Category Archives: e-health

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

NHS “Wachter” digital review is delayed – but does it matter?

By Tony Collins

The Wachter review of NHS technology was due to be published in June but has been delayed. Would it matter if it were delayed indefinitely?

A “Yes Minister” programme about a new hospital in North London said it all, perhaps. An enthusiastic NHS official shows the minister round a hospital staffed with 500 administrators. It has the latest technology on the wards.

“It’s one of the best run hospitals in the country,” the NHS official tells the minister, adding that it’s up for the Florence Nightingale award for the standards of hygiene.

“But it has no patients,” says the minister.

Another health official tells the minister,

“First of all, you have to sort out the smooth running of the hospital. Having patients around would be no help at all.” They would just be in the way, adds Sir Humphrey.

In the Wachter’s review’s terms of reference (“Making IT work: harnessing the power of health IT to improve care in England“)  there is a final bullet point that refers, obliquely, to a need to consider patients. Could the Wachter terms of reference have been written by a satirist who wanted to show how it was possible to have a review of NHS IT for the benefit of suppliers, clinical administrators and officialdom but not patients?

The Wachter team will, according to the government,

• Review and articulate the factors impacting the successful adoption of health information systems in secondary and tertiary care in England, drawing relevant comparisons with the US experience;

• Provide a set of recommendations drawing on the key challenges, priorities and opportunities for the health and social care system in England. These recommendations will cover both the high levels features of implementations and the best ways in which to engage clinicians in the adoption and use of such systems.

In making recommendations, the board will consider the following points:

• The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;

• The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.

• The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;

• The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

Yes, there’s the mention of “patients” in the final bullet point.

Existing systems?

nhsSome major IT companies have, for decades, lobbied – often successfully – for much more public investment in NHS technology. Arguably that is not the priority, which is to get existing systems to talk to each other – which would be for the direct benefit of patients whose records do not follow them wherever they are looked at or treated within the NHS.

Unless care and treatment is at a single hospital, the chances of medical records following a patient around different sites, even within the same locality, are slim.

Should a joining up of existing systems be the main single objective for NHS IT? One hospital consultant told me several years ago – and his comment is as relevant today –

“My daughter was under treatment from several consultants and I could never get a joined-up picture. I had to maintain a paper record myself just to get a joined-up picture of what was going on with her treatment.”

Typically one patient will have multiple sets of paper records. Within one hospital, different specialities will keep their own notes. Fall over and break your leg and you have a set of orthopaedic notes; have a baby and you will have a totally different set of notes. Those two sets are rarely joined up.

One clinician told me, “I have never heard a coroner say that a patient died because too much information was shared.”

And a technology specialist who has multiple health problems told me,

“I have different doctors in different places not knowing what each other is doing to me.”

As part of wider research into medical records, I asked a hospital consultant in a large city with three major hospitals whether records were shared at least locally.

“You must be joking. We have three acute hospitals. Three community intermediate teams are in the community. Their records are not joined. There is one private hospital provider. If you get admitted to [one] hospital and then get admitted to [another] the next week your electronic records cannot be seen by the first hospital.  Then if you get admitted to the third hospital the week after, again not under any circumstances will your record be able to be viewed.”

Blood tests have to be repeated, as are x-rays; but despite these sorts of stories of a disjointed NHS, senior health officials, in the countless NHS IT reviews there have been over 30 years, will, it seems, still put the simplest ideas last.

It would not cost much – some estimate less than £100m – to provide secure access to existing medical records from wherever they need to be accessed.

No need for a massive investment in new technology. No need for a central patient database, or a central health record. Information can stay at its present location.  Just bring local information together on local servers and provide secure access.

A locum GP said on the Pulse website recently,

“If you are a member of the Armed Forces, your MO can get access to your (EMIS-based) medical record from anywhere in the world. There is no technical reason why the NHS cannot do this. If need be, the patient could be given a password to permit a GP to see another Surgery’s record.”

New appointments

To avoid having patients clog up super-efficient hospitals, Sir Humphrey would have the Wachter review respond to concerns about a lack of joined up care in the NHS by announcing a set of committees and suggesting the Department of Health and NHS England appoint a new set of senior technologists.

Which is just what has happened.

Last week NHS England announced  “key appointments to help transform how the NHS uses technology and information”. [One of the NHS appointments is that of a Director of Digital Experience, which is not a fictional title, incidentally. Ironically it seems to be the most patient-facing of the new jobs.]

Said the announcement,

“The creation of these roles reflects recommendations in the forthcoming review on the future of NHS information systems by Dr Bob Wachter.

“Rather than appoint a single chief information and technology officer, consistent with the Wachter review the NHS is appointing a senior medical leader as NHS Chief Clinical Information Officer supported by an experienced health IT professional as NHS Chief Information Officer.

“The first NHS Chief Clinical Information Officer will be Professor Keith McNeil, a former transplant specialist who has also held many senior roles in healthcare management around the world, including Chief Executive Officer at Addenbrooke’s Hospital, Cambridge University Hospitals NHS Foundation Trust and Chief Executive Officer at the Royal Brisbane and Women’s Hospital in Australia.

“The new NHS Chief Information Officer will be Will Smart, currently Chief Information Officer at the Royal Free London NHS Foundation Trust. Mr Smart has had an extensive career in IT across the NHS and in the private sector.

“The NHS CCIO and NHS CIO post-holders will act on behalf of the whole NHS to provide strategic leadership, also chairing the National Information Board, and acting as commissioning ‘client’ for the relevant programmes being delivered by NHS Digital (previously known as the Health and Social Care Information Centre).

“The roles will be based at NHS England and will report to Matthew Swindells, National Director: Operations and Information, but the post-holders will also be accountable to NHS Improvement, with responsibility for its technology work with NHS providers.

“In addition, Juliet Bauer has been appointed as Director of Digital Experience at NHS England. She will oversee the transformation of the NHS Choices website and the development and adoption of digital technology for patient ‘supported self-management’, including for people living with long term conditions such as diabetes or asthma. Ms Bauer has led delivery of similar technology programmes in many sectors, including leading the move to take Times Newspapers online…”

Surely a first step, instead of arranging new appointments and committees, and finding ways of spending money on new technology, would be to put in place data sharing agreements between hospitals?

A former trust chief executive told me,

“In primary care, GPs will say the record is theirs. Hospital teams will say it is our information and patient representative groups will say it is about patients and it is their nformation. In maternity services there are patient-held records because it is deemed good practice that mums-to-be should be fully knowledgeable and fully participating in what is happening to them.

“Then you get into complications of Data Protection Act. Some people get very sensitive about sharing information across boundaries: social workers and local authority workers. If you are into long-term continuous care you need primary care, hospital care and social care. Without those being connected you may do half a job or even less than that potentially. There are risks you run if you don’t know the full information.”

He added that the Summary Care Record – a central database of every patient’s allergies, medication and any adverse reactions to drugs, was a “waste of time”.

“You need someone selecting information to go into it [the Summary Care Record]so it is liable to omissions and errors. You need an electronic patient record that has everything available but is searchable. You get quickly to what you want to know. That is important for that particular clinical decision.”

Is it the job of civil servants to make the simple sound complicated?

Years ago, a health minister invited me for an informal meeting at the House of Commons to show me, in confidence, a one-page civil service briefing paper on why it was not possible to use the internet for making patient information accessible anywhere.

The minister was incredulous and wanted my view. The civil service paper said that nobody owned the internet so it couldn’t be used for the transfer of patient records.  If something went wrong, nobody could be blamed.

That banks around the world use the internet to provide secure access to individual bank accounts was not mentioned in the paper, nor the existence of the CHAPS network which, by July 2011, had processed one quadrillion (£1,000,000,000,000,000) pounds.

Did the briefing paper show that the civil service was frightened by the apparent simplicity of sharing patient information on a secure internet connection? If nothing else, the paper showed how health service officials will tend, instinctively, to shun the cheapest solutions. Which may help to explain how the (failed) £10n National Programe for IT came into being in 2002.

Jargon

Radiation_warning_symbolNobody will be surprised if the Wachter review team’s report is laden with  jargon about “delays between technology being introduced and a corresponding rise in output”. It may talk of how new technology could reduce the length of stay by 0.1528 of a bed day per patient, saving a typical hospital £1.8m annually or 7,648 bed days.

It may refer to visions, envisioning fundamental change, establishing best practice as the norm, and a need for adaptive change.

Would it not be better if the review team spoke plainly of the need for a patient with a fractured leg not having to carry a CD of his x-ray images to different NHS sites in a carrier bag?

Some may await the Wachter report with a weary apprehension that its delay – even indefinitely – will make not a jot of difference. Perhaps Professor Wachter will surprise them. We live in hope.

Wachter review terms of reference.

Review of IT in the NHS

https://ukcampaign4change.com/2016/02/09/another-npfit-it-scandal-in-the-making/

Hunt announces Wachter review

What can we learn from the US “hospitalist” model?

Yet another NHS IT mess?

By Tony Collins

Last week the National Audit Office reported on the failure of the GP Extraction Service. Health officials  had signed off and paid for a contract even though the system was unfit for use.

The officials worked for organisations that have become part of the Health and Social Care Information Centre.

An unapologetic HSCIC issued a statement on its website in response to the Audit Office report. It said, in essence, that the problems with the GP Extraction Service were not the fault of the HSCIC but rather its predecessor organisations (ignoring the fact that many of the officials and contractors from those defunct organisations moved to the HSCIC).

Now it transpires that the HSCIC may have a new IT-related mess on its hands, this time one that is entirely of its own making – the e-Referral Service.

Last month the HSCIC went live with its e-Referral service without testing the system properly. It says it tested for thousands of hours but still the system went live with 9 pages of known problems.

Problems are continuing. Each time in their routine bulletins officials suggest that an upgrade will solve e-Referral’s problems. But each remedial upgrade is followed by another that does not appear to solve the problems.

The system went live on 15 June, replacing Choose and Book which was part of an earlier NHS IT disaster the £10bn National Programme for IT.

Problems more than teething?

Nobody expects a major new IT system to work perfectly first time but regular outages of the NHS e-Referral Service may suggest that it has more than teething problems.

It’s a common factor in IT-based project failures that those responsible have commissioned tests for many hours but with inadequately designed tests that did not always reflect real-world use of the system. They might also have underestimated loads on the available hardware and networks.

This means that after the system goes live it is brought down for regular hardware and software fixes that don’t solve the problems.  End-users lose faith in the system – as many GPs did with the Choose and Book system – and a misplaced optimism takes the place of realism in the thinking of managers who don’t want to admit the system may need a fundamental redesign.

On the day the e-Referral Service launched, a Monday, doctors had difficulties logging in. Software “fixes” that day made little difference. By the next day HSCIC’s optimism has set in. Its website said:

“The NHS e-Referral Service has been used by patients and professionals today to complete bookings and referrals comparable with the number on a typical Tuesday but we were continuing to see on-going performance and stability issues after yesterday’s fixes.

“We suspend access to the system at lunchtime today to implement another fix and this improved performance and stability in the afternoon.”

The “fix” also made little apparent difference. The next day, Wednesday 17 June, the entire system was “unavailable until further notice” said the HSCIC’s website.

By early evening all was apparently well. An HSCIC bulletin said:

“The NHS e-Referrals Service is now available again. We apologise for the disruption caused to users and thank everyone for their patience.”

In fact, by the next day, Thursday 18 June, all was not well. Said another bulletin:

“Yesterday’s outage enabled us to implement a number of improvements and hopefully this is reflected in your user experience today.

“This morning users reported that there were ongoing performance issues so work has now taken place to implement changes to the configuration to the NHS e-Referral Service hardware and we are currently monitoring closely to see if this resolved the issue.”

About 2 weeks later, on 30 June, HSCIC’s officials said there were ongoing problems, because of system performance in provider organisations that were processing referrals.

Was this HSCIC’s way of, again, blaming other organisations – as they did after the NAO report’s on the failure of the GP Extraction Service project? Said a statement on the HSCIC’s website on 30 June 2015:

“Since transition to the NHS e-Referral Service on Monday 15th June, we have unfortunately experienced a number of problems… Although most of the initial problems were related to poor performance of the system, some residual functional and performance issues persist and continue to affect some of our colleagues in their day-to-day working.

“Most of these on-going problems relate to the performance of the system in provider organisations that are processing referrals, though this does of course have a knock-on effect for referrers.

“Please be assured that the team are working to identify root causes and fixes for these issues.”

By last week – 2 July 2015 – HSCIC warned that it will require a “period of planned downtime on the NHS e-Referral Service tonight which is currently scheduled for between 21:00 and 23:00 for some essential maintenance to fix a high priority functional Incident.”

The fix worked – or did it? HSCIC told Government Computing: “An update was applied to the system overnight from Thursday (July 2) into Friday (July 3) which was successful.”

But …

Monday 6 July 2015 4.15pm. HSCIC e-Referral Service bulletin:

“We would like to apologise for the interruption to service between 13:15 and 13:54 today.  This was not a planned outage and we are investigating the root cause.  If any remedial activity is required we will give notice to all users. Once again please accept our sincere apologies for any inconvenience this caused.”

Why was testing inadequate?

Did senior managers go live without testing how the system would work in the real world, or did they select as test end-users only IT enthusiasts?

Perhaps managers avoided challenging the test system too much in case it gave poor results that could force a redesign.

We probably won’t know what has gone wrong unless the National Audit Office investigates. Even then it could be a year or more before a report is published. A further complicating factor is that the HSCIC itself may not know yet what has gone wrong and may be receiving conflicting reports on the cause or causes of the problems.

An IT failure? – change the organisation’s name

What’s certain is that the NHS has a history of national IT project failures which cause organisational embarrassment that’s soon assuaged by changing the name of the organisation, though the officials and contractors just switch from one to the next.

NHS Connecting for Health, which was largely responsible for the NPfIT disaster, was blended into the Department of Health’s informatics function which was then blended into the HSCIC.

Similarly the NHS Information Centre which was largely responsible for the GP Extraction Service disaster was closed in 2013 and its staff and contractors blended into the HSCIC.

Now, with the e-Referral Service, the HSCIC at least has a potential IT project mess that can be legitimately regarded as its own.

When will a centrally-run national NHS IT-based turn out to be a success? … care.data?

New SRO

Meanwhile NHS England is looking for a senior responsible owner for e-Referral Service on a salary of up to £98,453.

Usually in central government, SROs do the job as an adjunct to their normal work. It’s unusual for the NHS to employ a full-time project SRO which the NAO will probably welcome as a positive step.

But the job description is vague. NHS England says that the SRO for NHS e-Referrals programme will help with a switch from paper to digital for 100% of referrals in England by March 2018.

“The SRO … will have responsibility for the strategic and operational development of the digital journey, fulfilment of the patient and clinical process and the performance of the service. Plans to achieve the strategy will be underpinned by the delivery of short to medium term objectives, currently commissioned from HSCIC and other third party suppliers.”

Key aspects of this role will be to:-

– Ensure the strategy is formulated, understood by all stakeholders and is delivered utilising all available resources efficiently and effectively.

– Ensure the development and management of plans.

– Ensure appropriate system and processes are in place to enable the uptake and on-going use of digital referrals by GP’s, hospitals, patients and commissioners.

– Proactively manage the key risks and issues associated with ensuring appropriate actions are taken to mitigate or respond.

– Monitor and establish accountability on the overall progress of the strategy to ensure completion within agreed timescales.

– Manage the budgetary implications of activity.

– Avoid the destabilisation of business as usual.

– Manage and actively promote the relationships with key stakeholders.

The job will be fixed-term until 31/03/2017 and interviews will be held in London on the 20th July 2015.

The big challenge will be to avoid the destabilisation of business as usual – a challenge beyond the ability of one person?

Government Computing. 

Another fine NHS IT mess

Why was e-Referral Service launched with 9 pages of known problems?

National e-Referral Service unavailable until further notice

 

What do Ben Bradshaw, Caroline Flint and Andy Burnham have in common?

By Tony Collins

Ben Bradshaw, Caroline Flint and Andy Burnham have in common in their political past something they probably wouldn’t care to draw attention to as they battle for roles in the Labour leadership.

Few people will remember that Bradshaw, Flint and Burnham were advocates – indeed staunch defenders – of what’s arguably the biggest IT-related failure of all time – the £10bn National Programme for IT [NPfIT.

Perhaps it’s unfair to mention their support for such a massive failure at the time of the leadership election.

A counter argument is that politicians should be held to account at some point for public statements they have made in Parliament in defence of a major project – in this case the largest non-military IT-related programme in the world – that many inside and outside the NHS recognised was fundamentally flawed from its outset in 2003.

Bradshaw, Flint and Burnham did concede in their NPfIT-related statements to the House of Commons that the national programme for IT had its flaws, but still they gave it their strong support and continued to attack the programme’s critics.

The following are examples of statements made by Bradshaw, Flint and Burnham in the House of Commons in support of the NPfIT, which was later abandoned.

Bradshaw, then health minister in charge of the NPfIT,  told the House of Commons in February 2008:

“We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme.

“It is important to put on record that those delays were not because of problems with supply, delivery or systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so…

“The health service is moving from being an organisation with fragmented or incomplete information systems to a position where national systems are integrated, record keeping is digital, patients have unprecedented access to their personal health records and health professionals will have the right information at the right time about the right patient.

“As the Health Committee has recognised in its report, the roll-out of new IT systems will save time and money for the NHS and staff, save lives and improve patient care.”

[Even today, 12 years after the launch of the National Programme for IT, the NHS does not have integrated digital records.]

Caroline Flint, then health minister in charge of the NPfIT,  told the House of Commons on 6 June 2007:

“… it is lamentable that a programme that is focused on the delivery of safer and more efficient health care in the NHS in England has been politicised and attacked for short-term partisan gain when, in fact, it is to the benefit of everyone using the NHS in England that the programme is provided with the necessary resources and support to achieve the aims that Conservative Members have acknowledged that they agree with…

“Owing to delays in some areas of the programme, far from it being overspent, there is an underspend, which is perhaps unique for a large IT programme.

“The contracts that were ably put in place in 2003 mean that committed payments are not made to suppliers until delivery has been accepted 45 days after “go live” by end-users.

“We have made advance payments to a number of suppliers to provide efficient financing mechanisms for their work in progress. However, it should be noted that the financing risk has remained with the suppliers and that guarantees for any advance payments have been made by the suppliers to the Government…

“The national programme for IT in the NHS has successfully transferred the financing and completion risk to its suppliers…”

Andy Burnham, then Health Secretary, told the House of Commons on 7 December 2009:

“He [Andrew Lansley] seems to reject the benefits of a national system across the NHS, but we do not. We believe that there are significant benefits from a national health service having a programme of IT that can link up clinicians across the system. We further believe that it is safer for patients if their records can be accessed across the system…” [which hasn’t happened].

Abandoned NHS IT plan has cost £10bn so far

New national e-Referral Service “unavailable until further notice”

By Tony Collins

The NHS e-Referral Service which launched nationally on Monday was “unavailable until further notice”, the Health and Social Care Information Centre said at 9.30am today.

“Due to issues experienced overnight the NHS e-Referral Service is unavailable until further notice while essential maintenance is performed. If you have local business continuity processes available, we recommend that you consider invoking them,” says the HSCIC on its website.

“We are working hard to resolve these issues as quickly as possible and to keep disruption to a minimum… We apologise for the disruption caused to some users and thank everyone for their patience.”

Late yesterday afternoon the Health and Social Care Information Centre warned GPs and other users of its e-Referral Service that technical problems were continuing.

The difficulties have aggravated cynicism in the GP community about the ability of centrally-based officials to implement national IT systems.

Is it too soon to question whether e-Referrals is the first IT disaster of the new government? There is also the question of whether GPs have been used as guinea pigs to test for problems with the new system.

Until the service went down GPs were in any case unable to log in or were experiencing long delays in arranging referrals. Some reverted to sending letters by post – or always did use the post and avoided the NPfIT Choose and Book system which e-Referral is replacing.

Fewer than 60% of GPs used Choose and Book to hospital appointments for patients.

On its website at 17.30 yesterday the HSCIC said:

“PLEASE PASS THIS ON TO COLLEAGUES WHO USE THE NHS e-REFERRAL SERVICE

“The NHS e-Referral Service has been used by patients and professionals today to complete bookings and referrals comparable with the number on a typical Tuesday but we were continuing to see on-going performance and stability issues after yesterday’s fixes.

“We suspend access to the system at lunchtime today to implement another fix and this improved performance and stability in the afternoon.

“We are continuing to monitor the service and will implement further fixes if required. If users notice any further issues they should log them with their local service desk in the usual way…

“We apologise for the disruption caused to some users and thank everyone for their patience.

Update 14.00 17 June

The Health and Social Care Information Centre said the e-Referral Service was still down.

“HSCIC are completing the final stage of testing a number of fixes to the NHS e-Referrals Service. It is hoped that the service will be available again later today. A further update will be issued at 15:00 today.”

Update 18.00 17 June

Said the HSCIC:

“The NHS e-Referrals Service is now available again. We apologise for the disruption caused to users and thank everyone for their patience.

Update 15.00 18 June – ongoing problems

“Yesterday’s outage enabled us to  implement a number of improvements and hopefully this is reflected in your user experience today,” said HSCIC’s website.

“This morning users reported that there were ongoing performance issues so work has now taken place to implement changes to the configuration to the NHS e-Referral Service hardware and we are currently monitoring closely to see if this resolved the issue.”

Why was NHS e-Referral service launched with 9 pages of known problems?

By Tony Collins

Were GPs guinea pigs for live testing of the new national NHS e-Referral Service?

Between 2004 and 2010 the Department of Health marked as confidential its lists of problems with national NPfIT systems, in particular Choose and Book.

So the Health and Social Care Information Centre deserves praise for publishing a list of problems when it launched the national “e-Referrals” system on Monday. But that list was 9 pages long.

The launch brought unsurprised groans from GPs who are used to new national systems going live with dozens of known problems.

The e-Referral Service, built on agile “techniques” and based on open source technology, went live early on Monday to replace “Choose and Book” for referring GP patients to hospitals and to other parts of the NHS.

Some GPs found they could not log on.

“As expected – cannot refer anything electronically this morning. Surprise surprise,” said one GP in a comment to “Pulse” on its article headlined “Patient referrals being delayed as GPs unable to access e-Referrals system on launch day.”

A GP practice manager said: “Cannot access in south London. HSCIC debacle…GPs pick up the pieces. Changing something that wasn’t broken.”

Another GP said: “I was proud never to have used Choose and Book once. Looks like this is even better!”

Other GPs said they avoided using technology to refer patients.

“Why delay referral? Just send a letter. (Some of us never stopped).”

Another commented: “I still send paper referrals – no messing, you know it has gone, no time wasted.”

Dr Faisal Bhutta, a GP partner in Manchester, said his practice regularly used Choose and Book but on Monday morning he couldn’t log in. “You can’t make a referral,” he said.

The Health and Social Care Information Centre has apologised for the disruption. A statement on its website says:

“There are a number of known issues, which are currently being resolved. It is not anticipated that any of these issues will pose a clinical safety risk, cause any detriment to patient care or prevent users from carrying out essential tasks. We have published the list of known issues on our website along with details of how to provide feedback .”

But why did the Centre launch the e-Referral Service with 9 pages of known problems? Was it using GPs as guinea pigs to test the new system?

Comment

The Health and Social Care Information Centre is far more open, less defensive and a better communicator than the Department of Health ever was when its officials were implementing the NPfIT.

But is the HSCIC’s openness a good thing if it’s accompanied by a brazen and arrogant acceptance that IT can be introduced into the NHS without a care whether it works properly or not?

In parts of the NHS, IT works extraordinarily well. Those who design, test, implement and support such systems care deeply about patients. In many hospitals the IT reduces risks and helps to improve the chances of successful outcomes.

But in other parts of the NHS are some technology enthusiasts – at the most senior board level – who seem to believe that all major IT implementations will be flawed and will be improved by user feedback.

The result is that IT that’s inadequately designed, tested and implemented is foisted on doctors and nurses who are expected to get used to “teething” troubles.

This is dangerous thinking and it’s becoming more and more prevalent.

Many poorly-considered implementations of the Cerner Millennium electronic patient record system have gone live in hospitals across England with known problems.

In some cases, poor implementations – rather than any faults with the system itself – have affected the care of patients and might have contributed to unnecessary deaths when records needed urgently were not available, or hospitals lost track of urgent appointments.

A CQC report in March 2015 said IT was a possible factor in the death of a patient because NHS staff were unable to access electronically-held information.

In another incident a coroner criticised a patient administration system for being a factor in the death of three year-old Samuel Starr whose appointment for a vital scan got lost in the system.

Within NHS officialdom is a growing cultural acceptance that somehow a poor IT implementation is different to a faulty x-ray machine that delivers too high a dose of radiation.

NHS officials will always brush off IT problems as teething and irrelevant to the care and safety of patients. Just apologise and say no patient has come to any harm.

So little do IT-related problems matter in the NHS that unaccountable officials at the HSCIC have this week felt sufficiently detached from personal accountability to launch a national system knowing there are dozens of problems with the use of it.

Their attitude seems to be: “We can’t know everything wrong with the system until it’s live. So let’s launch the system and fix the problems as GPs give us their feedback.”

This is a little like the NHS having a template letter of regret to send to relatives and families of patients who die unexpectedly in the care of the NHS. Officials simply fill in the appropriate name and address. The NHS can then fix the problems as and when patients die.

It’s surely time that bad practice in NHS IT was eradicated.  Board members need to question more. When necessary directors must challenge the blind positivism of the chief executive.

Some managers can learn much about the culture of care at the hospitals that implement IT successfully.

Patients, nurses and doctors do not exist to tell hospital managers and IT suppliers when electronic records are wrong, incomplete, not available or are somebody else’s record with a similar name.

And GPs do not exist to be guinea pigs for testing and providing feedback on new national systems such as the e-Referral Service.

e-Referral Service “unavailable until further notice”

Hundreds of patients lost in NPfIT systems

Hospital has long-term NPfIT problems

An NPfIT success at Croydon? – Really?

Physicians’ views on electronic patient records

Patient record systems raise some concerns, says report

Electronic health records and safety concerns

After billions spent on NHS IT, a carrier bag to transfer x-ray images

By Tony Collins

After fracturing my angle (slipping on a slope while mowing the lawn) I’ve been surprised how well parts of the NHS work – but not when it comes to the electronic transfer of records and PACS x-ray images from one trust area to another.

The minor injuries unit at one trust wasn’t able to send its PACS images to another trust’s orthopaedic department because it used a different PACS.  [The NHS has spent more than £700m on PACS ]

“Can’t we email the images?” said a senior nurse at the minor injuries unit. In reply the clinician looking at my x-rays gave a look that suggested emailing x-rays was impossible,  perhaps for security and cost reasons. [PACS images are sometimes tens of MBs.]

In the end the minor injuries unit (which within its own sections shared data electronically) had to download my x-rays onto CD for me to take the other trust’s orthopaedic department.  The CD went into a carrier bag.

The next day, at a hospital with an orthopaedic department, after 4-5 hours of waiting in a very busy A&E, I gave a doctor the CD. “I don’t think we can read that,” he said. “We don’t have any computers which take CDs.”

After a long search around a large general hospital the tired doctor eventually found a PC with a CD player. Fortunately the minor injuries unit had downloaded onto the disc a self-executing program to load the x-rays. Success. He gave his view of the fracture.

Even then he didn’t have my notes from the minor injuries unit.

Comment

My care was superb. What was surprising was seeing how things work – or don’t – after the NHS has spent more than £20bn on IT over the past 20 years.

The media is bombarded with press releases about IT innovations in the NHS. From these it’s easy to believe the NHS has the most up-to-date IT in the world. Some trusts do have impressive IT – within that trust.

It’s when records and x-rays need to be transferred outside the trust’s area that the NHS comes unstuck.

As a nurse at my GP’s practice said, “Parts of the NHS are third-world.”

Since 2004 billions has been spent on systems to create shareable electronic patient records.  But it’s not happening.

Within those billions spent on IT in the NHS, couldn’t a little bit of money be set aside for transferring x-rays and patient notes by secure email? That’s the real innovation the NHS needs, at least for the sake of patients.

In the meantime the safest way for x-rays and notes to be transferred from one trust to another is within the patient’s carrier bag.

Secrecy is one reason gov’t IT-based projects fail says MP

By Tony Collins

The BBC, in an article on its website about Fujitsu’s legal dispute with the Department of Health, quotes Richard Bacon MP who, as a member of the Public Accounts Committee, has asked countless civil servants about why their department’s IT-based change projects have not met expectations.

Bacon is co-author of a book on government failures, Conundrum, which has a chapter on the National Programme for IT [NPfIT] in the NHS.

In the BBC article Bacon is quoted as saying that the culture of secrecy surrounding IT-based projects is one of the main reasons they keep going so badly – and expensively – wrong.

He says it has been obvious to experts from an early stage that the NPfIT, which was launched by Tony Blair’s government, would be a “train wreck” because the contracts were signed “in an enormous hurry” and contained confidentiality clauses preventing contractors from speaking to the press.

He says the urge to cover things up means that “we never learn from our mistakes because there is learning curve, but when things go wrong with IT the response is to keep it quiet”.

Citing the example of air accident investigations, which are normally conducted in a spirit of openness so lessons can be learned, he says “It is the complete opposite in IT projects, where everyone keeps their heads down and goes hugger-mugger.”

Fujitsu versus Department of Health

Fujitsu sued the Department of Health for £700m after the company was ejected six years early [2008] from a 10-year £896m NPfIT contract signed in January 2004.  The case went to arbitration – and is still in arbitration, largely over the amount the government may be ordered to pay Fujitsu.  Bacon says the amount of the settlement will have to be disclosed.

“I don’t know how the government can honestly keep this number quiet. It simply cannot do it. It is not possible or sensible to keep it quiet when you are spending this much money,” says Bacon.

The BBC article quotes excerpts from a Campaign4Change blog

Government ‘loses £700m NHS IT dispute with Fujitsu’ – BBC News

 

Has Fujitsu won £700m NHS legal dispute?

By Tony Collins

The Telegraph reports unconfirmed rumours that Fujitsu has thrown a party at the Savoy to celebrate the successful end of its long-running dispute with the NHS over a failed £896m NPfIT contract.

Government officials are being coy about the settlement which implies that Fujitsu has indeed won its legal dispute with the Department of Health, at a potential cost to taxpayers of hundreds of millions of pounds.

Fujitsu sued the DH for £700m after it was ejected from its NPfIT contract to deliver the Cerner Millennium system to NHS trusts in the south of England.

At one point a former ambassador to Japan was said to have been involved in trying to broker an out-of-court settlement with Fujitsu at UK and global level.

But the final cost of the settlement is much higher than any figure agreed, for the Department of Health paid tens, possibly hundreds of millions of pounds, more than market prices for BT to take over from Fujitsu support for NHS trusts in the south of England. The DH paid BT £546m to take over from Fujitsu which triggered a minor Parliamentary inquiry.

A case that couldn’t go to court?

The FT reported in 2011 that Fujitsu and the Department of Health had been unable to resolve their dispute in arbitration and a court case was “almost inevitable”.

But the FT article did not take account of the fact that major government departments do not take large IT suppliers to an open courtroom. Though there have been many legal disputes between IT suppliers and Whitehall they have only once reached an open courtroom [HP versus National Air Traffic Services] – and the case collapsed hours before a senior civil servant was due to take the witness stand.

Nightmare for taxpayers

Now the Telegraph says:

“Unconfirmed reports circulating in the industry suggest that a long-running dispute over the Japan-based Fujitsu’s claim against the NHS for the cancellation of an £896 million contract has finally been settled – in favour of Fujitsu.”

It adds:

“Both Fujitsu and the Cabinet Office, which took over negotiations on the contract from the Department of Health, are refusing to comment. The case went to arbitration after the two sides failed to reach agreement on Fujitsu’s claim for £700 million compensation. Such a pay-out would be the biggest in the 60-year history of the NHS – and a nightmare for taxpayers.”

The government’s legal costs alone were £31.45m by the end of 2012 in the Fujitsu case.

Francis Maude, Cabinet Office minister, is likely to be aware that his officials will face Parliamentary criticisms for keeping quiet about the settlement. The Cabinet Office is supposed to be the home of open government.

Earlier this week the National Audit Office reported that Capgemini and Fujitsu are due to collect a combined profit of about £1.2bn from the “Aspire” outsourcing contract with HM Revenue and Customs.

Richard Bacon, a Conservative member of the Public Accounts Committee is quoted in the Telegraph as saying the settlement with Fujitsu has implications across the public sector. “It should be plain to anyone that we are witnessing systemic failure in the government’s ability to contract.”

What went wrong?

The Department of Health and Fujitsu signed a deal in January 2004 in good faith, but before either side had a clear idea of how difficult it would be to install arguably over-specified systems in hospitals where staff had little time to meet the demands of new technology.

Both sides later tried to renegotiate the contract but talks failed.

In 2008 Fujitsu Services withdrew from the talks because the terms set down by the health service were unaffordable, a director disclosed to MPs.

Fujitsu’s withdrawal prompted the Department of Health to terminate the company’s contract under the NHS’s National Programme for IT (NPfIT).

Fujitsu’s direct losses on the contract at that time – which was in part for the supply and installation of the Cerner “Millennium” system – were understood to be about £340m.

At a hearing of the Public Accounts Committee into the NPfIT,  Peter Hutchinson, Fujitsu’s then group director for UK public services, said that his company had been willing to continue with its original NPfIT contract – even when talks over the contract “re-set” had failed.

“We withdrew from the re-set negotiations. We were still perfectly willing and able to deliver to the original contract,” he said.

Asked by committee MP Richard Bacon why Fujitsu had withdrawn Hutchinson said, “We had tried for a very long period of time to re-set the contract to match what everybody agreed was what the NHS really needed in terms of the contractual format.

“In the end the terms the NHS were willing to agree to we could not have afforded. Whilst we have been very committed to this programme and have put a lot of our time, energy and money behind it we have other stakeholders we have to worry about including our shareholders, our pension funds, our pensioners and the staff who work in the company. There was a limit beyond which we could not go.”

The termination of Fujitsu’s contract left the NHS with a “gaping hole,” said the then chairman of the Public Accounts Committee Edward Leigh.

Thank you to campaigner Dave Orr for drawing my attention to the Telegraph article.

Comment 

In an era on open government it is probably not right for officials and ministers at the Cabinet Office and the Department of Heath to be allowed to secretly plunge their hands into public coffers to pay Fujitsu for a massive failure that officialdom is too embarrassed to talk about.

Why did the DH in 2008 end Fujitsu’s contract rather than renegotiate its own unrealistic gold-plated contract specifications? Should those who ended the contract be held accountable today for the settlement?

The answer is nobody is accountable in part because the terms of the dispute aren’t known. Nobody knows each side’s arguments. Nobody even knows for certain who has won and who has lost. Possibly the government has paid out hundreds of millions of pounds to Fujitsu on the quiet, for no benefit to taxpayers.

Is this in the spirit of government of the people, by the people, for the people?

Medication errors 6 months after “admin” system goes live

By Tony Collins

When Croydon Health Services NHS Trust went live with Cerner Millennium in October 2013 a spokesman told eHealth Insider:

“The new system will give everyone working at the trust better access to information and an accurate picture of what all of our services are doing. This will allow staff to make quicker, more informed decisions about the care patients need. It will improve the quality, safety and efficiency of care.”

The go-live has indeed brought some benefits. The trust says these include more efficient management of medicines, more detailed patient information being conveyed between shifts and departments, and better management of beds.

But earlier this week Campaign4Change reported on some of the problems associated with the go-live including 50,000 patients on the trust’s waiting list and a “serious incident” declared over diagnostic waits including extended waits for patients with suspected cancer.

Said the trust’s Audit Committee in March 2014 – 6 months after the go-live of the Cerner Millennium Care Records Service [CRS] :

“CRS Millennium Lessons Learned

“KB [COO and Deputy Chief Executive] outlined the context in which the implementation of CRS had taken place from the time the Business case had been approved in 2010 to the commencement of deployment in January 2011 and its subsequent implementation to date.

“She noted the 7 official “go live” dates which were reflected in the lessons learned report many of which fell during a period of organisational change.

“She noted that the deployment in CHS [Croydon Health Services NHS Trust] had been the most comprehensive deployment to take place nationally.

“It was noted that Programme Team had considered the lessons learned from other [NPfIT] Care Records Service deployments as part of the implementation programme at CHS and that there was no evidence of harm to patients despite the challenges around delivery of service.

” However significant operational challenges were experienced and a deep dive into the implementation of CRS was carried out and the findings submitted to the Finance & Performance Committee and the Trust Development Authority.

“In relation to ‘no harm to patients’ SC [Chairman] asked what empirical evidence there was to support the findings of the Deep Dive.

“KB explained from October 2013 to date there were 50,000 patients on the waiting list, but a patient validation exercise had taken place which had confirmed that no patients had come to any harm.

“The potential backlog would be cleared by the end of March but in the meantime those patients on waiting lists would be subject to a further clinical review to ensure that there was no harm.”

In fact the trust is still working through the backlogs; and long waiting times are not the only matters arising from the Cerner Millennium implementation. A medication safety report for the month of March 2004 highlights these lessons:

“The patient was prescribed Furosemide for acute pulmonary oedema on 12/03/2014. The drug was not administered and the reason not documented. On review of the incident, it was identified that there was a mis-communication between both nurses and the fact that they have started using a new computer system had caused confusion which led to the error. Once error identified the dose was given and ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system…

“Third incident was a failure to administer fluids (Normal Saline) in an acute kidney injury patient with an admission creatinine of greater than 700. Again there was confusion with the electronic prescribing system and the nurse thought that patient did not have a drug chart as the electronic prescribing system had gone live whereas in fact there was a paper drug chart for the fluid. The position of the venflon on the patient arm also contributed to the delay. Once error identified the fluids were given but were not running to time and patient improved. Ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system and staff were also briefed about poor documentation of the incident…

“Fourth incident occurred involved a patient prescribed ACS protocol for NSTEMI, Positive trop T. The aspirin 300mg, clopidogrel 300mg and fondaparinux 2.5mg were not administered and not signed for. Omission of medicines was discussed with doctor looking after the patient and the patient did not come to any harm. Omission occurred as agency staff did not know how to use CRS Millennium. On review of incident all staff were briefed on importance of patients being administered medicines on time and in particular a discussion took place between agency staff and for agency staff to have adequate CRS Millennium training. There are champion users nurses on wards who are able to train Agency staff.

NPfIT

Cerner Millennium is provided to the trust under a national contract hosted by the Department of Health and managed via a Local Service Provider (LSP) contract with BT. The contract covers trusts in London and the south of England.

The DH contract expires on 31st October 2015 after which point the DH will no longer fund any of the services currently hosted by them. This includes both the software and licencing costs for Cerner Millennium as well as the BT data storage facilities and other costs.

The DH requires all trusts with Cerner under the NPfIT to commit to an exit strategy before 31st October 2015.

Comment

Is Cerner Millennium merely an administrative system as officials at Croydon Health Services NHS Trust claim it is?  The implication is, with an administrative system, that it cannot be involved in any harm to patients. Officials at Connecting for Health when they ran the NPfIT used to describe Cerner Millennium as an administrative system.

It is the deployment of this “admin” system at Croydon that is implicated in medication errors, a waiting list of 50,000 people, and long waits for diagnostic tests for people with suspected cancer.

If Whitehall and NHS officials cannot see the system as other than administrative, this is a mistake that may help to explain why a poor service for patients, which sometimes has serious potential clinical implications,  is so commonplace, even months after go-live.

50,000 on waiting list and cancer test delays after NPfIT go-live