Communication is key to NHS IT plan

With the first of the National Programme contracts for NHS IT due to be signed in the autumn, the Computing-led NHS Monitoring Group met for the first time this month to discuss the issues.

The success factor for the whole programme will be buy-in - from clinicians, NHS IT staff, suppliers, and the public.

This will be achieved through effective communication about what the NHS IT vision is, and how it will improve the standard of healthcare.

The committee believes that whatever valid criticisms there may be, scrapping the National Programme is not an option.

It offers clear action points, which will be submitted to the health select committee and the Department of Health.

Publicise best practice and create a network of 'champions'

Examples already exist of the type of systems the National Programme is planning on a nationwide scale. Publicising the examples of best practice would help persuade clinical users of the benefits.

'A lot of this has been done before. These systems have had complete buy-in and input from clinicians, so the NHS knows how it's been done in the past and how to put the message across,' said Laurence Harrison, healthcare programme manager at supplier trade body Intellect.

'We should pick some places with successful IT programmes and extract some clincians to go and sell that to their peers,' said Jim Norton, independent director and former head of the Cabinet Office Performance and Innovation Unit ecommerce team.

Create clear policies on data quality and patient confidentiality

So far, there has been very little detail from the National Programme office about its policy on information security.

There are two key issues, says Peter Sommer, security expert and research fellow at the London School of Economics.

'With this quantity of data, you have to assume things will go wrong,' he said. 'So the first question is about data accuracy - how do you audit back to see if someone has made a mistake?

'The second is the issue of patient confidentiality.

'It doesn't matter what level of technical infrasturcture you put in to provide security, in the end it depends on individuals understanding and following procedure,' said Sommer.

Clarify the balance between risk and responsibility

In data security terms, who is responsible for data input locally into national systems?

'Who is going to have ownership of the data going in?' said Sommer. 'At the moment, with local systems, it's pretty clear, but when we go onto a centralised system it will be different.'

What mechanisms are there to control the amount of risk placed on suppliers?

The specification document for the Integrated Care Records System at the heart of the programme, leaked to Computing, makes it clear that all the risk of designing, building, implementing and running the system will be with suppliers.

But it's not that simple, says Harrison. 'There is an issue about how suppliers with that amount of risk imposed upon them can work effectively at the local level.

'The governance structure within the National Programme is important and the sooner that has been articulated then we can start looking at where the responsibility lies.'

All of the issues raised by the group are serious, potentially fatal to the success of the programme. But equally all the concerns can be simply addressed.