The National Programme for IT in the NHS: an update on the delivery of detailed care records systems - Public Accounts Committee Contents


Written evidence from the Department of Health

SECTION 1—INTRODUCTION AND CONTEXT

Introduction

This document is a follow-up to the Public Accounts Committee (PAC) hearing on 23 May 2011 into the NHS National Programme for IT.

The structure of this document is as follows:

—  Section 2: notes requested by the PAC.

—  Section 3: responses to written questions received from Mr Richard Bacon on 19 May 2011.

—  Section 4: additional clarifying notes provided to the PAC.

—  Section 5: the Department's formal response to a letter sent to the PAC on 26 May 2011 by the Chairman of CSE Healthcare Systems.

Context

The National Audit Office (NAO) report entitled "The National Programme for IT in the NHS: an update on the delivery of detailed care record systems", was published on 18 May 2011. This report was not agreed by the Department.

The PAC hearing took place on 23 May 2011 to consider the NAO report. The PAC recognised that the majority of the National Programme had been delivered and the focus of the hearing was on the detailed care record systems, where progress has been more disappointing.

SECTION 2—NOTES REQUESTED BY THE COMMITTEE

2.1  Note on Central Programme Costs

Figure 3 (page 7) of the NAO report sets out total expenditure on the Programme, including what it describes as "programme management" costs of £1.19 billion. The PAC requested a breakdown of these costs which are not all programme management costs but include activities such as testing and deploying systems, technical design, finance and commercial management, as well as organisational overheads such as buildings and IT. Industry averages suggest that programme management costs typically account for 10-20% of the total cost of a programme of this scale and complexity.

The table below provides a breakdown of central costs by type, including the itemisation of legal costs requested at the PAC hearing.

Figure 1

EXPENDITURE ON NPFIT (AT 2004-05 PRICES)
 Total Acutal Expenditure to 31.03.11 2011-12 forecast2012-13 forecast 2013-14 forecast2014-15 forecast 2015-16 forecastTotal Programme Cost
Category(£m) (£m)(£m) (£m)(£m) (£m)(£m)
Internal Staff26238 372521 21405
External Contractors267 151197 7317
External Consultancy83 8433 3104
Supplier Contracts53 401896 6131
Buildings677 878 7104
IT Costs534 222 265
Legal367 777 874
Income(4)(1) (2)(1)(1) (1)(10)
Total Central Programme Costs817 1198762 54521,190
Total Programme Costs6,354 1,0841,179918 7971,06811,400
Central Programme Costs as % of
total
13%11%7% 7%7%5% 10%

This reduction represents a 25% saving in central programme costs (down from £1.599 billion to £1.190 billion) since the last NAO report in May 2008 and represents a 46% reduction in central expenditure from 31 March 2010 onwards.

Figure 1

DEFINITIONS
CategoryDefinition
Internal staffPermanent staff salary costs plus associated costs, for example training and travel.
External Contractors Professional services temporary resources plus associated expenses which includes admin and clerical, interim managers and specialist contractor within established departmental posts.
External Consultancy The provision of management, objective advice and assistance relating to the strategy, structure, management or operations of an organisation in pursuit of its purposes and objectives. Such assistance is provided outside the business as usual environment when in house skills are not available and will usually be time-limited.
Supplier ContractsNon LSP third party supplier costs for direct frontline service provision, for example IT Hosting and Rental charges and the Public Information Programme contract.
BuildingsRent, rates and associated costs for accommodation for NPfIT resources.
IT CostsInternal costs associated with Hardware, Software and Licences for NPfIT resources.
LegalLegal fees to support the NPfIT contracts.
IncomeInvoiced income received for National IT Services provided to the Department of Health and NHS organisations by the Systems and Service Delivery team on a not for profit basis.

2.2  Note on the Costs of Millennium in the South "Greenfield" Sites relative to London

Purpose

At the Public Accounts Committee on 23 May the Chair requested a note on why the Department disagrees with the National Audit Office conclusion that the price of Cerner Millennium in the three "Greenfield" sites in the South is 47% higher than in London.

Extract from the Summary of the NAO Report

"The costs of delivering three care records systems in acute trusts under this contract are some 47% higher than the cost of delivering the same system in London, although BT advises that the system is being delivered in a different way" [page 10, paragraph 14].

Departmental Response

The Department does not accept the NAO statement that the price of Cerner Millennium in the South is 47% higher than in London, as the NAO is not comparing like with like.

The NAO comparison was based on London CCN2, which the Department believes is an inappropriate baseline as:

—  The BT delivery model for Cerner has evolved significantly in the three year period between London CCN2 (May 2007) and the agreement of the Greenfields CCN (March 2010).

—  The Greenfields trusts were of a significantly bigger scale and complexity, had a different underlying technical solution and had richer clinical functionality than delivered to London trusts under CCN2.

The Department believes that, although still difficult to draw a direct comparison, a more representative baseline would be London CCN3 which was agreed during March 2010, along with the Greenfields CCN, and had a similar delivery approach and core functional scope. If average prices are compared (noting the Departments' view that taking an average is a crude comparison as all trusts are different) then the NAO would have noted that the unit price of the Greenfields is 24% less expensive than London CCN3 (£23.6 million as compared with £31 million) with the primary difference in price being that the London deal included optional, additional functionality such as; pathology, radiology, pharmacy stock control, electronic document management, clinical dashboard and clinical benchmarking which trusts would be charged for additionally under the Greenfields contract. BT's cost model at CCN3 was independently verified by KMPG who concluded in November 2010 that "BT has provided sufficient underpinning evidence to support the agreed delivery costs".

2.3  Note on the Verification Exercise relating to the costs of RiO

Purpose

At Question 224, the Public Accounts Committee asked for "a clear written account" of how the value for money of the RiO prices was assessed.

Assessing the value for money of the RiO prices was part of the CCN3 negotiation process. This note explains that process and the subsequent verification exercise carried out by KPMG.

CCN3 Negotiations Process

The CCN3 negotiation process was lengthy and involved many iterations challenging the component parts of the BT cost model. This included ensuring that rates offered were competitive and that the effort ascribed to various activities was justifiable.

Taken together, competitive rates and reasonable effort comprise value for money. BT was required to provide numerous iterations of financial models. These models were reviewed in detail by the Authority, resulting in multi-million pound savings.

The Authority negotiated reduced day rates on all of the BT labour within the contract. In addition, BT's profit margin on the contract was also significantly reduced. Other commitments were also obtained by the Authority, in particular around sub-contractor pricing; for example, Cerner has confirmed that the pricing provided to the Authority (via BT) is the best it provides to any of its customers.

The Authority then requested further financial assurances and agreed with BT that a requirement of signing CCN3 would be that a verification exercise would be conducted by third party, independent financial experts (KPMG).

KPMG Verification Exercise Process

In October 2010 KPMG were requested by the Authority to verify the costs presented by BT, including those for RiO, in the CCN3 Financial Model.

The approach adopted by KPMG was as follows:

—  Their work focussed on the Cost Data sheet within the CCN3 Financial Model and was conducted on a sample basis, designed to provide a high coverage of costs with a reasonable sample size.

—  The cost elements for potential duplicate entries were reviewed.

—  The cost rates associated with BT labour were validated to cost rate cards and payroll records.

—  The hours presented in the Model associated with BT labour were reviewed for reasonableness.

—  Sub-contractor and other supplier costs were validated to the agreements entered into by BT with their suppliers.

—  Cost elements and supporting documentation requested from BT were sampled to substantiate the costs provided.

Conclusion of the Verification Exercise

On 3 November 2010 KPMG concluded that "BT has provided underpinning evidence to support the agreed delivery costs" and that "no proposed adjustments are required for Agreed Delivery Costs".

2.4  Note on the Listening Exercise

Purpose

The Public Accounts Committee asked for a note (Question 276) about the responses received as part of the "listening exercise" in respect of the National Programme for IT.

Departmental Response

The Department can confirm that it has not had any responses relating directly to, or mentioning, the National Programme for IT. There have been a very small number which note the need to harness IT to facilitate information flows, but these tend to be generic references.

SECTION 3—RICHARD BACON QUESTIONS AND ANSWERS

DETAILED CARE RECORDS SYSTEMS

3.1  What are the maximum payments to which NPFIT would be exposed for contract cancellation of the detailed care records systems, for each of the LSP providers?

We are not able to reveal specific numbers as that is likely to lead to suppliers expecting those amounts should we attempt to terminate for convenience. Also, at this stage, all figures are subjective, although they are informed by our experiences with Fujitsu.

The maximum payments would occur if the whole of the contracts were cancelled for convenience. In that scenario, taking into account contractual costs, potential damages to suppliers, the costs to procure replacement systems, transition costs, the costs of "uplifting" ongoing services, legal and professional fees, we believe that the maximum payments could be in excess of the currently anticipated costs to complete the BT and CSC contracts.

If we were to terminate in part (only services for Acute) then the maximum payments might reduce by approximately 50%.

These costs do not include the deployment or operational costs of any new systems that the NHS would need to procure. The NHS cannot continue without replacing the systems now covered by these contracts.

The categories are explained as follows:

—  Contractual costs: The minimum amount the supplier is allowed to receive under these circumstances.

—  Damages paid to suppliers: This would include covering some of the suppliers' unrecovered costs to date and pre-accrued claims at the point of termination.

—  Transition and Uplift Costs: The costs of providing the ongoing services post termination. It is likely that suppliers will seek to increase these ongoing costs in an attempt to improve their financial position (Fujitsu, for example, doubled the service charges claiming they would turn the systems off unless we paid).

—  Procurement of replacement systems costs: The costs of running the procurement for the live services to be supported and developed.

—  Legal and professional fees: The costs of supporting the termination, transfer and investigation of the facts around termination.

Wider Impacts

Both BT and CSC have been clear that they are not willing simply to walk away. Therefore, it is safe to assume that some form of dispute will occur and that both suppliers will seek to recover costs. Legal advice provided to the Department indicates there is a risk of some unquantifiable "collateral damage" to the Fujitsu existing claim and the risk of suppliers working in unison against the Department is significant.

Delivery of replacement or new services would also be required, and the time taken to procure can be extended by factors outside of the Department's or Trusts' control.

3.2  Have you now ascertained the cost of RiO outside of the National Programme and compared it to the cost within the National Programme?

We have obtained comparative data from three trusts (as set out in Figure 2 below), which have purchased RiO outside of the National Programme: Bradford District NHS Care Trust, a mental health trust; Somerset Partnership NHS Foundation Trust, also a mental health trust, and Nottinghamshire Healthcare NHS Trust, which provides mental health, learning disability and community health services, as well as managing two medium secure units and the high secure Rampton Hospital near Retford.

Figure 2

COMPARATIVE ANALYSIS OF RIO COSTS
Bradford District Care Trust Nottinghamshire Healthcare NHS Trust Somerset Partnership NHS Foundation Trust Trusts provided by NPFIT
Deployment Charge590K 1596K(see note 1)1395K
(see note 2)
Annual Service Charge 160K 335K
(see note 3)
139K 353K
Total Cost
(over a normalised 48 month term)
1230K2936K556K 2797K

Notes:
1.  There was no deployment charge as a special development relationship existed between CSE and the trust.
2.  Deployment charges for RiO vary from £925k to £1.6m depending on care setting and software version. The figure provided is an average.
3.  Nottingham has additional specialised modules of functionality because of the services provided by the trust.

Figure 3

COMPARATIVE ANALYSIS OF RIO SERVICE OFFERINGS
Bradford District Care Trust Nottinghamshire Healthcare NHS Trust Somerset Partnership NHS Foundation Trust Trusts provided by NPFIT
LicenseFor contract term For perpetual useFor contract term For contract term
HardwareNoNo NoYes
HostingNoNo NoYes
Application SupportYes YesYesYes
Disaster Recovery Partial
(see note 4)
Partial
(see note 5)
No Yes
Spine connectivityNo NoNoYes
Product DevelopmentNo NoNoYes
(see note 6)

Notes:
4.  The disaster recovery process is managed by the supplier on trust owned and managed infrastructure which is capable of holding 25% of the capacity of the live service.
5.  The disaster recovery process is managed by the supplier on trust owned and managed infrastructure.
6.  There has been significant product development already funded through the NPfIT. This will continue and trusts have the ability to influence enhancements to the RiO software with 3, significant, trust defined, functional upgrades to the deployed software included in the price.

Summary

None of the trusts consulted had purchased the same RiO product offering and all trusts varied significantly from the offering provided to NPFIT trusts, making a direct price comparison difficult. However, trusts within the programme typically had significant advantages to those outside the programme, namely:

—  The ability to influence the functionality of the product.

—  Centrally provided and hosted hardware.

—  Centrally-provided disaster recovery with 100% capacity and availability.

—  No additional development costs for subsequent releases.

—  Spine connectivity.

BT estimate that the monthly charge for hardware, disaster recovery, service management and Spine connectivity to be in the region of £42,500 per month or just over £2 million of value over a 48 month contract term.

Additional Functionality

Furthermore the NPFIT investment in the development of the RiO has significantly enhanced the functionality of the product to the benefit of all trusts. Examples of functionality in the latest deployed version (v5) and soon to be deployed (R1, 2011) of RiO include:

—  Standard assessment forms.

—  Care-plans and reports.

—  Spine connectivity, enabling integration with central demographics services, and functionality to support smart cards and role based access controls.

—  Waiting lists.

—  Results reporting.

—  Prevention, screening and surveillance.

—  SNOMED.

—  Inpatient prescribing.

—  Functionality to support multi-disciplinary care planning.

CERNER MILLENIUM A NORTH BRISTOL, OXFORD, AD BATH

3.3  How much is NPfIT paying in total to deploy Cerner Millennium at each of the following 3 sites: North Bristol, Oxford, and Bath - inclusive of licence, hosting/central infrastructure and deployment charges?

3.4  What is the annual cost, every year for the remainder of the BT contract, for each of the 3 sites?

The table below provides the overall cost, inclusive of licence, hosting/central infrastructure and deployment charges, of deploying Cerner Millennium at North Bristol, Oxford and Bath.

Figure 4

GREENFIELDS ONE-OFF AND RECURRING COSTS
£'000
BathOxford North BristolTotal
Overall cost21,00023,800 24,30069,100
Deployment charge (one off)13,100 15,70015,20044,000
Annual service charge (£/y)1,700 1,9002,0005,600
Forecast service months56 5154

The service charge for North Bristol is higher (despite having fewer users than Oxford), as the Oxford infrastructure is shared with the Nuffield Orthopaedic Centre NHS Trust (ie a shared domain).

Service charge is payable only for the months that the system is in use (i.e. it is not a fixed charge).

3.5  What will the annual cost be for each of the 3 sites after the BT contract finishes?

This figure is to be determined, as it would be subject to a separate procurement exercise. It will be determined by factors including:

—  Whether the Trusts' procurement results in the Trusts staying with Cerner Millennium.

—  Whether the systems are transferred to a new hosting provider.

—  Whether the Trusts wish to continue being part of a consortia where there are synergies and therefore cost reductions by sharing certain support services between trusts, or "go it alone".

—  Whether they wish to maintain the very rigorous service level agreements, with penalty payments where services are not met.

—  The usual reduction in the total cost of IT ownership over time.

3.6  What original delivery dates were given for each of the 3 sites when the BT contract reset was first signed?

3.7  How many changes have been there been to those delivery dates for each of the 3 sites since then? Please list.

3.8  What are the current planned go-live dates for North Bristol, Oxford, and Bath?

The table below provides answers to each of these questions:

Figure 5

DELIVERY DATES FOR THE "GREENFIELDS" SITES
BathOxford North Bristol
A)  Outline delivery date agreed with BT at contract reset, prior to local detailed
planning
28-May-1110-Sep-1104-Jun-11
B)  Formally contracted delivery date following local detailed planning 01-Jul-1119-Nov-11Yet to baseline
C)  Current planned delivery date29-Jul-11 19-Nov-11Yet to baseline
Number of changes in delivery date (between A and C) 212
Variation between formally contracted and current delivery dates (between B and C) 1 monthNoneN/A
Planned project duration from project start to go-live 16 months20 months21 months

The implementation of a Cerner system is a significant change management exercise within a Trust. Accepted good practice for the IT element within a large scale change programme is to determine the dates as part of the wider planning exercise. Fixing dates too early and driving to meet those dates can introduce unnecessary risk to the project. As the project progresses dates move from being tentative (or "outline") to becoming fixed as part of a detailed implementation plan.

When the dates have been fixed in the detailed implementation plan, the supplier can be penalised for failure to meet the date—similarly the Department of Health would be penalised if the slip was caused by an NHS Trust.

Outline delivery dates were agreed with BT at the point of contract reset reflected by point A in the table above—these delivery dates were not contractually baselined at that stage. Dates were contractually baselined following detailed planning between the Trust and the Supplier and these are reflected by point B above. This method of agreeing implementation dates is in line with best practice on large IT programmes

Historically, Oxford and Bath had initiated projects with Fujitsu.

Changes at Bath

1.  Detailed planning led to the outline delivery date of 28 May 2011 being contractually baselined at 1 July 2011.

2.  On 15 April 2011 BT notified the NHS of a delay to the project resulting in a re-baselined delivery date of 29 July 2011. Contractual delay deductions in the order of £500K have been applied to BT for this delay.

Changes at Oxford

1.  Detailed planning between the Trust and the supplier led to the outline delivery date of 10 September 2011 being contractually baselined at 19 November 2011. There is not expected to be any financial implication from this change.

Changes at Bristol

1.  The detailed planning led to the outline delivery date of 4 June 2011 being revised to 2 July 2011, but this was not formally baselined and is now subject to further revision. This change was as a result of the Trust wanting to move an interim milestone that would impact the go-live date. This was in part due to the Trust receiving a Delay Event Notice issued by BT in September 2010. BT have, to date, not associated any cost with this Delay Event Notice.

2.  Detailed re-planning discussions are currently ongoing between the supplier and the Trust to establish a new contractual delivery date.

Comparisons of delivery timeframes

By comparison in London, Kingston took 18 months, St Georges took 18 months, and Imperial is forecast to take 20 months. All these durations exclude the delays caused by the four month "pause" in London deployments between Oct 2008 and January 2009, following the Royal Free go-live in July 2008.

Outside of the programme, where Trusts have contracted either directly with Cerner or via a third party (such as University Pittsburgh Medical Centre), deployments take a similar duration. Newcastle took 19 months to go-live and the Wirral took 24 months after contract signing.

COMPUTER SCIENCES CORPORATION

3.9  How many iSoft iCM licences i) have been paid for by NPfIT since it began? And ii) at what total cost?

The answer provided to this question includes iPM, as well as iCM licenses. iPM was deployed in Primary Care, Mental Health, Acute and Tertiary settings between April 2005 and August 2010.

To date the Authority has procured a total of 6 iCM licenses and 83 iPM licences. Within the current contract, the Authority has paid £1.4 million for all 89 iCM and iPM licences combined. This covers the licence cost until iCM and iPM are de-commissioned.

Figure 6

DEPLOYMENT AND SERVICE CHARGES FOR IPM
ClusterDeployment Charge per site (£'000) Annual Service Charge per site (£'000) Total Annual Service Charge (£'000) for all IPM Deployments AcuteMental Health PCT
NE470226 1,353
22
14
47
NWWM500152 8,156
EEM564274 4,111
Average511217 13,621

Figure 7

DEPLOYMENT AND SERVICE CHARGES FOR ICM
ContractDeployment Charge per site (£'000) Annual Service Charge per site (£'000) Total Annual Service Charge (£'000) for all ICM Deployments AcuteMental Health PCT
NE564113 113
5
0
1
NWWM61078 234
EEM564108 216
Average579100 563

As can be seen, the contracted costs vary by Cluster. As clusters were originally offered as individual contracts, potential contractors offered discreet bids for each individual region that reflected the contractor's view of charges necessary to recover their costs and achieve margin. An average value is included above for simplicity.

The total cost of deployment and service charges of these interim systems to end March 2011 is approximately £105 million.

The local cost of a deployment of iCM is approximately £150,000 and the estimated local cost of an iPM deployment is £5 million.

3.10  When will the next Lorenzo go-lives take place? And at which sites?

There will be no decision on the next Lorenzo site to go live until after the outcome of the Major Projects Review is known by the Department.

We do know that there are 80 Trusts in the North, Midlands, and East of England whose PAS systems will become unsupported in the next 2-3 years and who will, therefore, need either to extend non-strategic systems or re-procure systems.

3.11  What is the demand for Lorenzo?

The original contract committed 223 Trusts to take NPfIT systems in NME. This includes 161 Trusts committed to Lorenzo. In December 2010 we wrote to you saying that, at that time, the Memorandum of Understanding (MoU) expectation was that these numbers would reduce to 187 Trusts taking systems, with at least 127 expected to take Lorenzo. These numbers were based on returns from the SHA CIOs. We would expect to repeat this exercise if the terms of the MoU are accepted by the Department.

3.12  How many Trusts are signed up to take Lorenzo?

Under the current contracts in the North East & North West and West Midlands, 161 Trusts are committed to take Lorenzo. The East and East Midlands Cluster does not have a commitment due to the contract's non-exclusivity in that Cluster.

3.13  How many will sign up to take it? How do you know?

The number of Trusts that will take Lorenzo is under review as part of the current MoU discussions with CSC. We have previously carried out a consultation exercise with trusts to establish demand and we would expect to repeat this exercise if the terms of the MoU are accepted by the Department. The Department is clear that demand will depend on the quality of the product.

3.14  How long does it take to deploy Lorenzo at one site?

The deployment "cut-over" takes a weekend.

The deployment project, which delivers all the necessary local design, build, testing, data migration, and related clinical and process change, varies in duration depending on the size of the organisation, the scope of the deployment, and its complexity.

The actual project durations for the three Release 1.9 Lorenzo Care Management deployments to date have been:

—  Bury PCT: Project Initiation Document (PID) Sign Off—March 2009; Care Management—Go-Live—03 November 2009; PID to go-live duration 8 months.

—  University Hospitals Morecambe Bay: PID Sign Off—February 2009; Care Management—Go-Live—31 May 2010; PID to go-live duration 15 months.

—  Birmingham Women's Hospital: PID Sign Off—January 2009 but Project Engagement started March 2010; Care Management—Go-Live—31 October 2010; PID to go-live duration 22 months, Project engagement to go-live 8 months.

Evidence from CSC's delivery of other products suggests that these timeframes will be reduced as CSC refines its delivery process in the light of lessons learned from previous deployments.

Delivery timeframes for Lorenzo modules:

The Lorenzo product is designed to be deployed in modules or stages. The list below shows the expected time to deploy these modules.

—  Care Management, Mental Health, Care Plans and Inpatient Prescribing (IPP) deployment units each have a deployment profile of 12 months.

—  Request and Results is 11 months.

—  Clinical Documentation is eight months.

—  To Take Out (TTO) and Advanced Bed Management is six months each.

—  Day Care is four months.

—  Emergency Care is four months (with Care Management).

Comparative Data

Cerner Millennium Deploymentsby comparison, Cerner Millennium deployments in London at Kingston took 18 months, at St Georges 18 months, and Imperial is forecast to take 20 months. All these durations exclude the delays caused by the four month "pause" in London deployments between October 2008 and January 2009, following the Royal Free go-live in July 2008.

Outside of the programme, where Trusts have contracted either directly with Cerner or via a third party (such as University Pittsburgh Medical Centre), deployments take a similar duration. Newcastle took 19 months to go-live and the Wirral took 24 months after contract signing.

Pre-NPFIT Projects—the South West Shires Consortium May 2003 implementation plan assumed an average roll-out of 30 months per Trust.

The Kensington, Chelsea and Westminster Business Case in April 2002 for the implementation of IDX included a "strategy" stage of 3-12 months, a procurement stage of 18-24 months and an implementation stage of 21-42 months.

SECTION 4—ADDITIONAL NOTES PROVIDED TO THE COMMITTEE

4.1  Note on Role Based Access Control

Introduction

The aim of this paper is to clarify answers given (in response to questions 173-186) at the Public Accounts Committee hearing on 23 May in respect of access to care records.

The different types of health records discussed in this paper include:

—  detailed care records held locally;

—  records held in prescription, referral and other local systems; and

—  Summary Care Record of key information which can be accessed anywhere in England should a patient need treatment away from home, out of hours or in an emergency.

Detailed care records

Every NHS organisation keeps a detailed record of every patient they care for.

There is more than one single electronic health record for each patient—these records used to be a combination of electronic and paper but increasingly they are becoming electronic.

The majority of electronic detailed care records held by NHS organisations in England are stored in iPM, SystmOne, Lorenzo, Cerner, RiO and EMIS.

Summary care record

Patients have a choice whether or not to have a Summary Care Record (SCR). Every patient aged 16 and above is written to at least 12 weeks before any information is sent to the Summary Care Record from the patient's GP practice record. Any patient who chooses to opt out will not have an SCR created.

Access to records

Regulatory bodies have made it clear that they expect the NHS to put in place the strongest possible safeguards. The commitment to achieving this is set out in the NHS Constitution and in the NHS Care Record Guarantee.

By law, everyone working for, or on behalf of, the NHS must keep all information about a patient secure. Healthcare staff have a legal, ethical and, in some cases, professional obligation to respect patient confidentiality.

These choices may vary between different NHS organisations depending on the local systems they use. All systems connected to the Spine have a range of technical controls in place to allow detailed care records to be safely and securely shared across NHS organisations.

NHS Smartcards

Healthcare Staff must have an NHS Smartcard (like a bank card and PIN) to access systems and access to a patient's medical record is only available to those healthcare staff who have the appropriate access controls added to their Smartcard. Staff who do not need to have access to medical records will not have the appropriate access controls added to their Smartcard and will not be able to access a patient's medical record.

In order to ensure that Smartcards are issued to appropriate individuals, Smartcards are issued by Registration Authorities locally in the NHS, so it is not possible to give an accurate figure of the number of NHS staff who will have access to SCRs.

Legitimate Reason

Access to a patient's medical record is only available to staff with a legitimate reason. This is enforced in the system through a mix of both stringent technical controls and operational processes. Access to a patient's record requires a legitimate relationship to be established in the system, which requires the involvement of at least two members of staff to register the patient on the system. Any access without this would generate an alert, for investigation by the local NHS Privacy Officer, whose role it is to investigate any inappropriate accesses.

In the context of GPs, each GP practice functions as a workgroup and will generally have access to the records of a patient of that practice in the appropriate context (for example, for a patient consultation). This access is fully audited.

All GPs must use smartcards when interacting with national services such as the Personal Demographic Service, Summary Care Record, Choose & Book and Electronic Prescriptions Service. Smartcards are not mandated for general system access; however, many GP systems do provide the capability to use the smartcard as a method of authentication. Additionally, under the Local Service Provider contract, TPP is obliged to provide smartcard authentication as the primary authentication mechanism for its GP systems.

Permission to View

Access to a patient's Summary Care Record requires the patient to give their permission for the clinician to view their Summary Care Record. Any access that is made without permission—eg accessing a patient's SCR in an emergency—generates an alert which is sent to the local NHS Privacy Officer to investigate.

In an acute setting such as a hospital the patient would consent to the clinical team providing care for them to have access to their record at the point of entry.

Audit of accesses

All accesses to a patient's medical record are audited, including the details of the time and date of the access and the details of the individual who made the access.

Transparency of accesses

Patients can request to see both the information held about them but also who has been looking at their Summary Care Record. This commitment to the public is included in the NHS Care Record Guarantee.

Not all system users can access all information, for example administrative staff would only be allowed to see a patient's demographic information. This principle is known as role based access control (RBAC). These functions are authorised by the local NHS Information Governance lead known as a Registration Agent.

User Numbers

The number of users by Cluster is shown in Figure 8.

Figure 8

USER NUMBERS BY NPFIT CLUSTER
Number of Users
North Midlands and East200,000
London53,000
Southern35,000

—  The total number of registered smartcard users is currently 843,000.

—  The number of unique users authenticating during March 2011 was 378,811.

—  Currently 12,500 staff have the appropriate roles on their NHS Smartcard to view Summary Care Records.

—  A large Mental Health Trust would have approximately 3,000 users.

—  Another 61,721 healthcare staff also access detailed care records using Ambulance, Child Health, Maternity, digital x-rays and scans (PACS and RIS), Accident and Emergency, and Theatre systems.

4.2  Note on Clinical Benefits and Exploitation

Introduction

NHS IT systems support the NHS in providing better care for patients. This document provides practical examples of how NHS IT systems are being exploited to improve: patient experience, clinical efficiency, clinical safety, clinical effectiveness, research and education.

Patient experience

Integrated software allows the doctor to demonstrate result and diagnostic findings directly on screen to the patient. As examples, Cerner Millennium can be used to show laboratory data and to graph sequences of data in front of the patient in the clinic. This allows the patient to see the effect of a treatment or procedure and improves both the level of understanding of the patient as well as their level of engagement.

Using the screen to demonstrate information to patients is a first step towards patients having control of their own record, as it improves familiarity and understanding of medical terminology.

Millennium also allows the printing of any page so that the doctor can share legible and easily deciphered information with the patient at any point of their journey. Millennium additionally allows the doctor or nurse to review information from other providers in the presence of the patient and check accuracy, as well as developing patient confidence in the medical or care information held about them.

With patient agreement, it is also possible to add patient generated digital information, for example, e-mails about their condition, to the detailed care record.

Healthspace and Communicator (although only available to a small number of clinicians at the moment) provide a platform for patients to communicate with their GP or specialist through a secure e-mail route. The doctor can add information to the patient's Healthspace account. As an example, a consultant in haematology at Barts and the London Hospital has a patient on an oral chemotherapy drug for a chronic bone marrow condition. The consultant sends blood results to the patient using this route. Other patients on the move use this route to ask the consultant questions about their appointments and their condition.

Clinical efficiency

Millennium allows the doctor to review and endorse GP referrals made via Choose and Book online. In this way the doctor can redirect the referral if necessary to return it to the GP with questions or comments. The process is faster than paper based processes for accepting referrals in secondary and specialist care.

Clinical staff at Morecambe Bay can also access the GP records of the specific patients they are treating, as Lorenzo is connected to the GP system in use locally.

Millennium also provides the clinician (nurse or doctor) with immediate access to a group of test results. This includes access to radiology, reports integrated with the PACS image, other images such as ultrasounds and MRI scans, laboratory results and patient measurements such as height, weight and vital signs. Remote monitoring of conditions by testing at home and uploading via e-mail is now also possible. Immediate access to patient documentation, such as the referral letter, clinic letters, discharge summaries and clinical notes is also available through Millennium.

In summary, the digital record is always available for clinical consultations at any networked PC within a trust at any time of day or night. With VPN access the clinical professional at home can also view the record securely and support decision making by doctors based at the hospital. This has proved particularly helpful, for example, at Barts in managing stroke patients in the stroke unit.

The search for patients through the personal demographic system has improved patient flows and access to information in Accident and Emergency departments.

Depth of coding into International Classification of Disease (ICD)10 codes and Health Resource Groups is improved by access to problem lists populated with Systematised Nomenclature of Medicine Clinical Terms (SNOMED CT). As wider use of SNOMED is achieved through the use of Millennium and Lorenzo the ability to plan services based on deeper levels of information will develop rapidly.

Clinical safety

Immediate access to patient information including coded diagnosis and problem lists improves decision making by all staff in emergency situations. For example, coding of diabetes in the digital record aids treatment in the emergency room of confused or comatose patients. Emergency resuscitation of cancer patient receiving chemotherapy is also improved by knowledge of their blood counts.

Lorenzo and Millennium permit the use of Alerts to manage patients with Infection Control problems such as MRSA and C.diff, allergy status, vulnerable adults and child safeguarding needs. At Morecambe Bay, infection prevention is now fully electronic across the Trust using Lorenzo functionality and in Barts all patients carrying MRSA are alerted to the clinician using Millennium. The data is always available day or night.

The Royal Free has also created safety procedure information in Millennium. For example, there was a serious untoward incident in the trust, as a result of which bleeding guidelines are now included in the system. Similarly, endoscopy data is now held on the system, helping to address the issue that previously only about a quarter of endoscopy data was available.

The software provides listing functions to support patient handover at shift change times and to create work lists for nights and weekends.

The software supports the production of legible and meaningful discharge summaries for handing over care to GPs and sharing information with patients and their families. This function is particularly well developed in the current version of Lorenzo at Morecambe Bay University hospitals where about 60% of patients currently are sent home with a software generated summary. This equates to 1500 Discharge Summaries being produced in April 2011, compared to only 136 in January 2011.

The software provides tools for endorsing patient results from the laboratories. This ensures that abnormal results are not missed or if they are, the practitioner can be identified and managed.

Patient protocols can be added to the patient record to be used by any staff for treatment or care management. In Barts, for example, all occupational therapy assessments are added to the record. These can be printed out or e-mailed to other practitioners either within the hospital or in the community. Protocols for patients with haemophilia, sickle cell disease and multiple sclerosis are other examples.

Clinical effectiveness

Clinical audit is strongly supported by the creation of patient lists identifying groups of patients with particular problems or diagnoses. These lists can be tracked in real time and offer an immediate way of checking that patients are correctly investigated and managed.

Patient tracking and outcomes assessment is advanced by the use of SNOMED Clinical Terms.

The software supports decision making and management of patients at all forms of multidisciplinary team meetings and cancer review processes.

Research

Millennium gives the user immediate access to Medline, an abstracts and research publication database. Searches are initiated from a recognised clinical term and support both care and research. The software suites allow the capture and transfer of clinical data for research purposes.

Databases and protocols can be shared across health systems to support complex research and network collaborations.

Education

Millennium provides access to BMJ Action sets in a number of English Trusts. These are real time learning tools for any grade of doctor and provide the doctor with decision support.

The patient listing functions allows educators to review groups of similar patients with students on a class room basis before visiting patients or where patients are only seen rarely in outpatients. The stored clinical data provides an immediate source of educational material for medical and nursing students.

Statistics relating to Lorenzo Exploitation at Morecambe Bay

—  70% of all staff are trained to use Lorenzo and are smartcard enabled (4,200 out of 6,000) with a concurrency of 350-400 users at any one time.

—  Lorenzo supports in excess of 1,200 unique logins per day; greater than 300 of those are by Doctors.

—  Approximately 28% of all users login each day.

—  In addition to management and administrative teams, some 1,100 clinical staff are now using the Lorenzo system at Morecambe Bay to admit, transfer and discharge patients.

Statistics relating to Cerner Millennium Exploitation at The Royal Free Hospital

During April 2011, Cerner processed the following number of transactions:

—  93,655 appointments (3,122 per day);

—  71,906 registrations (2,397 per day);

—  321,320 orders opened (10,711 per day); and

—  there are over 1,300 smartcard enabled active users within the Trust (700-800 concurrent at peak times).

4.3  Note on Advance Payments and Repayments

Description

Advance Payments are provided to suppliers as a method to mitigate high financing costs that their projects would otherwise attract using bank credit, and hence a higher cost to the Taxpayer.

Advance Payments are only made once a value for money case has been made to the Treasury and their permission granted.

All Advance Payments are made against a Bond (and Deployment plan) which is guaranteed by a reputable financial institution, acceptable to CFH. CFH can call the Bond without recourse to the supplier. No advance payment period exceeds one year and all advance payments are reconciled at the end of the term and unearned values are refunded within the term.

Advanced Payments and Repayments to date

The total of advance payments made to 31 March 2011 in respect of all contracts over the whole period of the Programme is £2,532 million. The total of repayments to date is £1,085 million and suppliers have retained £1,328 million, as deliverables have been met. The value of outstanding advance payments at 31 March 2011 was £119 million. The table below sets this out:

Figure 9

ADVANCED PAYMENTS AND REPAYMENTS TO DATE
£ million
Total advance payments made2,532
Of which:
Total amount earned by supplier1,328
Total amount repaid1,085
Amount to be earned or refunded as AP not yet expired 119

SECTION 5—RESPONSE TO LETTER FROM CSE

5.  Note for the Public Accounts Committee in response to the letter received by the Public Accounts Committee from the Chairman, CSE Healthcare Systems dated 26 May 2011

Purpose

Mr Alan Stubbs, the Chairman of CSE Healthcare Systems, wrote to the Clerk of the Public Accounts Committee (PAC) on 26 May 2011 in response to evidence given by Ms Christine Connelly at the PAC hearing on 23 May 2011.

This note is a formal response to the points raised in Mr Stubbs' letter.

General Points

The evidence provided by Ms Connelly at the hearing in respect of Bradford District Care Trust was based on written information received by the Department from the Trust on 20 May 2011 in response to specific questions asked of the trust by the Department.

Ms Connelly also sought, on the basis of the information received from Bradford, to compare the RiO service provided at Bradford with the RiO systems provided as part of the National Programme for IT. She did not state that Bradford was receiving "a lower standard of service" but did clearly state that there is not a like for like comparison between the services provided by CSE directly to Bradford and the services provided by BT to Trusts receiving RiO through the National Programme for IT.

In order to make a broader comparison, the Department has, since the PAC hearing, obtained information from two other trusts that have deployed RiO outside of the National Programme for IT. The findings are summarised in the answer to Question 2 from Mr Richard Bacon (please see Section 3 of this document).

Specific Points raised in the CSE Letter

—  Ms Connelly did not state that Bradford does not get 24/7 support. She said, in response to Question 241, that "we get 24/7 support". By "we", Ms Connelly was referring to the trusts that take RiO inside the National Programme

—  Ms Connelly did not state that Disaster Recovery was excluded from the Bradford service. In fact, explicitly in response to Question 239, Ms Connelly stated that Bradford do have Disaster Recovery. However, she went on to point out the limitations of the Disaster Recovery at Bradford and to contrast this, in response to Question 241, to the fact that within the National Programme full Disaster Recovery is provided and that the cost of full Disaster Recovery is significant. To clarify, Bradford told the Department that they have "local disaster recovery provision" with CSE invoking Disaster Recovery remotely, onto local Bradford infrastructure and that this operates "at 25% capacity". This contrasts significantly with the NPfIT environment where components are automatically recovered if they fail and, should the whole environment fail, it is contracted to be completely recovered within two hours.

—  The Department acknowledges that there was no mention of Facilities Management. Bradford told the Department that hosting and infrastructure is provided by the Trust, with 24/7 support provided by CSE via "dial-in" over N3. In NPfIT, facilities management is provided directly by BT on infrastructure supplied by BT.

—  Ms Connelly stated in response to Question 237 that Bradford has a 59 month contract duration, as the Trust told the Department that their live service runs from 5 May 2009 to 31 March 2014.

—  Ms Connelly's comment re 25% availability, in response to Question 239, was, as stated above, specifically in the context of Disaster Recovery, not in respect of the service availability as a whole. The Department did not request information from the Trust on operational service levels achieved by CSE.

Figure 10

A COPY OF THE LETTER FROM CSE CHAIRMAN, ALAN STUBBS.

SUBJECT: PAC meeting 23 May 2011 on the national programme for the NHS

During the evidence presented by Ms Christine Connelly, one of our contracts for RiO; Bradford Mental health Trust was referenced.

Ms Connelly's statement was that Bradford is receiving a lower standard of service than provided by BT in London and hence the lower price charged by CSE Healthcare Systems to Bradford.

CSE healthcare Systems wishes to correct the evidence given.

—  Ms Connelly stated that the services is NOT 24*7 hours—the service is a 24*7 service.

—  Ms Connelly stated that Disaster Recovery (DR) was NOT included in the service—a DR services is included.

—  There was no mention of Facilities Management—we provide remote Facilities Management.

—  The service contract is for five years—not four years as stated.

—  Ms Connelly implied that the system only had 25% availability—our records demonstrate that this is not true; the system is architected to achieve an availability of over 99%.

June 2011


 
previous page contents next page


© Parliamentary copyright 2011
Prepared 3 August 2011