The National Programme for IT in the NHS: an update on the delivery of detailed care records systems - Public Accounts Committee Contents

Written evidence from HSC Oxford


The UK NHS and Social Care aim to be the envy of global care systems. That requires the best in-service informatics [for definition of informatics see endnote 2]

The DoH IT-driven losses recently calculate to be £3.7 billion3 and rising. To that can be added the unquantified costs of poor information architecture design,4 poor Social Care informatics, inadequate connectivity and unquantified losses to patients and families.

Current work of the PAC and NAO shows that, as a nation, we have significant care IT failures. Analysis of NHS-IT systems by the PAC reveals rising opportunity cost, rising care delivery cost, cost-discrepancies and other associated financial costs of poor NHS informatics.

This Summary adds further context to the PAC discussion. The purpose is threefold:

First, this Response shows that the current DoH/NHS informatics trajectory has roots two decades ago. How did the trajectory avoid scrutiny and keep growing with large-scale IT-based losses of opportunity, time and funds? For the future, a forward plan built on that trajectory carries the promise of an extremely negative outcome.

Second, this Response independently confirms the work of the PAC Session regarding NHS-IT. It puts into the medical IT context additional findings that experience shows are important.

Third, this Response reaches conclusions that confirm, in the national interest, it is essential the Government takes forwards this work of the PAC.

The PAC has struck a deep seam. Health Ministers and MPs have publicly recognised that NHS health informatics is marked by years of failure. For example, the then Health Secretary points out in his foreword to the Burns Report [Information for Health ISBN 0 95327190 2]: "Up to now the use of IT in the NHS has not been a success story. Far from it. Lots of money has been wasted."

We have analysed the reasons why previous Health Ministers have been unable to build on the work of independent experts and PAC to achieve the improvements they desired. That analysis identified the goals in paragraph 3, below.

In a care system with increasing choices and care quality measures, delivery of national uniform leading-edge care with the best outcomes relies upon complicated information flows, work flows, resource flows. To serve these variables with an appropriate information architecture, it a priority to solve lack of expert informatics leadership, large-scale waste of funds, lack of service informatics as a unifying force, and lack of a coherent informatics strategic direction. Three simultaneous actions are necessary:

(a)  Arrest the losses revealed by the current PAC.5

(b)  Reconstruct the contribution of informatics.

(c)  Build a national strategic plan for optimising informatics in health services, social services and community services.

To achieve these three actions requires an understanding of why the issues were not identified and acted upon earlier. To answer that question it is essential to start with the role of the NAO.


The NAO Audits of NHS-IT are vital to optimising the interdependency in the NHS between care and expenditure, and for overseeing value-for-money. The present-day outcome of the care of each of millions of patients, and £billions of expenditure has a primary dependency on the degree of success of the 2006 and 2008 National Audit Office (NAO) Audits/Reports of NHS-IT.

Health Ministers corresponding with us at the time stated they were satisfied with the NAO Audits. But Health Ministers of the time were unable to explain to us why they did not take account of the unreliability we had found in the Audits.

An unreliable audit must be regarded as a failed audit. Reliability of an Audit has a substructure with many components whose significance must not be lost. For care purposes, the audit must be verified and validated. The care environment in which any audit-derived corrective measure will be applied also needs to be well-understood, well-managed and accurately reported as part of the audit and its verification.

The end-result of assembling a verified array of component measures of an Audit, is a validated measure of reliability or unreliability of an audit.

Failure to Validate the 2006 NAO Audit of the NHS-IT Programme

The 2006 NAO Audit of NHS-IT was not Validated before release to the Public. Whilst validating the published 2006 Report, we identified serious failings in the 2006 NAO Audit of NHS-IT. The failures we identified essentially negated the 2006 Audit and rendered the Audit unreliable and unusable for forward NHS-IT and service planning.

The 2006 Report showed that the Auditors themselves believed that, upon publishing the 2006 NHS-IT Audit, their objectives had been met. But in reality, the effect of making public an unverified failed Audit was to set NHS service development and NHS-IT planning as a whole on a decrementory course.

Failures in the 2006 Report and the need for urgent remediation formed the subject of our private correspondence with the then Auditor General. We had identified IT work in Hospitals was causing serious clinical disruption. Our correspondence warned that patients' lives could be lost because of missing fundamental components of the IT.

To warn Ministers of the seriousness, an Oxford summary briefing note put the failures into an NHS working context. We identified a way of handling the complexity of the failures and identified a feasible coherent management solution.

Validating the 2008 NAO Progress Report on the NHS-IT Programme

In our private correspondence with the then Auditor General and Ministers, we made the point that it was advisable that a follow-on Audit or Report should follow publication of the deficient NAO 2006 Audit as soon as possible.

Work in the NAO to produce a follow-on NAO NHS-IT Audit started by first appointing a fresh NAO team of auditors. The follow-on Audit Report appeared in May 2008 under a new Auditor General. It is in two volumes. Vol I comprises the NAO findings; Vol II contains the individual project progress reports.

In view of the serious shortcomings in the 2006 NHS-IT Audit, the follow-on 2008 NHS-IT Audit had to function beyond being a Progress Report and/or Value for Money Audit. The 2008 Audit should also audit NHS-IT in the NHS care context, starting from the original plan of the DoH-IT Managers. In that way, the Audit could chart the course of improvement or otherwise.

The 2008 Report needed to audit in the care context because the NAO 2006 Audit had failed to reveal that the most fundamental of all IT Programme components - the IT Requirements Analysis - was missing.

At the outset of the NPfIT programme we had communicated that fundamental flaw to DoH colleagues. The fact that this omission had not been corrected several years later is most alarming.

Accordingly, we communicated to the then Auditor General that reliance upon the NAO 2008 NHS-IT Audit/Progress Report should be based upon validation against objectives. This validation has never been presented publicly, leaving in place serious technical issues and doubts about the 2008 Report.

Validating the 2011 NAO Progress Report on the NHS-IT Programme

The DoH internal IT-subculture is highly relevant. It will largely determine how the findings from a national-level audit/progress report are applied. The problems revealed by the current NAO analysis are beyond the solving capacity of current DoH-IT management. That became self-evident at the PAC Session.

Worsening of the IT issues raises fundamental questions for the PAC about how reports from the PAC will be acted upon in the current financial climate, and not lost sight of.

Some unsolved audit questions for the Public Accounts Committee

This Summary reveals important unsolved questions for the PAC, including:

—  Why did the previous Chief Medical Officer not raise concerns about the drift of the IT work of DoH and its increasingly negative impact and risk to patient services. We would have supported him had he done so.

—  Likewise, why did the previous and current Chief Executive of the NHS fail to raise warnings about the IT?

—  Taken with the IT position of DOH, that suggests the dynamics at the top of DoH had not focussed on protecting patients, staff and public resources.

—  Why was the Health Secretary forced to apologise for IT failure managed by DoH. It should be the job of the IT officials to guard against such happenings.

—  Why was the National Audit Office barred from auditing the Requirements Analysis which should have been presented by the IT officers in DoH. This massive black hole in NPfIT would have been found. That led to a flawed NAO report being taken by the IT Director General as supportive of their progress.


During the discussions between the four witnesses and the recent PAC1 Session, the point was made by the NHS-IT witness that requirements had been determined in 2008. Incredibly, this was several years after the Programme had been implemented. PAC members asked questions about different aspects of functionality. These too were poorly answered by the witnesses. The witnesses called before the PAC to be poor understanding of what functionality is in real-life. The witnesses were not aware of the importance of a reference base for care-related IT work.

This Submission provides a reference base for the PAC from our own work. Summarised in Figure 1, below. It is a model of locality functionality and modularity, based on real-life anonymised care dataflows, workflows and organisational structures.

Having real-life computable analysis of this type is fundamental to safe production of care information systems. Production systems can have their functionality discovered/improved/certificated in a real-life environment without interfering with patient care. This provides suppliers, patients and staff with a fail safe and speedy route of live IT-system integration into the local environment.

Industry witnesses talked of a move from monolithic to modular information systems as being suited to the NHS Project (+ the implication that there will be further costs).

The first query is that modular clinical information systems were being built in the 1980s and should have been specified from the outset for the national project by DoH. Figure 1 shows how modularity was analysed and established with associated data flows and work flows. In the late 1980's we were not only building modular architectures even with the then available technology, but we had produced methods for modular verification of the Structured Requirements Analysis. We had developed the approach sufficiently that a working installation was made at a Medical School. That is 20+ years ago.

Having not accepted our invitation to visit the site, all the DoH IT Director General had to do was to ask us to help them.

The second query is that at the PAC Session, the NHS Chief Executive spoke of the desirability of having modules comprising patients admissions, discharges, orders and communications, summary discharge, e-prescribing. Inspection of Figure 1 shows that 20+ years ago these were functional modules in our hands. We already the formal specification. Something has gone seriously wrong inside DoH and with the Suppliers that this modularity was not specified at the outset.

Even if a supplier or NPfIT director/manager has not done a specific requirements analysis (as is the case), this reference data route would have supplied a verified and patient-safe functionality at the commencement of a project. Not several years later down the project line (as has happened).

The PAC Session several times discussed Lorenzo [Dutch in origin providing GPs with access to hospital information], RiO [mental health and social care records system] iSoft, records systems and communications.

None of the four witnesses we heard, described their use of a fail-safe approach with these imported systems to protect the NHS, patients, staff and minimise stress on locality finances. The following comments in Table 1 show the importance of using fail-safe thinking and formal methods in design and implementation of care IT.

Table 1

January 2008I apologise that you have waited just to find your scan was not available and that you now have to make another appointment to see me.
An hospital consultant to an outpatient whose image were lost by the new NHS IT system
September 2008Choose and Book completely failed to assist me. It is a waste of time for me and my GP. The old system is much better. Can we go back to that?
A patient interviewed during work-up for orthopaedic surgery
October 2008This National NHS IT system is a waste of time and money.
A busy GP
February 2009A new NHS computerised n=medial records system at a London Hospital has been criticised by a hospital boss for causing "heartache and hard work". Staff were "incredibly disappointed" with the IT upgrade on trial at the hospital which put doctors and nurses under stress, had technical problems which could cost the trust £10 million and meant fewer patients could be seen
Andrew Way, Chief Executive of London's Royal Free Hospital


Essentially the PAC was asking whether a national information architecture can be built from existing components. A functional care information architecture4 is shown in the following diagram taken from our own work:

Figure 2. (below) is an example from the HSC Pilot Site Care Workflow architecture.

This is a real-life example of a working care information architecture with the required functions. It shows that each individual, or their carers, is at the centre of care. They drive their own care, connected by on-line informatics through their unique care account to any service.

Figure 2 shows that if the working components [eg the different care provider information systems], connectivity, database and interface design, are inadequate for the UK care system, a top-class patient-oriented information architecture will never be achieved.


The PAC unambiguously showed in the recent NPfIT session that a cohort of care-informatics-expert staff is needed. The reality reveals the starting point. Informatics failures over the years are traceable to documents signed by NHS informatics managers, NHS information managers, medical staff, non-medical staff, and large IT contractors engaged with care informatics. Care informatics failures demonstrate the need for credible in-post informatics staff improvement.

Such evidence involving diverse care professionals needs a large-scale solution. The skills of NHS and Social Care staff involved with informatics need to advance using two procedures: regular informatics staff validation and independent best-expert audit of the locality informatics workplans produced by the staff. The latter is discussed in paragraphs 25-29.

Informatics staff validation benefits from part-time or whole-time clinical and non-clinical informatics staff having a professional informatics "home". Which they do not. At first sight, medical and nursing royal colleges, computer societies, industry partners for example, offer a usable heterogeneity of "homes". But, such existing organisations are tainted with large-scale, expensive, informatics failures and lack of success4,5 to which their members contributed. The informatics failures are of such large impact that this heterogeneity of "professional homes" is presently not credibly usable.

There is a ready solution. Namely building care system medical- and non-medical informatics staff validation under the supervision of a previously informatics-non-participant organisation, the General Medical Council. That overcomes the telling negative criticisms about existing organisations and staff and builds a validated clinical and non-clinical informatics skills pool, which in due course will find its own professional "home".

Is it feasible to co-develop regular informatics staff validation and independent best-expert audit of the informatics workplans produced by informatics and other locality staff ? To answer this, last year we studied in depth a sample large Foundation Health Trust and its Local Council environment. Our conclusion is that the Trust Clinical Services, associated Council Community Health and Social Services, and the finances of all parties would materially benefit. Extrapolating, our preliminary study suggests national informatics staff validation + locality informatics workplan audit is entirely feasible. Such a scheme introduces a progressive, continuous cost-benefit multiplier across the NHS, Social Services and Community Services. Essential in current times.


Analysis of the failures of UK health and social care informatics shows the need for a national optimal least-cost change strategy with locality/community management having proven skills in care informatics. Rather than the top-down arrangement that currently exists.

To achieve that, locality-oriented skilled care informatics management is required, overseen by a small national panel of our best care informatics experts. A practical management scheme based on this thinking is shown in Figures 3 and 4.

For example, the locality informatics leader initiates the locality informatics requirements and implementation pathway. The pathway starts with best-expert audit of current informatics systems and services. That locality informatics audit scheme is shown in Figure 4. It is a one-day meeting with national / global experts who verify the locality informatics team and their work, advising changes where necessary.

The audit covers such topics as, formulation of locality informatics objectives and requirements, software and hardware re-usability plans, workplan verification with staff and patients. The audit path flows to implementation, validation and training of staff that provide and use the information.

Functional coordination of localities, essential for proper operation of patient choice, rapid dissemination of information about care, helping staff to relocate, and other patient- and staff related factors, a specialist informatics expert Management Oversight level is required. That is shown in Figure 3.

Conclusions from the PAC Session on NHS Informatics:

—  Informatics as currently used in the NHS is far from being an optimising force. It is a cumulative resource drain on the UK general taxpayer and suboptimal for the patient5 and delivery of care.

—  Thus far a large resource, in the £billion, has been wasted on ineffective informatics that would otherwise be available to care providers.

—  Without bespoke informatics, health and social care will always be suboptimal.

—  The route to a successful information service architecture is lined with two decades of prior failure in large scale medical IT in the UK NHS. Paragraphs 13 and 17, below, emphasise the importance of knowing causality.8

—  As a discipline, NHS and Social Care informatics holds a Cinderella reputation that needs to be reversed.

A 2008-09 predecessor study recognised that a bespoke informatics building programme is required in NHS & Social Services.

The PAC Session reveals there is no verified national strategic plan of how informatics should be optimised and managed in health services, social services, community services and linked to other required services. Figures 3 and 4 show how such an effective scheme can be assembled with current resources.

Figure 4 also shows how Informatics skills will develop in a locality, by the relationships with Colleges and Industry [upper left hand corner of Figure 4].


The non-emergency gateway to care access and care record access can be envisaged to be as simple as management of a secure on-line web-based bank account. Achieving that securely and confidentially, observing patients' rights, in the health and social care system requires informatics at its best.

Protection of patients is paramount. Each patient/client has a unique identity which is the basis of their care rights. In an highly-connected informatics-based care system architecture, informatics-based management of digital rights is critical. It can minimise such fraudulent resource-consuming processes as health tourism, identity borrowing and theft, prescription fraud.

The PAC's witnesses, from industry and the NHS, were vague about the type of information architecture that would connect the IT-sources and IT-sinks together. The workflow information architecture has developed since the 1980's. In it, the individual care record is held by a trusted third party organisation as confidential in trust for the relevant individual and/or a trusted third party caring for a seriously disabled individual. To gain entry to their unique care record assembly, the patient/carer satisfies the digital rights manager [electronic] that he/she is the trusted owner of the unique Service Identity under which the individual's record is held. They can access in confidence their own care record at any time from anywhere.

A key question asked by the PAC was not answered by the DoH witnesses. Namely, how is unique digital identity established for access to the patient care record. In the best clinical practice the rule is that care rights and care record rights can only be uniquely accessed by the genetic owner of the biological identity or a proxy authorised by the genetic owner of the identity. In the case of severely disabled or unconscious patients, a proxy for the genetic owner has to be nominated. That nomination process has to have a legal status.

One of the NHS witnesses mentioned they had 800,000 access cards. Being an owner of an identity+security card is quite inadequate. The witness failed to show how each card was incontrovertibly linked to its correct biological owner and only that owner, how the card would regulate access to the owner's record and other owner attributes, and how the card would protect the owner in a clinical emergency.

A practical aspect of that PAC question is: at what place is each person's electronic identity first established with their genetic identity so they may legitimately obtain services on demand. It is known that in the NHS, document fraud, and hence identity fraud [eg passport, birth- and other certificates, letters of accreditation..] can result in large financial and service losses to the care system.

Establishing and registering individual biological identity for the care system may be best achieved with consistency and reliability during registration in person at the primary care (GPs) surgery. Informatics technologies exist to achieve that.


1  This Submission is presented as a Working Paper of HSC [Health Systems Coordination]. Abbreviations are: PAC, Public Accounts Committee; NAO, National Audit Office; This document links to the PAC DoH IT Session on 23 May 2011. Points raised by the PAC members and responses given by the witnesses are from our verbatim copy of the Session Proceedings and referred to throughout this document.

2  The term Informatics is adopted in the EEC/EU from the Russian, informatika. It is used in this Submission in its broadest sense. Care informatics is information science and technology in care systems and care organisations. Here, that includes health and social care, and care includes prevention. The term patient is used in this working paper in its broadest sense. That includes persons who receive care from health or social entities. The importance of informatics to all care systems was validated in multilingual work done by the small EEC/EU planning team of nine experts [of which by invitation HSC provided the UK medical member] who planned, implemented and managed development of the EEC/EU care informatics programme through successive Framework Programmes of the EEC/EU.

3  The cost of poor NHS informatics has been calculated to be £3.7 billion and rising. The studies characterised the NHS informatics-driven overt loss, hidden losses, one-off and cumulative components. The studies identified a multiplicity of failure factors, for example: IT contract and management failures; failure to use the correct project models; improperly populated project models; failure to use competently skilled staff; specification and implementation failures; lack of validated informatics standards; failure to build on work already done; failure to verify requirements; lack of competent professional validation for informatics staff. The record shows instances of GPs and hospitals having to suspend their work when large-scale informatics failures occurred.

4  In the NHS there is missing a patient-oriented, informatics-driven Health and Social Care Information Architecture. Such an architecture came to the forefront by the work Evolution and Protection of the Care Record. Nigel Harding, Angela Giles, Michael Graveney, 1992. An information architecture is the integrated expression of information-based formal methods, computable systems, connectivity, security and timeliness that serve the patients and staff to provide the best, safest and most efficient outcome of their requirements. Lack of an architecture has large impact. For example in 1988, Harding et al calculated that some 1,000 person years per year of NHS outpatient clinics were wasted by inefficient information services.

5  Failure of care informatics has a profound influence upon a care organisation. The last entry of Table 1 shows in real-life how informatics failure affects the morale of an entire hospital and diminishes its ability to handle patients. Of major concern is that, behind such failures, are several different clinical professional staff organisations and computer organisations, who all accredited the IT installation. In the care environment IT-based harm to patients occurs in a spreading manner. Care-informatics-based damage spreads over time, even after the original informatics fault has been corrected. Recovering from such damage is an uphill task requiring skilled planning, expert recovery management, retraining of the involved personnel and devoted expert resources.

6  Summary CV of the principal author.
Harding, Professor Nigel Graham Lionel. Health Systems Co-ordination, 70 Lime Walk, Oxford OX3 7AE. Comes from the East end of London. Cambridge then Oxford. BA MB BChir Camb; DPhil Oxf. Univ. Oxf: Radcliffe Prize Surg.; Univ. Oxf: Brian Johnson Prize Path. Univ Oxf SERC/BHF Fell. Dept. Clin. Biochem. Hon. Cons. Biochem. John Radcliffe Hosp. Oxf. Specialty: Biochem; Oncol; IT. Previously, Sen. Lect. Dept. Path. Biochem. Univ. Glas; Mem. Staff Med. Research Counc; Asst. Director of Research (Med. Research Counc.) Postgrad. Med. Sch. Camb; Awards: Sir Henry Wellcome Fell. Med. Research Counc. Dernham Fell. Amer. Cancer Soc; Invited expert UK medical member EEC/EU team planning, implementing & evaluating transEU programme for Care IT&Comms. Main publns: Clinical & molecular biology of resistance to anticancer drugs; Care Information Technology; Care workflow and Quality of Service.

previous page contents next page

© Parliamentary copyright 2011
Prepared 3 August 2011