Evidence submitted by Mr Tom Banks (EPR
1. This memorandum of evidence addresses
the intent and realisation to date of plans for the creation of
"detailed' patient record in electronic format both locally
and nationally. In particular it is intended to assist the Committee
in its deliberations upon:
What patient information will be
held on the new local and national electronic record systems,
including whether patients may prevent their personal data being
placed on systems.
Whether patient confidentiality can
be adequately protected.
Current progress on the development
of the NHS Care Records Service and the National Data Spine and
why delivery of the new systems is up to two years behind schedule.
as listed in the Terms of Reference for the inquiry.
2. This evidence statement asserts in relation
to the first bullet point (electronic record systems) that:
The intention to assemble patient
records in electronic format nationally (on what has been termed
the dataspine) was flawed from its inception and there is no evidence
that it can be attained with currently available technologies.
The creation of patient records in
useful electronic format at the "point of care delivery"
has been retarded rather than advanced by the activities of Connecting
Patients would be well advised to
be wary of permitting any electronic records to be deposited in
a national repository, for fear that the impact of erroneous data
could outweigh any potential benefits from "shared"
3. This evidence statement asserts in relation
to the patient confidentiality bullet point that:
Primary legislation will be required
to provide a degree of patient confidentiality sufficient to avoid
frequent referrals by patients to the UK and European Courts alleging
breaches of European "Data Protection' directives and increasing
amounts of patient litigation in relation to patient record accuracy
4. This evidence statement asserts in relation
to the last bullet point that the gap between delivery of service
and the timetable originally published has been caused by:
Failings in the original contracting
process deployed by the National Programme for IT.
In particular, the allocation of
"monopoly" concessions (franchises) to selected commercial
companies to deliver "local services" to NHS bodies.
The lack of appropriate authority
being contractually delegated to NHS Bodies with ultimate responsibility
for implementation of franchised monopoly concessionaires' services.
The decision of the then Secretary
of State for Health, Mr John Reid, in 2004 to include the NHS
Information Authority in his programme "winding up arms length
5. The opinion is expressed that there is
no evidence published to indicate that the "Care Records
Service" element of the National Programme could be delivered
in the next decade, and there exists technical evidence that the
original goals of the National Programme for IT are unattainable.
This memorandum therefore supports the representation previously
made to the Committee by the "Group of 23 Senior Academics
in Computing and Systems" that a detailed open technical
review of the Programme be commissioned, in a transparent manner
that will enable the resultant recommended actions to be progressed
in a climate of widespread acceptance and support.
I am a management consultant who specialises
in supporting the effective management of healthcare. I have worked
with the NHS in England, Wales and Scotland and with health and
social care in Hong Kong, Singapore, Norway and the USA. Between
1995 and 1997, I was seconded to the NHS Executive in Leeds where
I led the NHS Number project, a successful national IT based project
delivered fully in England and Wales. I have first hand experience
of the national programme for IT, through supporting trusts in
various parts of England to improve their NHS IT services often
despite the challenges thrown up by Connecting for Health.
I am a Fellow of the British Computer Society,
and a member of the Worshipful Company of Information Technologists
Medicines and Health Panel. I am also a member of the all party
Parliamentary IT Committee where I serve on the programme committee
assisting MPs and Peers with their liaison with healthcare bodies
and organisations. However, I offer this evidence in an entirely
What patient information will be held on the new
local and national electronic record systems, including whether
patients may prevent their personal data being placed on systems
6. Creating patient records in useful electronic
format at the "point of care delivery" is a substantial
challenge. In England, such records have been produced in GP practices
in a programme of nationally led activity that was well underway
as early as 1994. However, in very many GP practices, paper records
remain in common use adding detail to that held in electronic
format. In the trust sectoracute, mental health primary
care, etcan even greater percentage of those delivering
patient care depend upon patient detail recorded on paper.
7. Even in the United States, to which the
Department of Health frequently looks for inspirational new ideas,
the majority of clinicians utilise paper records to a greater
extent than electronic ones. In the last few weeks, the "Bush"
administration has again appealed to health maintenance organisations
and others to increase their use of electronic recording of patient
data. However, at the same time, the "Washington Post"
Blogs recorded evidence that details of weaknesses in electronic
patient records contributed to the Walter Reed Army Hospital scandal.
8. The attempt by the Department of Health
in England to produce both local and national electronic record
systems in the same Programme in essentially the same timescale
was hugely ambitious and recognised as such. The NHS Confederation
Briefing of August 2003 recorded as its opening paragraph:
"The largest investment programme in information
technology (IT) and building infrastructure in the NHS in England
is under way. The next three years will see an investment of £2.3
billion in IT. The IT changes being proposed are individually
technically feasible but they have not been integrated, so as
to provide comprehensive solutions, anywhere else in the world."
9. In the view of many informatics engineers
the Programme has been doomed from the start. Connecting for Health
has never been able to define and publish any detailed data architecture
that covered both the central patient record depository and the
10. There is broad acceptance that patient
records in electronic format should be produced and used locally.
The challenge of creating patient records in useful electronic
format at the "point of care delivery', although substantial,
is a challenge that in the various NHS Bodies have been willing
11. The controversial issue has been central
infrastructure item of the national patient data repository.
12. The Output Based Specification for the
National Programme for IT (OBS) requested that a national "personal
spine information service record" be produced for each patient.
This would include a record of all of the patient's healthcare
history in electronic format. Every NHS and social care organisation
nationwide would be able to share access to the patient's details
through this national record.
13. Perhaps the best published description
of the national patient record depository is contained in the
OBS in the section "Clinical Spine Application Service".
Appended to this evidence statement is a simplified diagrammatical
illustration of how it was envisaged that use of the Clinical
Spine Application Service by a clinician during a patient presentation
14. A calculation of the potential size
of such a record structure as indicated in the OBS will have been
made during the procurement process by several bidders. At least
one such calculation indicated that the proposed scheme was beyond
that realistically implementable on current technology. Further,
a calculation of the volume of messages that would need to be
supported if everyone in the NHS depended upon a central patient
data depository to support their patient consultations, also suggests
a performance demand well beyond the capability of current day
15. Connecting for Health has not published
any calculation details that it has made to demonstrate that the
scale of the implementation is technically achievable. The NASP
contract for the "spine" signed with BT is understood
never to have warranted that it could handle a fully detailed
central patient data depository and such volume of transaction
activity as a fully detailed central patient record system might
have presented to it.
16. The Group of 23 Senior Academics in
Computing and Systems have deployed their experience and expertise
to examine at a high level the technical basis for expecting the
National Programme to succeed. They have expressed considerable
concern that "success' may not be achievable and recommended
that a detailed open technical review of the Programme be commissioned,
in a transparent manner that will enable the recommended outcome
to be progressed in a climate of widespread acceptance and support.
17. The OBS contained target milestones
for the delivery and deployment of the national "Clinical
Spine Application Service". The 2004 and 2006 milestones
have both been missed. A revised simplified proposal for creating
embryonic shareable patient records on the "spine" has
been developed. This proposal is considered to be an ill-defined
18. The detail of what patient data items
would be held on the national spine has changed frequently and
only a "first step" "summary" is defined currently.
Clinicians are broadly agreed that the current "first step"
"summary" detail is of extremely limited value to them.
No timeline pathway has been published by Connecting for Health
to describe how and when these first steps will build to attain
the full, or even a useable, "Clinical Spine Application
19. One challenging question is the degree
to which clinicians should rely upon the data in their local records
when a patient presents or rely on the nationally held detail?
Which is the more likely to be correct and which should take precedent
when the details are not identical? The OBS included a few "rules'
that would assist in the governance of the data and in answering
some data precedence queries. But no data architecture model or
comprehensive precedence rule-set has been published that would
suggest that the alternatives have been carefully analysed.
20. In particular, the Department of Health
has not published any comprehensive guidance on who is accountable,
including from a litigation viewpoint, for clinical or other care
errors made through reliance upon national patient electronic
record data, which may be incorrect or incomplete or outdated.
21. Informed patients may be most reluctant
to allow any data allegedly related to them to be included in
a national depository for fear that misinformation could contain
more damaging risks than no information at all.
22. There is view that Connecting for Health,
by concentrating on the central infrastructure items of the "spine"
and the national patient data repository, has produced the result
of NHS Trusts being retarded rather than advanced in their development
of local electronic record systems.
23. In 2002, there were many instances throughout
England of NHS bodies engaged in acquiring systems to improve
their local electronic record management. Several of these bodies
had formed collaborative ventures to procure systems widely approved
by the local clinicians and IT professionals. Among these were
the Shires initiative in the South West and the Birmingham and
Black Country initiative. In May 2003, Government Computing announced
that both of these initiatives had been cancelled.
24. "Government Computing" reported
Martin Carter, a spokesperson for the Shires consortium, as saying,
it was "disappointing" that the Government had pulled
the plug at such a late stage. "Our project has been scrapped
but what we'll eventually see on the national programme will be
very much like the project we were trying to introduce",
he said. "It's a very big and complicated project but in
the end we will see an electronic patient record that will apply
to all sectors, all areas of health and social services. That
is the holy grail and we will see how it progresses."
25. The Boards of some Trusts refused to
"pull the plug on their procurement and implementation initiatives'.
For example in 1999-2000 I assisted trusts in East London to develop
a "Local Information Systems Strategy'. This strategy was
followed up by Newham University NHS Trust and Homerton University
NHS Trust. After careful consideration they decided collaboratively
to procure and implementing systems independently of the National
Programme. Ironically, the supplier they chose, Cerner Inc, was
initially shortlisted but not selected by NPfIT to support any
consortium, but has now been belatedly adopted by Connecting for
Health as a key system. By acting outside of the National Programme,
Newham and Homerton have the most advanced Cerner systems in the
26. Another example was University College
London Hospital, which successfully implemented the IDX Carecast
system under a contract that was independent of Connecting for
Health. This was some time before the first (and only) Connecting
for Health IDX Carecast implementation in London. Plymouth Hospitals
NHS Trust, although geographically in an IDX/Cerner region, installed
effective versions of the iSoft products and the "Plymouth"
or "Derriford" option was subsequently offered by Local
Service Providers to NHS Bodies in the Northern clusters. In summary
those NHS Bodies with Trust Boards resolute enough to exercise
their own judgement have made the better progress.
Whether patient confidentiality can be adequately
27. The Data Protection Act 1998 gives effect
in UK law to EC Directive 95/46/EC, and introduces eight data
protection principles that set out standards of information handling.
The term "health record' is defined by Section 68 of the
Act, and means any record which:
consists of information relating
to the physical or mental health or condition of an individual;
has been made by or on behalf of
a health professional in connection with the care of that individual.
The term "health professional" is
also defined by the Act.
28. There has long been tension in the NHS
regarding whether the practices for ensuring patient confidentiality
are complied with in a sufficiently disciplined manner to conform
with the Act and often a lack of clarity about who would be accountable
for any breaches. On 18 October 2001, Nigel Crisp wrote in his
"There has been widespread concern about
the need to comply with legal requirements and professional guidelines,
notably the need in certain circumstances to obtain patient consent
prior to disclosure and use of patient identifiable data. Whilst
it is clear that current NHS practice does not always meet required
standards, the NHS is dependent on information collected from
and about patients and the Department of Health policy is to encourage
and support the necessary improvements without disruption to important
NHS and related work. The General Medical Council, the Information
Commissioner, and many others, are working with the Department
to ensure that reasonable and managed progress is made but it
is clearly in no-one's interests for any aspect of health service
provision to be impaired. The Department of Health will shortly
publish a strategy document that will set out... new powers provided
under section 60 of the Health and Social Care Act 2001 that can
be used to support key uses of patient information where there
are particular concerns".
The Health and Social Care Act 2001 requires that
resulting regulations under section 60 of the Act to be laid under
affirmative process. It is understood that few such regulations
have been laid.
29. In May 2002, the then Information Commissioner,
Elizabeth France, published "USE AND DISCLOSURE OF HEALTH
DATAGuidance on the Application of the Data Protection
Act 1998". This 43 page document was the principal source
of guidance to NHS staff for several years. It is a document that
addresses practical issues related to the confidentiality of patient
data in a detailed clear manner.
30. In 2005 the Department of Health published
a "Care Record Guarantee", which it revised in 2006.
This "Care Record Guarantee", which is understood to
have no statutory basis, is increasingly being viewed by NHS staff
as a justification for ignoring the more detailed guidance contained
in USE AND DISCLOSURE OF HEALTH DATAGuidance on the Application
of the Data Protection Act 1998".
31. In January 2007, the current Information
Commissioner published a brief paper entitled "The Information
Commissioner's view of NHS Electronic Care Records". The
phrases included in this "leaflet" have been interpreted
by some as giving a seal of approval to whatever use Connecting
for Health wishes to make of data collected from or recorded about
patients. Others are confused as to the legal responsibilities
that continue to reside with data controllers, with staff who
created a patient record, with "Caldicott guardians",
with the Secretary of State and with unincorporated bodies such
as the Care Record Development Board or Connecting for Health,
when data is extracted without explicit data subject consent from
local depositories and then is misused subsequently.
32. NHS staff are aware that data often
referred to as "anonymous data" is often only pseudonymised
using reversible algorithms. Some staff therefore harbour concerns
that personal patient subject data that they may have recorded,
is subsequently used in the National Programme Secondary Uses
Service or by research bodies, and may expose them to litigation
33. During the last 12 months, misuse of
patient data in electronic format in the USA has become a major
cause for concern and even prompted articles in "Readers
Digest". The larger number of issues in practice have
not been caused externally, such as hacking by outsiders, but
rather have resulted from improper collaboration and/or malpractice
by staff legitimately allowed access to the computer system and
sometimes with a potential need to have access to a particular
34. It is asserted that the current framework
directing practice in the NHS in relation to patient confidentiality
is insufficiently clearly defined and that detailed statutory
regulations are needed to provide an appropriate base to enable
permitted data sharing by staff to occur free from the threat
of legal redress.
Current progress on the development of the NHS
Care Records Service and the National Data Spine and why delivery
of the new systems is up to 2 years behind schedule
35. In June 2002, Health Minister Lord Philip
Hunt announced the publication of "Delivering 21st Century
IT support across the NHS", a radical new national programme
for Information and Communication Technology in the NHS. He announced
improved management and implementation support including "franchise"
plans with funding agreed by the national IT programme director.
The concept of awarding franchises to external IT suppliers to
serve a defined geographic part of the country was new to the
NHS and progressed without having any good practice precedent
36. The inadequacy of the NPfIT franchise
procurement process has been a major contributory factor causing
the delay. Computer Weekly revealed in May 2004, that "only
five months after the deal was signed" it had "run into
contractual issues". Quoting from a leaked BT document, CW
reported the issues as arising from "detailed definition
of requirements and practical deployment not envisaged at the
Effective Date of the Agreement".
37. The reason that BT (and other franchised
LSPs) faced up to "detailed definition of requirements and
practical deployment not envisaged" is that after the contracts
were signed, the Contractors had to produce a substantial amount
of detail on an "agree to agree" basis. In different
contracts, post signature documents were said to be required for
"Service Level Specifications", Help Desk Interworking
Procedures', Detailed Annual Implementation Plans, Component System
Descriptions, Quality Plans, Disaster Recovery Plans, Module testing
plans and specifications, etc, etc.
38. The delivery details for the National
Data Spine contract had to be "reorganised and replaced"
as early as December 2004. The recent NAO report on the National
Programme recorded that the core care records element of the Accenture
contract was revised "into four releases" the last of
which was "13 months later that the original target date"
and that CSC customers could fare even worse with a "five
release" rescheduling, the last element of which would be
nearly two years late.
39. The delays have created the greatest
impact at the Trust level. It has been stated recently in a Committee
of Public Accounts Report that fourteen Trusts have asked for
contributions to costs incurred as a result of delays in the implementation
of the National Programme for IT.
40. In awarding its franchise contracts,
the Department of Health approved the use of particular software
products as being suitable for deployment at the Trust level,
but did not contract directly with the provider of the software
that was to be used. As a result, the Department has had no direct
leverage available to ensure that the software offered to Trusts
was suitable for use or would be delivered "on time".
41. In the three northern franchises, the
iSoft "Lorenzo" offering was selected from paper descriptions
of its intended scope and with minimal demonstrations of prototype
software elements. The first Lorenzo version to be available,
that may deliver certain key elements of the detail promised during
the procurement process, is known as version 3.5 and is understood
still not yet available from the development laboratories in India.
When "version 3.5 functionality" software is ready,
iSoft have indicated that they may evaluate it first in Germany
and Singapore. Neither of these two countries requires solutions
that closely mirror the NHS in England.
42. The two southern franchises proposed
software from an American company, IDX. The NPfIT version of IDX
has only been installed in one London hospital. Both southern
franchise holders (Fujitsu and the BT consortium) have now terminated
their relationship with IDX and propose to supply a product from
another American company Cerner.
43. This decision casts shadows over the
quality of analysis work undertaken by the NPfIT procurement team.
During the procurement the Cerner solution, which was included
in a shortlisted consortium, was examined and rejected. Apparently
it was considered to be less suitable than the other computer
software offerings. The once rejected Cerner is now the "great
hope" of Connecting for Health.
44. The implementations in the southern
clusters to date have confirmed what USA health organisations'
implementations have demonstrated: That it is difficult to "build'
and implement Cerner Millennium without very close interaction
between Trust IT and clinical staff and Cerner technicians in
Kansas. The LSP and Cluster team structure gets in the way of
that necessary very close interaction.
45. Another unique aspect of the National
Programme arrangements is that Trusts with the "responsibility"
for local implementation have no contractual agreement with either
Cerner or the franchised LSP. The original contracts between the
Secretary of State and the franchised LSP made provision for a
further tripartite contract to be agreed between the Secretary
of State, the franchised LSP and the Trust, known as an accession
contract. It does not appear that any such tripartite contracts
have been signed. This raises the question about the degree of
adherence to corporate governance and risk management present
in the current implementation activity.
46. Finally, members of the Committee may
wish to explore the degree to which NHS staff have been developed
and trained to ensure the success of this high risk venture. As
early as March 2004, Sir Christopher Bland, whose company was
said to have won the biggest contracts in its history to implement
key parts of the programme, said it will be a "real challenge"
to get the initiative to work. He said BT was excited by the challenge
but "somewhat frightened by the enormity and complexity of
it". At the same conference the Minister John Hutton said
it would be an "enormous challenge" to make a success
of the programme and it would be "foolish to ignore the risks".
47. In early 2002, Lord Hunt and Prof Sir
John Pattison commissioned a report entitled "Making Information
Count: A Human Resources Strategy for Health Informatics Professionals".
This project identified that the NHS contained some 20,000 health
informatics staff and one conclusion of the report was that "high
quality, credible, recognised education, training and development
are essential components to ensure the NHS has an effective Health
Informatics workforce now and for the future".
48. As a result the NHS Information Authority
sought tenders to develop and deliver a range of training that
would prepare NHS to work effectively with the LSP franchise staff
in ensuring local delivery of the Programme and awarded contracts
to three companies. The courses commissioned by the NHSIA included
such topics as "Gaining clinical commitment", "Managing
outsourcing contracts" "Delivering successful projects
with LSPs", "Managing NHS business change" and
"Developing health community cooperation". Some 500
NHS health informatics staff attended one or more of these courses
during 2003 and 2004.
49. In 2004, the then Secretary of State
for Health, Mr John Reid, included the NHS Information Authority
in his programme "winding up arms length bodies". As
a result the NHS Information Authority's programme of NHS staff
training was terminated. Details of the NHS staff development
activity are known to have been conveyed to NPfIT (as Connecting
for Health was then called) senior management but no decision
was made by NPfIT to continue the staff development courses. No
equivalent training has been made available from any other source.
50. The winding up of the NHS Information
Authority resulted in significant numbers of experienced NHS IT
staff either resigning, being made redundant or being offered
early retirement terms. NHS staff development and training was
just one of a number of valuable resource areas that ceased to
be available in the reorganised NPfIT.
51. The key recommendations in this memorandum
That the challenges presented by
the National Programme are fully recognised and the probability
that the original goal is unattainable is acknowledged, hence
that a detailed open technical review of the Programme be commissioned,
in a transparent manner that will enable the recommended outcome
to be progressed in a climate of widespread acceptance and support.
That the NHS concentrate upon implementing
electronic record systems at the point of care to build a foundation
of patient records in electronic format in care delivery institutions
and that work on the national electronic record system (the dataspine)
be suspended pending the completion of the recommended technical
review and the concept of a national patient electronic record
depository be reconsidered sometime in the next decade.
That the failure of the franchise
approach to implementing Information Systems in the NHS be recognised
and hence that Trusts should be both permitted and encouraged
to seek from outside the current franchisees, private sector partners
to assist in implementing electronic record systems who fit with
the Trust's ethos and possess the requisite complementary skills.
That NHS Trusts should contract directly
with the supplier of their IT service, or at least can adopt formal
governance responsibility as the senior party to a tripartite
That the substantial number of experienced
informatics professionals in the NHS have their skills updated
through the reintroduction of appropriate IT staff development
That the statutory and other rules
for permitted access to, and the management of, health records
be clarified through primary legislation on patient record confidentiality.
20 March 2007