Category Archives: NHS England

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Capita said to owe thousands to pharmacies

By Tony Collins

Capita owes some pharmacy owners thousands of pounds, according to Chemist+Druggist.

One pharmacist Salim Jetha of Lewis Grove Pharmacy in Lewisham told Chemist+Druggist he had emailed Capita in February but it “bounced back because the inbox was full”. He said that if emails are unanswered and there is no phone number to ring “what are you supposed to do?”

Under its Primary Care Support Services contract with NHS England, Capita is due, among other obligations, to reimburse some of the costs of pharmacy trainees. The trainees are termed “pre-registration” pharmacists because they have not yet passed a General Pharmaceutical Council assessment.

Pharmacy owners can apply for an annual grant from NHS England for up to £18,440 for every pre-registration trainee taken on.

Capita took on responsibility for delivering NHS England’s primary care support services in September 2015, including overseeing the pharmacy training grants.

In response to the article, Capita spokesperson said it is aware of “some isolated issues” and that all claims that meet “the required checks” have been backdated, as will any further claims.

The spokesperson said that one of the “key improvements” under Capita has been the introduction of a centralised process for dealing with primary care.

The old system was localised, meaning grant claims “came in from various sources on an ad hoc and irregular basis”.

Chemist+Druggist article

Jeremy Hunt is prepared to end Capita’s NHS contract if necessary

 

is London Ambulance Service’s back-up system “public endurance”?

By Tony Collins

In November 2016 London Ambulance Service had its busiest week for seriously ill and injured incidents in the history of the Service.

“The Service is …expecting demand to increase even further throughout December,” said London Ambulance Service at the time.

A few weeks later, on one of the busiest nights of the year, the systems went down, from 12.30am to 5.15am on 1 January 2017. The result was that 999 calls were logged  by pen and paper.

When systems are working normally  an incoming 999 call displays the address registered to that number – if the address is registered.  The London Ambulance operator confirms the location, assesses the severity and an ambulance can be despatched within seconds, with the address on its screen and a satnav pointing the way, according to a comment on The Register.

Pen and paper takes longer because the address and other details need to be given over a radio, which can take minutes.

But pen and paper is the London Ambulance Service’s back-up for IT failures.  Whether it can cope with unprecedented demand – or with a major incident in London – is in doubt.

A former London Ambulance Service paramedic told the BBC there had been waits of an hour for ambulances on 1 January 2017. He said call handlers had been “amazingly helpful”, but it was “easy to become overwhelmed especially in the midst of high call volumes”.

London Ambulance Service declined to answer any questions on its latest system failure.

Malcolm Alexander of the Patients’ Forum for the London Ambulance Service said: “We want to know why it is that this system that cost so much money and is supposed to be so effective is not fail-safe.”

He added: “If this system fails at a time when there is huge pressure in the system, for example if there was a major disaster or a terrorist attack, we are going to be in trouble. We really need to make sure it doesn’t collapse again.”

1992

A report into the collapse of London Ambulance Service systems found that they had had failed for many reasons. The Service had taken a “high-risk” IT approach and did not test systems thoroughly before putting them into service.

(Some may question how much has been learned since then.)

2006

In 2006 the London Ambulance Service systems crashed nine times in a fortnight. Each time staff reverted to pen and paper.

2008

In 2008, when systems failed,  repairs took 12 hours. Again the Service reverted to pen and paper.

2011

In June 2011 an IT upgrade caused the system to go down for about three and half hours. Pen and paper was again the back-up “system”. At the time the London Ambulance Service was upgrading the Commandpoint system, supplied by Northrop Grunman, which the Service deployed in 2010 and still uses.

2013

In 2013 on Christmas Day and Boxing Day the systems went down for separate reasons for several hours each day, with staff reverting to pen and paper.

2015

The Chief Inspector of Hospitals, Mike Richards, recommended that the London Ambulance Service be placed into special measures.

He said at the time,

“The Trust has been performing poorly on response times since March 2014. This is a very serious problem, which the trust clearly isn’t able to address alone, and which needs action to put right.”

Comment

It’s becoming the norm for parts of the public sector to regard the public as captive customers when it comes to going live with new IT or upgraded software.

Rather than test new systems, procedures and upgrades thoroughly before introducing them, some parts of the public sectors are going live with a “let’s see what happens and fix things then” approach.

This has become the semi-official approach to the introduction of Universal Credit – with long delays in payments for some claimants.

Within the NHS, at some hospitals introducing new patient record systems, there has been an internal acceptance that patients may suffer from delays,  perhaps with tragic consequences, at least for three year-old Samuel Starr.

The NHS e-referral service was launched with nine pages of known problems.  And when NHS England launched a streamlined GP support service with Capita, officials knew of the possible problems. But it launched anyway.

After the London Ambulance Service’s IT failure on New Year’s Day, it’s clear that many emergency workers did their best to give a normal 999 service. St John’s Ambulance helped.

But to what extent does senior management at the London Ambulance Service have a “stuff happens” mindset when IT goes seriously wrong?

There’s no individual accountability and no commercial imperative to learn lessons from any of the failures.

And there’s no fervent business or political will to ensure the same or similar mistakes don’t recur.

Every time systems fail, the London Ambulance Service promises an investigation. But where are the results published so that lessons can be learned?

Pen and paper is tried and tested. But demands on the London Ambulance Service are much greater than in the past.

With an unprecedented demand for its services how is it London Ambulance Service’s senior management can comfortably rely on pen and paper as its back-up system?

It can – if nobody in power requires an earnest answer to the question.

Another wider question is whether it’s acceptable to use the public as guinea pigs for new or upgraded IT, with potentially serious or even tragic consequences.

London Ambulance Service suffers New Year’s crash – Computer Weekly

London Ambulance Service hit by new year fault – BBC online

 

 

MPs to debate Capita NHS contract today

By Tony Collins

In the House of Commons today MPs will debate the Capita Primary Care Support Services contract.

It has been secured by Coventry North West MP Geoffrey Robinson, who wants GPs to be compensated for the failures arising from the outsourcing contract.

The debate comes a day after the BBC reported that “more than 9,000 patients’ records in Norfolk, Suffolk and Essex have gone missing” since Capita took on the task of transferring files.

As part of its contract Capita took on the job of transferring patients’ records, when people move from one GP to another.

A BBC survey of 78 GP practices showed that 9,009 records had been missing for more than two months.

Capita told the BBC it did not “recognise these claims”.

An NHS England spokesman said, “We know there have been serious issues with services delivered by Capita which have had an unacceptable impact on practices. We are ensuring Capita takes urgent steps to improve services.”

Patients “at risk”

Paul Conroy, a practice manager in Essex, has started a House of Commons petition on the delays, which has been signed by more than 3,000 people. It calls for an inquiry into the Capita contract and the impact it has had on GP practices.

“GPs rely on that full medical history in order to make key clinical decisions on patient care,” he said.

“If they can’t get hold of that physical record there could be vital information there could be vital information that puts a patient at risk.”

James Dillon, director of Practice Index – an organisation bringing together practice managers – told the BBC,

“GP practices are getting more and more frustrated by the missing patient records.

“Not only is this debacle putting the health of their patients at risk, it is putting added pressure on already stretched practices.”

In a statement, Capita said it had taken on the “challenging initiative” to streamline GP support services and there had been “teething problems”.

“[But] medical records are now being delivered securely up to three times faster than under the previous system,” it said.

“We do not recognise these claims regarding thousands of files being missing whatsoever.

“We request and move on average 100,000 files a week from multiple sites including GP surgeries and also third party run storage facilities which are contracted and managed by NHS England.”

GP magazine Pulse quoted MP Geoffrey Robinson as saying that the secretary of state should intervene directly “as this is extremely dangerous”. Robinson said that some medical records are not being delivered at all, or delivered late or delivered to the wrong practices.

Dr Richard Vautrey, deputy chairman of the British Medical Association’s GP Committee said that the problems arising from the outsourcing contract “are directly impacting on the ability of many GPs to provide safe, effective care to their patients in the area”.

He said, “They are in some cases being left without the essential information they need to know about a new patient and the tools to treat them.”

In August 2016, NHS England published the results of a User Satisfaction Survey of primary care support services over the previous six months. Only 21% of GPs were satisfied with the outsourced service, giving it an average overall score of 2.91 out of 10.

Lunacy?

An anonymous GP told Pulse how the problems are affecting him. He refers to the “performers list” that assures the public that GPs are suitably qualified, have up to date training, have appropriate English language skills and have passed other relevant checks such as with the Disclosure and Barring Service and the NHS Litigation Authority.

Said the GP,

“I moved 12 months ago and still haven’t been able to transfer performers list. I am 6 months late for my appraisal and unemployable except for my current salaried job as a result.

” It would have been easier to emigrate. The department responsible for the performers list at Capita is uncontactable except via a national email that isn’t responded to and a phone line that isn’t able to put you through to anyone.

“… As it is it’s virtually impossible to move region if you a UK GP. I am basically a slave bonded to a geographical region, forbidden to move house and work anywhere else other than short periods. Totally at the mercy of a faceless uninterested bureaucracy incapable of helping. Lunacy and utterly depressing. Why the hell did I become a GP? I curse the day.”

“I urgently need my medical records”

A patient who wrote to Campaign4Change said,

“My medical records were requested at the beginning of June 2016 when I changed to another health centre about 2 miles away.

“[I] phoned Capita today and was told there was no record of this request and to get my solicitor to contact them. Then they put the phone down. I don’t have and cannot afford a solicitor.

“I urgently need my medical records with my new doctor and am feeling helpless and extremely stressed by this.”

Pulse magazine reported yesterday (7 November 2016) the results of a snapshot survey of 281 GP practices carried out by the BMA’s GP Committee. It found:

  • 31% of practices had received incorrect patient records;
  • 28% failed to receive or have records collected from them on the date agreed with Capita;
  • 58% reported that new patient registrations were not processed within the required three days.
  • 81% of urgent requests for records were not actioned within three weeks.

GP practices also noted a reduction in the number of incorrect payments and fewer delays in registrations of the “performers list”.

Comment

It would be a pity if MPs today, in criticising Capita, lost sight of the bigger picture: how such outsourcing deals are considered and awarded.

The root of the problem is that before the contract is awarded officials concentrate their attention on the minutiae of the benefits: exactly how much will be saved, and how this will be achieved.

Pervading the pre-contract literature and discussions are the projected savings. This is understandable but wrong.

It’s understandable because it’s the projected savings that justify the sometimes-exciting time and effort that go into the pre-contract negotiations and discussions.

Large amounts of money are at stake. For officials, the pre-contract work can be a euphoric time – certainly more interesting than the day-to-day routine.

But what happens to negotiation and discussion of risk?

Risk is a table or two at the back of the reports. It’s a dry, uninspiring vaguely technical and points-scoring analysis of the likelihood of adverse events and the seriousness of the consequences materialising.

Sometimes the most serious risks are highlighted in red. But there’s always a juxtaposed “mitigation” strategy that appears to reassure. Indeed it appears to cancel out any reason for concern.

Risk is mentioned at the back of the internal pre-contract because it’s a cultural anathema. It’s the equivalent of visits by Building Regulations inspectors at a theme park under construction.

Who wants to talk about risk when a contract worth hundreds of millions of pounds is about to be awarded?

A bold official may dare to point out the horror stories arising from previous outsourcing contracts. That hapless individual will then be perceived by the outsourcing advisory group to have a cloud over his or her head. Not one of us.

And the horror stories will be dismissed by the officer group as the media getting it wrong as usual. The horror stories, it will be explained, were in fact successes.

Even when big public sector outsourcing deals end in a legal action between the main parties, officials and the supplier will later talk – without explanation or detail or audited accounts –  of the contract’s savings and overall success.

We’re seeing this on the Southwest One outsourcing/joint venture contract.

No doubt some will claim the GP contract support contract is a success. They’ll describe problems as teething. Marginalise them. And later, when it comes to the awarding of future contracts, supporters of the GP outsourcing contract will be believed over the critics.

And so the cycle of pre-contract outsourcing euphoria and post-contract rows over failure will be repeated indefinitely.

It would be of more use if MPs today debated the role of NHS England in the award of the GP support contract.

Blaming Capita will do little good. The supplier will face some minor financial penalties and will continue to receive what it is contractually due.

Countless National Audit Office reports show how contracts between the public and private sectors, when it comes to the crunch, strongly protect the supplier’s interests. The public sector doesn’t usually have a leg to stand on.

A focus today on Capita would be a missed opportunity to do some lasting good.

NHS England letter on Capita contract – September 2016

Capita NHS contract under scrutiny after “teething” problems – June 2016

GPs decry Capita’s privatised services as shambles – The Guardian

Did NHS England consider us in the Capita take-over?

NHS England vows to hold Capita to account

Capita mistakenly flags up to 15% of GP practice patients for removal  

Capita primary care support service performance “unacceptable”

 

 

 

“Teething” problems on Capita’s NHS contract turn more serious

By Tony Collins

capitaA senior official at NHS England has said that problems on a contract to outsource GP support services to Capita have “put patients at risk”, according to GPs magazine Pulse.

In June 2016 NHS England said problems on Capita’s £330m seven-year contract to provide primary care support services to GPs were “teething”.

The contract started in September 2015.

Directors at NHS England’s September board meeting said that problems with Primary Care Support England had ‘escalated’ this summer and that the problems were ‘creating some risks for patients’.

Karen Wheeler, NHS England’s national director for transformation and corporate operations, is reported by Pulse to have told the board,

“I just want to recognise that obviously this has impacts for users, which include of course primary care contractors – GPs, ophthalmic and dental practitioners – and recognise that that’s difficult for all those users, and indeed creating some risks for patients as well.

“So we are doing everything we can to make sure that we escalate, and address the risks particularly for patients, and we will be communicating with practitioners how we are planning on, with Capita, to try to improve services as quickly as possible.”

Problems include undelivered patient notes, which has led to GP practices chasing records. There have also been delays in GP payments and clinical supplies.

Angry GPs

NHS England’s chairman Professor Malcom Grant has angered some GPs by praising NHS England’s directors, and their teams, for the “huge amount of work” they have put in “trying to ensure people aren’t harmed by this at all.”

Pulse quotes Professor Grant as saying,  “As you know the board takes this extremely gravely. When we say unacceptable, we mean unacceptable. I think we need to pay tribute to you [Karen Wheeler] and the team for the huge amount of work that has gone into trying to ensure that people aren’t harmed by this at all.”

A Capita spokesperson told Pulse: ‘Across all PCSE [Primary Care Support England] services our focus is to ensure that GPs and primary care providers are supported so they can concentrate on patient care.

“We fully recognise that the administrative services we provide play a key role in supporting primary care providers and ensure that urgent work is always treated as a priority.

“We have openly apologised for the level and varied quality of service we have provided across a number of PCSE services. As NHS England acknowledges, we are working very closely with them, supported by their subject matter experts, to implement step changes to improve current services.”

Responses to the article on Pulse’s website criticised NHS England’s chairman for praising his officials when it was NHS England that had made the decision in the first place to outsource GP support services.

One comment: “Apologies aren’t worth anything currently. We are struggling at [GP] practice level and NHSE [NHS England] don’t give a damn.”

Another said, “So ‘hubs’ and combining ‘back office’ functions not always the cost saving, efficiency panacea then… Let’s hope we learn the lessons and value our ‘back office functions’ more highly.”

An anonymous NHS manager said the decision to outsource to Capita had been taken “behind closed doors, without any meaningful staff consultation and with zero knowledge of what primary care support services actually do”.

The manager added,  “NHS England is part of the problem. It’s about time they were held to account.”

Capita’s share price is currently less than half its 52-week high, for a range of reasons.