Category Archives: NHS England

Are you happy paying to help with problem Capita contract?

By Tony Collins

This week, as Barnet residents go to the polls, how many will be influenced by the continuing national and local media coverage of the council’s mass outsourcing deal with Capita?

Barnet’s Capita contracts are a local election issue. The council’s conservatives and Capita say the outsourcing contracts have saved money and are performing as expected “in many areas”.

But a former local Tory councillor Sury Khatri , who has been deselected after criticising the Capita contract, described the deal as “disastrous”. Barnet has paid Capita £327m since the deals were signed in 2013. Capita runs council services that range from cemeteries to IT.

Councillor Khatri said,  “My time at the council has been overshadowed by the disastrous Capita contract that is falling apart at the seams. Four years on, issues still keep rolling out of the woodwork. This contract represents poor value for money, and the residents are being fleeced.”

Another critic of the Capita contracts is John Dix who blogs as “Mr Reasonable” and is one of several highly respected local bloggers. He has been studying the council’s accounts for some years. He runs a small business and is comfortable with accounts and balance sheets.

He writes,

“I have no problem with outsourcing so long as it is being done for the right reasons. Typically this is where it involves very specialist, non core activities where technical expertise may be difficult to secure and retain in house.

“In Barnet’s case this outsourcing programme covered so many services which were core to the running of the council and which in 2010 were rated as 4 star (good). Barnet has been an experiment in mass outsourcing and almost five years in, it appears to be a failure.

“Last night’s [19 April 2018] audit committee was a litany of service problems, system failures, lack of controls, under performance, a major fraud. Internal audit saying issues were a problem, Capita saying they weren’t.”

Shadow Chancellor John McDonnell has entered the debate. He has applauded Barnet’s Unison branch for its enduring, close scrutiny of the Capita contracts. Unison this week published a report on the deal.

Capita’s share price rises

Earlier this month the national press reported extensively on concerns that Capita would follow Carillion into liquidation.

Since the bad publicity, the company’s announcement of a pre-tax loss of £535m, up from £90m the previous year, £1.2bn of debt and a rights issue to raise £662m after fees by selling new shares at a discount, Capita’s share price has risen steadily, from a low a month ago of about 130p to about 191 yesterday.

Could it be that investors sense that Capita’s long-term future is secure: the company has a wide range of complex and impenetrable public sector contracts where history shows that public sector clients – ruling politicians and officials – will defend Capita more enthusiastically than Capita itself, whatever the facts?

A list of some of Capita’s problem contracts is below the comment.

Comment

Carillion, a facilities management and construction company, collapsed in part because the effects of its failures were usually obvious: it was desperately short of money and new roads and hospitals were left unfinished.

When IT-based outsourcing deals go wrong, the effects are usually more nuanced. Losses can be hidden in balance sheets that can be interpreted in different ways; and when clients’ employees go unpaid, or the army’s Defence Recruiting System has glitches or medical records are lost, the problems will almost always be officially described as teething even if, as in Capita’s NHS contracts, they last for years.

It is spin that rules and protects IT outsourcing contracts in the public sector. Spin hides what’s really going on. It is as integral as projected savings and key performance indicators.

When Somerset County Council signed a mass outsourcing deal with IBM, its ruling councillors boasted of huge savings. When the deal went wrong and was ended early after a legal dispute with IBM the council announced that bringing the deal in-house would bring large savings: savings either way. Liverpool council said the same thing when it outsourced to BT – setting up a joint venture called Liverpool Direct – and brought services back-in house: savings each time.

Barnet Council is still claiming savings while the council’s auditors are struggling to find them.

Spinmeisters know there is rarely any such thing as a failed public sector IT contract: the worst failures are simply in transition from failure to success. Barnet’s council taxpayers will never know the full truth, whoever is in power.

Even when a council goes bust, the truth is disputed. Critics of spending at Northamptonshire County Council, which has gone bust, blame secretive and dysfunctional management. Officials, ruling councillors and even the National Audit Office blame underfunding.

In March The Times reported that Northamptonshire had paid almost £1m to a consultancy owned by its former chief executive. It also reported that the council’s former director of people, transformation and transactions for services, was re-hired on a one-year contract that made her company £185,000 within days of being made redundant in 2016.  Her firm was awarded a £650-a-day IT contract that was not advertised.

In the same month, the National Audit Office put Northamptonshire’s difficulties down to underfunding. It conceded that the “precise causes of Northamptonshire’s financial difficulties are not as yet clear”.

Perhaps it’s only investors in Capita who will really know the truth: that the full truth on complex public sector contracts in which IT is central will rarely, if ever, emerge; and although Capita has internal accountability for failures – bonuses, the share price and jobs can be affected – there is no reason for anyone in the public sector to fear failure. No jobs are ever affected. Why not sign a few more big outsourcing deals, for good or ill?

Thank you to FOI campaigners David Orr and Andrew Rowson for information that helped me write this post.

Some of Capita’s problem contracts

There is no definitive list of Capita’s problem contracts. Indeed the Institute for Government’s Associate Director Nick Davies says that poor quality of contract data means the government “doesn’t have a clear picture of who it is buying from and what it is buying”. Here, nevertheless, is a list of some of Capita’s problem contracts in the public sector:

Barnet Council

A Capita spokesperson said: “The partnership between Capita and Barnet Council is performing as expected in many areas. We continue to work closely with the council to make service enhancements as required.”

Birmingham City Council

“The new deal will deliver a mix of services currently provided under the joint venture, plus project based work aimed at providing extra savings, with forecasts of £10 million of savings in the current financial year and £43 million by 2020-21.”

West Sussex County Council

A spokesman said, “Whatever your concerns and small hiccups along the way, I believe this contract has been and will continue to be of great benefit to this county council.”

Hounslow Council

A Capita spokesperson said: “We are working closely with the London Borough of Hounslow to ensure a smooth transition of the pensions administration service to a new provider.”

Breckland Council

“They concluded that planning officers, working for outsourcing company Capita, had misinterpreted a policy, known as DC11, which dictates the amount of outdoor playing space required for a development..”

Army

Mark Francois, a Conservative former defence minister,  said Capita was known “universally in the army as Crapita”. But Capita said in a statement,

“Capita is trusted by multiple private and public clients to deliver technology-led customer and business process services, as demonstrated by recent wins and contract extensions from clients including British Gas, Royal Mail, BBC, TfL Networks, M&S and VW.”

Electronic tagging

(but it’s alright now)

A Ministry of Justice spokeswoman said: “As the National Audit Office makes clear, there were challenges in the delivery of the electronic monitoring programme between 2010 and 2015…

“As a direct result, we fundamentally changed our approach in 2015, expanding and strengthening our commercial teams and bringing responsibility for oversight of the programme in-house.

“We are now in a strong position to continue improving confidence in the new service and providing better value for money for the taxpayer.”

Disability benefits

A spokesperson for the Department for Work and Pensions said, “Assessments work for the majority of people, with 83 per cent of ESA claimants and 76 per cent of PIP claimants telling us that they’re happy with their overall experience…”

Miners

A Capita spokesperson said: “This issue has been resolved and all members affected will shortly receive letters to advise that they do not need to take any action. We sincerely apologise for any concern and inconvenience this has caused.”

NHS

Opticians

Dentists

BBC licence fee

Windrush

Advertisements

Ministers told of major problem on Capita NHS contract more than a year later

By Tony Collins

Today’s Financial Times and other newspapers cover a National Audit Office report into GP clinical notes and correspondence, some of it urgent, that was not directed to the patient’s GP.

The correspondence was archived by Capita under its contract to provide GP support services. But patient notes were still “live”. They included patient invitation letters, treatment/diagnosis notes, test results and documents/referrals marked ‘urgent’.

What isn’t well reported is that ministers were left in the dark about the problems for more than a year. The National Audit Office does not blame anyone – its remit does not include questioning policy decisions – but its report is impressive in setting out of the facts.

Before NHS England outsourced GP support services to Capita in 2015, GPs practices sent correspondence for patients that were not registered at their practice to local primary care services centres, which would attempt to redirect the mail.

By the time Capita took over GP support services on 1 September 2015, GPs were supposed to “return to sender” any correspondence that was sent to them incorrectly – and not send it to primary care services centres that were now run, in part, by Capita.

But some GPs continued to send incorrectly-addressed correspondence to the primary care services centres. Capita’s contract did not require it to redirect clinical correspondence.

An unknown number of GP practices continued to send mail to the centres, expecting the centre’s staff to redirect it. A further complication was that Capita had “transformation” plans to cut costs by closing the primary care services support centres.

Capita made an inventory of all records at each site and shared this with NHS England. The inventories made reference to ‘clinical notes’ but at this point no one identified these notes as live clinical correspondence. Capita stored the correspondence in its archive.

In line with its contract, Capita did not forward the mail. It was not until May 2016 – eight months after Capita took over the primary care services centres – that Capita told a member of NHS England’s primary care support team that there was a problem with an unquantified accumulation of clinical notes.

It was a further five months before Capita formally reported the incident to NHS England. At that time Capita estimated that there was an accumulation of hundreds of thousands of clinical notes. When the National Audit Office questioned Capita on the matter, it replied that, with hindsight, it believes it could have reported the backlog sooner.

In November 2016, Capita and NHS England carried out initial checks on the reported backlog of 580,000 clinical notes. It wasn’t until December 2016 that ministers were informed of problems – more than a year after Capita took over the contract.

Even in December 2016 ministers were not fully informed. Information about a backlog of live clinical notes was within in a number of items in the quarterly ministerial reports. NHS England did not report the matter to the Department of Health until April 2017 – about two years after the problems began.

Even then, officials told ministers that clinical notes had been sampled and were considered “low clinical and patient risk”. But a later study by NHS England’s National Incident Team identified a backlog of 1,811 high priority patient notes such as documents deemed to be related to screening or urgent test results.

The National Audit Office says, “NHS England expects to know by March 2018 whether there has been any harm to patients as a result of the delay in redirecting correspondence. NHS England will investigate further where GPs have identified that there could be potential harm to patients. The review will be led by NHS England’s national clinical directors, with consultant level input where required.”

Last month Richard Vautrey, chairman of British Medical Association’s General Practitioners Committee, wrote to the NHS Chief Executive Simon Stevens criticising a lack of substantial improvement on Capita’s contract to run primary care service centres.

In December, the GP Committee surveyed practices and individual GPs on the Capita contract. The results showed a little improvement across all service lines, when compared to its previous survey in October 2016, but a “significant deterioration” in some services. Vautrey’s letter said,

“While any new organisation takes time to take over services effectively, the situation has gone from bad to worse since Capita took over the PCSE [Primary Care Support England] service almost two and a half years ago …

“This situation is completely unacceptable. As a result of the lack of improvement in the service delivery of PCSE we are now left with no option but to support practices and individual doctors in taking legal routes to seek resolution. While this is taking place, we believe it is imperative that NHS England conducts a transparent and comprehensive review of all policy, procedures and processes used by PCSE across each service line.”

Comment:

It’ll be clear to some who read the NAO report that the problems with urgent patient notes going astray or being put mistakenly into storage, stems from NHS England’s decision to outsource a complex range of GP support services without fully considering – or caring about – what could go wrong.

It’s not yet known if patients have come to harm. It’s clear, though, that patients have been caught in the middle of a major administrative blunder that has complex causes and for which nobody in particular can be held responsible.

That ministers learned of a major failure on a public sector outsourcing deal over a year after live patient notes began to be archived is not surprising.

About four million civil and public servants have strict rules governing confidentiality. There are no requirements for civil and public service openness except when it comes to the Freedom of Information Act which many officials can – and do – easily circumvent.

Even today, the fourth year of Capita’s contract to run GP support services, the implications for patients of what has gone wrong are not yet fully known or understood.

It’s a familiar story: a public sector blunder for which nobody will take responsibility, for which nobody in particular seems to care about, and for which the preoccupation of officialdom will be to continue playing down the implications or not say anything at all.

Why would they be open when there is no effective requirement for it? It’s a truism that serious problems cannot be fixed until they are admitted. In the public sector, serious problems on large IT-related contracts are not usually fixed until the seriousness of the problems can no longer be denied.

For hundreds of years UK governments have struggled to reconcile a theoretical desire for openness with an instinctive and institutional need to hide mistakes. Nothing is likely to change now.

National Audit Office report – Investigation into clinical correspondence handling in the NHS.

Capita under fire again over GP support contract – but NHS England praises “improvements”

By Tony Collins

Hundreds of trainee GPs have not received their salaries from Capita, which is under contract to pay them, reports The Guardian.

Some of the trainees have applied for emergency funds from The Cameron Fund, a charity for the prevention of hardship among GPs and their dependents.

Capita administers training grants for GPs under its wide-ranging £1bn contract with NHS England to provide primary care services.

In November 2016 the then Health minister Nicola Blackwood described failings on Capita’s GP support contract as “entirely unacceptable”. 

She said Capita had inadequately prepared for delivering a “complex transition”.

In response,  Capita said it adding the full-time equivalent of 500 extra staff on the contract.

But in February 2017, after continuing complaints,  the Health Secretary Jeremy Hunt said he would be prepared to end Capita’s contract if necessary.

Since then, though, NHS England has praised “improvements” in the contract, according to Pulse.

Yesterday The Guardian reported extracts from a letter the British Medical Association sent to NHS England on 30 October 2017.

It said some GP practices were “having to pay trainees out of already overstretched practice budgets, or trainees are going months without being paid if the practice cannot cover the shortfall”.

Capita confirmed it had outstanding payments to some trainee GPs but was unable to say how many it is responsible for paying, or how many it has not paid.

It said that it had not received all the information it needed to pay salaries from the relevant employers. A Capita spokesperson told The Guardian that the problems were an inevitable part of “a major transformation project to modernise a localised and unstandardised service”.

It added: “We have made significant investment to deliver improvements and these have been recognised by NHS England and demonstrated through improved service performance and improved customer satisfaction.”

The Cameron Fund’s treasurer Dr David Wrigley described the outsourcing of GP support services as a “botched privatisation”.

“NHS England has commissioned out what was a very efficient service run within the NHS, and now Capita runs this contract in what I’d call another botched privatisation.”

One trainee GP went unpaid two consecutive months.  At the end of October she posted on a private message board for GPs: “Anyone know of how I access hardship funds (quickly) to feed children/pay nursery/mortgage (quickly)?”

Her surgery gave her a loan last month to tide her over but did not have enough surplus funds to do the same thing again.

She said that in the last 24 hours partners have stepped forward and have all taken a pay cut to provide a loan “to get me through the month as they were worried about my family”.

An NHS England spokesperson said it was “holding Capita’s feet to the fire on needed improvements”.

It added: “In the meantime, the lead employer for Health Education England or the GP practice are responsible for paying their GP trainee salaries and are subsequently reimbursed for this. Backlogs are being prioritised by Capita.”

The BMA’s letter to the NHS chief executive Simon Stevens criticises Capita.

“We are disappointed at the lack of progress that has been made … These issues have been ongoing since NHS England commissioned Capita … and it is unacceptable that more progress has not been made to getting these resolved …

Wrigley wants the House of Commons’ public accounts committee to investigate the contract.

“NHS England have known about this for a while and the BMA has been putting constant pressure on, and it’s all promises that it’ll get better but it doesn’t.”

New systems for cervical screening and GP payments and pensions that are also contracted out to Capita are due to go live next July. The BMA has told NHS England that it has “no confidence” in Capita’s ability to deliver the services.

Comment

It’s possible to have some sympathy for Capita which has the daunting task of trying to standardize a wide range of systems for supporting disparate GP support services.

But, as Campiagn4Change has reported many times on Barnet Council’s Capita outsourcing contract, it can be difficult if not impossible to make huge savings in the cost of running services (£40m in the case of the GP support contract), deliver an IT-based transformation based on new investment and provide a healthy profit for the supplier’s shareholders while at the same time making internal efficiency savings.

Capita’s share price is relatively low and under continuing pressure but is holding up reasonably well given the company’s varied problems.

Still, we wonder whether the company can afford to put large sums into sorting out problems on the GP support contract, at Barnet Council and on other well-publicised contracts?

The MoD has ended a Capita contract early, the company faces litigation from the Co-op and its staff are staging nine days of strikes over pensions.

Who’s to blame?

If anyone is to blame in this NHS saga it is NHS England for not fully understanding the scale and complexity of the challenges when it outsourced to Capita.

The first rule of outsourcing is: Don’t outsource a problem.

Doctors warned NHS England against signing the contract. Under financial pressure to do so – it needed the promised savings  – NHS England’s public servants signed the deal.

Those public servants will not be held accountable for their decision. In which case, what’s to stop public and civil servants making the wrong decisions time and again?

Two further questions:

Is NHS England too close to Capita to see the faults?

Do public servants have a vested interest in not criticising their outsourcing suppliers, in case opprobrium falls on both parties? 

Thank you to Zara Pradyer for drawing my attention to the Guardian article.

Hundreds of trainee GPs facing hardship as outsourcing firm Capita fails to pay – The Guardian.

 

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Capita said to owe thousands to pharmacies

By Tony Collins

Capita owes some pharmacy owners thousands of pounds, according to Chemist+Druggist.

One pharmacist Salim Jetha of Lewis Grove Pharmacy in Lewisham told Chemist+Druggist he had emailed Capita in February but it “bounced back because the inbox was full”. He said that if emails are unanswered and there is no phone number to ring “what are you supposed to do?”

Under its Primary Care Support Services contract with NHS England, Capita is due, among other obligations, to reimburse some of the costs of pharmacy trainees. The trainees are termed “pre-registration” pharmacists because they have not yet passed a General Pharmaceutical Council assessment.

Pharmacy owners can apply for an annual grant from NHS England for up to £18,440 for every pre-registration trainee taken on.

Capita took on responsibility for delivering NHS England’s primary care support services in September 2015, including overseeing the pharmacy training grants.

In response to the article, Capita spokesperson said it is aware of “some isolated issues” and that all claims that meet “the required checks” have been backdated, as will any further claims.

The spokesperson said that one of the “key improvements” under Capita has been the introduction of a centralised process for dealing with primary care.

The old system was localised, meaning grant claims “came in from various sources on an ad hoc and irregular basis”.

Chemist+Druggist article

Jeremy Hunt is prepared to end Capita’s NHS contract if necessary

 

is London Ambulance Service’s back-up system “public endurance”?

By Tony Collins

In November 2016 London Ambulance Service had its busiest week for seriously ill and injured incidents in the history of the Service.

“The Service is …expecting demand to increase even further throughout December,” said London Ambulance Service at the time.

A few weeks later, on one of the busiest nights of the year, the systems went down, from 12.30am to 5.15am on 1 January 2017. The result was that 999 calls were logged  by pen and paper.

When systems are working normally  an incoming 999 call displays the address registered to that number – if the address is registered.  The London Ambulance operator confirms the location, assesses the severity and an ambulance can be despatched within seconds, with the address on its screen and a satnav pointing the way, according to a comment on The Register.

Pen and paper takes longer because the address and other details need to be given over a radio, which can take minutes.

But pen and paper is the London Ambulance Service’s back-up for IT failures.  Whether it can cope with unprecedented demand – or with a major incident in London – is in doubt.

A former London Ambulance Service paramedic told the BBC there had been waits of an hour for ambulances on 1 January 2017. He said call handlers had been “amazingly helpful”, but it was “easy to become overwhelmed especially in the midst of high call volumes”.

London Ambulance Service declined to answer any questions on its latest system failure.

Malcolm Alexander of the Patients’ Forum for the London Ambulance Service said: “We want to know why it is that this system that cost so much money and is supposed to be so effective is not fail-safe.”

He added: “If this system fails at a time when there is huge pressure in the system, for example if there was a major disaster or a terrorist attack, we are going to be in trouble. We really need to make sure it doesn’t collapse again.”

1992

A report into the collapse of London Ambulance Service systems found that they had had failed for many reasons. The Service had taken a “high-risk” IT approach and did not test systems thoroughly before putting them into service.

(Some may question how much has been learned since then.)

2006

In 2006 the London Ambulance Service systems crashed nine times in a fortnight. Each time staff reverted to pen and paper.

2008

In 2008, when systems failed,  repairs took 12 hours. Again the Service reverted to pen and paper.

2011

In June 2011 an IT upgrade caused the system to go down for about three and half hours. Pen and paper was again the back-up “system”. At the time the London Ambulance Service was upgrading the Commandpoint system, supplied by Northrop Grunman, which the Service deployed in 2010 and still uses.

2013

In 2013 on Christmas Day and Boxing Day the systems went down for separate reasons for several hours each day, with staff reverting to pen and paper.

2015

The Chief Inspector of Hospitals, Mike Richards, recommended that the London Ambulance Service be placed into special measures.

He said at the time,

“The Trust has been performing poorly on response times since March 2014. This is a very serious problem, which the trust clearly isn’t able to address alone, and which needs action to put right.”

Comment

It’s becoming the norm for parts of the public sector to regard the public as captive customers when it comes to going live with new IT or upgraded software.

Rather than test new systems, procedures and upgrades thoroughly before introducing them, some parts of the public sectors are going live with a “let’s see what happens and fix things then” approach.

This has become the semi-official approach to the introduction of Universal Credit – with long delays in payments for some claimants.

Within the NHS, at some hospitals introducing new patient record systems, there has been an internal acceptance that patients may suffer from delays,  perhaps with tragic consequences, at least for three year-old Samuel Starr.

The NHS e-referral service was launched with nine pages of known problems.  And when NHS England launched a streamlined GP support service with Capita, officials knew of the possible problems. But it launched anyway.

After the London Ambulance Service’s IT failure on New Year’s Day, it’s clear that many emergency workers did their best to give a normal 999 service. St John’s Ambulance helped.

But to what extent does senior management at the London Ambulance Service have a “stuff happens” mindset when IT goes seriously wrong?

There’s no individual accountability and no commercial imperative to learn lessons from any of the failures.

And there’s no fervent business or political will to ensure the same or similar mistakes don’t recur.

Every time systems fail, the London Ambulance Service promises an investigation. But where are the results published so that lessons can be learned?

Pen and paper is tried and tested. But demands on the London Ambulance Service are much greater than in the past.

With an unprecedented demand for its services how is it London Ambulance Service’s senior management can comfortably rely on pen and paper as its back-up system?

It can – if nobody in power requires an earnest answer to the question.

Another wider question is whether it’s acceptable to use the public as guinea pigs for new or upgraded IT, with potentially serious or even tragic consequences.

London Ambulance Service suffers New Year’s crash – Computer Weekly

London Ambulance Service hit by new year fault – BBC online

 

 

MPs to debate Capita NHS contract today

By Tony Collins

In the House of Commons today MPs will debate the Capita Primary Care Support Services contract.

It has been secured by Coventry North West MP Geoffrey Robinson, who wants GPs to be compensated for the failures arising from the outsourcing contract.

The debate comes a day after the BBC reported that “more than 9,000 patients’ records in Norfolk, Suffolk and Essex have gone missing” since Capita took on the task of transferring files.

As part of its contract Capita took on the job of transferring patients’ records, when people move from one GP to another.

A BBC survey of 78 GP practices showed that 9,009 records had been missing for more than two months.

Capita told the BBC it did not “recognise these claims”.

An NHS England spokesman said, “We know there have been serious issues with services delivered by Capita which have had an unacceptable impact on practices. We are ensuring Capita takes urgent steps to improve services.”

Patients “at risk”

Paul Conroy, a practice manager in Essex, has started a House of Commons petition on the delays, which has been signed by more than 3,000 people. It calls for an inquiry into the Capita contract and the impact it has had on GP practices.

“GPs rely on that full medical history in order to make key clinical decisions on patient care,” he said.

“If they can’t get hold of that physical record there could be vital information there could be vital information that puts a patient at risk.”

James Dillon, director of Practice Index – an organisation bringing together practice managers – told the BBC,

“GP practices are getting more and more frustrated by the missing patient records.

“Not only is this debacle putting the health of their patients at risk, it is putting added pressure on already stretched practices.”

In a statement, Capita said it had taken on the “challenging initiative” to streamline GP support services and there had been “teething problems”.

“[But] medical records are now being delivered securely up to three times faster than under the previous system,” it said.

“We do not recognise these claims regarding thousands of files being missing whatsoever.

“We request and move on average 100,000 files a week from multiple sites including GP surgeries and also third party run storage facilities which are contracted and managed by NHS England.”

GP magazine Pulse quoted MP Geoffrey Robinson as saying that the secretary of state should intervene directly “as this is extremely dangerous”. Robinson said that some medical records are not being delivered at all, or delivered late or delivered to the wrong practices.

Dr Richard Vautrey, deputy chairman of the British Medical Association’s GP Committee said that the problems arising from the outsourcing contract “are directly impacting on the ability of many GPs to provide safe, effective care to their patients in the area”.

He said, “They are in some cases being left without the essential information they need to know about a new patient and the tools to treat them.”

In August 2016, NHS England published the results of a User Satisfaction Survey of primary care support services over the previous six months. Only 21% of GPs were satisfied with the outsourced service, giving it an average overall score of 2.91 out of 10.

Lunacy?

An anonymous GP told Pulse how the problems are affecting him. He refers to the “performers list” that assures the public that GPs are suitably qualified, have up to date training, have appropriate English language skills and have passed other relevant checks such as with the Disclosure and Barring Service and the NHS Litigation Authority.

Said the GP,

“I moved 12 months ago and still haven’t been able to transfer performers list. I am 6 months late for my appraisal and unemployable except for my current salaried job as a result.

” It would have been easier to emigrate. The department responsible for the performers list at Capita is uncontactable except via a national email that isn’t responded to and a phone line that isn’t able to put you through to anyone.

“… As it is it’s virtually impossible to move region if you a UK GP. I am basically a slave bonded to a geographical region, forbidden to move house and work anywhere else other than short periods. Totally at the mercy of a faceless uninterested bureaucracy incapable of helping. Lunacy and utterly depressing. Why the hell did I become a GP? I curse the day.”

“I urgently need my medical records”

A patient who wrote to Campaign4Change said,

“My medical records were requested at the beginning of June 2016 when I changed to another health centre about 2 miles away.

“[I] phoned Capita today and was told there was no record of this request and to get my solicitor to contact them. Then they put the phone down. I don’t have and cannot afford a solicitor.

“I urgently need my medical records with my new doctor and am feeling helpless and extremely stressed by this.”

Pulse magazine reported yesterday (7 November 2016) the results of a snapshot survey of 281 GP practices carried out by the BMA’s GP Committee. It found:

  • 31% of practices had received incorrect patient records;
  • 28% failed to receive or have records collected from them on the date agreed with Capita;
  • 58% reported that new patient registrations were not processed within the required three days.
  • 81% of urgent requests for records were not actioned within three weeks.

GP practices also noted a reduction in the number of incorrect payments and fewer delays in registrations of the “performers list”.

Comment

It would be a pity if MPs today, in criticising Capita, lost sight of the bigger picture: how such outsourcing deals are considered and awarded.

The root of the problem is that before the contract is awarded officials concentrate their attention on the minutiae of the benefits: exactly how much will be saved, and how this will be achieved.

Pervading the pre-contract literature and discussions are the projected savings. This is understandable but wrong.

It’s understandable because it’s the projected savings that justify the sometimes-exciting time and effort that go into the pre-contract negotiations and discussions.

Large amounts of money are at stake. For officials, the pre-contract work can be a euphoric time – certainly more interesting than the day-to-day routine.

But what happens to negotiation and discussion of risk?

Risk is a table or two at the back of the reports. It’s a dry, uninspiring vaguely technical and points-scoring analysis of the likelihood of adverse events and the seriousness of the consequences materialising.

Sometimes the most serious risks are highlighted in red. But there’s always a juxtaposed “mitigation” strategy that appears to reassure. Indeed it appears to cancel out any reason for concern.

Risk is mentioned at the back of the internal pre-contract because it’s a cultural anathema. It’s the equivalent of visits by Building Regulations inspectors at a theme park under construction.

Who wants to talk about risk when a contract worth hundreds of millions of pounds is about to be awarded?

A bold official may dare to point out the horror stories arising from previous outsourcing contracts. That hapless individual will then be perceived by the outsourcing advisory group to have a cloud over his or her head. Not one of us.

And the horror stories will be dismissed by the officer group as the media getting it wrong as usual. The horror stories, it will be explained, were in fact successes.

Even when big public sector outsourcing deals end in a legal action between the main parties, officials and the supplier will later talk – without explanation or detail or audited accounts –  of the contract’s savings and overall success.

We’re seeing this on the Southwest One outsourcing/joint venture contract.

No doubt some will claim the GP contract support contract is a success. They’ll describe problems as teething. Marginalise them. And later, when it comes to the awarding of future contracts, supporters of the GP outsourcing contract will be believed over the critics.

And so the cycle of pre-contract outsourcing euphoria and post-contract rows over failure will be repeated indefinitely.

It would be of more use if MPs today debated the role of NHS England in the award of the GP support contract.

Blaming Capita will do little good. The supplier will face some minor financial penalties and will continue to receive what it is contractually due.

Countless National Audit Office reports show how contracts between the public and private sectors, when it comes to the crunch, strongly protect the supplier’s interests. The public sector doesn’t usually have a leg to stand on.

A focus today on Capita would be a missed opportunity to do some lasting good.

NHS England letter on Capita contract – September 2016

Capita NHS contract under scrutiny after “teething” problems – June 2016

GPs decry Capita’s privatised services as shambles – The Guardian

Did NHS England consider us in the Capita take-over?

NHS England vows to hold Capita to account

Capita mistakenly flags up to 15% of GP practice patients for removal  

Capita primary care support service performance “unacceptable”

 

 

 

“Teething” problems on Capita’s NHS contract turn more serious

By Tony Collins

capitaA senior official at NHS England has said that problems on a contract to outsource GP support services to Capita have “put patients at risk”, according to GPs magazine Pulse.

In June 2016 NHS England said problems on Capita’s £330m seven-year contract to provide primary care support services to GPs were “teething”.

The contract started in September 2015.

Directors at NHS England’s September board meeting said that problems with Primary Care Support England had ‘escalated’ this summer and that the problems were ‘creating some risks for patients’.

Karen Wheeler, NHS England’s national director for transformation and corporate operations, is reported by Pulse to have told the board,

“I just want to recognise that obviously this has impacts for users, which include of course primary care contractors – GPs, ophthalmic and dental practitioners – and recognise that that’s difficult for all those users, and indeed creating some risks for patients as well.

“So we are doing everything we can to make sure that we escalate, and address the risks particularly for patients, and we will be communicating with practitioners how we are planning on, with Capita, to try to improve services as quickly as possible.”

Problems include undelivered patient notes, which has led to GP practices chasing records. There have also been delays in GP payments and clinical supplies.

Angry GPs

NHS England’s chairman Professor Malcom Grant has angered some GPs by praising NHS England’s directors, and their teams, for the “huge amount of work” they have put in “trying to ensure people aren’t harmed by this at all.”

Pulse quotes Professor Grant as saying,  “As you know the board takes this extremely gravely. When we say unacceptable, we mean unacceptable. I think we need to pay tribute to you [Karen Wheeler] and the team for the huge amount of work that has gone into trying to ensure that people aren’t harmed by this at all.”

A Capita spokesperson told Pulse: ‘Across all PCSE [Primary Care Support England] services our focus is to ensure that GPs and primary care providers are supported so they can concentrate on patient care.

“We fully recognise that the administrative services we provide play a key role in supporting primary care providers and ensure that urgent work is always treated as a priority.

“We have openly apologised for the level and varied quality of service we have provided across a number of PCSE services. As NHS England acknowledges, we are working very closely with them, supported by their subject matter experts, to implement step changes to improve current services.”

Responses to the article on Pulse’s website criticised NHS England’s chairman for praising his officials when it was NHS England that had made the decision in the first place to outsource GP support services.

One comment: “Apologies aren’t worth anything currently. We are struggling at [GP] practice level and NHSE [NHS England] don’t give a damn.”

Another said, “So ‘hubs’ and combining ‘back office’ functions not always the cost saving, efficiency panacea then… Let’s hope we learn the lessons and value our ‘back office functions’ more highly.”

An anonymous NHS manager said the decision to outsource to Capita had been taken “behind closed doors, without any meaningful staff consultation and with zero knowledge of what primary care support services actually do”.

The manager added,  “NHS England is part of the problem. It’s about time they were held to account.”

Capita’s share price is currently less than half its 52-week high, for a range of reasons.

%d bloggers like this: