Forced on-line by the NHS: to be confused, exploited, ignored, mistreated and/or patronised

Introduction: why I am so pleased to provide a platform for  this guest blog.

If “the NHS  belongs to the people” then the systems we use to access NHS services should be built around the needs of those who are to use them – not the techno fashion of the day: be it Android/Bluetooth Apps, Oracle/SAP methodologies or … All too often the IT systems have become part of the problem, not the solution. And it is not the “legacy” systems that are to blame. The problem is how we train and motivate those building the systems of the present and future.

I have spent half a century of watching young coders doing that which was unacceptable when I trained as an analyst programmer. I now, inter alia, sit on a Primary Care Network Patient Engagement Group and Convene a Community Safety Partnership. All too often I see the most vulnerable in society wrestling with systems that would never pass any credible user acceptance test.

I was therefore delighted when Mike Hurst agreed to write about some of his recent experiences. We first met when David Blunkett was Home Secretary and Mike was on the front-line, fighting the rising tide of on-line fraud. I was running the study to inform a strategy for partnership policing that would, hopefully, make his job less impossible. The political barriers to implementing the recommendations were finally overcome as the cost and severity of the attacks on the NHS during Covid concentrated political minds. That led to the relaunch of the Joint Counter-Fraud Task Force.

The ability of the NHS to recover from Covid will require the similar identification, reward and replication of good practice and co-operation. This time across the feuding tribes of the NHS (each with its own professional body and/or trade union) as well as across the administrative, organisational and budgetary silos of a wide variety of departments, agencies, trusts, quangos, charities  health and welfare. There are some promising signs, but we need to recognise the start point. The NHS app is common shade of lipstick on the lips of many herds of disparate breeds of swine. As with dogs, cats and horses, the healthiest are the mongrels. More-over many, perhaps most, of those in most need of the services of the NHS has difficulty using a mobile phone or computer without the aid of a teenager. And NHS programmes for supported access do not accept the use of intermediaries and mentors under the age of 18 on safeguarding grounds.

I do not envy those who have been trying to round NHS computing since the grandiose National Programme for IT set it back a decade and put it on the wrong set of tracks. I have blogged on this topic many times in the past and do not intend to do so again. Time has moved on. I have nothing new to add – other than to suggest that you read on … and begin to appreciate the scale and nature of the task facing NHSX.

A guest blog from Mike Hurst, sometime Metropolitan Police financial crime lead for Vulnerable Adults

First. A bit of perspective. I’ve been around computers for a long time.  My first commercial application was a small stock control system that I was involved in the installation of in Scotland, England, Iran and Dubai. I also worked as a systems designer and project manager for other companies including a few years in Saudi Arabia.

So, a bit of experience of introducing computer systems, to people who have never used a computer, in multi-cultural environments, and where English wasn’t the first language.

Fast forwards almost three decades, my last posting as a Police Officer was to the Met’s ‘Operation Sterling’, the economic crime prevention team. Tasked with industry engagement to help design out crime, a significant amount of time was spent saying ‘It’s time the Police got a grip of Cyber Crime.’ Or words to that effect.

As the lead for ‘Vulnerable Adults’ I engaged with many organisations – the Alzheimer’s Society, Action on Elder Abuse, The Brunel (University) Institute of Aging Studies ‘BIAS’, to name but a few.  At the time I was also looking after 6 elderly relatives, who all made it to their late 80’ and early 90’s.

All this informed my MSc IT Security final dissertation entitled ‘Inclusion, Confusion and Exclusion – is technology making the Vulnerable more Vulnerable?’ I looked at Social, Financial and Digital inclusion in the context of the more vulnerable in our society. Particularly, older people, who lack the interest, skills and equipment to go ‘on-line’.

One book I referenced heavily was “The Inmates Are Running the Asylum, Why High-Tech Products Drive Us Crazy and How to Restore the Sanity”, Alan Cooper’s 1999 book.  Perhaps essential reading for anybody involved with the initiation and implementation of any form of computerised system.

We’ve heard the catchphrase ‘Digital by Default’ for years, and many others, where the ambition and assumptions included one Prime Minister’s ambition “We can make the UK the first nation in the world where everyone can use the web”.  Sorry Dave, but you would never have got Auntie Elsie in her Dementia goldfish bowl using a computer. Maybe, during the war when she was repairing Merlin engines, she had the mental capacity to adapt to new technology, but not in her twilight years.

We may remember the cancellation, back in 2011, of the NHS National Programme for IT, after spending £12.8 Billion on it.  I’m sure there is a recognition that Information Technology is everywhere, and even Auntie Elsie relied on IT to get her pension paid to her bank account. And I relied on IT to pay her care home bills. A clear disconnect between her information being processed by organisations, and the customers’ use of their IT.

It’s a well known fact, that NHS care is accessed significantly more often as we get older.

And there remains a generation of people with no experience of using any form of IT. Yes, there are many stories of older people with significant IT Skills and many more, even the majority, have mobile phones. But there are two aspects to their ability to use ‘Cyber’:

  • Older peoples’ ability to learn new things and the inevitable decline in cognitive ability. Losing capacity is possibly a bigger difficulty than adoption of new technology, and when people are ill, they may also lose long held skills, on a temporary or more permanent basis.

There is an opinion in many that “The Internet is a Human Right”.  It is not. Human rights include the right to be treated fairly, with dignity, to a private and family life, without discrimination. The Data Protection Act (UK GDPR) guidance issued by the Information Commissioners Office (ICO) makes it clear that consent is a significant issue, including ‘Consent should be obvious and require a positive action to opt in’.

So is the NHS following the ICO and therefore legal requirements when it opts a patient into it’s systems? There are situations where it would not be sensible to reject the use of technology, such as in medical equipment and to pass information between medical staff, but what about the relationship with the NHS where patients are being forced on line?

Let me explain. A significant number of systems are being implemented for the patient to use. Not one single system, but multiple systems with high levels of inter-operability between them presenting a bewildering array of challenges to even the most competent user.

General Practitioners, and Hospitals, are able, on-line, to arrange services far more efficiently. It was always usual practice to confirm things in writing, of course this has significant financial costs.  Text messages as reminders work well and reduce missed appointments.  Telephone calls to patients are increasingly being used as an alternative to face-to-face consultation.

For the last 10 years we have been telling various hospitals that we don’t have a home phone (which wasn’t a lie – the cable got damaged a few years ago, it just ‘rings out’).  The reason was the number of answerphone messages we got from different directions which could have been solved instantly with a call on the mobile number. Don’t these people realise that when they are at work so are other people? Have they ever called themselves up? “call yourself up – see what indignities you have built into your defences” Robert Townsend, ‘Up the Organisation’ 1981.

The latest from my local trust is the decision to go ‘Digital By Default’. To do away with all paper correspondence, not provide the option to receive written confirmation, and to remove the option from their systems. Without informed consent.

The default is not digital. It’s paper, phone and face to face.  The lowest common denominator. The only option for many.

Now, the hospital sends appointments and test results via text message. Click on this link, log in and view your results. I did. My blood test results were 20 or so charts of technical information. Meaningless information to me.  Possibly frightening to some people.  Gobbledygook only understandable by a doctor with access to my medical records.  To get there I had to do a password reset as I hadn’t set myself up.  After reading the results I immediately tried to opt out, and it took 2 months to be told that I had opted in when I set up the NHS App to prove my Covid status. That’s in addition to the NHS Covid-19 App and the Zoe Covid Monitoring App.

Text messages sent by the hospital assume that the patient has a smart phone.

  • It asks “Please login to the following link with PIN XXXX and DOB on your smartphone, tablet, laptop or PC”. No alternative is given, and all it says is ‘This is a Patient Portal digital outpatient letter invitation’.
  • The link takes you to the hospital web page, where you have to sign in.
  • It then takes you to the ‘Care Information Exchange’
  • Then to the ‘Patients Know Best’ System. Who decided that name?

All layered but difficult to negotiate, with different functional designs and operations.

  • I contacted to the help line. They clearly state you can only ask for help if you have their reference number.   You can’t get a reference number unless you are successfully logged on.
  • They didn’t know how people were set up and refer people to their GP if you want to opt out.
  • A phone call to my GP’s surgery, a receptionist said “you have to fill a form in, come down and get one”
  • On arrival, another receptionist said they don’t have any printed out so asked their systems administrator.
  • The systems administrator replied ‘you’ll find it on the web’ the receptionist didn’t know the answer to the question ‘where’. Why wouldn’t the sysadmin print them out, do I need to describe him?
  • Eventually, with emails to the hospital, the opt out was confirmed.
  • At the next appointment, a nurse disclosed how irritated she is about having to field the many complaints about the new method of working that she has received.
  • The end result? Following this appointment, another text, follow this link to get your appointment.

Unbelievable. Start again. Just what the Digital Defaulters should do.

I’m lucky enough to have a GP that has referred me twice during lockdown to for NHS treatment at a private hospital, so another round of on-line form filling to register with them. On the second occasion my surgeon had to refer me to another clinic which, although it is in the grounds of the same NHS hospital that the private hospital, it is not in the same NHS trust. Another system to log into.

Just in case you have lost count of the number of systems that I’m talking about:

  1. NHS App
  2. NHS Covid App.
  3. NHS Portal.
  4. Local Trust web site.
  5. Care Information Exchange.
  6. Patients Know Best.
  7. Private Hospital Website.
  8. Second NHS Trust Website.

A few I haven’t detailed.

  1. GP Website
  2. eConsult NHS
  3. Patient Access (for prescriptions)
  4. UK Biobank (research volunteer)
  5. ZOE Covid analysis app.

Can you imagine the stress and frustration as a result for people who are unable to use the systems that the NHS is forcing on them? What are the real consequences? Stress is a killer, and the lack of care and consideration for patients, sorry ‘service users’, must be having real consequences. So much of this revolves around the lack of integrity shown by the management. A similar lack of integrity to that of the Post Office managers who failed to address the problems with the Horizon system. I did speak to Paula Vennels once about the problems older people had remembering their PIN’s in order to get their pensions from the post office.  A complete lack of understanding on that issue as well.

For those of you not involved in Information Security there are three essentials. “CIA”. Confidentiality, Integrity and Availability. We hear a lot about Confidentiality, observers are concerned about the amount of patient data bouncing around from NHS systems to outside systems. Availability is not just minimising downtime, it’s making sure that the systems can be accessed appropriately, clearly the NHS is falling down on that one in denying availability to vulnerable people in a way they understand.

Integrity is a far wider concept than making sure the system works. It’s about making sure it works for the people who rely on it. The responsibility is not only at the top levels, it’s throughout every level in any organisation.

Going back to a conversation I had with my Boss when I was working in Iran. “We just happen to be using a computer because that is the best way of doing it. If the best way of doing it was on paper, we would.”

The best way?



Data Center
Data Management