Why audit is needed more than ever

After health minister’s remarks that there is no need to apologise for delays to the NPfIT, only an audit may reveal the full implications of deferring core software.

When the health minister Lord Warner confirmed last week that core software for the NHS’s National Programme for IT was at least two-and-a-half years late, he depicted the delay as the benign by-product of a big project.

“I do not feel apologetic about some of the missed targets,” he told the Financial Times. “If you do not set some ambitious timetables you will not drive a big project of this kind.”

Warner’s comments portraying the delays in a positive light – they are evidence the programme is being driven hard – tie in with Whitehall’s reassuring statements about the programme.

The foreword to the latest annual report of Connecting for Health, which is managing the NPfIT, said that progress on the programme had “exceeded expectations”.

And since the report was published last year, Connecting for Health has regularly issued statistics on the success of the NPfIT. Last week it said that nearly 230,000 users have registered for access to the Care Records Spine.

This is a system which, officials hope, will give 50 million patients in England an electronic health record that can be accessed by any doctor or nurse who has a “legitimate” relationship to the patient.

Connecting for Health also says that, since July 2004, there have been more than 400,000 electronic bookings for Choose and Book.

This is system that allows some GPs, with the patient at their side, to book hospital appointments online rather than wait weeks for the hospital to send a letter with the date of an appointment.

The only potentially serious problem with the programme that Warner acknowledges publicly is the resistance of many GPs to allowing confidential medical records to be uploaded to a national data spine without the specific consent of patients.

One national newspaper says that this disagreement with GPs is threatening to derail the programme.

But much of the material seen by Computer Weekly on the programme suggests that the problems of the NPfIT run much deeper than any disagreement between health officials and GPs over the use of medical records on the data spine.

It can be argued that the programme’s problems, when considered in the round, reinforce the need for an independent review of the NPfIT.

In his published comments,  Warner made no mention of the effect of the delays to an integrated Care Records Service on the fragile credibility of the NPfIT, as perceived by hospital doctors, GPs and nurses.

Nor did he mention the effect of delays on plans by hospital trusts to deploy new systems, or the disruption to the running of hospitals when stop-gap systems go live without being properly tested or thoroughly thought through, as happened at Nuffield Orthopaedic Centre in Oxford.

And he made no mention of the significant variances and additions to contracts signed with suppliers, or the added costs of the delays.

Some of the problems at trust level are illustrated by Sue Sutherland, senior change manager for the Care Record Service project at the Ipswich Hospital NHS Trust – an “early adopter” under the NPfIT.

At the annual conference for healthcare IT professionals at Harrogate in March, Sutherland gave an outline presentation on her trust’s experiences of being an early adopter. A strong enthusiast of the programme, she said she wanted it to succeed, but she also wanted health officials to recognise its problems and to discuss them openly.

She said she was surprised that presentations she had seen at the conference on the NPfIT painted a “rosy” picture of the programme.

“Things are not coming out,” said Sutherland, adding that the Ipswich trust had twice postponed plans to go live with a local implementation of the Care Records Service.

Instead of saving about £600,000 by moving from unreliable legacy systems to centrally funded hardware and software from Connecting for Health, Ipswich trust had little choice but to renew its legacy contract – at a cost, she said, of £700,000 for this year.

“We are having to redo work much of the time,” she said adding that being an early adopter of the NPfIT had been a nightmare.

Geoff Reiss, chairman of ProgM, a specific interest group of the Association for Project Management and the British Computer Society, said it was not unusual for big IT-related projects to be late.

But in the public sector, he said it was “extremely rare” for managers to be candid about the extent of delays when making statements in public.

“Usually there is an underestimation of the problems. I would be delighted to be shown to be wrong by proper, detailed, analysed project plans that the judgement [about the length of the delays] is accurate. But I am not sure these exist.”

Reiss believes that the announcement of delays in the delivery of core software could be an indication of more serious problems ahead.

It would not be the first time that long delays have been an early warning of serious trouble. When the Libra project for magistrates courts went wrong in 1992, officials at the Home Office said the scheme would soon be back on track.

Officials said the same when the project was postponed again in 1996 and in 2003. Today, 14 years after Libra first ran into trouble, most magistrates courts are still waiting for new unified systems to manage cases.

The full implications of the delays with an integrated Care Records Service may be exposed only if the government commissions and publishes an independent review of the national programme.

More than 20 leading experts in computer-related sciences have called for an independent audit. One of the experts, Martyn Thomas, a visiting professor at Oxford University, said, “It may very well be that the programme is actually under control and they are aware of all the risks and that in due course systems will be delivered which will prove to be absolutely ideal for all the people who will need to use them. All I can say is it does not look like that at the moment.”

Delays with core software and problems with new installations are not the only reasons for the call for an independent audit.

Stakeholders including trusts, as well as taxpayers and MPs want objective information about the scheme. This has proved difficult to obtain.

One sympathises with Connecting for Health’s senior managers as they try to manage the world’s largest civil computer programme. But is the scheme too large, too complex, too extended in scope and too risky for them to manage successfully?

Without an independent audit, we may not know until billions of pounds have been spent.

Nobody wants the programme to be cancelled – but a rethink of the scheme, prompted by an independent audit, may make the difference between success and failure.

A question of accountability

An independent review of the National Programme for IT in the NHS could provide concrete, objective information and some reassurance to stakeholders and MPs, to offset the lack of accountability for the project over the medium and long-term.

Already the people most closely associated with the project’s conception have moved into other jobs. John Pattison, once the scheme’s senior responsible owner, has retired, and two other senior responsible owners, Aidan Halligan and John Bacon, have moved on.

The health ministers who attended a meeting at Downing Street in February 2002, in which the programme was given the tentative go-ahead, have moved to other posts, including Alan Milburn and Lord Hunt.

There have been other ministers who were spokesmen for the project, but they now have other responsibilities, including John Reid and John Hutton.

Richard Granger, director general of NHS IT, who joined the national programme several months after its inception, gave hints in an interview last week that he is unlikely to be in post for the scheme’s duration.

And the prime minister Tony Blair, who chaired the programme seminar at Downing Street in 2002, will have left Downing Street and perhaps the House of Commons long before the programme is due to finish.

The risks with interim systems

BBC Radio 4’s File on Four programme last week reported on the concerns of paediatricians over a child health system installed by Connecting for Health and BT, the NPfIT local service provider in London.

The Child Health Interim Application (CHIA) is designed to help clinicians monitor the health and vaccinations of thousands of children in London.

The BBC obtained an internal Department of Health document, which questioned whether the system will ever be fit for purpose. “CHIA has impaired the services the child health teams are able to provide. Key elements are not available to users. In many cases, searching returns misleading results. It is difficult to say whether CHIA will ever be fit for purpose,” it said.

The document also questioned how health officials could have commissioned such a system.

“It is difficult to understand how Connecting for Health, the strategic health authorities and primary care trusts came to the conclusion that BT was able to supply them with a child health system to meet their needs.

“BT did not have a track record in the field and did not have a system ready for deployment. It is therefore difficult to justify the decision,” it said.

A spokesman for Connecting for Health insisted that no individual child had been put at risk as a result of the system’s problems. He said that CHIA was implemented at short notice because the previous supplier withdrew support.

“The size of the challenge to provide one child health system across 10 primary care trusts was underestimated and we acknowledge there have been difficulties, which we regret. Despite these difficulties, dedicated NHS and supplier staff have ensured that routine immunisation and vaccination programmes have continued to run,” he said.

Meanwhile, the Nuffield Orthopaedic Centre at Oxford went live in December last year with a basic, largely standalone interim version of the Care Records Service, which the trust admits had not been tested properly.

Problems with the implementation led, in part, to operations being cancelled, and appointments being delayed. Nuffield was the first trust in Southern England to go live with a local implementation of the Care Records Service.

Read more on IT project management