Examination of Witnesses (Question Numbers
16 June 2008
Q100 Dr Pugh: And you are insisting
Mr Hextall: We are insisting on
interoperability between the systems so that patient information
can be available where ever it is needed.
Q101 Dr Pugh: That is a reassurance
as well. In a sense, if you do get that kind of interoperability,
there is not an enormous amount of merit in having everybody in
the one area use the same system, is there?
Mr Hextall: There are different
justifications, I suppose, in that case because one of the values
of using a common system that is of good quality is that it is
going to be resilient and have disaster recovery built in, so
that hospitals that are open 24 hours a day seven days a week
can be assured of 99.9% availability, all but 45 minutes in a
31 day period, so high standards of resilience, but also, every
time you come to upgrade it, the fewer systems there are to upgrade
the cheaper it is, and the less risky it is.
Q102 Dr Pugh: So the fewer people
providing the care the fewer options you have got.
Mr Hextall: Yes.
Q103 Dr Pugh: NHSmail has not been
taken up by everybody but it does say in the Report that "all
will". Now, if they do not at the moment, how do you know
Mr Hextall: All are expected to
because (a) it is free
Q104 Dr Pugh: They do not have to?
Mr Hextall: They do not, no. So
(a) it is free and (b) when the upgrade to the Microsoft Outlook
platform takes place later this year that will remove a number
of barriers that some large-scale campus sites are seeking
Q105 Dr Pugh: But if they do not
wish to they can stay out. On GP to GP transfer, there are three
firms at the bottom of the list on page 35 which are apparently
quite small, and their accreditation is going to be much delayed.
Why are you so prejudiced against small firms?
Mr Hextall: We are definitely
Q106 Dr Pugh: Why are you delaying
their accreditation then?
Mr Hextall: They are not able
to be accredited yet.
Q107 Dr Pugh: That is only because
you are not accrediting them.
Mr Hextall: As soon as they are
able to be accredited, they will be.
Q108 Dr Pugh: But it says, "
... accreditation will be delayed until the other suppliers have
successfully delivered GP to GP transfer". It does not say
they are not able to; it says they are back in the queue.
Mr Hextall: They get accredited
the instant they are able to do it.
Dr Braunold: They are not ready
with the system.
Q109 Dr Pugh: They have not proved
they have done it.
Mr Nicholson: Yes.
Q110 Dr Pugh: Finally, I learnt there
is a little firm called Graphnet in the Hampshire and Gwent areas
who have implemented the electronic patient record to wholesale
satisfaction. If that is the case, why has the National Programme
had such difficulty?
Mr Hextall: I think there is a
completely different scale. We have examined the Graphnet system
and it is on a different scale with different security entry criteria
to the ones we are operating.
Q111 Dr Pugh: It is less secure?
Mr Hextall: I am saying they are
using different security input mechanisms.
Q112 Dr Pugh: But not worse, necessarily?
Dr Braunold: It is not to e-GIF
Level 3 standard. It is against different security methods, and
it has different amounts of data on there as well.
Q113 Dr Pugh: But you assume the
system they are using at the moment is not necessarily the higher
standard but safe?
Dr Braunold: It has a lot of patient
and clinician satisfaction with the system, and we have done a
lot of learning from the Graphnet system in terms of how they
have done patient participation and clinician participation, in
particular, and how they have got patient buy-in in Gwent, which
has been very interesting indeed.
Q114 Mr Touhig: Mr Nicholson, I see
that in January 2004 you were awarded the CBE for services to
the NHS. That is fact.
Mr Nicholson: I am sureI
Q115 Mr Touhig: I think it should
be for courage because anybody who would go on Radio 4, the Today
programme, as you did just before Christmas last year, and state
that the NHS care record service would be considerably more secure
than internet banking is recklessly courageous. Why did you make
that statement? What does it mean?
Mr Nicholson: It means the levels
of security and the technical mechanisms we have make it more
secure than internet banking.
Q116 Mr Touhig: I do admire your
courage too! It is an impressive claim to make but can you understand
that doctors and patients will have some doubt and some concern
about security of their records in view of the breaches that have
taken place in the past?
Mr Nicholson: Yes, I can perfectly
understand why people will be concerned. That is why we have taken
the time and the effort we have to get ourselves to where we are
Q117 Mr Touhig: We are not quite
sure where you are today, are we? The Care Record Guarantee summarised
on page 35, Fig 15, of the C&AG's Report also seems very impressive
but so did Revenue and Customs' policy on data security before
a massive data loss last year, and the MoD's before they lost
the details of 600,000 applicants who planned to join the Armed
Forces. The policy always sounds good, does it not, but is it
Mr Nicholson: The NHS is a massive
system, 1.3 million people work in it, a huge number of organisations;
those organisations are responsible for the security of their
data; it is hard-wired into people in the NHS around confidentiality,
so it is one of the basic points that I think NHS staff operate
under; we have a whole series of guidances and processes and procedures
out there to ensure it; it is built in technically to the system
we are developing through Connecting for Health, through the kinds
of things that Gordon has been talking about in terms of the level
of security: I think we are in a good place as far as security
is concerned. There always will be circumstances, and when circumstances
do take place then we need to make sure we react rapidly, and
Q118 Mr Touhig: Revenue and Customs'
policy was: "We use leading technologies and encryption to
safeguard your data and operate strict security standards to prevent
any authorised access to it", yet they still managed to lose
25 million people's records not because of any failure of the
system but because people failed to follow proper procedures.
What are you doing to ensure people follow proper procedures that
have nothing to do with actually managing the system?
Mr Nicholson: You also need to
make it easier to make the right decisions than the wrong decisions,
so you need a set of technical systems and processes to underpin
that to make that happen around encryption and all the rest of
it, so it is not just about processes and procedures. We have
issued a huge amount of guidance; we have put it high up on the
responsibilities of all chief executives in the NHS; we have identified
that if there are any kind of data breaches patients need to be
told: we have said that people have to set it out in their annual
reports if there are any and what lessons they have learned and
what they have done about it, so we have significantly increased
its significance to NHS organisations. We expect people to take
action when it does go wrong.
Q119 Mr Touhig: But things do go
wrong, and how often are staff reminded and warned about following
proper procedures? We are not clear what has happened just recently
but it is clear people have not followed proper procedures and
have taken secret information away from the Cabinet Office that
should not have been removed under those circumstances. We do
not know the details yet. What are you doing to ensure every day
that people are reminded that there are certain procedures they
Mr Nicholson: As I say, part of
it is the design of the system itself so you cannot do the sorts
of things you have described, but also training and education
in the way in which we take forward the development of our people,
and it is absolutely hard-wired into the kind of training and
education that we have.