Written evidence from HSC Oxford|
The UK NHS and Social Care aim to be the envy of
global care systems. That requires the best in-service
informatics [for definition of informatics see endnote 2]
The DoH IT-driven losses recently calculate to be
£3.7 billion3 and rising. To that can be added
the unquantified costs of poor information architecture design,4
poor Social Care informatics, inadequate connectivity and unquantified
losses to patients and families.
Current work of the PAC and NAO shows
that, as a nation, we have significant care IT failures. Analysis
of NHS-IT systems by the PAC reveals rising opportunity
cost, rising care delivery cost, cost-discrepancies and other
associated financial costs of poor NHS informatics.
This Summary adds further context to the PAC
discussion. The purpose is threefold:
First, this Response
shows that the current DoH/NHS informatics trajectory has roots
two decades ago. How did the trajectory avoid scrutiny and keep
growing with large-scale IT-based losses of opportunity, time
and funds? For the future, a forward plan built on that trajectory
carries the promise of an extremely negative outcome.
Second, this Response
independently confirms the work of the PAC Session regarding
NHS-IT. It puts into the medical IT context additional findings
that experience shows are important.
Third, this Response
reaches conclusions that confirm, in the national interest, it
is essential the Government takes forwards this work of the PAC.
The PAC has struck a deep seam. Health Ministers
and MPs have publicly recognised that NHS health informatics is
marked by years of failure. For example, the then Health Secretary
points out in his foreword to the Burns Report [Information for
Health ISBN 0 95327190 2]: "Up to now the use of IT in the
NHS has not been a success story. Far from it. Lots of money has
We have analysed the reasons why previous Health
Ministers have been unable to build on the work of independent
experts and PAC to achieve the improvements they desired. That
analysis identified the goals in paragraph 3, below.
In a care system with increasing choices and care
quality measures, delivery of national uniform leading-edge
care with the best outcomes relies upon complicated information
flows, work flows, resource flows. To serve these variables with
an appropriate information architecture, it a priority to solve
lack of expert informatics leadership, large-scale waste of
funds, lack of service informatics as a unifying force, and
lack of a coherent informatics strategic direction. Three simultaneous
actions are necessary:
(a) Arrest the losses revealed by the current
(b) Reconstruct the contribution of informatics.
(c) Build a national strategic plan for optimising
informatics in health services, social services and community
To achieve these three actions requires an understanding
of why the issues were not identified and acted upon earlier.
To answer that question it is essential to start with the role
of the NAO.
THE NAO AND
ITS NHS-IT AUDITS
The NAO Audits of NHS-IT are vital to optimising
the interdependency in the NHS between care and expenditure, and
for overseeing value-for-money. The present-day outcome of the
care of each of millions of patients, and £billions of expenditure
has a primary dependency on the degree of success of the 2006
and 2008 National Audit Office (NAO) Audits/Reports
Health Ministers corresponding with us at the time
stated they were satisfied with the NAO Audits. But Health Ministers
of the time were unable to explain to us why they did not take
account of the unreliability we had found in the Audits.
An unreliable audit must be regarded as a failed
audit. Reliability of an Audit has a substructure with many components
whose significance must not be lost. For care purposes, the audit
must be verified and validated. The care environment in
which any audit-derived corrective measure will be applied also
needs to be well-understood, well-managed and accurately reported
as part of the audit and its verification.
The end-result of assembling a verified array of
component measures of an Audit, is a validated measure of reliability
or unreliability of an audit.
Failure to Validate the 2006 NAO Audit of the
The 2006 NAO Audit of NHS-IT was not Validated before
release to the Public. Whilst validating the published 2006 Report,
we identified serious failings in the 2006 NAO Audit of NHS-IT.
The failures we identified essentially negated the 2006 Audit
and rendered the Audit unreliable and unusable for forward NHS-IT
and service planning.
The 2006 Report showed that the Auditors themselves
believed that, upon publishing the 2006 NHS-IT Audit, their objectives
had been met. But in reality, the effect of making public an unverified
failed Audit was to set NHS service development and NHS-IT planning
as a whole on a decrementory course.
Failures in the 2006 Report and the need for urgent
remediation formed the subject of our private correspondence with
the then Auditor General. We had identified IT work in Hospitals
was causing serious clinical disruption. Our correspondence warned
that patients' lives could be lost because of missing fundamental
components of the IT.
To warn Ministers of the seriousness, an Oxford summary
briefing note put the failures into an NHS working context. We
identified a way of handling the complexity of the failures and
identified a feasible coherent management solution.
Validating the 2008 NAO Progress Report on the
In our private correspondence with the then Auditor
General and Ministers, we made the point that it was advisable
that a follow-on Audit or Report should follow publication of
the deficient NAO 2006 Audit as soon as possible.
Work in the NAO to produce a follow-on NAO NHS-IT
Audit started by first appointing a fresh NAO team of auditors.
The follow-on Audit Report appeared in May 2008 under a new Auditor
General. It is in two volumes. Vol I comprises the NAO findings;
Vol II contains the individual project progress reports.
In view of the serious shortcomings in the 2006 NHS-IT
Audit, the follow-on 2008 NHS-IT Audit had to function beyond
being a Progress Report and/or Value for Money Audit. The 2008
Audit should also audit NHS-IT in the NHS care context, starting
from the original plan of the DoH-IT Managers. In that way, the
Audit could chart the course of improvement or otherwise.
The 2008 Report needed to audit in the care context
because the NAO 2006 Audit had failed to reveal that the most
fundamental of all IT Programme components - the IT Requirements
Analysis - was missing.
At the outset of the NPfIT programme we had communicated
that fundamental flaw to DoH colleagues. The fact that this omission
had not been corrected several years later is most alarming.
Accordingly, we communicated to the then Auditor
General that reliance upon the NAO 2008 NHS-IT Audit/Progress
Report should be based upon validation against objectives.
This validation has never been presented publicly, leaving
in place serious technical issues and doubts about the 2008 Report.
Validating the 2011 NAO Progress Report on the
The DoH internal IT-subculture is highly relevant.
It will largely determine how the findings from a national-level
audit/progress report are applied. The problems revealed by the
current NAO analysis are beyond the solving capacity of current
DoH-IT management. That became self-evident at the PAC
Worsening of the IT issues raises fundamental questions
for the PAC about how reports from the PAC will
be acted upon in the current financial climate, and not lost sight
Some unsolved audit questions for the Public Accounts
This Summary reveals important unsolved questions
for the PAC, including:
did the previous Chief Medical Officer not raise concerns about
the drift of the IT work of DoH and its increasingly negative
impact and risk to patient services. We would have supported him
had he done so.
why did the previous and current Chief Executive of the NHS fail
to raise warnings about the IT?
with the IT position of DOH, that suggests the dynamics at the
top of DoH had not focussed on protecting patients, staff and
was the Health Secretary forced to apologise for IT failure managed
by DoH. It should be the job of the IT officials to guard against
was the National Audit Office barred from auditing the Requirements
Analysis which should have been presented by the IT officers in
DoH. This massive black hole in NPfIT would have been found. That
led to a flawed NAO report being taken by the IT Director General
as supportive of their progress.
During the discussions between the four witnesses
and the recent PAC1 Session,
the point was made by the NHS-IT witness that requirements had
been determined in 2008. Incredibly, this was several years after
the Programme had been implemented. PAC members asked questions
about different aspects of functionality. These too were poorly
answered by the witnesses. The witnesses called before the PAC
to be poor understanding of what functionality is in real-life.
The witnesses were not aware of the importance of a reference
base for care-related IT work.
This Submission provides a reference base for the
PAC from our own work. Summarised in Figure 1, below.
It is a model of locality functionality and modularity, based
on real-life anonymised care dataflows, workflows and organisational
Having real-life computable analysis of this type
is fundamental to safe production of care information systems.
Production systems can have their functionality discovered/improved/certificated
in a real-life environment without interfering with patient care.
This provides suppliers, patients and staff with a fail safe and
speedy route of live IT-system integration into the local environment.
Industry witnesses talked of a move from monolithic
to modular information systems as being suited to the NHS Project
(+ the implication that there will be further costs).
The first query is that
modular clinical information systems were being built in the 1980s
and should have been specified from the outset for the national
project by DoH. Figure 1 shows how modularity was analysed and
established with associated data flows and work flows. In the
late 1980's we were not only building modular architectures even
with the then available technology, but we had produced methods
for modular verification of the Structured Requirements Analysis.
We had developed the approach sufficiently that a working installation
was made at a Medical School. That is 20+ years ago.
Having not accepted our invitation to visit the site,
all the DoH IT Director General had to do was to ask us to help
The second query is that
at the PAC Session, the NHS Chief Executive spoke of the desirability
of having modules comprising patients admissions, discharges,
orders and communications, summary discharge, e-prescribing.
Inspection of Figure 1 shows that 20+ years ago these were functional
modules in our hands. We already the formal specification. Something
has gone seriously wrong inside DoH and with the Suppliers that
this modularity was not specified at the outset.
Even if a supplier or NPfIT director/manager has
not done a specific requirements analysis (as is the case), this
reference data route would have supplied a verified and patient-safe
functionality at the commencement of a project. Not several years
later down the project line (as has happened).
The PAC Session several times discussed Lorenzo
[Dutch in origin providing GPs with access to hospital information],
RiO [mental health and social care records system]
iSoft, records systems and communications.
None of the four witnesses we heard, described
their use of a fail-safe approach with these imported systems
to protect the NHS, patients, staff and minimise stress on locality
finances. The following comments in Table
1 show the importance of using fail-safe thinking and formal methods
in design and implementation of care IT.
COMMENTS ABOUT NHS IT FROM REAL USERS
|January 2008||I apologise that you have waited just to find your scan was not available and that you now have to make another appointment to see me.
|An hospital consultant to an outpatient whose image were lost by the new NHS IT system
|September 2008||Choose and Book completely failed to assist me. It is a waste of time for me and my GP. The old system is much better. Can we go back to that?
|A patient interviewed during work-up for orthopaedic surgery
|October 2008||This National NHS IT system is a waste of time and money.
|A busy GP|
|February 2009||A new NHS computerised n=medial records system at a London Hospital has been criticised by a hospital boss for causing "heartache and hard work". Staff were "incredibly disappointed" with the IT upgrade on trial at the hospital which put doctors and nurses under stress, had technical problems which could cost the trust £10 million and meant fewer patients could be seen
|Andrew Way, Chief Executive of London's Royal Free Hospital
NHS CARE INFORMATION
Essentially the PAC was asking whether a national information
architecture can be built from existing components. A functional
care information architecture4 is shown in the following
diagram taken from our own work:
Figure 2. (below) is an example from the HSC Pilot Site
Care Workflow architecture.
This is a real-life example of a working care information architecture
with the required functions. It shows that each individual, or
their carers, is at the centre of care. They drive their own care,
connected by on-line informatics through their unique care account
to any service.
Figure 2 shows that if the working components [eg the different
care provider information systems], connectivity, database and
interface design, are inadequate for the UK care system, a
top-class patient-oriented information architecture will never
THE PAC HAS
IT SKILLS ARE
The PAC unambiguously showed in the recent NPfIT session that
a cohort of care-informatics-expert staff is needed. The reality
reveals the starting point. Informatics failures over the years
are traceable to documents signed by NHS informatics managers,
NHS information managers, medical staff, non-medical staff, and
large IT contractors engaged with care informatics. Care informatics
failures demonstrate the need for credible in-post informatics
Such evidence involving diverse care professionals needs a
large-scale solution. The skills of NHS and Social Care staff
involved with informatics need to advance using two procedures:
regular informatics staff validation and independent
best-expert audit of the locality informatics workplans produced
by the staff. The latter is discussed in paragraphs 25-29.
Informatics staff validation benefits from part-time or
whole-time clinical and non-clinical informatics staff having
a professional informatics "home". Which they do not.
At first sight, medical and nursing royal colleges, computer societies,
industry partners for example, offer a usable heterogeneity of
"homes". But, such existing organisations are tainted
with large-scale, expensive, informatics failures and lack of
success4,5 to which their members contributed. The informatics
failures are of such large impact that this heterogeneity of "professional
homes" is presently not credibly usable.
There is a ready solution. Namely building care system
medical- and non-medical informatics staff validation under the
supervision of a previously informatics-non-participant organisation,
the General Medical Council. That overcomes the telling negative
criticisms about existing organisations and staff and builds a
validated clinical and non-clinical informatics skills pool, which
in due course will find its own professional "home".
Is it feasible to co-develop regular informatics staff validation
and independent best-expert audit of the informatics workplans
produced by informatics and other locality staff ? To answer this,
last year we studied in depth a sample large Foundation Health
Trust and its Local Council environment. Our conclusion is that
the Trust Clinical Services, associated Council Community Health
and Social Services, and the finances of all parties would materially
benefit. Extrapolating, our preliminary study suggests national
informatics staff validation + locality informatics workplan audit
is entirely feasible. Such a scheme introduces a progressive,
continuous cost-benefit multiplier across the NHS, Social Services
and Community Services. Essential in current times.
THE PAC HAS
Analysis of the failures of UK health and social care informatics
shows the need for a national optimal least-cost change strategy
with locality/community management having proven skills in care
informatics. Rather than the top-down arrangement that currently
To achieve that, locality-oriented skilled care informatics management
is required, overseen by a small national panel of our best care
informatics experts. A practical management scheme based on this
thinking is shown in Figures 3 and 4.
For example, the locality informatics leader initiates the locality
informatics requirements and implementation pathway. The pathway
starts with best-expert audit of current informatics systems and
services. That locality informatics audit scheme is shown in Figure
4. It is a one-day meeting with national / global experts who
verify the locality informatics team and their work, advising
changes where necessary.
The audit covers such topics as, formulation of locality informatics
objectives and requirements, software and hardware re-usability
plans, workplan verification with staff and patients. The audit
path flows to implementation, validation and training of staff
that provide and use the information.
Functional coordination of localities, essential for proper operation
of patient choice, rapid dissemination of information about care,
helping staff to relocate, and other patient- and staff related
factors, a specialist informatics expert Management Oversight
level is required. That is shown in Figure 3.
Conclusions from the PAC Session on NHS Informatics:
as currently used in the NHS is far from being an optimising force.
It is a cumulative resource drain on the UK general taxpayer
and suboptimal for the patient5 and delivery of
far a large resource, in the £billion, has been wasted on
ineffective informatics that would otherwise be available to care
bespoke informatics, health and social care will always
route to a successful information service architecture is lined
with two decades of prior failure in large scale medical IT in
the UK NHS. Paragraphs 13 and 17, below, emphasise the importance
of knowing causality.8
a discipline, NHS and Social Care informatics holds a Cinderella
reputation that needs to be reversed.
A 2008-09 predecessor study recognised that a bespoke
informatics building programme is required in NHS & Social
The PAC Session reveals there is no verified national
strategic plan of how informatics should be optimised
and managed in health services, social services, community
services and linked to other required services.
Figures 3 and 4 show how such an effective scheme can be assembled
with current resources.
Figure 4 also shows how Informatics skills will develop
in a locality, by the relationships with Colleges and Industry
[upper left hand corner of Figure 4].
The non-emergency gateway to care access and
care record access can be envisaged to be as simple as
management of a secure on-line web-based bank account. Achieving
that securely and confidentially, observing patients' rights,
in the health and social care system requires informatics at its
Protection of patients is paramount. Each patient/client
has a unique identity which is the basis of their care rights.
In an highly-connected informatics-based care system architecture,
informatics-based management of digital rights is critical. It
can minimise such fraudulent resource-consuming processes as health
tourism, identity borrowing and theft, prescription fraud.
The PAC's witnesses, from industry and the NHS, were
vague about the type of information architecture that would connect
the IT-sources and IT-sinks together. The workflow information
architecture has developed since the 1980's. In it, the individual
care record is held by a trusted third party organisation
as confidential in trust for the relevant individual and/or
a trusted third party caring for a seriously disabled individual.
To gain entry to their unique care record assembly, the
patient/carer satisfies the digital rights manager [electronic]
that he/she is the trusted owner of the unique Service Identity
under which the individual's record is held. They can access in
confidence their own care record at any time from anywhere.
A key question asked by the PAC was not answered
by the DoH witnesses. Namely, how is unique digital identity established
for access to the patient care record. In the best clinical practice
the rule is that care rights and care record rights
can only be uniquely accessed by the genetic owner of the biological
identity or a proxy authorised by the genetic owner of the identity.
In the case of severely disabled or unconscious patients, a proxy
for the genetic owner has to be nominated. That nomination process
has to have a legal status.
One of the NHS witnesses mentioned they had 800,000
access cards. Being an owner of an identity+security card is quite
inadequate. The witness failed to show how each card was incontrovertibly
linked to its correct biological owner and only that owner, how
the card would regulate access to the owner's record and other
owner attributes, and how the card would protect the owner in
a clinical emergency.
A practical aspect of that PAC question is: at what
place is each person's electronic identity first established with
their genetic identity so they may legitimately obtain services
on demand. It is known that in the NHS, document fraud, and hence
identity fraud [eg passport, birth- and other certificates, letters
of accreditation..] can result in large financial and service
losses to the care system.
Establishing and registering individual biological
identity for the care system may be best achieved with consistency
and reliability during registration in person at the primary care
(GPs) surgery. Informatics technologies exist to achieve that.
1 This Submission
is presented as a Working Paper of HSC [Health Systems Coordination].
Abbreviations are: PAC, Public Accounts Committee; NAO, National
Audit Office; This document links to the PAC DoH IT Session on
23 May 2011. Points raised by the PAC members and responses given
by the witnesses are from our verbatim copy of the Session Proceedings
and referred to throughout this document.
2 The term Informatics
is adopted in the EEC/EU from the Russian, informatika. It is
used in this Submission in its broadest sense. Care informatics
is information science and technology in care systems and care
organisations. Here, that includes health and social care, and
care includes prevention. The term patient is used in this working
paper in its broadest sense. That includes persons who receive
care from health or social entities. The importance of informatics
to all care systems was validated in multilingual work done by
the small EEC/EU planning team of nine experts [of which by invitation
HSC provided the UK medical member] who planned, implemented and
managed development of the EEC/EU care informatics programme through
successive Framework Programmes of the EEC/EU.
3 The cost of
poor NHS informatics has been calculated to be £3.7 billion
and rising. The studies characterised the NHS informatics-driven
overt loss, hidden losses, one-off and cumulative components.
The studies identified a multiplicity of failure factors, for
example: IT contract and management failures; failure to use the
correct project models; improperly populated project models; failure
to use competently skilled staff; specification and implementation
failures; lack of validated informatics standards; failure to
build on work already done; failure to verify requirements; lack
of competent professional validation for informatics staff. The
record shows instances of GPs and hospitals having to suspend
their work when large-scale informatics failures occurred.
4 In the NHS there
is missing a patient-oriented, informatics-driven Health and Social
Care Information Architecture. Such an architecture came to the
forefront by the work Evolution and Protection of the Care Record.
Nigel Harding, Angela Giles, Michael Graveney, 1992. An information
architecture is the integrated expression of information-based
formal methods, computable systems, connectivity, security and
timeliness that serve the patients and staff to provide the best,
safest and most efficient outcome of their requirements. Lack
of an architecture has large impact. For example in 1988, Harding
et al calculated that some 1,000 person years per year of NHS
outpatient clinics were wasted by inefficient information services.
5 Failure of care
informatics has a profound influence upon a care organisation.
The last entry of Table 1 shows in real-life how informatics failure
affects the morale of an entire hospital and diminishes its ability
to handle patients. Of major concern is that, behind such failures,
are several different clinical professional staff organisations
and computer organisations, who all accredited the IT installation.
In the care environment IT-based harm to patients occurs in a
spreading manner. Care-informatics-based damage spreads over time,
even after the original informatics fault has been corrected.
Recovering from such damage is an uphill task requiring skilled
planning, expert recovery management, retraining of the involved
personnel and devoted expert resources.
6 Summary CV of
the principal author.
Harding, Professor Nigel Graham Lionel. Health Systems Co-ordination,
70 Lime Walk, Oxford OX3 7AE. Comes from the East end of London.
Cambridge then Oxford. BA MB BChir Camb; DPhil Oxf. Univ. Oxf:
Radcliffe Prize Surg.; Univ. Oxf: Brian Johnson Prize Path. Univ
Oxf SERC/BHF Fell. Dept. Clin. Biochem. Hon. Cons. Biochem. John
Radcliffe Hosp. Oxf. Specialty: Biochem; Oncol; IT. Previously,
Sen. Lect. Dept. Path. Biochem. Univ. Glas; Mem. Staff Med. Research
Counc; Asst. Director of Research (Med. Research Counc.) Postgrad.
Med. Sch. Camb; Awards: Sir Henry Wellcome Fell. Med. Research
Counc. Dernham Fell. Amer. Cancer Soc; Invited expert UK medical
member EEC/EU team planning, implementing & evaluating transEU
programme for Care IT&Comms. Main publns: Clinical & molecular
biology of resistance to anticancer drugs; Care Information Technology;
Care workflow and Quality of Service.