From Blindside

The new Department of Health agency, NHS Connecting for Health, is bringing modern computer systems into the National Health Service in what it describes as ‘the world’s largest civil IT programme’. Over the next 10 years, the aim is to connect more than 30,000 GP surgeries to almost 300 hospitals, giving patients access to their personal health and care information. Over 90,000 healthcare workers – from GP receptionists to clinical practitioners - are expected to have direct access to the system, set at different levels according to their requirements.

The NHS National Programme for IT (NPfIT), is in danger of failing, this was a widely held view in industry even before the project was fully started. Now even senior figures in the main contractors implementing the project are saying this is the case. Also of great concern are the lack of high security standards in the currently designed systems. Twenty-three prominent academic computer scientists have compiled an encyclopaedic collection of information on these concerns, and asked the House of Commons Health Select Committee to investigate. The Committee has responded with an inquiry into the development of electronic patient records.

Contents 1 Impact and Maturity Level 2 Sign on speed 3 Privacy 4 Supplier going bust 5 Academic experts 6 Links 6.1 News

[edit] Impact and Maturity Level

We estimate the Impact Level of this at 3, our highest level. The information assurance issues include growing resistance on the part of patients and healthcare providers to provision, retention and transmission of information. This can be expected to transfer to other large scale government IT projects, eroding political support, especially if NHS modernisation is seen as unsuccessful or too expensive for what is achieved by it.

Once started, this type of programme cannot be stopped. It is not an exaggeration to say that the future of the NHS may well depend on a successful outcome of IT modernisation within the National Health Service. However, we estimate the Maturity Level at 2, as despite ongoing problems with installation and implementation, the project is frankly too big to be allowed to fail, and will be carried through to some form of completion.

[edit] Sign on speed

Peter Gutmann comments:

We (New Zealand health IT industry) found that out some years ago: In healthcare IT, there is only one user, and that's "whoever first signed onto the PC this morning" (and the healthcare security policy is "you can do whatever you want as long as you can justify it by saving the patient"). Unfortunately the bureaucrats still haven't grasped this.

Brian Gladman, ex-Ministry of Defence and NATO, says:

If my experience is anything to go by, the folk designing the software would have been well aware of the need to keep sign-on times low. What they would not have been aware of is the impact of a high assurance security architecture on the system cost involved in sign on and sign off.

MOD learnt this lesson over a decade ago when it had to write off several hundred million pounds by scrapping major 'secure' IT systems because the sign on times were measured in minutes and the reponse time for simple queries was even worse. Moreover users simply ignored security procedures and undermined the intended security in exactly the same way that we are now seeing in the NHS use of IT.

[edit] Privacy

The board of South Warwickshire General Hospitals NHS Trust is allowing clinicians in their Accident and Emergency department to share smart cards. Apparently, at an average of between 60 and 90 seconds, login times were compromising efficiency in this very busy hospital department.

Although Connecting for Health had previously advised that sharing of smartcards is considered misconduct and could result in disciplinary action (see this July 2006 .doc briefing note, in a statement issued on 1 February they appeared to back off from this advice, suggesting that "responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations."

And although the BMA’s GP IT subcommittee spokesman, Paul Cundy told Computer Weekly magazine the actions of the trust "drive a coach and horses through the so-called privacy in the new systems", CfH stated there was "no question of the confidentiality of patient data having been compromised by South Warwickshire General Hospitals NHS Trust."

Even when you’re not in a life or death situation, over a minute is a long time to wait to log in. CfH is now working with its suppliers to reduce log in time to something that works in practice as well as in theory.

In the meantime, this story raises one vital question: where in the NHS does ultimate responsibility for patient privacy lie?

[edit] Supplier going bust

iSoft is subcontracted via primary contractor CSC to supply software for the project, which is reportedly running at least two years behind schedule.

iSoft has confirmed its auditor, Deloitte, has found accounting irregularities.

Currently iSoft is looking for some one to take it over. The companies debt stands at over £73 million.

The Lorenzo review found "no evidence for the development, nor testing of, technical procedures that would be required for operation and maintenance of the live system ... this is the main risk to the successful delivery of a fit-for-purpose solution."

[edit] Academic experts

Ross Anderson / James Backhouse / Ian Brown / Peter Gutmann / Brian Randall / Peter Ryan / Angela Sasse / Simon Weston Smith / Latanya Sweeney / Martyn Thomas /

[edit] Links

NHS Care Records Service NHS Connecting For Health Spine FAQs NHS Connecting For HealthNHS Connecting For Health

[edit] News

2007-03-05 - The Register - iSoft in critical condition as NHS trusts seek alternatives

Author: Lucy Sherriff

Summary: The government's vision of an integrated computer system for the NHS is coming apart at the seams as NHS trusts are to start looking for alternative IT suppliers, The Guardian reports. iSoft is the main software partner in the not-so-much-loved National Programme for IT (NPfIT), but delays are now so long and managers under such pressure from hospital trusts that bosses at NPfIT are having to draw up a list of alternative suppliers.

2007-02-13 - The Register - Fujitsu man condemns NPfIT as failure

Author: Lucy Sherriff

Summary: The government's pet technology project, the multi-billion pound NHS National Programme for IT (NPfIT), is in danger of failing, lacks the leadership required to stop it drifting off course, and is in danger of morphing into "a camel", according to a senior figure in one of the main contractors implementing the project.

2007-02-13 - Times - £6.2bn IT scheme for NHS ‘is not working and is not going to work’

Author: David Rose

Summary: The care of patients on the NHS risks being compromised by the Government’s flawed implementation of a multi-billion-pound computer system linking doctors and hospitals, according to one of the project’s senior executives. A lack of vision and poor understanding of the sheer size of the task meant that the IT overhaul “isn’t working and isn’t going to work”, Andrew Rollerson, an executive with Fujitsu, one of the system’s providers, said.

2007-02-11 - Blogzilla - NHS security constantly subverted

Author: Ian Brown

Summary: We have been told over and over again by the NHS that the highest security standards will be applied to centralised medical record databases, and that only authorised staff will have access to patient data. We have numerous practical examples showing this is pure fantasy. List with details...

2007-02-07 - OUT-LAW.COM - NHS asks Lords to clarify freedom of information and data protection clash

Summary: The House of Lords will clarify how data protection and freedom of information laws should work together if it hears an NHS appeal against an order to release clinical data. Any ruling would be a defining one for the two emerging areas of law.

2007-02-02 - ZDNet - NHS denies privacy risk over smartcard sharing

Author: David Meyer

Summary: NHS Connecting for Health has admitted that smartcards were shared between staff at a Warwickshire hospital, but denied that this compromised the confidentiality of patient data. ... On Thursday Connecting for Health (CfH), the NHS department administering the IT overhaul (the National Programme for IT, or NPfIT), issued a statement claiming that there was "no question of the confidentiality of patient data having been compromised" at the Trust, as the staff authorised by the board to share smartcards "were all clinical staff, bound by their professional codes of confidentiality, operating in a secure non-public part of the hospital". ... Previous statements from CfH had suggested that the sharing of smartcards would be treated as misconduct, requiring disciplinary procedures. However, Thursday's statement conceded that "responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations".

2007-01-30 - Computer Weekly - NHS security dilemma as smartcards shared

Author: Tony Collins

Summary: An NHS trust board has approved the sharing of smartcards, in breach of security policy under the £12.4bn NHS National Programme for IT (NPfIT), because slow log-in times would restrict the time of doctors treating emergency patients. ... Paul Cundy, spokesman for the British Medical Association's GP IT subcommittee, said the actions of the trust "drive a coach and horses through the so-called privacy in the new systems". He said, "This is precisely what we have long predicted and shows that security systems, although highly specified on paper, need to be tested against live environments before they can be said to be secure."

2007-01-29 - Metro - Security fear for patients’ records

Summary: NHS staff are being permitted to breach security on the Government's patient records system, it was claimed today. Workers at one trust have been told they can share their shift leader's 'smartcard' which allows them to view individual patient records

2007-01-26 - OUT-LAW.COM - Patients can boycott NHS system, says Commissioner

Summary: The Information Commissioner has been told that patients will have the opportunity to refuse to have their details uploaded onto the new NHS medical records system. The news comes just weeks after the Department of Health refused patients that right.

2007-01-26 - ZDNet - Anger over EC medical data-sharing scheme

Author: David Meyer

Summary: The European Commission is about to call for proposals on how patients' medical details would be shared between its member states, with the UK almost certain to be included in the scheme. ... "If you're somebody with information that should be known, at present you will carry either a bracelet or a card in your wallet to say so," Anderson told ZDNet UK on Thursday. "It is foolish to move to a computer for the simple reason that, if you have the information either on an online database or sitting on a smartcard, then the computer could be down. Human-readable information which you can carry is the most appropriate technology."

2007-01-23 - The Register - Academics compile 'encyclopaedia of concerns' about NPfIT

Summary: A group of academics have issued a "dossier of concerns" calling for a technical review of the NHS National Programme for IT (NPfIT). Brian Randell, Emeritus professor of Computing Science at Newcastle University, told GC News that the 200 page dossier containing "everything said about the NPfIT over the last few years" will help Parliament's Health Select Committee with its pending inquiry.

2006-12-22 - out-law.com - BMA may seek NHS records system boycott

Summary: Doctors will be advised to refuse to use the NHS's computer system unless the Department of Health (DoH) changes its mind on behaviour which the British Medical Association says is unlawful.

2006-12-21 - ComputerActive - Opt out of NHS computer records

Author: Dinah Greek

Summary: Information about how people may be able to have a say in whether their medical records are added to the central database and what information those records will contain.

2006-12-19 - The Times - Patients can keep their details secret after computer U-turn

Author: David Rose

Summary: The Government has agreed to let patients keep details of their medical records private after they are uploaded electronically on to a new NHS database. In a policy U-turn, Lord Warner, a health minister, said that he had accepted the recommendations of a task force on the electronic patient records system. The Government is to stick to its plan that patients will have to opt out of the NHS Care Records Service — but there will now be the chance for patients to view their record and amend details online before information is uploaded for sharing. They will also be able to consent to how their information is shared with professionals across the NHS in England.

2006-12-04 - The Guardian - Health officials reject requests to opt out of patient database

Author: John Carvel

Summary: The Guardian's response to the government's response to letters sent to the DoH by Guardian readers expressing their concerns about the proposed database.

2006-11-05 - The Times - Help! They know all about me

Author: John-Paul Flintoff

Summary: Some of the things that we consider most deeply private are contained in our medical records: a history of depression, a sexually transmitted disease, a long-ago abortion, recovery from drug addiction or a suicide attempt. The National Health Service has embarked on a £12 billion IT project that will upload millions of patients’ medical records onto a database, freely accessed by 250,000 NHS staff and, to a lesser degree, by private health companies, council workers, commercial researchers and ambulance staff. It might as well be public. Thomas has already encountered cases of private investigators, aided by insiders, raiding government and company databases such as the police national computer and the DVLA’s vehicle computer, as well as those at the Department for Work and Pensions. Doctors fear that when the openness of the database is understood, patients may stop telling GPs their secrets. The health department is unbothered: “The citizen has no right to stipulate what will and will not be recorded . . . nor where those records will be held.”

2006-11-01 - The Guardian - Warning over privacy of 50m patient files

Author: David Leigh & Rob Evans

Summary: NHS England seems intent on adding the medical records of all patients to its new central database without allowing people a say in whether their own records are included or what information may be shared.

2006-07-11 - Computer Weekly - NHS trust uncovers password sharing risk to patient data

Author: Tony Collins

Summary: A report recognises that a culture of sharing codes which give access to medical systems and records is widespread across the NHS and that this poses a threat to the confidentiality of medical records which are due to be uploaded to a central patient database.