Category Archives: health records

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Capita adds 500 staff to boost recovery on “unacceptable” NHS contract

By Tony Collins

nicola-blackwoodNicola Blackwood, minister for public health and innovation at the Department of Health, yesterday described failings on Capita’s GP support services contract as “entirely unacceptable”.

Blackwood told MPs at an adjournment debate on failures relating to Capita’s £1bn Primary Care Support England contract,

“It was always clear that Capita’s services needed to be at least as good as those that they replaced… Capita put forward the most credible of any of the bids accepted on the short list, and at the time both the Department and NHS England had every confidence that the programme would be a success.

“However, it is evident that Capita was inadequately prepared for delivering this complex transition.”

Under its contract with NHS England, Capita is responsible for providing GP medical supplies such as needles and syringes, transferring medical records when patients switch GPs, payments to GPs and “performers list” applications.

Capita won the “Primary Care Support England” contract in 2015, amid unheeded warnings from some GPs that the private sector would be unable to successfully deliver the complexity of support services to GPs that were being provided by the NHS.

Blackwood said yesterday that MPs were “right to be concerned that the service provided by Capita under the primary care support services contract … has so far fallen well short of the standards that we expect, and GPs have borne the brunt of these failings, as we have heard today”.

She added,

“We need to make sure that GPs and their patients receive the service to which they are entitled.

“We want to restore acceptable services, and the contract contains sufficient financial incentives to ensure that Capita shares that goal, which is an important part of the contract and process.

“Let us be clear that the problems encountered with medical record transfers [in which thousands of records have gone missing, says the BBC] and overdue payments are entirely unacceptable. The Department shares that view.

“Both Capita and NHS England are co-operating fully with the Information Commissioner’s Office in order to address the implications for information governance, and I accept the need for urgent action in order to address the impact that this is having on patients and practitioners.

“That is why I have been holding regular meetings with Capita’s chief executive for integrated services, Joe Hemming, its new managing director for primary care support, Simon England, and NHS England’s national director for transformation and corporate operations, Karen Wheeler, and I will continue to hold such meetings.

“Both NHS England and Capita openly acknowledge that the service has not so far been good enough.

“NHS England has demanded and received rectification plans from Capita for the six most affected service lines, and has embedded a team of seven experts within Capita to support it as it resolves these issues…

“… it is also about having the right resources in the right place at the right time. Capita has informed me that it is adding around 500 more full-time equivalent staff to the service, at its cost, and that it is improving the training provided to ensure that new staff understand the importance of the service to both patients and practitioners.”

The minster denied that patients had been harmed (by GPs not having patient records).

“I know that these problems have caused great inconvenience and distress, but with reference to risk NHS England has assured me that it is not aware of any direct cases of patient harm that can be attributed to service issues.

“However, NHS England is working closely with regional and local medical directors so that we can be assured of patient safety. In particular, Dr Raj Patel, medical director of NHS England Greater Manchester, has joined the embedded team to ensure that clinical risks and concerns are appropriately addressed.

Backlogs

“The priority now is to deal with any backlogs, particularly with medical record requests, and to ensure that services are stabilised with the capacity to deal properly with new requests.

” There has been progress on that, which is encouraging. The backlog of medical record requests has reduced from 17,262 to 3,465 in the past two weeks. Capita assures me that it has an effective triage system in operation for new requests and is confident that the situate”ion will not recur. However, I will be monitoring the situation closely.”

Shortage of supplies

Blackwood continued,

“I am aware that some GPs were left short of basic supplies as a result, including syringes, and that they have had to source those from other suppliers at their own expense.

“NHS England tells me that it has reimbursed practices for any costs incurred from having to buy local supplies of needles and syringes.

Contact centre shortcomings

“I know that many of the members’ GP constituents have experienced frustration with Capita’s contact centre. I share those frustrations.

“Capita assures me that the contact centre has improved the way it responds to urgent queries by investing in more staff, improved processes and enhanced training. Capita is confident that these measures will deliver a quality service to customers. We will monitor its progress closely, including through meetings.

Late payments – compensation?

“I recognise that GPs, and ophthalmologists in particular, have suffered financial detriment as a result of late processing of payments.

“NHS England is working with Capita to explore what can be done to support affected stakeholders, and I have made it clear to Capita that I expect it to consider compensation as an option.”

Absence of medical records

Another Coventry MP Colleen Fletcher said that people who have requested a copy of a late relative’s medical records from the primary care support service have had to wait for more than twice the maximum 40 days that it should take to process such a request.

“It is utterly unacceptable to put anyone through that kind of delay, but it is inexcusable for it to happen to anyone who is already in an extremely vulnerable position following the death of a relative.”

New charges to the public for medical records

Geoffrey Robinson said,

“I have nothing against the private sector making profits—I am all for it—but the irony is that the companies cannot make a profit from a proper service, so they turn to such measures as imposing a £40 charge for access to a deceased relative’s records …

“They do not have to impose that charge. I think it used to be left to the GP’s discretion — but they now insist on it, and people have to pay postage and delivery charges on top, which is a disgraceful pursuit of short-term gain at the expense of the people they are meant to serve.”

Reinstate the old NHS support service?

Blackwood said,

“Some have suggested that the old model for provision of primary care support should be reinstated, but we must remember that it relied on localised services that did not connect with one another, with much duplication across processes.

“The quality of these services varied greatly—in some areas, it was outstanding; in others, it was quite poor. That was simply unsustainable.

“Furthermore, the system was unable to generate useful management information and so, honestly, issues such as the ones that we now face would be very unlikely to have surfaced. They would have gone unreported.

“A new model, with efficient and modernised processes, is the right approach to deliver to our primary care providers the service that they deserve.

“The Department and I will continue to closely scrutinise Capita and NHS England as they work to resolve current problems and build a quality service that is sustainable.”

A long way to go

“I acknowledge fully that there is a long way to go before the service can be considered acceptable and that Capita has much to do to earn the trust of practitioners and patients.

“This is clearly a live issue. I want to be clear today: I am listening. The issue is at the top of my priority list and will remain there until I am satisfied that an efficient and effective service is being delivered that meets the needs of patients and providers.”

Lessons

Coventry Labour MP Geoffrey Robinson, who secured the adjournment debate, told the minister,

“These contracts are gaily handed out to companies that do not have the skills, preparation or sheer commitment necessary to provide the service.”

He questioned whether the contract would make the intended 40% savings.

“… the irony is that we have ended up with a terrible service that is costing more than the previous service ever would, because the company was not properly prepared, did not have a commitment to providing the service, and was unable to do so, and because of the competing and irreconcilable claims about short-term gains in the form of profits and illusory savings for the health service…

“We should not have badly planned impositions from the private sector, which does not know what it is going to do or how to do it.”

He said that minsters and civil servants pride themselves on awarding a contract that they have won a hard-nosed negotiation.

 “We got them down from Y to X and we saved all this. It is great. We really screwed the private sector, didn’t we? That is all a total illusion.”

Labour MP Kate Green said that NHS England trialled the new system in west Yorkshire and it provided unsatisfactory. “Yet the contract was rolled out regardless.”

Savings?

Robinson said,

“How can the Minister talk of savings? How can any savings have been made when 9,000 patients records have been missing for more than two months, without which they cannot attend doctors surgeries? It is illusory to speak of savings.”

Another NPfIT IT scandal in the making?

By Tony Collins

Jeremy Hunt may have forgotten what he told the FT 2013, as reported in the paper on 2 June 2o13.

Referring to the failed National Programme for IT [NPfIT] in the NHS he said at that time,

“It was a huge disaster . . . It was a project that was so huge in its conception but it got more and more specified and over-specified and in the end became impossible to deliver, but we musn’t let that blind us to the opportunities of technology and I think one of my jobs as health secretary is to say, look, we must learn from that and move on but we must not be scared of technology as a result.”

He added, “I’m not signing any big contracts from behind [my] desk; I am encouraging hospitals and clinical commissioning groups and GP practices to make their own investments in technology at the grassroots level.”

Now the Department of Health (and perhaps some large IT suppliers) have encouraged Hunt to find £4bn for spending on technology that is (again) of questionable immediate need.

Says Computing, “A significant part of the paperless NHS plans will involve enabling patients to book services and order prescriptions online, as well as giving them the choice of speaking to their doctor online or via a video link.”

The £4bn, if that’s what it will cost, is much less than the cost of the NPfIT. But are millions to be wasted again?

[NPfIT was originally due to cost £2.3bn over three years from 2003 but is expected to cost £9.8bn over 21 years, to 2024.]

Yesterday (8 February 2016) the Department of Health announced a “review of information technology in the NHS”. Announcing it Hunt said.

“Improving the standard of care patients receive even further means embracing technology and moving towards a fully digital and paperless NHS.

NHS staff do incredible work every day and we must give them and patients the most up-to-date technology – this review will tell us where we need to go further.”

The NPfIT was supposed to give the NHS up-to-date technology – but is that what’s needed?

A more immediate need is for any new millions of central funding (for the cost would be in the tens of millions, not billions) to be spent on the seemingly mundane objective of getting existing systems to talk to each other, so that patients can be treated in different parts of the NHS and have their electronic records go with them.

This doesn’t need a new national programme for IT. Some technologists working in the NHS say it would cost no more than £150m, a small sum by NHS IT standards, to allow patient data to reside where it is but be accessed by secure links anywhere, much as secure links work on the web.

But the review’s terms of reference make only a passing reference to the need for interoperability.

Instead the review will have terms of reference that are arguably vague – just as the objectives for the NPfIT were.

The Department of Health has asked the review board, when making recommendations, to consider the following points:

  • The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;
  • The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.
  • The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;
  • The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

The head of the review board Professor Wachter will report his recommendations to the secretary of state for health and the National Information Board in June 2016.

Members of the National Advisory Group on health IT in England (the review board) are:

  • Robert Wachter, MD, (Chair) Professor and Interim Chairman, Department of Medicine,University of California, San Francisco
  • Julia Adler-Milstein, PhD, Associate Professor, Schools of Information and of Public Health, University of Michigan
  • David Brailer, MD, PhD, CEO, Health Evolution Partners (current); First U.S. National Coordinator for Health IT (2004-6)
  • Sir David Dalton, CEO, Salford Royal NHS Foundation Trust, UK
  • Dave deBronkart, Patient Advocate, known as “e-Patient Dave”
  • Mary Dixon-Woods, MSc, DPhil, Professor of Medical Sociology, University of Leicester, UK
  • Rollin (Terry) Fairbanks, MD, MS, Director, National Center for Human Factors in Healthcare; Emergency Physician, MedStar Health (U.S.)
  • John Halamka, MD, MS, Chief Information Officer, Beth Israel Deaconess Medical Center; Professor, Harvard Medical School
  • Crispin Hebron, Learning Disability Consultant Nurse, NHS Gloucestershire
  • Tim Kelsey, Advisor to UK Government on Health IT
  • Richard Lilford, PhD, MB, Director, Centre for Applied Health Research and Delivery, University of Warwick, UK
  • Christian Nohr, MSc, PhD, Professor, Aalborg University (Denmark)
  • Aziz Sheikh, MD, MSc, Professor of Primary Care Research and Development, University of Edinburgh
  • Christine Sinsky, MD, Vice-President of Professional Satisfaction, AMA; Primary care internist, Dubuque, Iowa
  • Ann Slee, MSc, MRPharmS, ePrescribing Lead for Integrated Digital Care Record and Digital Medicines Strategy, NHS England
  • Lynda Thomas, CEO, MacMillan Cancer Support, UK
  • Wai Keong Wong, MD, PhD, Consultant Haematologist, University College London Hospitals; Inaugural chair, CCIO Leaders Network Advisory Panel
  • Harpreet Sood, MBBS, MPH, Senior Fellow to the Chair and CEO, NHS England and GP Trainee

Comment

Perhaps egged on by one or two major suppliers in behind-the-scenes lobbying, Hunt has apparently found billions to spend on improving NHS IT.

Nobody doubts that NHS IT needs improving.  But nearly all GPs have impressive systems, as do many hospitals.  But the systems don’t talk to each other.

The missing word  from the review board’s terms of reference is interoperability. True, it’s difficult to achieve. And it’s not politically aggrandizing to find money for making existing systems interoperable.

But at present you can have a blood test at the GP, then a separate blood test at the local hospital and the full results won’t go on your electronic record because the GP and hospital are on different systems with no interoperability between them.

If you’re treated at a specialist hospital for one ailment, and at a different hospital 10 to 20 (or say 100) miles away for something else, it may take weeks for your electronic record to reflect your latest treatment.

Separate NHS sites don’t always know what each other is doing to a patient, unless information is faxed or posted between them.

The fax is still one of the NHS’s main modes of cross-county communication. The DoH wants to be rid of the fax machine but it’s indispensable to the smooth running of the NHS, largely because new and existing systems don’t talk to each other.

The trouble with interoperability – apart from the ugliness of the word – is that it is an unattractive concept to some of the major suppliers, and to DoH executives, because it’s cheap, not leading edge and may involve agreements on data sharing.

Getting agreements on anything is not the DoH’s forte. [Unless it’s an agreement to spend more money on new technology, for the sake of having up-to-date technology.]

Last year I broke my ankle in Sussex and went to stay in the West Midlands at a house with a large ground floor and no need to use stairs. There was no communication between my local GP and the NHS in the West Midlands other than  by phone, post or fax, and even then only a summary of healthcare information went on my electronic record.

I had to carry my x-rays on a CD. Then doctors at my local orthopaedic department in Sussex found it difficult to see the PACS images because the hospital’s PCs didn’t have CD players.

A government employee told me this week of a hospital that gave medication to a patient in the hope she would not have an adverse reaction. The hospital did not have access to the patient’s GP records, and the patient was unsure of the name of the medication she’d previously had an allergic reaction to.

Much of the feedback I have had from those who have enjoyed NHS services is that their care and treatment has been impeded by their electronic records not moving with them across different NHS sites.

Mark Leaning, visiting professor, at University College, London, in a paper for health software supplier EMIS, says the NHS is “not doing very well when it comes to delivering a truly connected health system in 2016. That’s bad for patient outcomes.”

That GPs and their local hospital often cannot communicate electronically  is a disgrace given the billions various governments have spent on NHS IT.  It is on interoperability that any new DoH IT money needs to be spent.

Instead,  it seems huge sums will be wasted on the pie-in-the-sky objective of a paperless NHS by 2020. The review board document released today refers to the “ambition of a paper- free health and care system by 2020”.

What’s the point of a paperless NHS if a kaleidoscope of new or existing systems don’t properly communicate?

Congratulations, incidentally, to GP software suppliers TPP and EMIS. They last year announced direct interoperability between their core clinical systems.

Their SystmOne and EMIS Web systems hold the primary care medical records for most of the UK population.

And this month EMIS announced that it has become the first UK clinical systems provider to implement new open standards for interoperability in the NHS.

It says this will enable clinicians using its systems to securely share data with any third party supplier whose systems comply with a published set of open application programme interfaces.

The Department of Health and ministers need to stop announcing things that will never happen such as a paperless NHS and instead focus their attention – and any new IT money – on initiatives that are not subconsciously aimed at either political or commercial gain.

It would be ideal if they, before announcing any new IT initiative, weighed up diligently whether it is any more important, and any more of a priority, than getting existing systems to talk to each other.

Review of information technology in the NHS

EMIS implements open standards

 

What do Ben Bradshaw, Caroline Flint and Andy Burnham have in common?

By Tony Collins

Ben Bradshaw, Caroline Flint and Andy Burnham have in common in their political past something they probably wouldn’t care to draw attention to as they battle for roles in the Labour leadership.

Few people will remember that Bradshaw, Flint and Burnham were advocates – indeed staunch defenders – of what’s arguably the biggest IT-related failure of all time – the £10bn National Programme for IT [NPfIT.

Perhaps it’s unfair to mention their support for such a massive failure at the time of the leadership election.

A counter argument is that politicians should be held to account at some point for public statements they have made in Parliament in defence of a major project – in this case the largest non-military IT-related programme in the world – that many inside and outside the NHS recognised was fundamentally flawed from its outset in 2003.

Bradshaw, Flint and Burnham did concede in their NPfIT-related statements to the House of Commons that the national programme for IT had its flaws, but still they gave it their strong support and continued to attack the programme’s critics.

The following are examples of statements made by Bradshaw, Flint and Burnham in the House of Commons in support of the NPfIT, which was later abandoned.

Bradshaw, then health minister in charge of the NPfIT,  told the House of Commons in February 2008:

“We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme.

“It is important to put on record that those delays were not because of problems with supply, delivery or systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so…

“The health service is moving from being an organisation with fragmented or incomplete information systems to a position where national systems are integrated, record keeping is digital, patients have unprecedented access to their personal health records and health professionals will have the right information at the right time about the right patient.

“As the Health Committee has recognised in its report, the roll-out of new IT systems will save time and money for the NHS and staff, save lives and improve patient care.”

[Even today, 12 years after the launch of the National Programme for IT, the NHS does not have integrated digital records.]

Caroline Flint, then health minister in charge of the NPfIT,  told the House of Commons on 6 June 2007:

“… it is lamentable that a programme that is focused on the delivery of safer and more efficient health care in the NHS in England has been politicised and attacked for short-term partisan gain when, in fact, it is to the benefit of everyone using the NHS in England that the programme is provided with the necessary resources and support to achieve the aims that Conservative Members have acknowledged that they agree with…

“Owing to delays in some areas of the programme, far from it being overspent, there is an underspend, which is perhaps unique for a large IT programme.

“The contracts that were ably put in place in 2003 mean that committed payments are not made to suppliers until delivery has been accepted 45 days after “go live” by end-users.

“We have made advance payments to a number of suppliers to provide efficient financing mechanisms for their work in progress. However, it should be noted that the financing risk has remained with the suppliers and that guarantees for any advance payments have been made by the suppliers to the Government…

“The national programme for IT in the NHS has successfully transferred the financing and completion risk to its suppliers…”

Andy Burnham, then Health Secretary, told the House of Commons on 7 December 2009:

“He [Andrew Lansley] seems to reject the benefits of a national system across the NHS, but we do not. We believe that there are significant benefits from a national health service having a programme of IT that can link up clinicians across the system. We further believe that it is safer for patients if their records can be accessed across the system…” [which hasn’t happened].

Abandoned NHS IT plan has cost £10bn so far

Why was NHS e-Referral service launched with 9 pages of known problems?

By Tony Collins

Were GPs guinea pigs for live testing of the new national NHS e-Referral Service?

Between 2004 and 2010 the Department of Health marked as confidential its lists of problems with national NPfIT systems, in particular Choose and Book.

So the Health and Social Care Information Centre deserves praise for publishing a list of problems when it launched the national “e-Referrals” system on Monday. But that list was 9 pages long.

The launch brought unsurprised groans from GPs who are used to new national systems going live with dozens of known problems.

The e-Referral Service, built on agile “techniques” and based on open source technology, went live early on Monday to replace “Choose and Book” for referring GP patients to hospitals and to other parts of the NHS.

Some GPs found they could not log on.

“As expected – cannot refer anything electronically this morning. Surprise surprise,” said one GP in a comment to “Pulse” on its article headlined “Patient referrals being delayed as GPs unable to access e-Referrals system on launch day.”

A GP practice manager said: “Cannot access in south London. HSCIC debacle…GPs pick up the pieces. Changing something that wasn’t broken.”

Another GP said: “I was proud never to have used Choose and Book once. Looks like this is even better!”

Other GPs said they avoided using technology to refer patients.

“Why delay referral? Just send a letter. (Some of us never stopped).”

Another commented: “I still send paper referrals – no messing, you know it has gone, no time wasted.”

Dr Faisal Bhutta, a GP partner in Manchester, said his practice regularly used Choose and Book but on Monday morning he couldn’t log in. “You can’t make a referral,” he said.

The Health and Social Care Information Centre has apologised for the disruption. A statement on its website says:

“There are a number of known issues, which are currently being resolved. It is not anticipated that any of these issues will pose a clinical safety risk, cause any detriment to patient care or prevent users from carrying out essential tasks. We have published the list of known issues on our website along with details of how to provide feedback .”

But why did the Centre launch the e-Referral Service with 9 pages of known problems? Was it using GPs as guinea pigs to test the new system?

Comment

The Health and Social Care Information Centre is far more open, less defensive and a better communicator than the Department of Health ever was when its officials were implementing the NPfIT.

But is the HSCIC’s openness a good thing if it’s accompanied by a brazen and arrogant acceptance that IT can be introduced into the NHS without a care whether it works properly or not?

In parts of the NHS, IT works extraordinarily well. Those who design, test, implement and support such systems care deeply about patients. In many hospitals the IT reduces risks and helps to improve the chances of successful outcomes.

But in other parts of the NHS are some technology enthusiasts – at the most senior board level – who seem to believe that all major IT implementations will be flawed and will be improved by user feedback.

The result is that IT that’s inadequately designed, tested and implemented is foisted on doctors and nurses who are expected to get used to “teething” troubles.

This is dangerous thinking and it’s becoming more and more prevalent.

Many poorly-considered implementations of the Cerner Millennium electronic patient record system have gone live in hospitals across England with known problems.

In some cases, poor implementations – rather than any faults with the system itself – have affected the care of patients and might have contributed to unnecessary deaths when records needed urgently were not available, or hospitals lost track of urgent appointments.

A CQC report in March 2015 said IT was a possible factor in the death of a patient because NHS staff were unable to access electronically-held information.

In another incident a coroner criticised a patient administration system for being a factor in the death of three year-old Samuel Starr whose appointment for a vital scan got lost in the system.

Within NHS officialdom is a growing cultural acceptance that somehow a poor IT implementation is different to a faulty x-ray machine that delivers too high a dose of radiation.

NHS officials will always brush off IT problems as teething and irrelevant to the care and safety of patients. Just apologise and say no patient has come to any harm.

So little do IT-related problems matter in the NHS that unaccountable officials at the HSCIC have this week felt sufficiently detached from personal accountability to launch a national system knowing there are dozens of problems with the use of it.

Their attitude seems to be: “We can’t know everything wrong with the system until it’s live. So let’s launch the system and fix the problems as GPs give us their feedback.”

This is a little like the NHS having a template letter of regret to send to relatives and families of patients who die unexpectedly in the care of the NHS. Officials simply fill in the appropriate name and address. The NHS can then fix the problems as and when patients die.

It’s surely time that bad practice in NHS IT was eradicated.  Board members need to question more. When necessary directors must challenge the blind positivism of the chief executive.

Some managers can learn much about the culture of care at the hospitals that implement IT successfully.

Patients, nurses and doctors do not exist to tell hospital managers and IT suppliers when electronic records are wrong, incomplete, not available or are somebody else’s record with a similar name.

And GPs do not exist to be guinea pigs for testing and providing feedback on new national systems such as the e-Referral Service.

e-Referral Service “unavailable until further notice”

Hundreds of patients lost in NPfIT systems

Hospital has long-term NPfIT problems

An NPfIT success at Croydon? – Really?

Physicians’ views on electronic patient records

Patient record systems raise some concerns, says report

Electronic health records and safety concerns

Secrecy is one reason gov’t IT-based projects fail says MP

By Tony Collins

The BBC, in an article on its website about Fujitsu’s legal dispute with the Department of Health, quotes Richard Bacon MP who, as a member of the Public Accounts Committee, has asked countless civil servants about why their department’s IT-based change projects have not met expectations.

Bacon is co-author of a book on government failures, Conundrum, which has a chapter on the National Programme for IT [NPfIT] in the NHS.

In the BBC article Bacon is quoted as saying that the culture of secrecy surrounding IT-based projects is one of the main reasons they keep going so badly – and expensively – wrong.

He says it has been obvious to experts from an early stage that the NPfIT, which was launched by Tony Blair’s government, would be a “train wreck” because the contracts were signed “in an enormous hurry” and contained confidentiality clauses preventing contractors from speaking to the press.

He says the urge to cover things up means that “we never learn from our mistakes because there is learning curve, but when things go wrong with IT the response is to keep it quiet”.

Citing the example of air accident investigations, which are normally conducted in a spirit of openness so lessons can be learned, he says “It is the complete opposite in IT projects, where everyone keeps their heads down and goes hugger-mugger.”

Fujitsu versus Department of Health

Fujitsu sued the Department of Health for £700m after the company was ejected six years early [2008] from a 10-year £896m NPfIT contract signed in January 2004.  The case went to arbitration – and is still in arbitration, largely over the amount the government may be ordered to pay Fujitsu.  Bacon says the amount of the settlement will have to be disclosed.

“I don’t know how the government can honestly keep this number quiet. It simply cannot do it. It is not possible or sensible to keep it quiet when you are spending this much money,” says Bacon.

The BBC article quotes excerpts from a Campaign4Change blog

Government ‘loses £700m NHS IT dispute with Fujitsu’ – BBC News

 

Has Fujitsu won £700m NHS legal dispute?

By Tony Collins

The Telegraph reports unconfirmed rumours that Fujitsu has thrown a party at the Savoy to celebrate the successful end of its long-running dispute with the NHS over a failed £896m NPfIT contract.

Government officials are being coy about the settlement which implies that Fujitsu has indeed won its legal dispute with the Department of Health, at a potential cost to taxpayers of hundreds of millions of pounds.

Fujitsu sued the DH for £700m after it was ejected from its NPfIT contract to deliver the Cerner Millennium system to NHS trusts in the south of England.

At one point a former ambassador to Japan was said to have been involved in trying to broker an out-of-court settlement with Fujitsu at UK and global level.

But the final cost of the settlement is much higher than any figure agreed, for the Department of Health paid tens, possibly hundreds of millions of pounds, more than market prices for BT to take over from Fujitsu support for NHS trusts in the south of England. The DH paid BT £546m to take over from Fujitsu which triggered a minor Parliamentary inquiry.

A case that couldn’t go to court?

The FT reported in 2011 that Fujitsu and the Department of Health had been unable to resolve their dispute in arbitration and a court case was “almost inevitable”.

But the FT article did not take account of the fact that major government departments do not take large IT suppliers to an open courtroom. Though there have been many legal disputes between IT suppliers and Whitehall they have only once reached an open courtroom [HP versus National Air Traffic Services] – and the case collapsed hours before a senior civil servant was due to take the witness stand.

Nightmare for taxpayers

Now the Telegraph says:

“Unconfirmed reports circulating in the industry suggest that a long-running dispute over the Japan-based Fujitsu’s claim against the NHS for the cancellation of an £896 million contract has finally been settled – in favour of Fujitsu.”

It adds:

“Both Fujitsu and the Cabinet Office, which took over negotiations on the contract from the Department of Health, are refusing to comment. The case went to arbitration after the two sides failed to reach agreement on Fujitsu’s claim for £700 million compensation. Such a pay-out would be the biggest in the 60-year history of the NHS – and a nightmare for taxpayers.”

The government’s legal costs alone were £31.45m by the end of 2012 in the Fujitsu case.

Francis Maude, Cabinet Office minister, is likely to be aware that his officials will face Parliamentary criticisms for keeping quiet about the settlement. The Cabinet Office is supposed to be the home of open government.

Earlier this week the National Audit Office reported that Capgemini and Fujitsu are due to collect a combined profit of about £1.2bn from the “Aspire” outsourcing contract with HM Revenue and Customs.

Richard Bacon, a Conservative member of the Public Accounts Committee is quoted in the Telegraph as saying the settlement with Fujitsu has implications across the public sector. “It should be plain to anyone that we are witnessing systemic failure in the government’s ability to contract.”

What went wrong?

The Department of Health and Fujitsu signed a deal in January 2004 in good faith, but before either side had a clear idea of how difficult it would be to install arguably over-specified systems in hospitals where staff had little time to meet the demands of new technology.

Both sides later tried to renegotiate the contract but talks failed.

In 2008 Fujitsu Services withdrew from the talks because the terms set down by the health service were unaffordable, a director disclosed to MPs.

Fujitsu’s withdrawal prompted the Department of Health to terminate the company’s contract under the NHS’s National Programme for IT (NPfIT).

Fujitsu’s direct losses on the contract at that time – which was in part for the supply and installation of the Cerner “Millennium” system – were understood to be about £340m.

At a hearing of the Public Accounts Committee into the NPfIT,  Peter Hutchinson, Fujitsu’s then group director for UK public services, said that his company had been willing to continue with its original NPfIT contract – even when talks over the contract “re-set” had failed.

“We withdrew from the re-set negotiations. We were still perfectly willing and able to deliver to the original contract,” he said.

Asked by committee MP Richard Bacon why Fujitsu had withdrawn Hutchinson said, “We had tried for a very long period of time to re-set the contract to match what everybody agreed was what the NHS really needed in terms of the contractual format.

“In the end the terms the NHS were willing to agree to we could not have afforded. Whilst we have been very committed to this programme and have put a lot of our time, energy and money behind it we have other stakeholders we have to worry about including our shareholders, our pension funds, our pensioners and the staff who work in the company. There was a limit beyond which we could not go.”

The termination of Fujitsu’s contract left the NHS with a “gaping hole,” said the then chairman of the Public Accounts Committee Edward Leigh.

Thank you to campaigner Dave Orr for drawing my attention to the Telegraph article.

Comment 

In an era on open government it is probably not right for officials and ministers at the Cabinet Office and the Department of Heath to be allowed to secretly plunge their hands into public coffers to pay Fujitsu for a massive failure that officialdom is too embarrassed to talk about.

Why did the DH in 2008 end Fujitsu’s contract rather than renegotiate its own unrealistic gold-plated contract specifications? Should those who ended the contract be held accountable today for the settlement?

The answer is nobody is accountable in part because the terms of the dispute aren’t known. Nobody knows each side’s arguments. Nobody even knows for certain who has won and who has lost. Possibly the government has paid out hundreds of millions of pounds to Fujitsu on the quiet, for no benefit to taxpayers.

Is this in the spirit of government of the people, by the people, for the people?

Medication errors 6 months after “admin” system goes live

By Tony Collins

When Croydon Health Services NHS Trust went live with Cerner Millennium in October 2013 a spokesman told eHealth Insider:

“The new system will give everyone working at the trust better access to information and an accurate picture of what all of our services are doing. This will allow staff to make quicker, more informed decisions about the care patients need. It will improve the quality, safety and efficiency of care.”

The go-live has indeed brought some benefits. The trust says these include more efficient management of medicines, more detailed patient information being conveyed between shifts and departments, and better management of beds.

But earlier this week Campaign4Change reported on some of the problems associated with the go-live including 50,000 patients on the trust’s waiting list and a “serious incident” declared over diagnostic waits including extended waits for patients with suspected cancer.

Said the trust’s Audit Committee in March 2014 – 6 months after the go-live of the Cerner Millennium Care Records Service [CRS] :

“CRS Millennium Lessons Learned

“KB [COO and Deputy Chief Executive] outlined the context in which the implementation of CRS had taken place from the time the Business case had been approved in 2010 to the commencement of deployment in January 2011 and its subsequent implementation to date.

“She noted the 7 official “go live” dates which were reflected in the lessons learned report many of which fell during a period of organisational change.

“She noted that the deployment in CHS [Croydon Health Services NHS Trust] had been the most comprehensive deployment to take place nationally.

“It was noted that Programme Team had considered the lessons learned from other [NPfIT] Care Records Service deployments as part of the implementation programme at CHS and that there was no evidence of harm to patients despite the challenges around delivery of service.

” However significant operational challenges were experienced and a deep dive into the implementation of CRS was carried out and the findings submitted to the Finance & Performance Committee and the Trust Development Authority.

“In relation to ‘no harm to patients’ SC [Chairman] asked what empirical evidence there was to support the findings of the Deep Dive.

“KB explained from October 2013 to date there were 50,000 patients on the waiting list, but a patient validation exercise had taken place which had confirmed that no patients had come to any harm.

“The potential backlog would be cleared by the end of March but in the meantime those patients on waiting lists would be subject to a further clinical review to ensure that there was no harm.”

In fact the trust is still working through the backlogs; and long waiting times are not the only matters arising from the Cerner Millennium implementation. A medication safety report for the month of March 2004 highlights these lessons:

“The patient was prescribed Furosemide for acute pulmonary oedema on 12/03/2014. The drug was not administered and the reason not documented. On review of the incident, it was identified that there was a mis-communication between both nurses and the fact that they have started using a new computer system had caused confusion which led to the error. Once error identified the dose was given and ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system…

“Third incident was a failure to administer fluids (Normal Saline) in an acute kidney injury patient with an admission creatinine of greater than 700. Again there was confusion with the electronic prescribing system and the nurse thought that patient did not have a drug chart as the electronic prescribing system had gone live whereas in fact there was a paper drug chart for the fluid. The position of the venflon on the patient arm also contributed to the delay. Once error identified the fluids were given but were not running to time and patient improved. Ward sister has ensured that staff will go for further training if unsure on how to use the CRS Millennium system and staff were also briefed about poor documentation of the incident…

“Fourth incident occurred involved a patient prescribed ACS protocol for NSTEMI, Positive trop T. The aspirin 300mg, clopidogrel 300mg and fondaparinux 2.5mg were not administered and not signed for. Omission of medicines was discussed with doctor looking after the patient and the patient did not come to any harm. Omission occurred as agency staff did not know how to use CRS Millennium. On review of incident all staff were briefed on importance of patients being administered medicines on time and in particular a discussion took place between agency staff and for agency staff to have adequate CRS Millennium training. There are champion users nurses on wards who are able to train Agency staff.

NPfIT

Cerner Millennium is provided to the trust under a national contract hosted by the Department of Health and managed via a Local Service Provider (LSP) contract with BT. The contract covers trusts in London and the south of England.

The DH contract expires on 31st October 2015 after which point the DH will no longer fund any of the services currently hosted by them. This includes both the software and licencing costs for Cerner Millennium as well as the BT data storage facilities and other costs.

The DH requires all trusts with Cerner under the NPfIT to commit to an exit strategy before 31st October 2015.

Comment

Is Cerner Millennium merely an administrative system as officials at Croydon Health Services NHS Trust claim it is?  The implication is, with an administrative system, that it cannot be involved in any harm to patients. Officials at Connecting for Health when they ran the NPfIT used to describe Cerner Millennium as an administrative system.

It is the deployment of this “admin” system at Croydon that is implicated in medication errors, a waiting list of 50,000 people, and long waits for diagnostic tests for people with suspected cancer.

If Whitehall and NHS officials cannot see the system as other than administrative, this is a mistake that may help to explain why a poor service for patients, which sometimes has serious potential clinical implications,  is so commonplace, even months after go-live.

50,000 on waiting list and cancer test delays after NPfIT go-live

50,000 on waiting list and cancer test delays after NPfIT go-live

By Tony Collins

Croydon hospitals have built up a waiting list of 50,000 patients since a Cerner electronic patient record system go-live last October, according the trust’s latest board papers.

And, since the go-live, more than 2,200 patients have waited at least 6 weeks for diagnostic tests, of which 160 have been identified as “urgent suspected cancer and urgent patients”.  This backlog may take until the end of August to clear, say the board papers of the Croydon Health Services NHS Trust which includes Croydon’s Mayday Hospital, now the University Hospital.

The trust has declared a “serious incident” as a result of the diagnostics backlog. An SI can be reported when there is possibility of unexpected or avoidable death or severe harm to one or more patients.

“No harm”

The trust concedes that its waiting times pose a “potential clinical risk” but the board papers say several times that there is no evidence any patient has come to harm.  This assurance has been questioned by some trust board members. The trust continues to investigate.

Croydon is the latest in a long line of trusts to have had serious disruption after a Cerner go-live under the NPfIT, with BT as the installation partner.

The trust has kept the implications for patients confidential. This may contravene the NHS’s “duty of candour” – to report publicly on things that go wrong. The duty has come about in the wake of the suffering of hundreds of people in the care of Mid Staffordshire NHS Trust.

Croydon Health Services NHS Trust has decided not to publish its “Cerner Deep Dive” or Cerner “Lessons Learnt” reports, and discussions on the reports have been in Part 2 confidential sections of board meetings.

The trust defended its “Part 2” approach in its statement (below).

Meanwhile the Health and Social Care Information Centre, which runs the NPfIT local service provider contracts, including BT’s agreement to supply Cerner to hospitals in London,  has commissioned Cerner to capture the benefits nationally of Cerner installations.

Q&A

My questions and points to the trust, and its responses are below.

From me to the trust:

Croydon had good reasons to go live with Cerner, and DH funding was a further incentive but the trust does not appear to have been in a position to go live – at any stage – with a Big Bang Cerner implementation. The 7 aborted official go-live dates might have been a sign of why.  It would have been a brave decision to cancel the implementation, especially as:

–  the trust had spent 2 years preparing for it

– DH, BT and Cerner had put a lot of work into it

– there was DH pressure to go live especially after all the missed go-live dates.

The latest board papers say 6 or more times in different places that there has been no harm to patients as a result of the delays and waits.  Some members have raised questions on this and there is the matter of whether the trust is commissioning its own assessments (marking its own work).

On this:

– 50,000 on waiting list

– Cerner deep dive not published

– Lessons Learnt not published (concealment of failures, against the spirit of duty of candour called for by Robert Francis QC and Jeremy Hunt?)

– Diagnostics – an SI reported. The trust has considered the contributing issues which related to Cerner implementation but has not published details of the discussion. Again a concealment of failures?

– An accumulation of over 2,200 patients that were waiting over 6 weeks for diagnostics. Out of that number 160 patients were identified as urgent suspected cancer (USC) and urgent patients.  Can the trust – and patients – be sure there has been no harm?

– “… external assurance through an external clinician will provide the assurance that no patients have suffered harm as a result of the length of the waiting times”. Bringing in an external clinician to provide an assurance no patients have been harmed seems to pre-judge the outcome.  The trust appears to be marking its own work, especially as the backlog of patients awaiting diagnostics may not be cleared until the end of August.

– Managing public and GP perceptions? “Members agreed that GP interactions should be held off until the investigations had produced definite findings. However the Communications Department are on standby to publish information to GPs if required, and the Trust is ready to react to other enquiries. The Trust will in any event publish the incident report after the investigation has been completed.”

– “… the implementation of Cerner in October 2013 had an impact on activity levels and the delivery of RTT standards”. Again no report on this published.

– “An independent assessor would re-check all patients to assure that no harm has resulted. The Committee noted the progress report and requested that this is referred to a Part 2 meeting of the Trust Board …” Concealment of failures again?

– In the past the DH has been prepared to treat patients as guinea pigs in Cerner Big Bang implementations. The philosophy appears to be that the implementations will inevitably be disruptive but it’s for the good of patients in the longer term. That this approach may be unfair on patients in the short term, however, seems not to trouble the NHS hierarchy.

It’s clear clinicians and IT staff are doing their best and working hard for the benefit of patients but the implementation was beyond their control. Meanwhile complaints are increasing, Croydon Health Services was one of the lowest rated trusts for overall patient experience and a sizeable minority of local residents don’t choose the local hospitals for care or treatment. That said some patients rate their care very highly on NHS Choices (although some don’t). The University hospital is rated 2.5 stars out of 5.

One of the most surprising statements in the board papers is this: “… despite the weaknesses in the programme, the overall success of the deployment had been recognised at a national level”. A success? Can the trust in essence say what it likes? Nobody knows for sure what the facts are, given that the trust decides on what to publish and not to publish.

The trust’s response to the above points and questions:

“Due to a temporary failure of our administrative systems, the Trust found in February 2014 that a number of patients who needed to be seen by the imaging service were in breach of the six week waiting standard.

“We have taken immediate action to correct this and are undertaking a thorough review to confirm that no patients were harmed as a result.  The Trust is now working hard to treat patients currently on our waiting lists.  This is referenced in our publicly available Board papers.

“CRS Millennium has delivered a number of improvements that support improving patient experience at the Trust, including more efficient management of medicines, more detailed patient information being conveyed between shifts and departments and better management of beds within the organisation.”

Lessons?

Below are some of the lessons from Croydon’s Cerner go-live. Although the trust hasn’t published its “Lessons Learnt” report, some of lessons are mentioned in its latest board papers:

  • Insufficient engagement from operational and clinical colleagues
  • Time pressures were felt when a full dress rehearsal stretched the capabilities of the information team.
  • Insufficient time and resources were allocated to completion of the outline business and full business cases, as well as to due diligence on the options and costs.  [Business cases for Cerner are still unpublished.]
  • Trust directors agreed that a business case for a project of the size and complexity of the CRS Millennium should have taken longer than 6 weeks to prepare.
  • A failure of senior managers to take stock of the project at its key stages.
  • Too strong a focus on technical aspects
  • Clinicians not always fully appreciating the impact of the changes the system would deliver
  • The hiring of an external change manager to lead the deployment who proved to be “less than wholly successful because of the resulting deficiency in previous experience or knowledge of the culture of the organisation”.
  • The individual left the organisation part way through deployment which led to further challenges.
  • The right people with the right skills mix were not in place at the outset to achieve the transformational change necessary to successfully deploy a new system such as CRS

Comment 

NHS trusts have good reason to modernise their IT using the widely-installed  Cerner electronic patient record system, especially  if it’s a go-live under the remnants of the NPfIT, in which case hospitals receive DH funding and gain from having BT as their installation partner.

But why does a disruption that borders on chaos so often follow NPfIT Cerner implementations? Perhaps it’s partly because the benefits of Cerner, and the extra work required by nurses and doctors and clerical staff to harvest the benefits, is underestimated.

It is in any case difficult to convey to busy NHS staff that the new technology will, in the short-term, require an increase in their workload. Staff and clinicians will need to capture more data than they did on the old system, and with precision. The new technology will change how they work, so doctors may resent it initially, especially as there may be shortcomings in the way it has been implemented which will take time to identify and solve.

The problem with NPfIT go-lives is that they take place in an accountability void. Nobody is held responsible when things go badly wrong, and it’s easy for trusts to play down what has gone wrong. They have no fear of authoritative contradiction because they keep their implementation assessments confidential.

What a difference it would make if trusts had an unequivocal duty of candour over electronic health record – EHR – deployments. They would not be able to go live until they were ready.

The disruption that has followed NPfIT Cerner go-lives has been serious. Appointments and tests for suspected cancer have been lost in the administrative confusion that follows go-live. There have been backlogs of appointments for tens of thousands of patients. Operating theatres have gone under-used because of mis-scheduled appointments.

Now and again a patient may die unnecessarily but the problems have been regarded by the NHS centrally as collateral damage, the price society pays for the technological modernisation of the NHS.

Richard Granger, when head of the NPfIT, said he was ashamed of some Cerner installations. He described some of them as “appalling” but since he made his comments in 2007, some of the Cerner installations have been more disruptive than those he was referring to.

Provided each time there is no incontrovertible evidence of harm to patients as a result of a go-live, officials give the go ahead for more NPfIT Cerner installations.

Guinea pigs?

Disruption after go-live is too often treated as an administrative problem. Croydon’s statement refers to a “temporary problem with our administrative systems”. But new patient record systems can harm patients, as the inquest on 3-year-old Samuel Starr heard.

It’s time officials stopped regarding patients as guinea pigs in IT go-lives. It compounds the lack of accountability when trusts such as Croydon keep the reports from the go-live secret.

Trusts need better technological support but not at the cost of treating any harm to patients as collateral damage.

A tragic outcome for Cerner implementation at Bath?

Openness and honesty is a rarity after health IT problems

Mishandled electronic health record transition

A botched Cerner EHR implementation?

Trinity Medical Center reaches Cerner settlement

CEO and CIO resign after troubled EHR go-live

By Tony Collins

At the foot of the Blue Ridge Mountains, Georgia, in America’s deep south, about 70 miles from Atlanta, is Athens .

It was named at the turn of the 19th century to associate its university with Aristotle and Plato’s academy in Greece. It is home to the Athens Regional Medical Centre, one of the USA’s top hospitals.

There on 4 May 2014 the Centre went live with what it described as the most meaningful and largest scale information technology system in its 95-year history – a Cerner EHR implementation.

Now the Centre’s CEO James Thaw and CIO Gretchen Tegethoff have resigned. The Centre’s implementation of the electronic health record system seems to have been no more or less successful than at UK hospitals.

The main difference is that more than a dozen doctors complained in a letter to Thaw and Tegethoff.  A doctor leaked their letter to the local paper.

“Medication errors”

The letter said the timescales to install the Cerner EHR system were too “aggressive” and there was a “lack of readiness” among the intended users. They called the system cumbersome.

The letter referred to “medication errors … orders being lost or overlooked … (emergency department) and patients leaving after long waits”. An inpatient wasn’t seen by a physician for five days.

“The Cerner implementation has driven some physicians to drop their active staff privileges at ARMC [Athens Regional Medical Centre],” said the letter. “This has placed an additional burden on the hospitalists, who are already overwhelmed. Other physicians are directing their patients to St. Mary’s (an entirely separate local hospital) for outpatient studies, (emergency room) care, admissions and surgical procedures. … Efforts to rebuild the relationships with patients and physicians (needs) to begin immediately.”

The boldness of the letter has won praise in parts of the wider American health IT community.

It was signed by the centre’s most senior medical representatives: Carolann Eisenhart, president of the medical staff; Joseph T. Johnson, vice president of the medical staff; David M. Sailers, surgery department chair; and, Robert D. Sinyard, medicine department chair.

A doctor who provided the letter to the Athens Banner-Herald refused a request to openly discuss the issues with the computer system and asked to remain anonymous at the urging of his colleagues.

Swift action

One report said that at a meeting of medical staff 200 doctors were “solid in their vote of no confidence in the present hospital administration.”

Last week Thaw wrote in an email to staff: “From the moment our physician leadership expressed concern about the Cerner I.T. conversion process on May 15, we took swift action and significant progress has been made toward resolving the issues raised … Providing outstanding patient care is first and foremost in our minds at Athens Regional, and we have dedicated staff throughout the hospital to make sure the system is functioning as smoothly as possible through this transition.”

UK implications?

The problems at the Athens centre raise questions about whether problematic Cerner installations in the NHS should have consequences for CEOs.  Health IT specialists say that, done well, EHR implementations can improve the chances of a successful recovery. Done badly an EHR implementation can harm patients and contribute to death.

The most recent installations of Cerner in the NHS, at Imperial College Healthcare NHS Trust and Croydon Health Services NHS Trust, follow the pattern of other Cerner EHR go-lives in the NHS where there have been hints of problems but the trusts are refusing to publish a picture of how patients are being affected.

What has gone wrong at Athens Regional?

IT staff, replying to the Banner-Herald’s article, have given informed views on what has gone wrong. It appears that the Athens Regional laid off about a third of the IT staff in February 2014, about three months before go-live.

Past project disasters have shown that organisations often need more, not fewer, IT staff, advisers and helpers, at the time of a major go-live.

A further problem is that there appears to have been little understanding or support among doctors for the changes they would need to make in their business practices to accommodate the new system.  Had the organisation done enough to persuade doctors and nurses of the benefits to them of changing their ways of working?

If clinicians do not support the need for change, they may focus unduly on what is wrong with the new system. An organisation that is inherently secretive and resentful of constructive criticism will further alienate doctors and nurses.

Doctors who fully support an EHR implementation may find ways around problems, without complaining.

One comment on the Banner-Herald website says:

“While I have moved on from Athens Regional, I still have many friends and colleagues that are trying to work through this mess. Here is some information that has been reported to me…

“Medications, labs and diagnostic exams are not getting done in a timely manner or even missed all together. Some of this could be training issues and some system.

“Already over worked clinical staff are having to work many extra hours to get all the information in the system. This obviously takes away from patient care.

“Senior leadership tried to implement the system in half the amount of time that is usually required to do such things, with half the staff needed to do it. Why?

“Despite an environment of fear and intimidation the clinical staff involved with the project warned senior administration that the system was not ready to implement and posed a safety risk.

“I have ex-colleagues that know staff and directors that are involved with the project. They have made a valiant effort to make things right. Apparently an 80 to even a 100 hour work week has been the norm of late.

“Some questions that I have: where does the community hospital board stand with all this? Were they asking the questions that need to be asked? Why would the software company agree to do such a tight timeline? Shouldn’t they have to answer some questions as well?”

“Hopefully, this newspaper will continue to investigate what has happened here and not cave to an institution that spends a lot of money on frequent giant full page ads.

“Please remember there are still good people (staff, managers and administrators) that work at ARMC and I am sure they care about the community they serve and will make sure they provide great patient care.”

“The last three weeks have been very challenging for our physicians, nurses, and staff,” said Athens Regional Foundation Vice President Tammy Gilland. “Parts of the system are working well while others are not. The medical staff leadership has been active in relaying their concerns to the administration and the administration has taken these concerns very seriously. Maintaining the highest quality of patient care has always been the guiding principle of Athens Regional Health System.”

Keeping quiet

NHS trusts go quiet about the effect on patients of EHR implementations despite calls by Robert Francis QC and health secretary Jeremy Hunt for openness when things go wrong.

Imperial College Healthcare NHS Trust, which comprises St Mary’s Paddington, Hammersmith Hospital, Charing Cross Hospital, Queen Charlotte’s and Chelsea Hospital, and Western Eye hospital in Marylebone Road, went live with Cerner– but its managers and CEO are refusing to say what effect the system is having on patients.

An FOI request by eHealth Insider elicited the fact that Imperial College Healthcare had 55 different consultants working on the Cerner Millennium project and 45 Trust staff. The internal budget for electronic patient record deployment was £14m.

Croydon Health Services NHS Trust, which comprises Croydon University Hospital (formerly Mayday) and the Purley War Memorial Hospital, went live with Cerner last year, also under BT’s direction.

The trust has been a little more forthcoming than Imperial about the administrative disruption, unforeseen extra  costs and effects on patients, but Croydon’s officials, like Imperial College Healthcare’s spokespeople,  refuse to give any specific answers to Campaign4Change’s questions on the Cerner implementation.

Comment

It was probably unfair of doctors at Athens Regional to judge the Cerner system so soon after go-live but their fierce reaction is a reminder that doctors exist to help patients, not spend time getting to grips with common-good IT systems.

Would an NHS CEO resign after a rebellion by UK doctors over a problematic EHR implementation? It’s highly unlikely – especially if trusts can stop news leaking out of the effects on patients. In the NHS that’s easy to do.

Athens Regional CEO resigns

A tragic outcome for Cerner Millennium implementation?

Athens Regional is addressing computer problems encountered by doctors

Athens Regional is addressing computer problems after patients put at risk

CEO forced out?