was a project that was so huge in its conception but it got more and more specified and over-specified and in the end became impossible to deliver, but we musn’t let that blind us to the opportunities of technology and I think one of my jobs as health secretary is to say, look, we must learn from that and move on but we must not be scared of technology as a result.”

He added, “I’m not signing any big contracts from behind [my] desk; I am encouraging hospitals and clinical commissioning groups and GP practices to make their own investments in technology at the grassroots level.”

Now the Department of Health (and perhaps some large IT suppliers) have encouraged Hunt to find £4bn for spending on technology that is (again) of questionable immediate need.

Says Computing, “A significant part of the paperless NHS plans will involve enabling patients to book services and order prescriptions online, as well as giving them the choice of speaking to their doctor online or via a video link.”

The £4bn, if that’s what it will cost, is much less than the cost of the NPfIT. But are millions to be wasted again?

[NPfIT was originally due to cost £2.3bn over three years from 2003 but is expected to cost £9.8bn over 21 years, to 2024.]

Yesterday (8 February 2016) the Department of Health announced a “review of information technology in the NHS”. Announcing it Hunt said.

“Improving the standard of care patients receive even further means embracing technology and moving towards a fully digital and paperless NHS.

NHS staff do incredible work every day and we must give them and patients the most up-to-date technology – this review will tell us where we need to go further.”

The NPfIT was supposed to give the NHS up-to-date technology – but is that what’s needed?

A more immediate need is for any new millions of central funding (for the cost would be in the tens of millions, not billions) to be spent on the seemingly mundane objective of getting existing systems to talk to each other, so that patients can be treated in different parts of the NHS and have their electronic records go with them.

This doesn’t need a new national programme for IT. Some technologists working in the NHS say it would cost no more than £150m, a small sum by NHS IT standards, to allow patient data to reside where it is but be accessed by secure links anywhere, much as secure links work on the web.

But the review’s terms of reference make only a passing reference to the need for interoperability.

Instead the review will have terms of reference that are arguably vague – just as the objectives for the NPfIT were.

The Department of Health has asked the review board, when making recommendations, to consider the following points:

  • The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;
  • The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.
  • The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;
  • The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

The head of the review board Professor Wachter will report his recommendations to the secretary of state for health and the National Information Board in June 2016.

Members of the National Advisory Group on health IT in England (the review board) are:

  • Robert Wachter, MD, (Chair) Professor and Interim Chairman, Department of Medicine,University of California, San Francisco
  • Julia Adler-Milstein, PhD, Associate Professor, Schools of Information and of Public Health, University of Michigan
  • David Brailer, MD, PhD, CEO, Health Evolution Partners (current); First U.S. National Coordinator for Health IT (2004-6)
  • Sir David Dalton, CEO, Salford Royal NHS Foundation Trust, UK
  • Dave deBronkart, Patient Advocate, known as “e-Patient Dave”
  • Mary Dixon-Woods, MSc, DPhil, Professor of Medical Sociology, University of Leicester, UK
  • Rollin (Terry) Fairbanks, MD, MS, Director, National Center for Human Factors in Healthcare; Emergency Physician, MedStar Health (U.S.)
  • John Halamka, MD, MS, Chief Information Officer, Beth Israel Deaconess Medical Center; Professor, Harvard Medical School
  • Crispin Hebron, Learning Disability Consultant Nurse, NHS Gloucestershire
  • Tim Kelsey, Advisor to UK Government on Health IT
  • Richard Lilford, PhD, MB, Director, Centre for Applied Health Research and Delivery, University of Warwick, UK
  • Christian Nohr, MSc, PhD, Professor, Aalborg University (Denmark)
  • Aziz Sheikh, MD, MSc, Professor of Primary Care Research and Development, University of Edinburgh
  • Christine Sinsky, MD, Vice-President of Professional Satisfaction, AMA; Primary care internist, Dubuque, Iowa
  • Ann Slee, MSc, MRPharmS, ePrescribing Lead for Integrated Digital Care Record and Digital Medicines Strategy, NHS England
  • Lynda Thomas, CEO, MacMillan Cancer Support, UK
  • Wai Keong Wong, MD, PhD, Consultant Haematologist, University College London Hospitals; Inaugural chair, CCIO Leaders Network Advisory Panel
  • Harpreet Sood, MBBS, MPH, Senior Fellow to the Chair and CEO, NHS England and GP Trainee

Comment

Perhaps egged on by one or two major suppliers in behind-the-scenes lobbying, Hunt has apparently found billions to spend on improving NHS IT.

Nobody doubts that NHS IT needs improving.  But nearly all GPs have impressive systems, as do many hospitals.  But the systems don’t talk to each other.

The missing word  from the review board’s terms of reference is interoperability. True, it’s difficult to achieve. And it’s not politically aggrandizing to find money for making existing systems interoperable.

But at present you can have a blood test at the GP, then a separate blood test at the local hospital and the full results won’t go on your electronic record because the GP and hospital are on different systems with no interoperability between them.

If you’re treated at a specialist hospital for one ailment, and at a different hospital 10 to 20 (or say 100) miles away for something else, it may take weeks for your electronic record to reflect your latest treatment.

Separate NHS sites don’t always know what each other is doing to a patient, unless information is faxed or posted between them.

The fax is still one of the NHS’s main modes of cross-county communication. The DoH wants to be rid of the fax machine but it’s indispensable to the smooth running of the NHS, largely because new and existing systems don’t talk to each other.

The trouble with interoperability – apart from the ugliness of the word – is that it is an unattractive concept to some of the major suppliers, and to DoH executives, because it’s cheap, not leading edge and may involve agreements on data sharing.

Getting agreements on anything is not the DoH’s forte. [Unless it’s an agreement to spend more money on new technology, for the sake of having up-to-date technology.]

Last year I broke my ankle in Sussex and went to stay in the West Midlands at a house with a large ground floor and no need to use stairs. There was no communication between my local GP and the NHS in the West Midlands other than  by phone, post or fax, and even then only a summary of healthcare information went on my electronic record.

I had to carry my x-rays on a CD. Then doctors at my local orthopaedic department in Sussex found it difficult to see the PACS images because the hospital’s PCs didn’t have CD players.

A government employee told me this week of a hospital that gave medication to a patient in the hope she would not have an adverse reaction. The hospital did not have access to the patient’s GP records, and the patient was unsure of the name of the medication she’d previously had an allergic reaction to.

Much of the feedback I have had from those who have enjoyed NHS services is that their care and treatment has been impeded by their electronic records not moving with them across different NHS sites.

Mark Leaning, visiting professor, at University College, London, in a paper for health software supplier EMIS, says the NHS is “not doing very well when it comes to delivering a truly connected health system in 2016. That’s bad for patient outcomes.”

That GPs and their local hospital often cannot communicate electronically  is a disgrace given the billions various governments have spent on NHS IT.  It is on interoperability that any new DoH IT money needs to be spent.

Instead,  it seems huge sums will be wasted on the pie-in-the-sky objective of a paperless NHS by 2020. The review board document released today refers to the “ambition of a paper- free health and care system by 2020”.

What’s the point of a paperless NHS if a kaleidoscope of new or existing systems don’t properly communicate?

Congratulations, incidentally, to GP software suppliers TPP and EMIS. They last year announced direct interoperability between their core clinical systems.

Their SystmOne and EMIS Web systems hold the primary care medical records for most of the UK population.

And this month EMIS announced that it has become the first UK clinical systems provider to implement new open standards for interoperability in the NHS.

It says this will enable clinicians using its systems to securely share data with any third party supplier whose systems comply with a published set of open application programme interfaces.

The Department of Health and ministers need to stop announcing things that will never happen such as a paperless NHS and instead focus their attention – and any new IT money – on initiatives that are not subconsciously aimed at either political or commercial gain.

It would be ideal if they, before announcing any new IT initiative, weighed up diligently whether it is any more important, and any more of a priority, than getting existing systems to talk to each other.

Review of information technology in the NHS

EMIS implements open standards