Health Select Committee Inquiry

From Nhs It Info

Contents

Future Work Programme of the Health Committee (22 Nov 2006)

UK Parliament

http://www.parliament.uk/parliamentary_committees/health_committee/hcpn061122.cfm

"The Committee has decided to undertake the following additional inquiries in 2007: Aspects of IT in the NHS. . . . Further details, including terms of reference, will be announced in due course."

MPs will hold inquiry into £12bn NHS IT plan (28 Nov 2006)

Computer Weekly

http://www.computerweekly.com/Home/Articles/2006/11/28/220206/MPs+will+hold+inquiry+into+%C2%A312bn+NHS+IT+plan.htm

"The House of Commons' Health Committee has agreed to hold an inquiry into key facets of the £12.4bn NHS National Programme for IT (NPfIT) after some MPs expressed concerns that the scheme may be foundering. The decision reverses a resolution taken by the parliamentary committee only weeks ago not to hold an inquiry, and vindicates a campaign led by leading academics, Computer Weekly and MPs. The inquiry, the terms of reference for which will be announced shortly, is expected to involve the committee's members questioning ministers and officials at a series of hearings. MPs on the committee can take in evidence from trust executives who are concerned about the lack of progress in the delivery of core patient systems for hospitals, and from GPs about whether centralised electronic health records will be secure. The committee in October rejected an inquiry partly because some members believed the programme was too complicated to be investigated by non-expert MPs. Its change of heart comes after Computer Weekly provided some committee members with new evidence - including a confidential briefing paper on the NPfIT from directors of informatics at a large NHS trust. The paper expressed profound concerns about some aspects of the NPfIT.

Computer Weekly has also learned that strong support for an inquiry came from Dr Richard Taylor, a former hospital consultant and the only independent MP in the House of Commons. Taylor told Computer Weekly that he was originally not in favour of an inquiry, but changed his mind after an informal briefing by BT, one of the main suppliers to the NPfIT. He said BT's briefing had been so unremittingly positive about the programme that he found it lacked credibility, and this made him wonder whether the programme was as successful as the supplier claimed. It is seven months since 23 academics, supported by this magazine, wrote an open letter to the committee calling on its members to ask the government to commission an independent audit into the national programme. Martyn Thomas, one of the 23 academics who wrote the open letter to the health committee, said, "Speaking on behalf of the 23, we welcome the news that the Health Committee intends to hold an inquiry early in the new year. We intend to submit evidence to the inquiry further supporting our call for a full, independent and open review of the NPfIT."

Opportunity for clarity (28 Nov 2006)

Computer Weekly

http://www.computerweekly.com/Articles/2006/11/28/220171/Opportunity+for+clarity.htm

"We are delighted that the House of Commons Health Committee is going to hold an inquiry into the NHS's £12.4bn National Programme for IT. We have campaigned hard for an inquiry, as have 23 leading academics who wrote an open letter to the committee. At first the committee's members seemed none too enthusiastic about the idea of an inquiry. They were put off a little by the programme's complexity. Since then Computer Weekly has provided information to some of the members on the concerns at trust board level about the way things are going. Now the committee members have realised that they can see the programme from the perspective of doctors and nurses and if the scheme is too difficult for clinicians to understand, then there is something fundamentally wrong with it. Senior IT executives in trusts who have not been able to express opinions publicly will have the opportunity to write to the committee, requesting anonymity, and raising questions they think MPs should ask. The committee will also be taking in papers from specialists. The inquiry will provide a chance for officials to say that the NHS has moved on since the programme was first announced, and concede that it needs to change. The committee could then be a stage to announce changes. We hope that MPs will consider the project's strengths and weaknesses with an open mind, and not be critical or defensive according to party alignments. This is also a chance for officials and ministers to explain how patients will benefit from the enormous public investment in this project, and what lessons have been learned so far. They will, we hope, answer questions clearly and openly - for clarity and openness have been largely missing so far."

We must stop pandering to the NPfIT cash cow (28 Nov 2006)

Computer Weekly

http://www.computerweekly.com/Articles/2006/11/27/220120/Your+shout+No+high+risk%2c+training+issues%2c+NPfIT+failure.htm

"The missed NHS IT deadline has come as no surprise to those in the IT sector. The NPfIT will never get back on track, and was never on track originally. It breaks every rule of project management, from scoping right through to delivery, and is completely failing to address the requirements of NHS clinicians. The project management team has approached the matter as if they are dealing with a nation of identikits, not individual idiosyncratic patients. No right-thinking manager would attempt to deploy systems on a national basis like this - it makes no sense and simply cannot be achieved. Over £20bn of taxpayers' money has been wasted on a system that was destined to fail. The concept is undoubtedly laudable, but it has been approached from the wrong angle from the outset. Smaller software companies already serving the NHS were not permitted to tender for NPfIT contracts, and those that were awarded them had no healthcare experience. In the event, the larger IT firms actually outsourced to the very companies who had been refused contracts. Further, integrating all the regional systems that were created to comprise the final NPfIT was always going to be an uphill struggle to say the least. The NPfIT is five years overdue - how many more casualties are going to be caused by IT industry fat cats pandering to the cash cow the NPfIT has become?" [Richard Barker, Sovereign Business Integration]

Health select committee to investigate NPfIT (28 Nov 2006)

e-Health Insider

http://www.e-health-insider.com/news/item.cfm?ID=2299

"An inquiry into the National Programme for IT (NPfIT) will be held by the House of Commons' health select committee, according to a report in Computer Weekly. The committee originally decided not to hold such an inquiry, but are reported to have changed their minds after they were provided with documents from the magazine, including a confidential briefing paper on the NPfIT from directors of informatics at a large NHS trust, which expressed 'profound concerns about some aspects of the NPfIT'. Dr Richard Taylor, a former hospital consultant and independent MP for Wyre Forest, also gave the inquiry strong support after he had an informal briefing with BT, which 'had been so unremittingly positive about the programme that he found it lacked credibility, and this made him wonder whether the programme was as successful as the supplier claimed.' MPs on the committee will now be able to take evidence from trust executives concerned about the lack of progress in the delivery of patient administration systems in hospitals, and from GPs about whether centralised electronic health records will be secure. Martyn Thomas, one of the 23 academics who called for such an inquiry in April, said: 'Speaking on behalf of the 23, we welcome the news that the health committee intends to hold an inquiry early in the new year. We intend to submit evidence to the inquiry further supporting our call for a full, independent and open review of the NPfIT.' Richard Granger, chief executive of Connecting for Health, told the Financial Times yesterday that a combination of the NHS's financial troubles and problems with software means that the installation of new patient administration systems in hospitals is likely to be further delayed."

Announcement: Health Select Committee Inquiry into "The Electronic Patient Record and its use" (5 Feb 2007)

United Kingdom Parliament

http://www.parliament.uk/parliamentary_committees/health_committee/hcpn070205.cfm

"The inquiry will focus particularly on the following areas:

  • What patient information will be held on the new local and national electronic record systems, including whether patients may prevent their personal data being placed on systems;
  • Who will have access to locally and nationally held information and under what circumstances;
  • Whether patient confidentiality can be adequately protected;
  • How data held on the new systems can and should be used for purposes other than the delivery of care e.g. clinical research; and
  • Current progress on the development of the NHS Care Records Service and the National Data Spine and why delivery of the new systems is up to 2 years behind schedule."

MPs' health committee confirms terms of NHS IT inquiry (7 Feb 2007)

Computer Weekly

http://www.computerweekly.com/Articles/2007/02/07/221679/mps-health-committee-confirms-terms-of-nhs-it-inquiry.htm

"The House of Commons Health Committee has published its terms of reference for an inquiry it will hold into facets of the NHS National Programme for IT (NPfIT). The committee decided to undertake an inquiry last November, following a campaign led by leading academics, Computer Weekly and MPs. This week, the committee said the inquiry will focus on current progress on the development of the NHS care records service and the national data spine - and why delivery of the new systems is up to two years behind schedule. The care records service and data spine are cornerstones of the NPfIT, a £12.4bn project to refresh NHS IT systems and create 50 million electronic patient records. . . In May 2006, 23 academics wrote an open letter to the committee, calling on its members to ask the government to commission an independent audit into the national programme, voicing concerns over its technical feasibility and engagement with clinicians. They also published a dossier of their concerns over the programme last week."

Health Select Committee outlines NPfIT inquiry (9 Feb 2007)

e-Health Insider

http://www.e-health-insider.com/news/item.cfm?ID=2471

"The House of Commons Health Committee has announced details of what it intends to look into as part of its inquiry into the NHS National Programme of IT. As EHI reported in November, the Health Select Committee announced in November its intention to undertake an inquiry. At a meeting this week, the committee said that the NPfIT inquiry will focus on current progress on the development of the NHS care records service and the national data spine - and why delivery of the new systems is up to two years behind schedule. Included in the committee's agenda will be what patient information will be held on the new local and national electronic record systems, including whether patients may prevent their personal data being placed on systems and who will have access to locally and nationally held information and under what circumstances. It will also look at whether patient confidentiality can be adequately protected and how data held on the new systems can and should be used for purposes other than the delivery of care, such as clinical research. . ."

MPs to hold NHS IT inquiry (14 Feb 2006)

Computing

http://www.computing.co.uk/computing/news/2183202/mps-hold-nhs-inquiry

"The House of Commons Health Committee is to hold an inquiry into the electronic patient records system at the heart of the £6bn National Programme for NHS IT (NPfIT). According to terms of reference published last week, MPs will focus on patient data issues such as where information will be held, who will have access to it and how confidentiality can be protected. The committee will also consider implementation issues affecting the programme, which is about two years behind schedule. The inquiry is one of a series of reviews of the programme in the past 12 months. In June, public spending watchdog the National Audit Office published a report on the progress, and since the appointment of NHS chief executive David Nicholson in July there have been at least two further internal reviews, according to health service insiders. At a conference this month, Nicholson reiterated his support for NPfIT and, while acknowledging the need for more engagement with NHS users, he rebutted calls for an independent review. Progress on the National Programme is patchy. The N3 broadband network is now fully rolled out more than two months ahead of schedule, and implementation of electronic X-ray systems is considered broadly successful. But installation of complex hospital administration software has all but ground to a halt, and NHS staff buy-in issues are still not resolved. One result of Nicholson's reviews is December's creation of the NPfIT Local Ownership Programme (Nlop), which aims to give local health communities a greater role in the technology programme. But NHS IT staff are not convinced the plan will go far enough. If it actually happened, Nlop would be helpful, but it seems there is not going to be any money or contract management - and supplier discussions are to remain central - so it just looks like responsibility without authority, said a senior source. The deadline for submissions to the health committee inquiry is 16 March."

The Electronic Patient Record: Written Evidence (25 Apr 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422ii.pdf

(A 196-page compilation.)

The Electronic Patient Record: Uncorrected Oral Evidence (26 Apr 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/uc422-i/uc42202.htm

The Electronic Patient Record: Uncorrected Oral Evidence (10 May 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/uc422-ii/uc42202.htm

Our Submission to the EPR Inquiry

"Executive Summary: This submission addresses the issue: Current progress on the development of the NHS Care Records Service and the National Data Spine and why delivery of the new systems is up to 2 years behind schedule. It draws on the Dossier of Concerns regarding NPfIT that we have assembled from a variety of sources, and recently made available to Members of the Select Committee. Despite the difficulty of assessing NPfIT's plans and progress, caused by the Programme's size and complexity, the secrecy regarding detailed system specifications, and the atmosphere of fear that prevents many NHS staff from expressing criticisms, our Dossier contains extensive evidence, some but by no means all anecdotal, that supports our assessment that the Programme is in serious danger. The huge range of problems, covering technical matters, methods of procurement, the lack of buy-in from stakeholders, privacy and security questions, delivery delays and spiralling costs, greatly complicate the task of correctly identifying the fundamental causes and most effective remedies. Hence our recommendation that a detailed technical review of the Programme be commissioned, a review that must be open and manifestly independent if public confidence in NPfIT is to be regained."

Our Supplementary Evidence to the EPR Inquiry on Independent Reviews

"At the Committee's second evidence session, Dr Richard Taylor asked Professor Brian Randell to provide a short note describing where independent technical reviews had previously helped major projects to succeed. This supplementary evidence has been prepared in response to that request."

The Electronic Patient Record: Uncorrected Oral Evidence (7 Jun 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/uc422-iii/uc42202.htm

The Electronic Patient Record: Uncorrected Oral Evidence (14 Jun 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/uc422-iv/uc42202.htm

Director general defends IT plan and blasts critics of the electronic patient record (3 May 2007)

Health Service Journal

http://www.hsj.co.uk/healthservicejournal/pages/N1/p13/070503

"Critics of the electronic patient record have been branded 'privacy fascists' by the Department of Health director general of IT. Richard Granger launched the attack at the first hearing of a Commons health select committee inquiry into the controversial project. 'People think they can assess the programme after researching it on Google,' he complained. 'A number of people are whipping up anxiety - privacy fascists - who want to dictate that no-one has a right to information anywhere.' But he admitted: 'No system is ever going to be totally secure.' Mr Granger compared concerns over patient confidentiality to an 1834 editorial in The Times, which had argued against the adoption of the stethoscope. The project will be largely implemented by 2010, although some parts of it are running roughly two years behind schedule, he told the committee. This is due to the specifications changing and a lack of consensus from doctors as to how the project should work, he said. He vigorously denied a suggestion by Labour MP Jim Dowd that this meant the original plan had been flawed. 'It would be a fantasy to imagine that halfway through a 10-year programme we would only be doing the same things we set out to do five years ago. . ."

Commons' Health Committee cannot agree unanimous report on key aspects of the NHS National Programme for IT (11 Sep 2007)

Computer Weekly - Tony Collins's Blog

http://www.computerweekly.com/blogs/tony_collins/2007/09/commons-health-committee-canno-1.html

"The Health Committee of the House of Commons is to publish a report on aspects of the NHS's £12.4bn National Programme for IT [NPfIT] without the contents of the document being agreed by all of the MPs on the committee. The contents of the report "Electronic Patient Record" will not be known publicly until it is published on Thursday 13 September 2007 but I understand that MPs on the committee were unable to agree parts of it without specific sections being put to a vote. And when voting over the contents was completed, the final report was not signed by all members. It is rare for the Labour-dominated Health Committee to publish a report without the unanimous support of its MPs. It may show the extent to which the NPfIT has become politcised. This sensitivity is due in part to the scale of the financial commitment to the programme: it is the government's biggest investment in IT. . . Now the Health Committee, which comprises mainly Labour MPs under a Labour loyalist chairman Kevin Barron, is expected to follow the government's line in rejecting calls for any published independent review of the NPfIT. Twenty-three academics had written an open letter to the committee to ask that it call on the government to commission an independent review. But during hearings of the committee earlier this year Barron had expressed little enthusiasm for too much questioning of the NPfIT. He said: "If you go back in years in medical history, into some of the things that doctors were doing at the time, which made major breakthroughs, people were sceptical about [these]. People were questioning even what their peer groups were doing in terms of whether it was the right thing to do." He said that life expectancy has been extended to an "incredible" extent largely because of the "people doing things for the first time." In what seemed to be a criticism of the 23 academics who had called for an independent review of the NPfIT Barron added: "Quite frankly if people were questioning [medical breakthroughs in history] on the basis of 'we don't think it will work' or 'it might not be manageable' and everything else, we may not have made the progress through the centuries that we have done, in society in general and throughout the world. This sort of questioning every little minutiae, or potential every little minutiae, is something that is non-progressive, for what of a better expression." The Health Committee had launched an inquiry into NHS IT with an initial reluctance. When some MPs on the committee sought to have an inquiry, Barron was reluctant to do so, in part because of the complexity of the subject. When the committee subsequently agreed to an inquiry it was held with narrow terms of reference which did not include scrutiny of the whole programme. Thursday's report is expected to include some criticisms, particularly over the lack of consultation of medical professions."

The Electronic Patient Record (13 Sep 2007)

House of Commons Health Committee

http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422.pdf

From the Summary:

"Electronic patient record (EPR) systems have the potential to bring huge benefits to patients and are being implemented in health systems across the developed world. Storing and sharing health information electronically can speed up clinical communication, reduce the number of errors, and assist doctors in diagnosis and treatment. Patients can have more control of their own healthcare. Electronic data also have vast potential to improve the quality of healthcare audit and research. However, increasing access to data through EPR systems also brings new risks to the privacy and security of health records. In England, implementing EPR systems is one of the main aims of the 10-year National Programme for Information Technology (NPfIT), which was launched in 2002, building on earlier initiatives. The main plank of the NPfIT programme is the NHS Care Records Service (NCRS) which will create two separate EPR systems: a national Summary Care Record (SCR), containing basic information, and local Detailed Care Records (DCRs), containing more comprehensive clinical information. NCRS will also include a Secondary Uses Service (SUS) which will provide access to aggregated data for management, research and other 'secondary' purposes. . . Maintaining the security of the SCR and other NCRS systems is a significant challenge. Each SCR will be potentially available across the country to a wide range of different users, making operational security especially problematic. Connecting for Health, the organisation responsible for delivering NPfIT, has taken significant steps to protect operational security, including strong access controls and audit systems. However, the impact of these measures in the complex environment of the NHS is difficult to predict. We recommend a thorough evaluation of operational security systems and security training for all staff with access to the SCR. DCR systems, which will allow local organisations to share detailed clinical information, are the "holy grail" for NPfIT. Such systems can improve safety and efficiency, support key activities such as prescribing, and vastly increase the effectiveness of clinical communication. In particular, DCR systems offer improvements to the care of patients with multiple or long-term conditions. It is on NPfIT's success in delivering DCR systems that the programme's effectiveness should ultimately be judged. In order to deliver DCR systems, Connecting for Health has set out to replace local IT systems across the NHS, as well as building the capacity to link these systems together. The new national broadband network has now been completed, but progress in other areas has been disappointing. In particular, the introduction of new basic hospital Patient Administration Systems (PAS) has been seriously delayed. One of the two main hospital PAS products, Lorenzo, will not be trialled in the NHS until 2008. As a result of these and other delays, it is not clear when joined-up DCR systems will be widely available. In addition, we found it difficult to ascertain either the level of information sharing that will be possible when DCR systems are delivered, or how sophisticated local IT applications will be. In its original specification documents in 2003, NPfIT established a clear vision for local electronic records systems. Four years later, however, the descriptions of the scope and capability of planned DCR systems offered by officials and suppliers were vague and inconsistent. Some witnesses suggested that parts of the original vision have been abandoned because of the difficulties of implementing new systems at a local level. We recommend that Connecting for Health publish clear, updated plans for the DCR, indicating whether and how the project has changed since 2003. We also recommend that timetables for completing DCR systems are published by all suppliers. An important cause of the delays to DCR systems has been the lack of local involvement in delivering the project. Hospitals have often been left out of negotiations between Connecting for Health and its suppliers, and found themselves, as one witness put it, at "the bottom of the food chain". As a result, they have lacked the incentives or enthusiasm to take charge of deployments. Increasing local ownership is now a key priority for the programme. The NPfIT Local Ownership Programme is an important first step but does not go far enough. We make a number of detailed recommendations for increasing local ownership, including giving local organisations responsibility for negotiating with suppliers and for contract management, and offering users a choice of systems wherever possible. We recommend that Connecting for Health switch as soon as possible to focus on setting and ensuring compliance with technical and clinical standards for NHS IT systems, rather than presiding over local implementation. . . The development of the SCR and DCR will offer the SUS access to clinical data which are more timely, better integrated and of a significantly higher quality than those currently available. This is likely to transform the SUS and offers significant benefits, most notably for health research. However, researchers told us that more should be done to ensure that these opportunities are maximised. We make several recommendations for improving access to data for research purposes, including not only the single unique identifier, but also developing better linkage between new and existing databases. Increasing access to patient data also brings new challenges for safeguarding patient privacy, however. There is a difficult balance to be struck between the need to protect privacy and the opportunities for research, between safeguarding individual rights and promoting the public good. There are also a number of weaknesses within current access and governance systems. In particular, during the inquiry questions were raised about the extent to which pseudonymisation of data should be relied upon to protect privacy. We recommend that the Department of Health conduct a full review of both national and local procedures for controlling access to electronic health data for 'secondary uses'. Despite some notable successes, the delivery of NCRS has in general been hampered by unclear communication and a worrying lack of progress on implementing local systems. Although Connecting for Health's centralised approach has brought important benefits, it will increasingly need to be modified, particularly if the crucial DCR programme is to succeed. By clearly restating its aims, providing timetables and indicating how they will be met, and ensuring local organisations take charge of deployment, Connecting for Health can still ensure that NCRS is a success."

MPs says EPRs essential but delivery in doubt (13 Sep 2007)

e-Health Insider

http://www.e-health-insider.com/news/3024/mps_says_eprs_essential_but_delivery_in_doubt

Electronic patient record systems are vital to the future of healthcare in England, but there remain big questions and concerns over how and when they will be delivered by the NHS National Programme for IT. This is the central conclusion of a detailed report on electronic patient records systems published today by the Commons Health Select Committee. It states that the delivery of the NHS Care Records Service (NCRS) has "been hampered by unclear communications and a worrying lack of progress on implementing local systems". While work has begun on the first trials of the summary care record component of NCRS the report states that this is of secondary importance to the delivery of the local detailed EPR systems - the so-called Detailed Care Record (DCR) of NCRS - delivery of which has barely begun. The Committee recommends that the Government ensures that regional Local Service Providers publish clear plans and a timetable for the completion of Detailed Care Record systems and sets a final deadline for the successful completion of the Lorenzo system. The report also calls for more involvement by local NHS organisations and clinical groups in the implementation of DCR systems - due to be supplied by iSoft and Cerner - and more choice for users about what systems they will receive. The Patient Administration System (PAS) replacement strategy being pursued in England by NPfIT is contrasted with other approaches to EPR development underway internationally. The Chairman of the Health Committee, Kevin Barron MP, said: "Whilst the Government is getting the framework in place they still have some way to go before patients and the profession can see tangible benefits of the new system." The report spells out the huge potential benefits to patients of EPRs, which are being created under NCRS, but says that delivery of the project remains uncertain with elements delayed by up to two years. While there have been successes such as PACS and the N3 network the report says that NPfIT's overall progress in other areas "has been disappointing". In particular it says CfH has largely failed to deliver on its core objective of clinically rich shared local DCR systems. "It is on NPfIT's success in delivering DCR systems that the programme's ultimate effectiveness should be judged," says the report. The Committee calls for a more localised approach by NHS Connecting for Health, the DH agency responsible for NPfIT, to speed up implementation of the programme. In particular the Committee singles out delays in the delivery of local Detailed Care Records - the rich local clinical component of NCRS - as a concern. The Committee describes such systems as the 'holy grail' for the EPR programme, but according to the report it is "not clear when they will become widely available". . . The report's recommendations include giving local organisations responsibility for negotiating with suppliers and for contract management, "and offering users a choice of systems wherever possible". The GP Systems of Choice (GPSoC) model is recommended as a template for the wider programme. The report also makes clear that it believes root and branch reform of CfH is needed if NPfIT in general, and DCR systems in particular, are to be successfully delivered. "We recommend that Connecting for Health switch as soon as possible to focus on setting and ensuring compliance with technical and clinical standards, rather than presiding over local implementation." Elsewhere the report states CfH's centralised approach "will increasingly need to be modified, particularly if the DCR programme is succeed". . ."

Health Committee MP criticises report on NPfIT electronic patient record (13 Sep 2007)

Computer Weekly - Tony Collins' IT Projects Blog

http://www.computerweekly.com/blogs/tony_collins/2007/09/health-committee-mp-criticises.html

Mike Penning, an MP on the Commons' Health Committee, has criticised a report by his colleagues on aspects of the National Programme for IT (NPfIT). He said the report of the Health Committee on the Electronic Patient Record - a central part of the NPFIT - was "very weak and a golden opportunity missed". Mike Penning, a Conservative MP, played a key role in persuading the committee to hold an inquiry into aspects of the NHS NPfIT. He told Computer Weekly that he has been a strong supporter of the committee's work. He said that his colleagues on the committee had produced some strong reports that did not back off being critical sometimes of government policy. But he said the committee's report on the Electronic Patient Record, which was published on 12 September 2007, missed a golden opportunity to "produce something meaningful". He said it became "bogged down in minutiae" and failed to call for an independent review of the programme. Twenty-three senior computer scientists, including several heads of computing at various universities, had written an open letter to the Health Committee calling a review of the programme. Derek Wanless, a founding father of the NPfIT, also called for a review of the NPfIT in a report on the NHS published on 11 September 2007. He said there was an "apparent reluctance to audit and evaluate the [NPfIT] programme". The Health Committee has taken the government's position that an independent review is unnecessary. Its report said, "Officials and suppliers both denied the need for an independent, external review. Richard Granger [Director General of NHS IT ] argued that the programme had already been heavily scrutinised, for example by the National Audit Office, and that ministers had therefore concluded that a further review was not necessary. Guy Hains - representing CSC, one of the main suppliers to the NPfIT - pointed out that suppliers were subject to regular reviews, both technical and commercial, and stated that elements of the programme were in effect reviewed every two months. The committee concluded that it understood why some witnesses had called for an independent review of the NPfIT but said, "We do not agree that a comprehensive review is the best way forward." It said that "many of the questions raised by the supporters of a review would be addressed if Connecting for Health [which runs part of the NPfIT] provided the additional information and independent evaluation [of specific aspects of the NPfIT] which we recommend in this report". Penning acknowledged that the report contained some potent and constructive criticisms of the programme. The report was particularly critical of a lack of information - five years since the programme was launched - on the security of systems and the detailed electronic health record. The report said, "Serious concerns were expressed regarding the lack of information both about how security systems will work and about the outcomes of security testing. We agree with these concerns and recommend that Connecting for Health ensure that BT's planned security systems for its national applications are subject to independent evaluation and that the outcomes of this are made public. "There is a perplexing lack of clarity about exactly what NPfIT will now deliver." The report also said that there was a explanatory vacuum surrounding detailed care records systems. Three Conservative MPs on the Health Committee, David Amess, Mike Penning and Lee Scott, refused to sign the report.

MPs go easy on care record plans (13 Sep 2007)

Pulse

http://www.pulsetoday.co.uk/story.asp?storyCode=4114502&sectioncode=35

"The health select committee's long-awaited report into the electronic patient record appears to have largely let Connecting for Health off the hook, while expressing some concerns over data security. The report from MPs, published today, backs the current 'opt-out' consent model for the creation of the Summary Care Record, and rejects calls for an independent review of the National Programme for IT. But the committee does call for Connecting for Health to review its plans to protect the security of patient data passed to the Secondary Uses Service. It also calls for better communication with patients and greater clarity over the content of summary and detailed care records. The committee's chair, Kevin Barron MP, had earlier told Pulse he believed 'most of the comments you hear in the media at the moment in my view, particularly about the electronic patient record, are comments that are quite ill-informed'. The committee's backing for opt-out consent is at odds with the BMA's opposition, and evidence from international legal experts that it could break European law. The report concludes that using implied consent to create the Summary Care Record, and explicit consent to add detailed clinical information, is a 'satisfactory model, but one which has not been well communicated to patients or clinicians'. It adds that including prescribing information in Summary Care Records may remain 'problematic'. 'Much of the controversy over privacy and consent arrangements for the Summary Care Record would have been avoided if Connecting for Health had communicated its plans more clearly to patients.' But the report raises questions over how data would be used with the Secondary Uses Service, and whether pseudonymisation can effectively protect patient privacy. It warns 'there is an urgent need to address these problems', calling for Connecting for Health to review its procedures. GPs were disappointed at the committee's general support for the current rollout of care records. Dr Trefor Roscoe, a GP in Sheffield and outgoing member of the joint GPC/RCGP IT committee, said he was 'extremely concerned' MPs had not heeded the BMA's call for opt-in consent. 'They have agreed that what is being done for pragmatic, making-it-easy reasons is fine by them,' he said. 'It's not fine by the BMA. We can't foresee what uses the record will be put to - and the report's concerns about the Secondary Uses Service is very pertinent to that.' Dr Paul Thornton, a GP in Kingsbury in Warwickshire and long-term critic of the National Programme for IT, said MPs had underestimated the threat to patient confidentiality. 'It would appear that Connecting for Health's confusion with regard to its complexities and consent models has bamboozled the health select committee,' he said. Dr Gillian Braunold, GP clinical lead for Connecting for Health, who is taking on a role as clinical director for the Summary Care Record and Healthspace, welcomed the report. . ."

NHS IT system 'maximises' security risk (14 Sep 2007)

Contractor UK

http://www.contractoruk.com/news/003447.html

The current architecture of a showpiece NHS IT system "maximises" the risk of patients' confidential details being leaked, stolen or breached. Rather than minimising the security risk, the Spine provides "both a bigger target and a larger number points of attack" than if the NHS used a group of smaller systems. Plans for the future of the Summary Care Records, a single database of patient data accessible by all NHS staff nationwide, will also make the system "more difficult to use." Delivering these damning verdicts on the system, due to store the data of 50m patients, the Commons Health Select Committee called for all staff with access to be security trained. Security applications for healthcare systems provided by IT contractors, such as BT, should be independently evaluated, with the results to be made public. The committee said such measures would install confidence in the £12bn computerisation of the NHS, and reduce the risk of security breaches, which are "problematic" and "challenging". It also poured scorn over delays to the SCR, which in some parts is two years behind schedule, saying rollout across the UK is being prolonged by confusion over its content. Health officials gave different answers on different occasions to questions about which types of patient information will be included in the SCR and what it will be used for. "The committee was told at various times that the SCR will be used for the delivery of unscheduled care, for the care of patients with long-term conditions, and to exchange information between primary and secondary care. "It is little wonder that patient groups expressed confusion about the purpose and content of the SCR," the committee wrote in its report into the e-health record. The report warns of "serious concerns" over the lack of information both about how security systems will work and about the outcomes of security testing. This is despite a series of checks, audits and smartcards put in place to secure the SCR, which, overall, will brings benefits to patients, the committee said. "Many of these measures are new and untested on the scale that they will be used in the NHS," it said in its report, published yesterday. "As a result, their impact and vulnerabilities are difficult to predict." To bolster the security of the Spine and the DCR, the local e-record of a patient's full medical history, the committee says custodial sentences should be drawn up to deter would-be data snoopers. Reflecting on the DCR, the cross-party group of MPs said while local control over DCR is a desirable goal; it is "surprising that the architects of the DCR were not able to provide a clearer vision of what is planned." The committee said: "There is an explanatory vacuum surrounding DCR systems and this must be addressed if duplication of effort at a local level is to be avoided." The successful delivery of DCR systems, they said, depends upon the ability of Connecting for Health to harness the benefits from local as well as national input, "something which it has not achieved so far." Among recommendations for the DCR, the committee said an independent technical standards body should be set up to set requirements for interoperability, which all NHS IT suppliers should conform to. Technical standards should cover system security and reliability but the focus should be on ensuring systems supplied by contractors are fully-interoperable, to help the NHS in its goal of seamless data exchange between systems. The committee also recommended that British health executives should follow their counterparts in France, where patients will own their own national summary record. Such an approach is widely accepted as giving patients more control over who can access their record and more opportunity to influence and take control of their own medical care.

MPs clash over Summary Care Record (14 Sep 2007)

Pulse

http://www.pulsetoday.co.uk/story.asp?storyCode=4114520&sectioncode=23

"A furious political row erupted yesterday following the publication of the Health Select Committee's report into the electronic patient record. In an extraordinary outburst at the press conference held to launch the report, MPs shouted each other down and traded insults in front of bemused journalists. The bust up came after the three Conservative MPs on the committee voted against the whole report, in protest at an alleged breach of parliamentary etiquette. Tory MP David Amess said a number of committee members had broken a long-standing parliamentary convention by taking part in a party political debate on NHS IT while the committee's inquiry was ongoing. Several committee members, including the Labour chairman Kevin Barron and Tory member Stewart Jackson, took part in a debate on NHS IT in June. The clerk of the House of Commons had confirmed that the convention existed, Mr Amess added. 'He gave me the advice that it was fine if I and my colleagues felt minded not to continue to attend the rest of the evidence sessions, which we didn't do, and that when it came to the consideration of the report to vote against,' he said. However, Liberal Democrat MP Sandra Gidley said: 'I'm very disappointed with the way this has divided along party lines, because that's not the way we work.I think there was a deliberate attempt to scupper the result.' In a heated exchange, Kevin Barron, Labour MP and chair of the committee, angrily denied that the parliamentary convention existed. 'I think this is about people who didn't like what was said on the floor of the House,' he told Mr Amess. 'Quite frankly I think your opposition is party political.' But Mr Amess, the longest serving member of the committee, replied: 'I take it entirely personally what you've said. 'I'm not going to be called a liar,' he added. 'We're not going to air our dirty linen in public.' Mr Barron retorted: 'You started it.' A spokesperson for the House of Commons said: 'There's no hard and fast rule that members on a committee wouldn't engage in a debate on the topic that their committee was investigating.' 'There is a rule that proceedings in committee are confidential, so they wouldn't be able to divulge any of the committee's views or what it had been deciding.'"

The Government response to the Health Committee report on the Electronic Patient Record (12 Nov 2007)

Department of Health

http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_080238

From the introduction: "The Government welcomes the report's conclusions on the potential of electronic patient records to improve healthcare services and patient safety. In particular, it agrees with the Committee's view that the implementation of electronic patient records is a 'long journey best managed by a staged and piloted development not a big bang approach'. The Government reaffirms its view that solid progress has been made on the delivery of the National Programme for IT in the NHS (the National Programme), though it accepts that delays have occurred to the delivery of some parts of the Programme. These delays are in many instances the consequences of taking longer over consultation and stakeholder engagement rather than simply delays in the production of software. In any event, the robustness of the contracts with suppliers means that the costs of any IT system delays have not been borne by the taxpayer. The Government recognises that continuing effort is needed to engage with frontline NHS staff and to communicate the Programme plans to the public."

Government ignores Personal Medical Security (14 Nov 2007)

Security Research, Computer Laboratory, University of Cambridge

http://www.lightbluetouchpaper.org/2007/11/14/government-ignores-personal-medical-security/

The Government has just published their response to the Health Committee's report on The Electronic Patient Record. This response is shocking but not surprising. For example, on pages 6-7 the Department reject the committee's recommendation that sealed-envelope data should be kept out of the secondary uses service (SUS). Sealed-envelope data is the stuff you don't want shared, and SUS is the database that lets civil servants, medical researchers others access to masses of health data. The Department's justification (para 4 page 6) is not just an evasion but is simply untruthful: they claim that the design of SUS 'ensures that patient confidentiality is protected' when in fact it doesn't. The data there are not pseudonymised (though the government says it's setting up a research programme to look at this - report p 23). Already many organisations have access. The Department also refuses to publish information about security evaluations, test results and breaches (p9) and reliability failures (p19). Their faith in security-by-obscurity is touching. The biggest existing security problem in the NHS - that many staff carelessly give out data on the phone to anyone who asks for it - will be subject to 'assessment', which 'will feed into the further implementation'. Yeah, I'm sure. But as for the recommendation that the NHS provide a substantial audit resource - as there is to detect careless and abusive disclosure from the police national computer - we just get a long-winded evasion (pp 10-11). Finally, the fundamental changes to the NPfIT business process that would be needed to make the project work, are rejected (p14-15): Sir Humphrey will maintain central control of IT and there will be no 'catalogue' of approved systems from which trusts can choose. And the proposals that the UK participate in open standards, along the lines of the more successful Swedish or Dutch model, draw just a long evasion (p16). I fear the whole project will just continue on its slow slide towards becoming the biggest IT disaster ever.

Government says no plans to devolve CfH power (15 Nov 2007)

e-Health Insider

http://www.e-health-insider.com/news/3220/government_says_no_plans_to_devolve_cfh_power

"The government has rejected calls by the Commons Health Select Committee for NHS Connecting for Health to hand over greater contractual power to trusts and strategic health authorities as part of the NPfIT local ownership programme. The government's stance appears at odds with the far-reaching contract renegotiations currently underway with the local service providers, to redefine how and when the core clinical systems can be delivered by the late-running £12bn IT programme. Charlotte Atkins, Labour MP for Staffordshire Moorlands, a member of the Health Select Committee, told E-Health Insider that the greater moves to local ownership and responsibility must be accompanied by decision making powers: "Local ownership and local buy-in are very important, but responsibility without power has little benefits." . . . The Health Committee recommended in its September report that CfH's role should switch as soon as possible to focus on setting and ensuring compliance with technical and clinical standards for NHS IT systems, rather than presiding over local implementation. They called for a stop to SHAs, PCTs and hospital trusts holding responsibility for NHS IT without power to change the centrally negotiated contracts inherited from CfH. However, in its written response to the Health Committee, the government made it clear that this will not happen: "There is no intention to change the contractual arrangements". . ."

Personal tools