NHS records: computer says no

NHS IT projects are a good idea in theory – but they cost too much and still aren’t ready

by Jill Palmer
Wednesday, March 31st, 2010

In principle, the idea of personal medical records of National Health Service patients being kept on a central computerised system is a good one. Although the days of brown envelopes stuffed with decades of a patient’s medical history filling the filing cabinets in GP surgeries have long gone, people’s clinical records are still usually confined to the organisation which collected them – either electronic GP records held in the practice or hospital records in a paper folder with: “Property of the hospital, not to be removed in any circumstances” written across the front.

Currently, information can only be shared by letter, email, fax or phone. This can be slow and time-consuming and frequently things got lost. All too often, vital notes are not with the correct patient at the correct time in the correct clinic.

This inability of patient information to move seamlessly can cause problems. Hospital doctors and out-of-hours GPs who do not know the whole picture may make false assumptions. People can get the wrong treatment with serious consequences. If it were all on a computer that could be accessed on a need-to-know basis by any medical professional involved in a patient’s treatment, it would lead to quicker, safer treatment and save lives – in theory, at least.

In practice, the initial euphoria over computerising the NHS – first mooted in 2002 – has turned sour. It is currently running at least four years late and the budget has spiralled from £2.3 billion to £12.7 billion. In April 2007, a report by the House of Commons Public accounts committee concluded: “This is the biggest IT project in the world – and it is turning into the biggest disaster”.

The latest controversy surrounds people’s medical records.

The Department of Health and NHS Connecting for Health – a specialist directorate of the DH whose responsibility is the delivery of the National Programme for IT – want more than 50 million people in England to have an electronic “summary care record” and an electronic “detailed record”.

The detailed record would be similar to the current GP and hospital notes, but on a computer and accessible locally to everyone involved in your medical care. Instead of having separate records in all the different places where you receive care, all the staff treating you would have access to the information they need in one place.

The summary care record holds more general details of any medications, allergies and adverse reactions to drugs and is accessible nationally. It is the storing and sharing of this information that is causing a major storm. Plans for centralised summary care records have received repeated criticism over security fears and a lack of enthusiasm among doctors for the technology.

The British Medical Association has accused the Government of rushing it into place at “breakneck speed” without giving patients the chance to discuss it with their doctors and decide whether they want to take part. Doctors want an opt-in system where people have an informed choice as to whether they want their medical data on a national computer system. The Government has chosen a “presumed consent” system where people are automatically included unless they fill out a form to opt-out.

Medics are angry that the information packs sent out to every patient 12 weeks before his or her details are put onto the computer system do not contain an opt-out form. The patient must request one. Many GPs are refusing to upload information to the NHS Care Records Service. A London-wide group of local medical committees has unveiled a poster giving advice on how to opt out and has written to every GP in the capital urging them to display it.

People have never been asked if they want their confidential medical records on a national computerised database. And if too many opt out or choose to have certain information withheld – which they are allowed to do – the system will be of limited use and end up an extortionately expensive white elephant.

Which is why it cannot be rushed. There have already been significant delays in implementing every aspect of the National Programme for IT. Will a few more months – or years – make that much difference, if it ensures the Government gets it right?

While other aspects of the National Programme for IT, such as Choose and Book, do not involve patient confidentiality, computerised personal medical records certainly do. So it is essential that everyone knows exactly what it going on and is not faced with a fait accompli.

People will want to be reassured that their confidentiality is preserved, that their data is not at risk from hackers. Many distrust the Government on its ability to safeguard the personal data it retains on computer systems, as its track record on data security is far from good.

Personally, I believe that computerised records are the way forward and I think that when it is fully explained and all the security safeguards are in place, most patients will support it. After all, most people would agree that having our medical notes on computer at the GP surgery and computer-printed prescriptions have speeded up and improved care. Only the most paranoid would be concerned that surgery receptionists are secretly reading our medical notes – which were much less safe from prying eyes when they were in brown envelopes.

But I also agree with the BMA that the Government should suspend the scheme while outstanding issues are settled. It wants a stop to the rollout of summary care records, inclusion of an opt-out form in the information sent to patients and the permanent withdrawal of BMA comment on the Health Department’s promotional video. Until the acceptability, reliability and usability of the systems are resolved, it will never be a success.

Why all the rush anyway? Could it be anything to do with the general election? The Conservatives have pledged to scrap the centralised NHS personal medical records scheme if they win. Could it be that the current Government is trying to rush it through before the Tories might be in a position to cancel it?

The only place you can read all of Tribune's articles as soon as they are published is in the magazine. To find out more about subscribing from as little as £19, click here.

About The Author

  • terence patrick hewett

    Jill palmer is correct in stating that an NHS database is the way forward; she is also correct in her assertion that it should be suspended. The £26bn wasted on botched state IT projects is a costly illustration of the fact that governments have great difficulty in coming to terms with technology; not the least because none of them have been educated in the sciences so inevitably they see everything from a different perspective.

    Artificial Intelligence is about to sunder the link between economic growth and jobs and the relatively inexhaustible supply of ever cheaper computing power will have profound effects upon the order of society; certainly within the lifetime of our children.

    Recently I attended the Turing Lecture given by Professor Christopher Bishop under the auspices of the IET/BCS. It concerned recent developments in probabilistic modelling, the greatly expanded the variety and scale of machine learning applications, and the future potential for this technology. Just about every industry was present except the people whom AI will affect the most: those of government and trade unions. We as a country can no longer afford to view the future as a place that can look after itself: if we do then the future will devour us.

    Some of the difficulties IT contractors encounter may be appreciated from the following paraphrased excerpts from involved contractors.

    “As an independent UK IT contractor I had the misfortune of working on a government project for a few months some years ago. I would never do it again. Making a success of any IT project requires competent IT consultants but also participation from the business who will use the new technology. I had never known anything like it. Those from said government department that were assigned to the project were not at work half the time, they would not participate in workshops to define requirements and when they did confirm requirements they continually changed their minds and were simply too incompetent to implement any of the organisation changes required to support the new systems. In short they flatly refused to do any of the things they needed to do to make the project a success but everything was the consultants fault. So I am not surprised at the list of failures nor am I surprised that they are attempting to blame others when the real reason for these failures is the idleness and incompetence of these government departments.”

    “Working as a Business Analyst/Solution Architect on one small project for the government about 8 years ago was enough to give me grey hairs and an insight into how the Civil Service hive mind works.

    1) At the tender stage, the Government put out very vague project brief and look for the lowest total cost bid (under the value for money banner). Since winning a government IT project is considered a badge of merit to most IT companies, they’ll purposefully underbid knowing that the government will stump up additional costs anyway. Due to this, projects start out looking cheap and are approved by government on that basis.

    2) Most government project tenders are done in blocks, meaning potentially different suppliers for different components/phases of the overall project objective. Breaking it up like this means different government committees for each component/phase – each with their own agendas/concepts of what that part should do. Of course, they don’t always talk to each other. Worse still, suppliers winning the bids are often competitive rivals.

    3) Most big IT projects take a long time to come to fruition and Central Government have the problem of insisting on full detailed requirements up front, stating all the requirements by themselves with little input from the main users, reviewing the requirements and solutions to death and then micromanaging the project from the “Executive” level. By the time this has been agreed on and approved, technology has moved on and has become more expensive – due to 3rd party suppliers knowing the direction the government/primary supplier is going with that particular technology and take advantage of the project to raise their prices before the orders come flooding in.

    4) By the time the project has entered the build stage, the governmental revolving door has creaked into life at least once with new leadership and new agendas. This means change to the original requirements, so build is stopped and the requirements & solution redesign phase commences. By this time the lead Project/Programme Manager has had enough and buggers off so we have new project management coming on board who knows squat about what happened in the project. More delays as this manager is brought up to speed and performs his own style of project status review.

    5) Rework delays delivery and pushes up the project cost, rework means more cash for suppliers and more micromanaging from the government/civil service “masters” who fail to grasp why the change caused the costs to rise so they start more micromanaging to try and cut corners and drive the costs down. During this phase, the revolving door can creak into life more than once with project team members having had enough or government/civil servants being shuffled around and we could be back at 4) again.

    6) This then leads to poor build quality (full of bugs for the uninitiated) and the buggy version is then released to an unfamiliar user group who then whine and bitch about it. In the meantime as each bug is identified, the project teams goes back to the drawing board and tries to fix the problems (more costs) and the minister currently in charge of the project gets the face full if s**t over it when it all goes wrong even if the problems were caused by his predecessor.

    That’s *if* the project hasn’t been canned mid-way through.

    I can’t see the process changing even with the new government coming later this year unless they completely offload all IT project governance to an external management company who will then manage the entire project without any interference from central government or civil service.”

  • terence patrick hewett

    Jill palmer is correct in stating that an NHS database is the way forward; she is also correct in her assertion that it should be suspended. The £26bn wasted on botched state IT projects is a costly illustration of the fact that governments have great difficulty in coming to terms with technology; not the least because none of them have been educated in the sciences so inevitably they see everything from a different perspective.

    Artificial Intelligence is about to sunder the link between economic growth and jobs and the relatively inexhaustible supply of ever cheaper computing power will have profound effects upon the order of society; certainly within the lifetime of our children.

    Recently I attended the Turing Lecture given by Professor Christopher Bishop under the auspices of the IET/BCS. It concerned recent developments in probabilistic modelling, the greatly expanded the variety and scale of machine learning applications, and the future potential for this technology. Just about every industry was present except the people whom AI will affect the most: those of government and trade unions. We as a country can no longer afford to view the future as a place that can look after itself: if we do then the future will devour us.

    Some of the difficulties IT contractors encounter may be appreciated from the following paraphrased excerpts from involved contractors.

    “As an independent UK IT contractor I had the misfortune of working on a government project for a few months some years ago. I would never do it again. Making a success of any IT project requires competent IT consultants but also participation from the business who will use the new technology. I had never known anything like it. Those from said government department that were assigned to the project were not at work half the time, they would not participate in workshops to define requirements and when they did confirm requirements they continually changed their minds and were simply too incompetent to implement any of the organisation changes required to support the new systems. In short they flatly refused to do any of the things they needed to do to make the project a success but everything was the consultants fault. So I am not surprised at the list of failures nor am I surprised that they are attempting to blame others when the real reason for these failures is the idleness and incompetence of these government departments.”

    “Working as a Business Analyst/Solution Architect on one small project for the government about 8 years ago was enough to give me grey hairs and an insight into how the Civil Service hive mind works.

    1) At the tender stage, the Government put out very vague project brief and look for the lowest total cost bid (under the value for money banner). Since winning a government IT project is considered a badge of merit to most IT companies, they’ll purposefully underbid knowing that the government will stump up additional costs anyway. Due to this, projects start out looking cheap and are approved by government on that basis.

    2) Most government project tenders are done in blocks, meaning potentially different suppliers for different components/phases of the overall project objective. Breaking it up like this means different government committees for each component/phase – each with their own agendas/concepts of what that part should do. Of course, they don’t always talk to each other. Worse still, suppliers winning the bids are often competitive rivals.

    3) Most big IT projects take a long time to come to fruition and Central Government have the problem of insisting on full detailed requirements up front, stating all the requirements by themselves with little input from the main users, reviewing the requirements and solutions to death and then micromanaging the project from the “Executive” level. By the time this has been agreed on and approved, technology has moved on and has become more expensive – due to 3rd party suppliers knowing the direction the government/primary supplier is going with that particular technology and take advantage of the project to raise their prices before the orders come flooding in.

    4) By the time the project has entered the build stage, the governmental revolving door has creaked into life at least once with new leadership and new agendas. This means change to the original requirements, so build is stopped and the requirements & solution redesign phase commences. By this time the lead Project/Programme Manager has had enough and buggers off so we have new project management coming on board who knows squat about what happened in the project. More delays as this manager is brought up to speed and performs his own style of project status review.

    5) Rework delays delivery and pushes up the project cost, rework means more cash for suppliers and more micromanaging from the government/civil service “masters” who fail to grasp why the change caused the costs to rise so they start more micromanaging to try and cut corners and drive the costs down. During this phase, the revolving door can creak into life more than once with project team members having had enough or government/civil servants being shuffled around and we could be back at 4) again.

    6) This then leads to poor build quality (full of bugs for the uninitiated) and the buggy version is then released to an unfamiliar user group who then whine and bitch about it. In the meantime as each bug is identified, the project teams goes back to the drawing board and tries to fix the problems (more costs) and the minister currently in charge of the project gets the face full if s**t over it when it all goes wrong even if the problems were caused by his predecessor.

    That’s *if* the project hasn’t been canned mid-way through.

    I can’t see the process changing even with the new government coming later this year unless they completely offload all IT project governance to an external management company who will then manage the entire project without any interference from central government or civil service.”

  • Mary Hawking

    Many of the anxieties about the Summary Care Record are due to the “enrichment” process which would follow the initial upload of medication, allergies and adverse reactions – the really useful part.
    Records are kept for the purposes of the organisation creating them, and in the format required by the software used: it is known that the records in GP practices vary in format and quality: data fit for the purpose of patient care within a practice may not be fit for sharing. Prescribing is essentially the same in all systems – and because the computer systems make management of prescribing much easier, likely to be accurate.

    If the SCR was like the Scottish ECR (Emergency Care Record) – medication, adverse reactions and allergies only with no enrichment – ever – they would be both very useful – and widely acceptable.
    As it is, there are considerable doubts both about the security/confidentiality and the reliability/usefulness aspects.

  • Mary Hawking

    Many of the anxieties about the Summary Care Record are due to the “enrichment” process which would follow the initial upload of medication, allergies and adverse reactions – the really useful part.
    Records are kept for the purposes of the organisation creating them, and in the format required by the software used: it is known that the records in GP practices vary in format and quality: data fit for the purpose of patient care within a practice may not be fit for sharing. Prescribing is essentially the same in all systems – and because the computer systems make management of prescribing much easier, likely to be accurate.

    If the SCR was like the Scottish ECR (Emergency Care Record) – medication, adverse reactions and allergies only with no enrichment – ever – they would be both very useful – and widely acceptable.
    As it is, there are considerable doubts both about the security/confidentiality and the reliability/usefulness aspects.

  • http://www.nhsdatabase.info Dr Neil Bhatia

    Mary Hawking is absolutely right.

    Patients who either opt in to the SCR, or don’t opt out, are not just agreeing to a “summary”. The Summary Care Record was NEVER going to be just a summary (or “urgent care record”).

    The SCR will be “enriched” by both GPs (and they do not need the consent of their patients to add more and more information to the SCR above and beyond medication, allergies and adverse reactions – which are automatically uploaded) and by hospitals – who will add details of clinic attendances, A&E attendances, in patient summaries etc.

    Whilst you can ask your GP not to upload further information to your SCR, it seems unlikely that you will be able to stop hospitals and clinics from doing so (or, it will be difficult). If you have a SCR, then your GP cannot stop the automatic uploading of details of ALL medication that he/she prescribes for you, even if that medication clearly indicates that you have a sensitive diagnosis (mental health issue, sexual health, STI etc.)

    Patients need to be aware that they are not just consenting to a “Summary”. It WILL become a “detailed” care record.

    If you’re happy with that – opt in. If not, opt out.

  • http://www.nhsdatabase.info Dr Neil Bhatia

    Mary Hawking is absolutely right.

    Patients who either opt in to the SCR, or don’t opt out, are not just agreeing to a “summary”. The Summary Care Record was NEVER going to be just a summary (or “urgent care record”).

    The SCR will be “enriched” by both GPs (and they do not need the consent of their patients to add more and more information to the SCR above and beyond medication, allergies and adverse reactions – which are automatically uploaded) and by hospitals – who will add details of clinic attendances, A&E attendances, in patient summaries etc.

    Whilst you can ask your GP not to upload further information to your SCR, it seems unlikely that you will be able to stop hospitals and clinics from doing so (or, it will be difficult). If you have a SCR, then your GP cannot stop the automatic uploading of details of ALL medication that he/she prescribes for you, even if that medication clearly indicates that you have a sensitive diagnosis (mental health issue, sexual health, STI etc.)

    Patients need to be aware that they are not just consenting to a “Summary”. It WILL become a “detailed” care record.

    If you’re happy with that – opt in. If not, opt out.

  • Peter Brown FRCS

    I am a recently retired surgeon after more that 40 years in the NHS, and have been very involved with computers in medicine during that time. I entirely agree with this article. There is a great need for such a system, but the story of computers in medicine has been long on promises and very short on delivery, doctors have little input in comparison to civil servants, while huge bureaucracies are incapable of maintaining security.

    A possible solution is to use a national NHS number (as opposed to hospital numbers) to identify the patient wherever they are in England (Scotland and Wales being independent as far as health is concerned) but keep the electronic records locally and require that they are requested by the new hospital. In this way the records are devolved and more likely to be secure, while the need to request through a person allows vetting to take place before sending them to a third party.

  • Peter Brown FRCS

    I am a recently retired surgeon after more that 40 years in the NHS, and have been very involved with computers in medicine during that time. I entirely agree with this article. There is a great need for such a system, but the story of computers in medicine has been long on promises and very short on delivery, doctors have little input in comparison to civil servants, while huge bureaucracies are incapable of maintaining security.

    A possible solution is to use a national NHS number (as opposed to hospital numbers) to identify the patient wherever they are in England (Scotland and Wales being independent as far as health is concerned) but keep the electronic records locally and require that they are requested by the new hospital. In this way the records are devolved and more likely to be secure, while the need to request through a person allows vetting to take place before sending them to a third party.

  • blastproof@rocketmail.com

    “Only the most paranoid would be concerned that surgery receptionists are secretly reading our medical notes – which were much less safe from prying eyes when they were in brown envelopes.”

    Why were they much less safe in the Lloyd-George Envelope? To quote my GP, “Paper is the new confidentiality.”

  • blastproof@rocketmail.com

    “Only the most paranoid would be concerned that surgery receptionists are secretly reading our medical notes – which were much less safe from prying eyes when they were in brown envelopes.”

    Why were they much less safe in the Lloyd-George Envelope? To quote my GP, “Paper is the new confidentiality.”

blog comments powered by Disqus