The National
Programme for IT
in the NHS
A Case History

Oliver Campion-Awwad, Alexander Hayton, Leila

Smith and Mark Vuaran

February 2014
MPhil Public Policy 2014, University of Cambridge
Contents

Introduction  .................................................................................................................  3  
Aim of this case history........................................................................................................... 3  
Structure ................................................................................................................................. 3  
Early years of the electronic patient record  ......................................................  5  
Background: genealogy of a national programme .............................................................. 5  
‘Information for Health’: good practice gone bad ............................................................... 8  
Opposition: confidentiality and the electronic patient record ........................................... 10  
NPfIT: doomed to failure? .................................................................................................... 11  
NPfIT: Launch, Delivery and Implementation  ...............................................  15  
The launch of NPfIT .............................................................................................................. 15  
Recommendations from the Wanless Review ..................................................................... 16  
Issues in the Gate Zero Review ............................................................................................ 16  
The draft OBS and NSP Plan Timetable .............................................................................. 17  
Director General’s appointment and approach to contracting .......................................... 18  
The revised OBS .................................................................................................................... 19  
Procurement process ............................................................................................................ 19  
Procurement concerns .......................................................................................................... 21  
Leadership changes and Connecting for Health .................................................................22  
iSoft and Accenture ...............................................................................................................23  
Delivery and Implementation ............................................................................................. 24  
Electronic Care Record Delays ........................................................................................... 24  
System Functionality ............................................................................................................ 27  
Changes in suppliers ............................................................................................................ 28  
Privacy Concerns ................................................................................................................. 28  
The End of NPfIT  .......................................................................................................  30  
Delivery .................................................................................................................................32  
CSC ........................................................................................................................................32  
Value for Money....................................................................................................................33  
Conclusion  ..................................................................................................................  36  
Would it happen again today? .............................................................................................36  
Appendix 1  ...................................................................................................................  40  
Bibliography  ..............................................................................................................  41  

2
Introduction

The National Programme for IT in the NHS (NPfIT) was the largest public sector IT
programme ever attempted in the UK, originally budgeted to cost approximately £6 billion
over the lifetime of the major contracts. After a history marked by delays, stakeholder
opposition and implementation issues, the programme was dismantled by the Conservative-
Liberal Democrat Government in 2011, almost ten years after Prime Minister Tony Blair
initiated it at a seminar in Downing Street in 2002.

The core aim of NPfIT was to bring the NHS’ use of information technology into the twenty-
first century, through the introduction of integrated electronic patient records systems,
online ‘choose and book’ services, computerised referral and prescription systems and
underpinning network infrastructure. Despite the failure of many of these services to be
delivered, the government, and ultimately taxpayers, incurred significant costs for the
programme, including contract transition and exit costs which continue to accrue in
2013/2014.

Aim of this case history

This case history of NPfIT investigates what went wrong with the programme, identifying
three main themes:
• Haste. In their rush to reap the rewards of the programme, politicians and programme
managers rushed headlong into policy-making, procurement and implementation
processes that allowed little time for consultation with key stakeholders and failed to deal
with confidentiality concerns;
• Design. In an effort to reduce costs and ensure swift uptake at the local levels, the
government pursued an overambitious and unwieldy centralised model, without giving
consideration to how this would impact user satisfaction and confidentiality issues; and
• Culture and skills. NPfIT lacked clear direction, project management and an exit strategy,
meaning that the inevitable setbacks of pursuing such an ambitious programme quickly
turned into system-wide failures. Furthermore, the culture within the Department of
Health and government in general was not conducive to swift identification and
rectification of strategic or technical errors.

Structure

The first part presents the history of electronic patient records and healthcare information
systems in general, identifying several key trends that, had the government learned from
them, could have prevented further issues with the implementation of NPfIT. It also looks at
the issue of confidentiality and the decision making process behind NPfIT and asks the
question ‘Was NPfIT doomed to failure?’

3
The second part details the procurement processes and failures in the early years of NPfIT. It
highlights several issues that should have acted as ‘warning signs’ for the government of the
time. It details the implementation issues that became apparent during the later years of
NPfIT and demonstrates how, despite the history of previous IT failures, the government
failed to learn the lessons of the past.

The final part outlines the history of NPfIT before and after the 2010 general election, after
which the decision was made to dismantle the ailing programme. Our conclusion brings
together the themes addressed throughout the paper and identifies underlying questions
about why major public sector IT projects go wrong and whether NPfIT style failures are
likely to be repeated.

4
Early years of the electronic patient record

Electronic patient record (EPR) systems were introduced at a time when healthcare
professionals would use a pen or pencil to make notes on a patient’s GP referral letter as part
of the old paper-based patient care record (MPA, 2011).

NHS Executive (1998, p.12) states that ‘Individualised personal electronic records [...]
provide NHS professionals with 24 hour secure access to the information important to
individual patients’ care, when required. This will immeasurably improve emergency care
and ensure any professional involved in the care of an individual is up to date with their
treatment.’

There are four main groups of beneficiaries of such systems (NHS Executive, 1998):
1. Patients, who can use EPR systems to see their own test results from home and to
understand NHS performance data;
2. Healthcare professionals, who can use EPR systems to gain access to fast, reliable and
accurate information about patients, local and national knowledge bases and information
to support them in their work;
3. NHS managers and planners, who can use secondary data from EPR systems to gain
access to high-quality information that helps them target and utilise resources; and
4. The public, who can use secondary data from EPR systems to assess the performance of
local hospitals and other healthcare service providers.

As well as these immediate benefits, EPR systems can help prevent blunders (interview with
Brennan, 2014) and have been shown to be more understandable and legible than paper-
based records, as well as being more likely to contain at least one diagnosis and more
detailed referrals (Hippesley-Cox et al., 2003). Furthermore, EPR systems can ‘vastly
improve the accumulation and dissemination of information on public health’ (Laporte,
1994, p.1651), and can be used to inform public health policy by mapping, for example, a
disease’s resistance to antibiotics (STC, 1998).

Some, notably Lærum et al. (2001) have questioned these advantages. Nonetheless, there is
a wide acceptance of the need for EPR systems, with even those who express reservations
about some aspects of the EPR (for example, Tonks) accepting that its medical benefits are
‘undeniable’ (1993, p.1227).

Background: genealogy of a national programme

The National Programme for IT in the NHS (NPfIT) was the most costly IT project in the
history of the NHS, but was by no means the first (Brennan, 2005. See Figure 1).

5
Figure 1: timeline of major NHS IT projects, 1960s-2000s (taken from Brennan, 2005,
p.49, Figure 6.1)

The history of IT in the NHS is mixed, with some notable successes interspersed with many
more failures. At the time of NPfIT’s launch, an estimated 60-80 per cent of all healthcare IT
projects ended in failure (Brown, 2001). This section deals briefly with some of these past
attempts.

The 1970s and 1980s saw a number of individual NHS Trusts and hospitals introduce their
own information systems. Notable among these is the 1984 Wessex Regional Health
Authority (WHRA)’s Regional Information Systems Plan (RISP), which combined hospital
information systems, personnel management systems, accumulation of community care data
and accountancy functions (Brown, 2001). However, the RISP lacked effective programme
management, and missing budgetary controls and delivery targets caused the plan to exceed
expected costs and delivery dates before being abandoned in 1990 (Brennan, 2005).

Another failure was the Hospital Information Support System (HISS), which ran in seven
NHS Trusts1 from 1988 (Brennan, 2005). HISS introduced hospital-wide EPR systems and
computerised the ordering of clinical tests, but was dogged by severe delays and had made
efficiency savings of just £3.3 million (compared to an expected £10.4 million) across the
seven trial sites by 1995. Brennan (2005) blames the failure of this system on the ‘absurd
diversification’ (p.53) caused by too many companies trying to service too few hospitals.

1 Darlington Memorial Hospital NHS Trust, Greenwich Healthcare NHS Trust, Nottingham City

Hospital NHS Trust, Kidderminster Healthcare NHS Trust, Addenbrookes NHS Trust in Cambridge,
James Paget Hospital NHS Trust in Great Yarmouth and Birmingham Heartlands Hospital NHS
Trust.

6
Attempts to combat such diversification in NPfIT proved just as problematic two decades
later.

Introduced around the same time as HISS, the Resource Management Initiative (RMI)
aimed to involve clinicians in their hospitals’ management structures by placing a ‘casemix
box’ in every hospital involved in the scheme (Brennan, 2005). However, like HISS, the RMI
failed to meet expectations because casemix boxes did not integrate properly with existing IT
systems, making the system time-consuming and eventually rendering casemix boxes
obsolete (Brennan, 2005).

The 1992 NHS Information Management and Technology (IM&T) strategy was the first truly
nationwide NHS IT strategy, and identified five main principles for the use of information in
the health service (Brennan, 2005):

1. Information should be person-based;

2. IT systems should be integrated;
3. Information should be derived from existing operational systems;
4. Information should be secure and confidential; and
5. Information should be shared across the NHS.

The 1992 IM&T strategy saw the introduction of a number of key pieces of infrastructure
which still exist today, such as the NHS Number, shared NHS administrative registers
(NHSARs) and the NHS-wide information network NHSnet.

Programmes initiated under the 1992 strategy included the EPR Programme, which ran from
1994-97 in Queen’s Hospital, Burton, and Arrowe Park Hospital, Wirral. This six-level EPR
system was a great success in the two hospitals covered, and enjoyed overwhelming ‘buy-in’
from stakeholders at both sites. However, the programme’s full evaluation report was never
made public, which may have led to later opposition to similar EPR systems elsewhere
(Brennan, 2005).

The EPR Programme in Burton and Wirral was followed in the early 2000s by the Electronic
Record Development and Implementation Programme (ERDIP), which has been described
by Brennan (2005, p.71) as ‘one of the strangest, and least understood, initiatives carried out
by the NHS before NPfIT’. ERDIP introduced to the NHS electronic health records (EHRs):
an individual patient narrative providing detailed diagnostic and treatment information
about all interaction with the NHS from birth to death. However, there was confusion among
some NHS staff about whether the new systems would provide EPR functionality, EHR
functionality, or both (Brennan, 2005). An evaluation report written by PA Consulting Group
concluded that better stakeholder communication was needed.

Broadly speaking, the 1992 IM&T strategy was seen as a missed opportunity. Despite several
technological advances and the introduction of key infrastructure, the strategy lacked overall
objectives, specific targets and sufficient programme evaluation (Brown, 2001).

7
Furthermore, the lack of an overall business case led to confusion among stakeholders about
the reasoning behind some of the projects and programmes initiated under the strategy
(PAC, 2000b). Following its election victory in 1997, the Labour government criticised the
1992 IM&T strategy for being overly concerned with management information (NHS
Executive, 1998), as well as for helping perpetuate the ‘internal market’ of the NHS, which
was largely seen to have failed (DH, 1997). However, it is now clear that the Labour
government did not learn from the 1992 strategy’s other limitations before initiating NPfIT.

Not all the programmes initiated under the 1992 IM&T strategy failed. Despite the
difficulties many stakeholders had in understanding its purpose, Brennan (2005) highlights
ERDIP as an example of good practice, as it was tailored to local needs and enjoyed user
(staff) support in most locations. This is a far cry from the one-size-fits-all solution
introduced by NPfIT, and fits Brennan’s assertion that ‘[...] the major factor to influence
success of a project is the people and not the technology’ (2005, p.75).

‘Information for Health’: good practice gone bad

Following its landslide election victory in 1997, the Labour government of Prime Minister
Tony Blair set out to reform Britain’s public services. Its vision for the NHS was set out in the
document ‘The New NHS: Modern. Dependable’ (DH, 1997). The 1998 IM&T White Paper,
better known by its title ‘Information for Health’ (NHS Executive, 1998), expanded on the
vision set out in ‘The New NHS’ vis-à-vis the EPR, and has been described by Brennan
(2002a, p.13) as ‘a document that still stands as a pragmatic and sensible statement of fact
and clarity of vision.’

The gist of the 1998 IM&T strategy was to extend the current best practice from the primary
healthcare sector to the rest of the NHS. For a number of years, the government had
supported GPs in buying their own IT systems by providing 25-50 per cent of the funding, as
long as the system met certain requirements (interview with Cundy, 2014). This system was
known as Requirement for Accreditation (RFA) and was largely successful, despite some
suppliers not supplying the correct systems and some isolated cases of unwelcome
interference from government in choosing specifications (interview with Cundy, 2014). The
1998 IM&T strategy, however, sought to end this top-down approach.

In line with the new government’s ‘third way’ and aim to ‘[build] on what has worked,
[while] discarding what has failed’ (DH, 1997), the 1998 IM&T strategy maintained the 1992
strategy’s five principles for use of information in the NHS (see above).

A number of strategic aims were also identified by the 1998 strategy, including (NHS
Executive, 1998):

• Ensuring patients could be confident that healthcare professionals had reliable and rapid
access, 24 hours a day, to the relevant personal information necessary to support their
care;
• Eliminating unnecessary travel and delay for patients by providing online access to
services and specialist care;

8
• Providing patients with access to accredited and independent advice about their condition;
• Providing healthcare professionals with online access to the latest local and national
guidance and evidence on treatment and tools to evaluate their clinical effectiveness and
aid their professional development;
• Providing healthcare managers and planners with accurate information to support local
Health Improvement Programmes and the National Framework for Assessing
Performance; and
• Providing the public with fast and convenient access to accredited advice on lifestyle and
health and information to support their involvement in and understanding of local and
national healthcare service policy development.

To achieve these lofty aims, the strategy set forth a number of loose targets, including the
aim of computerising and connecting all GP surgeries to NHSnet by 2002, transmitting all
radiology reports electronically by 2003, computerising all NHS prescription and booking
systems by 2004, and ensuring all NHS Trusts had installed level-3 EPR systems (see Table
1, below), installing the first ten local EHR systems and introducing nationwide telemedicine
services by 2005 (Watson, 2001).

Table 1: levels of electronic patient record (taken from Watson, 2001, Table 1)

One of the main strengths of the 1998 IM&T strategy was that it combined strategic vision
with an implementation plan (Brennan, 2001a) – something conspicuously absent from both
previous and subsequent programmes (Ritter, 2008b). The strategy’s architects also
understood the importance of using IT as a means to an end, rather than the end itself,
stating ‘An information strategy for the NHS must be driven primarily by a careful and
comprehensive analysis of the information needed to support the service objectives of the
NHS and the policy objectives of Government [...] and not simply by the technical
possibilities’ (NHS Executive, 1998, p.13).

9
Furthermore, the 1998 IM&T strategy championed local ownership of EPR systems, while
supporting standards for data collection to allow for records to be shared seamlessly across
healthcare providers:

It is not possible or necessary to undertake the development of all national

clinical data standards centrally. An organisational framework is needed to
create the national context for the work and coordinate existing work or
commission new work as required. (NHS Executive, 1998, p.47)

Despite these assets, the 1998 IM&T strategy has gone down in history as another healthcare
IT failure. Looking at NPfIT, it is easy to wonder how the 1998 strategy transmogrified into a
centralised and unwanted system in less than four years. Brown (2001) identifies the lack of
identifiable performance targets, lack of clear business case and lack of clarity about plans to
evaluate the success or failure of the strategy as its main downfalls. The Public Accounts
Committee has noted that, without full stakeholder understanding of the business case for IT
programmes, failure is highly likely (2000a). Out of this failure, the NPfIT was born.

Opposition: confidentiality and the electronic patient record

Almost inevitably, new information technologies come up against opposition, both from
within the sector they impact (in this case, healthcare) or without. The most damaging
criticism of the proposed national EPR from the early 1990s onwards was that such a system
‘threatens to make private healthcare information available for misuse’ (Denley and Watson
Smith, 1999, p.1328). Tonks (1993) warned that centralised databases of healthcare
information would be a target for corporations and governments alike, while Anderson also
advises against data aggregation, citing numerous examples of dangers posed by the military
and banking sectors, and accuses the NHS of the time of ‘rushing headlong down this wide
and slippery slope’ (1995, p.6).

There is some suggestion that concerns about confidentiality were used by some doctors and
the BMA as a cover for more self-interested opposition (interview with Brennan, 2014), but it
is doubtless that, on the whole, the issue of confidentiality was a genuine concern that
attracted little government attention in the first half of the 1990s. This is probably because
the government did not wish to address the necessary trade-off between clinical gains and
confidentiality, with Denley and Watson Smith (1999, p.1330) asserting that ‘The need for
patient privacy at some point comes into conflict with the benefits to be gained from sharing
clinical information.’

The medical profession, however, refused to let the issue slide, with the BMA engaging Ross
Anderson of the University of Cambridge to conduct a study into data security in clinical
information systems. His nine principles (Anderson, 1996), as well as the suggestion of
Mandl et al. (2001) that patients themselves be given control over access lists, were largely
neglected by the 1998 IT&M strategy, possibly due to cost concerns (Denley and Watson
Smith, 1999) or because the government was simply not interested.

10
Government activity vis-à-vis the confidentiality debate was limited to the 1997 Caldicott
review, which came about as a result of the conflict between the 1992 IM&T strategy (which
included a patient’s HIV/AIDs status among its minimum dataset) and venereal diseases
legislation, which limited knowledge of STDs to patient and provider (Anderson, 2001). The
Caldicott review set out a number of principles aimed at protecting ‘patient-identifiable
information’ (DH, 1997), defined to a greater or lesser extent as ‘[...] all items of information
which [relate] to an attribute of an individual’ (p.3). These were:

• Justify the purposes of the use of patient-identifiable information;

• Use the minimum necessary amount of patient-identifiable information;
• Keep access to patient-identifiable information strictly need-to-know;
• Ensure that everyone with access to patient-identifiable information is aware of their
responsibilities; and
• Understand and comply with the law at all times.

However, the Caldicott review did little to assuage the fears of campaigners, especially
following the decision in 2002 to pursue a far more centralised, nationwide EPR system.

NPfIT: doomed to failure?

The decision to pursue a new, more centralised IM&T strategy, which became known as the
National Programme for IT in the NHS, was taken at the now infamous Downing Street
seminar on Monday 18 February 2002. The seminar itself was the result of a meeting
between the Prime Minister and then CEO of Microsoft, Bill Gates, after which the Prime
Minister is said to have become ‘hooked’ on the technological possibilities for improvement
in the NHS (Bacon and Hope, 2013).

The seminar, chaired by the Prime Minister, is said to have lasted just 90 minutes, though
the PM was present for only half that time (Ehi.co.uk, 2008). No minutes were kept (Ritter,
2008a). In attendance were (Ehi.co.uk, 2008):

• The Prime Minister, Rt Hon Tony Blair MP;

• Secretary of State for Health, Rt Hon Alan Milburn MP;
• Parliamentary Under-Secretary of State for Health, Lord Hunt;
• Chief Executive NHS and Permanent Secretary, Department of Health, Nigel Crisp;
• Director, Department of Health, Sir John Pattison;
• E-envoy, Andrew Pinder;
• Chair, Office of Government Commerce, Peter Gershon;
• Representatives from the networking solutions provider Cisco; and
• The UK Managing Director of Microsoft.

11
The policies discussed at the Downing Street seminar were a response to several issues that
had plagued the 1998 IM&T strategy from the outset, notably procurement ‘beauty pageants’
and fear that suppliers were failing to deliver integrated systems (interview with Brennan,
2014), the unwillingness of NHS Trusts to invest sufficiently in IT due to difficulty meeting
other targets (Brennan, 2001b and 2001c) and slow progress implementing what few targets
the strategy did have (Brennan, 2002a).

However, rather than address those issues at their core (that is, accept that changing
working practices takes time and adjust programme management techniques accordingly,
see Brennan, 2002a), the Prime Minister opted to force a radical and unwelcome change
upon Trusts. In doing so, he had failed to learn the main lessons of other, failed IT projects
in the NHS such as WHRA’s RISP and HISS (see above). That is, that ‘[...] large, centralised
IT schemes imposed on semi-autonomous NHS sites rarely work. They engender a
scepticism among doctors that becomes impossible to overcome’ (Computerweekly.com,
2007). Indeed, as ComputerWeekly.com reported:

Instead of avoiding this mistake, officials at the Department of Health and

Downing Street made it the central ingredient of a new scheme of unprecedented
scale and boundless complexity. Ministers further deepened scepticism among
clinicians by conceiving the national programme in secret and announcing it as
fait accompli.
(ComputerWeekly.com, 2007)

The government also seems to have failed to take confidentiality concerns seriously. The
2001 Health and Social Care Act had recently given the Secretary of State powers to collect
and regulate the use of all personal health data in identifiable form (Anderson, 2005), and
government language at the time of the Downing Street seminar is worryingly blasé about
this issue, with the White Paper following the seminar stating ‘Plans for the longer-term
approach [to the issue of patient confidentiality] are currently being drawn up’ (DH, 2002,
p.10).

That the government was willing to press ahead with its plans without consulting further on
the issue of confidentiality could be considered ‘imprudent to the point of being unethical’
(Anderson, 1996, p.29). However, there is some suggestion that the Prime Minister had been
convinced by Microsoft and other suppliers that ‘big is beautiful’ (interview with Collins,
2014). This, combined with evidence about the brevity of the Downing Street seminar (see
above), suggests that the Prime Minister had already made up his mind by 18 February
2002, regardless of confidentiality issues, and was unwilling or unable to change it.

Another aspect of the 1998 IM&T strategy that was ‘squashed’ (interview with Collins, 2014)
by NPfIT was local ownership of EPR systems. As late as 2000, the Cabinet Office had noted
the need for IT projects to be undertaken collaboratively with central government and local
NHS Trusts (Cabinet Office, 2000). However, by 2002, the government was supportive of a
fully- or mostly-centralised system. Why? The White Paper released to accompany the
announcement of NPfIT blames the slow uptake of technology at local level under the 1998
strategy on low levels of local investment and lack of cohesion between individual systems
(DH, 2002), but other sources (interview with Cundy, 2014) again point the finger at
suppliers for convincing the Prime Minister and Department of Health to change tack
despite there being no need.

12
The government may also have been influenced by the interim report into NHS funding by
Natwest banker Derek Wanless, which pushed for a more centralised strategy to combat
‘piecemeal’ uptake of IT (Wanless, 2002, p.58). However, as Brennan (interview with
Brennan, 2014) points out, a bank’s branches all operate similarly, they use the same data,
and their customers are free to choose who they open their accounts with. Conversely, NHS
hospitals all operate differently using unique datasets and their patients have little or no
choice about the services available to them. The Major Projects Authority (MPA) agrees with
this view, stating that centralised arrangements did not fit with the needs of healthcare
professionals on the ground (2011).

Policymakers often pursue large, ambitious healthcare information systems because they are
high-risk and high-reward (Heeks et al., 1999). Brown (2001, p.377) states that policymakers
who fit this profile are often ‘politicians with a clear interest in undertaking policies relating
to IT development that further their political aims’. Tech journalist Robin Guenier puts it
more bluntly when he states that politicians see large IT projects as a ‘sign of virility’ (Ritter,
2008b). It is possible that NPfIT is yet another such demonstration. According to one
source, the suppliers present at the Downing Street seminar appealed to the ‘self-
aggrandising egos’ of the politicians and policymakers present (interview with Collins, 2014).

Compounding the above was the fact that the Prime Minister pushed hard for a severely
curtailed implementation timetable for NPfIT in order to have something tangible to show
voters by the next general election, due in 2005 (Ehi.co.uk, 2008; Ritter, 2008a). It is
perhaps a sign of the Prime Minister’s determination to drive through the programme come
what may that no-one at the seminar felt able to say ‘no’. Sir John Pattison reported having a
conversation where he ‘swallowed hard’ and accepted a delivery timetable of two years and
nine months (Ehi.co.uk, 2008). He reported that the Prime Minister wanted to do it in two
years flat. This may also go some way in explaining why there was never a documented
business case for the programme as a whole (MPA, 2011).

Finally, there was little or no consultation with key stakeholders about the decision to adopt
NPfIT. Ritter (2008b) compares the zeal with which the government took the decision with
that behind the doomed launch of the space shuttle Challenger in 1986. This lack of
consultation extended to Parliament, which was given little or no time to contribute to the
plans, such was the government’s desire to initiate the procurement phase of the programme
swiftly (Ritter, 2008b). This severely limited opportunities to learn from policymakers who
had been involved in previous IT programmes. PAC (2000a) highlights this as a common
failure of governments where IT projects are concerned, probably caused by loss of
institutional memory in government departments, such as that in the NHS in the early
2000s (Brennan, 2001b).

Was NPfIT doomed to failure? This is a complicated question to which there is no easy
answer. We are unable to support Cundy’s claim that the technological mix could never have
worked (interview with Cundy, 2014), and EPR systems have been shown to work well on
both a local and regional level (interview with Collins, 2014; interview with Brennan, 2014).
However, NPfIT was more than a simple, local-level EPR system; it was a large and complex
healthcare informatics system, and came with the same risks that one inevitably finds in
huge, centralised databases that pay little attention to the needs and desires of users, the
hardware they are using and the risks of aggregating large amounts of personal data in one
‘secure’ database.

13
In this sense, the scale of NPfIT rendered it highly likely to fail, and what followed should
come as little surprise. This was compounded by the determination of the Prime Minister
and Department of Health to drive through changes (and their questionable motives for
doing so), the role of suppliers in convincing them of the need, a lack of consultation, time
and attention to issues such as patient confidentiality, and the fact that the government
seemed determined to repeat previous mistakes in IM&T implementation. To summarise,
the decision to push ahead with NPfIT displays all the hallmarks of the themes discussed in
the introduction: problems with haste, design, culture and skills.

However, it did not have to be this way. Some of the most striking evidence we heard in
researching this case history came from Paul Cundy, Tony Collins and Sean Brennan, all of
whom said that the 1998 IM&T strategy, ‘Information for Health’, could have worked, given
the correct time and project management (2014). While the EPR was not doomed to failure,
the heavily centralised NPfIT was.

14
NPfIT: Launch, Delivery and Implementation

The launch of NPfIT

The Parliamentary Under-Secretary of State for Health, Lord Hunt, announced the proposed
major IT reform to the NHS on 12 June 2002, along with the publication of the Department
of Health’s ‘Delivering 21st Century IT support for the NHS –  National Strategic Programme’  
(the NSP Plan). The NSP Plan initiated what would subsequently become known as NPfIT,
with its vision of “connect[ing] delivery of the NHS Plan with the capabilities of modern
information technologies”  (DH, 2002, p.1), through delivering the four key elements
discussed at the 18 February 2002 seminar:

i) an integrated electronic health records system;

ii) electronic prescriptions;
iii) an electronic appointment booking system; and
iv) an underpinning IT infrastructure with sufficient capacity to support the national
applications and local systems.

The NSP Plan described its strategy as taking “greater central control over the specification,
procurement, resource management, performance management and delivery of the
information and IT agenda”, improving “the leadership and direction given to IT”, and
combining it “with national and local implementation…based on ruthless standardisation”  
(DH, 2002, i). As part of this strategy the NSP Plan provided an ‘option appraisal’  of a
number of procurement approaches and identified the preferred option –  selectively
outsourcing major programme components, delivering some programme components at a
national level, and setting national standards for local use and implementation of other
components (DH, 2002, p.7). As Bacon and Hope write, the NSP Plan “sounded appealing to
many health care professionals…promis[ing] just the combination of local control with
national standards”  (Bacon & Hope, 2013, p.121) which they had long been seeking.

The NSP Plan set out details of the proposed governance structure for the programme, with
oversight by a ministerial taskforce and a single Department of Health Director as senior
responsible officer (Sir John Pattison), who would report directly to Lord Hunt and Nigel
Crisp, Chief Executive of the NHS and Permanent Secretary at the Department of Health.
This was consistent with the structure of the NHS in 2002, with the Department setting
policy for 28 Strategic Health Authorities (SHAs), which were responsible for the strategic
supervision of the Primary Care Trusts (PCTs) and other NHS Trusts providing primary,
secondary and community health services in their region (see Appendix 1). To support
Pattison, a National IT Programme Director would be appointed who would be authorised to
deal directly with the SHAs, manage programme funds, and work with the NHS Information
Authority. The SHAs in turn would be required to appoint Chief Information Officers, who
would be responsible for ensuring appropriate funding and effective IT management for
PCTs and NHS Trusts in the SHA (DH, 2002, p.4).

While the NSP Plan did not detail the methods for key stakeholder involvement, it identified
that a key risk was the “lack of co-operation and buy-in by NHS stakeholders to investment
objectives”  (DH, 2002, p. 26). Sir John Pattison took early steps to address this risk by
enlisting “Dr Anthony Nowlan, a health informatics expert and executive director of the NHS
Information Authority, to secure the involvement of health professionals in the programme”  
(Bacon & Hope, 2013, p.122). As part of this process, in September 2002 the Clinical Care

15
Advisory Group was established as an adjunct to the ministerial taskforce, to be chaired by
Professor Peter Hutton and to represent the interests of clinicians and channel their advice
and input regarding NPfIT.

Recommendations from the Wanless Review

Prior to the launch of the NSP Plan, an important review of long term trends in the NHS had
been published in April 2002: ‘Securing our Future Health: Taking a Long-Term View’  (the
Wanless Review). The interim Wanless Review, released in November 2001, had already
highlighted the low investment in information technology in UK healthcare (1.5 per cent of
NHS spending), both in comparison to other UK industry sectors and other countries’  health
ICT spending (Wanless, 2002, Annex C p.156). The final Wanless Review incorporated in its
projections a substantial increase in ICT investment, doubling from its current levels “to
around £2.2 billion in 2003-04, peaking at around £2.7 billion in 2007-08”  (Wanless, 2002,
p.55), and representing 3 per cent of total annual NHS spending.

Alongside the Prime Minister’s 2000 commitment to increase NHS spending overall over six
years, in order to bring spending up to the European average as a proportion of GDP, the
Wanless Review helped pave the way for the Chancellor of the Exchequer, Gordon Brown, to
approve the funding of NPfIT, a programme which had already received the Prime Minister’s
seal of approval. While this meant that funding was not an issue for the programme, it
instead created a different problem: a lack of detailed cost-benefit analysis which normally
would have been required to justify programme expenditure on this scale.

This lack of detail was at odds with the Wanless Review’s recommendation that with any
substantial increase in ICT spending, there needed to be “clear and well developed views
about the benefits which [the Government and Health Service] want to achieve and how they
will be delivered, with patients at the core of the system”  (Wanless, 2002, p.102). The
Wanless Review also recommended the use of ringfencing and auditing to ensure such funds
would be spent productively and not diverted to other purposes, as well as the need for
rigorous standards to maximise the benefits of ICT integration, and to ensure that any
different systems used would be compatible with each other.

Issues in the Gate Zero Review

In July 2002, the Office of Government Commerce (OGC) completed a ‘Gate Review 0 –  
Strategic Assessment’  (the Gate Review) for the NSP Plan, part of the project management
process of gate review whereby a project is evaluated at key stages to determine whether it
should proceed to the next stage. The Gate Review concluded that while the programme was
well covered on the primary issues relevant at this stage - funding, alignment to business
strategy and senior management commitment and support - there were a number of
significant concerns. In particular, the Gate Review observed that:

There is widespread appreciation that the programme is a change programme

first and foremost albeit with significant IT elements. But the implications of
this are not being pulled through into the way the programme is structured, into
the level of engagement with stakeholders…and into detailed planning.
. (OGC, 2002, p.5)

16
The Gate Review noted that a recurring theme was “engagement, or more specifically the
lack of it”, and made a number of recommendations to improve stakeholder engagement,
planning and procurement, in particular identifying that “effort should be concentrated in
the short-term on getting right the essential preparations, plans and organisation for the
programme which is not yet in a position to proceed to procurement stage”  (OGC, 2002,
p.6).

As King and Crewe comment, “at the beginning, in 2002, the idea was that national
standards for NHS IT would be laid down but that local NHS trusts would be free to
commission their own suppliers and choose their own software”  (King & Crewe, 2013,
p.196). This was consistent with Wanless’  ‘rigorous standards’  and the local control with
‘ruthless standardisation’  envisaged in the NSP Plan, as well as the Gate Review’s conclusion
that “all the key stakeholders agree that a centrally managed approach is necessary as long as
it is combined effectively with locally controlled implementation”  (OGC, 2002, p.4). Despite
this understanding, this was not the approach subsequently adopted and developed in the
procurement for NPfIT.

The draft OBS and NSP Plan Timetable

At the same time as the NSP Plan was being developed, an outcome-based specification
(OBS) for the heart of the programme - the integrated electronic health records system - was
also being prepared. Outcome-based contracts involve specifying the required business
deliverables, or outputs, but not the solution or the technical means for achieving these
outputs, and are recommended by Government for major public sector contracting.

A month after the launch of the NSP Plan in July 2002, the Department of Health published
a consultation draft OBS described as the ‘National Specification for Integrated Records Care
Service’  (the National Specification), with submissions invited until the end of August. The
National Specification largely “drew on documents from other procurements”, received over
190 responses from the consultation (PAC, 2007, Ev 35), and as was recognised by the
Department, there was “a strong sense that we have given insufficient time for consultation”  
(PAC, 2007, Ev 36).

While the Department hoped to remedy this error in later steps, they were not assisted by
the highly ambitious timetable set out in the NSP Plan, with the preparatory ‘Phase 0’  of
NPfIT scheduled for completion by March 2003, including the awarding of contracts for the
procurement of the key national services under the programme (a procurement timetable
referred to in the Gate Review as ‘hyper-ambitious’). From that point, the NSP Plan allowed
only two years and nine months for NPfIT’s major initiatives to be significantly implemented
in ‘Phase 1’  of the programme, echoing Sir John Pattison’s promise to the Prime Minister.

According to the NSP Plan, by December 2005 basic broadband access would be available to
all clinicians and support staff in the NHS, the National Bookings service would be
implemented, the National Prescriptions service 50 per cent implemented, the full National
Health Record Service implemented, and all Trusts would be actively implementing
elements of the electronic patient record system (DH, 2002, p.6). Phases 2 and 3 were
tentatively scoped to run from 2006 to the end of 2010, and involved delivering the full
functionality for the remainder of NPfIT’s components.

17
Director General’s appointment and approach to contracting

The new Director General of NHS IT, who would be responsible for driving both the
procurement and implementation of NPfIT, was appointed in September 2002. Richard
Granger was a former consultant from Deloitte (and before then Andersen Consulting/
Accenture), with experience in managing public sector IT projects, including the
contemporaneously successful London congestion charge scheme. While the NSP Plan
timeline was not realistically achievable, under Granger’s forceful leadership the
procurement process was completed with remarkable speed for a public sector programme
of this scale and complexity.
Richard Granger is normally identified as the person who shifted the procurement approach
away from local implementation with national standards. However, this was already Sir John
Pattison’s view prior to Granger’s arrival. In a mid-2002 interview with Sean Brennan,
Pattison was asked whether the key elements of the programme could be achieved by setting
national standards, providing dedicated and ring-fenced funding for the SHAs and Trusts,
and having an accredited list of suppliers from which the SHAs and Trusts could select and
contract with, in order to deliver projects meet the national standards. Pattison replied that
because of the “scale of the programme”  this approach would not work - there was a need to
create a new tier in the procurement process “to ensure not only that technology solutions
are available and accredited, but to underpin those implementations with comprehensive
change management”  (Brennan, 2005, p.193).

This new tier, originally called Prime Service Providers and subsequently Local Service
Providers (LSPs), would become a fundamental part of the framework for NPfIT. LSPs were
to be tasked with delivering the integrated electronic health records system, dealing with
both the Department of Health and the SHAs. National Application Service Providers
(NASPs) would also be contracted by the Department to deliver the national elements of the
programme, in particular the electronic booking system and the Central Spine or Central
Summary Care Record Service, intended to contain summary patient records for every
individual served by the NHS. In addition there would be a National Infrastructure Service
Provider or Providers (NISPs) to deliver the national broadband infrastructure, including a
private network securely connecting clinicians to the system.

Granger was instrumental in taking an innovative (for the public sector) approach to all of
these contracts, which was the adoption of “a service-oriented contracting strategy, whereby
suppliers receive payment only after the systems they have developed are taken up by users,
and the services they provide yield measurable benefits within the NHS”  (QinetiQ, 2005,
p.2). Granger’s subsequent willingness to directly challenge contractors in relation to
programme delays and non-delivery was defined by his likening the management of
contractors to running a team of huskies:

When one of the dogs goes lame, it is shot. It is then chopped up and fed to the
other dogs. The survivors work harder,  not only because they have had a meal,
but also because they have seen what will happen should they themselves go
lame.
(Granger, cited in Bacon & Hope, 2013, p.121)

This ‘take no prisoners’ approach won Granger critics as well as admirers, and likely
contributed to problems related to a culture of groupthink and intolerance for dissent in the

18
Department, as well as unrealistic timelines and disputes with the suppliers. However, as
Tony Collins has commented, “Granger was hired to be the strongman, and that’s exactly
what he did” (Collins interview, 2014), with many of NPfIT’s more fundamental problems
preceding his arrival.

The revised OBS

Over winter 2002-3 a revised draft of the OBS for the NHS Care Record Service was
developed, the National Audit Office (NAO) commenting that NPfIT then “engaged a broad
spectrum of NHS stakeholders encompassing leading clinicians, practitioners, policy
advisers, health informaticians and managers”  (NAO, 2006, p.23). This extent of this
engagement was called into question in a later Process Capability appraisal of the
procurement process, which found that the “stakeholder requirements definition had
proceeded directly to production of the OBS without the production of an analysed
statement of stakeholder requirements”  (QinetiQ, 2005, p.27).

The 2006 NAO report appeared to accept the NPfIT’s response that “much of the OBS was
developed in workshops […]  and NHS Connecting for Health had not had the resources to
record the attributions”  (NAO, 2006, p.31). This was a contentious issue in the Public
Accounts Committee’s 2007 report on NPfIT. In particular, Dr Nowlan and Professor
Hutton commented that “clinicians were not taken into account and did not have sufficient
say”  (PAC, 2007, p.17), and the report cites the Comptroller and Attorney General as stating
that “the approach from the top down had not permitted the full degree of consultation”  
(PAC, 2007, p.17).

One decision that was made in relation to the procurement which surprised some
stakeholders was the division of the NHS into five regional ‘clusters’  for which the LSPs
would be contracted: 1) North West and West Midlands; 2) North East; 3) East of England
and East Midlands; 4) London; and 5) the Southern cluster. Each cluster contained between
five and seven SHAs and populations ranging between seven and thirteen million. In early
2003, as Brennan states, “the favourite suggestion was that there would be 28 medium-sized
procurements –  one for each SHA”  (Brennan, 2005, p.109). Amalgamating the SHAs into
regional clusters was seen as a clean break with previous NHS approaches to procurement
and implementation and as a way of attracting bids by multi-billion pound companies. It
also marked a further reduction in local autonomy and flexibility, and had the side-effect of
sidelining smaller companies which already serviced SHAs and individual Trusts.

Procurement process

In January 2003, the NHS issued potential suppliers with an initial questionnaire regarding
their capacity to deliver the programme, followed by a more detailed and demanding
questionnaire in March 2003, and the determination of a ‘long-list’  of 31 bidders. The
finalised OBS was issued to potential LSPs on 16 May 2003, with responses required by the
end of June, along with preferences as to which cluster they wished to work in. At this point,
the LSPs were also firming up the main application partners they would be subcontracting
with in relation to the IT deliverables and software solutions involved in NPfIT.

19
Cluster shortlists were announced on 1 August, and shortlisted LSPs were required to
prepare for ‘Proof of Solution’ testing, to take place in September and October 2003, and
involving both demonstrations and user testing with a number of different scenarios and
user profiles. As Brennan commented, despite there being eight different potential LSPs left
in the race at this point, “there were only three software solutions on offer” (Brennan, 2005,
p.123). The shortlisted LSPs had all selected to work with one of three partners: iSoft, Cerner
and IDX, a very small field considering £5 billion worth of main contracts at stake.

By December 2003, almost all the LSP cluster contracts had been announced –  British
Telecom (BT) and IDX in London; Accenture and iSoft in the North East; the Computer
Services Corporation (CSC) and iSoft in the North West; Accenture and iSoft in the East;
with Fujitsu and IDX later confirmed as the South contract-winners in February 2004
(Figure 2). The value of the cluster contracts was approximately  £1 billion each, ranging
from £934m for the Eastern cluster to £1,099m for the North East cluster (PAC, 2007, p.16).
BT was also confirmed as the NASP responsible for delivering the New National Network
(£530m), the National Spine (£620m) with Oxford-based software developer CSW as its
main partner, while Atos Origin was contracted to deliver the Electronic Booking project -
Choose and Book (£64.5m), working with US health IT giant Cerner (see Figure 3 for an
overview of the main contracts at the outset of the programme).

Figure 2: Regional clusters for LSPs (Source: Select Committee on Health, 2007, Figure 1)
NPfIT would subsequently add a number of other projects to the scope of the original
programme, most significant of which were the NHSmail - a secure email and directory
service for NHS clinicians and staff, contracted to EDS for £90m (NAO, 2006, p.40), and a
Picture Archiving and Communications System (PACS) to replace film and paper with digital
x-rays and scans in NHS hospitals, to be delivered by the LSPs with an additional total
budget of £245m (NAO, 2006, p.25).

20
Figure 3: NPfIT structure April 2005*
*Red:  NPfIT element; Green:  Contractor; Purple:  Main application/software subcontractor

Procurement concerns

With procurement complete and established multi-billion pound companies contracted to

supply the programme elements, NPfIT was to outward appearances in a very good position.
The centralised approach to procurement, the competitive way in which the tenders were
conducted and the scale of the clustered contracts were estimated to have “saved £4.5 billion
in terms of the prices paid for goods and services”  (NAO, 2006, p.2). In September 2003,
respected career civil servant, Gordon Hextall, was appointed to finally fill the postion of

21
Chief Operating Officer, and in summer 2003 the Clinical Care Advisory Group (CCAG) was
succeeded by the National Clinical Advisory Board (NCAB). In September 2003 a Public
Advisory Board was also established under the chairmanship of Ms Marlene Winfield to
work in parallel with the NCAB.

However, some of the aspects of the procurement process being touted as advantages – the
speed, centralisation and aggregation of services – were regarded as weaknesses by others,
particularly in combination with a lack of proper testing and inadequacy of consultation with
the hospitals, clinicians and patients who would ultimately be the end users of NPfIT. In
evidence provided to the PAC, Dr Nowlan observed that “the haste to procure was overriding
due diligence over the healthcare value and achievability of what was being done” (PAC,
2007, Ev34), and “efforts to communicate with health professionals and bring them more
into the leadership of the programme were effectively obstructed” (PAC, 2007, Ev32). Dr
Nowlan recorded how he had raised such concerns during the first half of 2003 with senior
programme staff, including Sir John Pattison, with the end result that Granger perceived
him as undermining his authority. In mid-June 2003 Dr Nowlan’s secondment was
terminated, and in the absence of other duties he was made redundant in December 2003.

In April 2004, NPfIT would lose Professor Hutton, Chair of the CCAG and its successor the
NCAB, and the most senior officer responsible for clinical input into NPfIT. In his evidence
to the PAC, Professor Hutton noted that both bodies had raised significant concerns with the
procurement process and aspects of detail in the contracts. On 31 March 2004, he had
written to Sir Nigel Crisp to advise that “the constraints of the contracting process, with its
absence of clinical input in the last stages, may have resulted in the purchase of a product
that will potentially not fulfil our goals”  (PAC, 2007, Ev30). Professor Hutton was asked to
consider his position and he subsequently resigned on 19 April 2004.

Leadership changes and Connecting for Health

Less than a year after he had launched the programme, NPfIT lost Lord Hunt when he
resigned from the Government over its decision to invade Iraq. December 2003 also saw the
exit of the Senior Responsible Owner (SRO) for NPfIT and Chair of the National Programme
Board (NPB), Sir John Pattison, who returned to his role as Director of Research and
Development at the Department of Health prior to his retirement. The replacement of Sir
John Pattison would not be complete until 22 March 2004, when Dr Aidan Halligan, Deputy
Chief Medical Officer, was made joint SRO with Granger, and Department Group Director
John Bacon was made the new Chair of the NPB.

Although respected and welcomed by clinicians, Dr Halligan would remain as SRO for just
six months before resigning in September 2004, to be replaced by Alan Burns who in turn
would serve only another six months from November 2004 before departing, with the post to
be filled by Richard Jeavons in March 2005. In March 2006, the man who Sir John Pattison
had reported to, Sir Nigel Crisp, would also depart, retiring from the NHS and Department
of Health. The seemingly constant rotation of senior management and leadership impacted
NPfIT through the loss of corporate knowledge and leadership, and through the diffusion of
accountability and responsibility for the programme.

Despite these leadership and management changes, Richard Granger stayed in his role, and
in April 2005 a new agency, Connecting for Health, was established under him as the

22
consolidated central command for the programme. Connecting for Health absorbed the
former NHS Information Authority and additional elements associated with the NPfIT.

As King and Crewe observe:

Signs that the programme was in serious trouble were slow to emerge, largely
because the principal players –  the Department of Health, Connecting for
Health, the main IT contractors and Granger himself –  were all, for obvious
reasons, anxious that no signs of trouble should be allowed to emerge.
(King & Crewe, 2013, p.197)
However, cracks were starting to show, in particular among the LSPs and their
subcontractors. The contract with EDS to deliver NHSmail was terminated in March 2004
and replaced with Cable and Wireless in July 2004, Granger stating that “the service which
was being delivered [by EDS] was not sufficiently reliable” (PAC, 2007, Ev.16). A number of
penalties and fines were paid both by LSPs and Trusts, generally in relation to missed
deadlines and delays, and the service-oriented contracts meant that LSPs were noticing the
impact of non-delivery in the form of earnings shortfalls. In February 2006, Connecting for
Health suspended the contract with ComMedica to supply Picture Archiving and
Communications Software to the North West cluster. In June 2005 Fujitsu dumped IDX and
took on Cerner as its software partner for the Southern cluster. BT also replaced IDX with
Cerner in the London cluster after protracted negotiations during 2006.

iSoft and Accenture

The main IT partner for three of the LSPs, iSoft, had long-running internal problems, with
the Guardian reporting that “questionable accounting at iSoft can be traced back to 2002”  
(PAC, 2007, Ev105). The Guardian’s investigations, which had uncovered serious accounting
malpractice, were gagged by a court order obtained by iSoft in Autumn 2004. After a three
year investigation, the Financial Services Authority would launch fraud proceedings against
four of iSoft’s directors in 2010. The proceedings related to alleged misleading of investors
which occurred during 2004 and 2005, and after the collapse of two trials for procedural
reasons, the FSA decided not to pursue a third trial in July 2013.

From the view of the LSPs which had subcontracted with iSoft, the more visible and pressing
issue in 2005 was the absence of any progress on iSoft’s flagship product ‘Lorenzo’, “despite
statements by the company in its 2005 Annual report that the product was available from
early 2004”  (PAC, 2007, p.6). Management consultant Thomas Brooks, who was involved in
NPfIT under contract for a number of trusts, commented that in the procurement process
“the iSoft  “Lorenzo”  offering was selected from paper descriptions with minimal
demonstrations of prototype software elements”  (PAC, 2007, Ev102).

In 2006, iSoft’s financial situation deteriorated and was reflected by profit warnings issued
in January and June, followed the announcement in August of a £344 million loss for the
year. In March 2006, Accenture made allowance for US$450 million of future losses related
to NPfIT, citing the delays in iSoft’s development of Lorenzo and their impact on its ability to
deliver the LSP contracts. By the time iSoft was canvassing for possible buyers in October
2006, Accenture had already announced its departure from NPfIT, reaching agreement to
transfer the £2 billion North Eastern and Easter cluster LSP contracts to CSC. As Bacon and
Hope note: “It was an eloquent comment on the seriousness of the problems facing the

23
programme that a firm such as Accenture, which undertook so much government work, and
thus potentially faced such a risk of reputational damage by leaving the programme, had
nonetheless walked away”  (Bacon & Hope, 2013, p.125).

The departure of Accenture was all the more striking given Granger had previously
emphasised that any supplier who walked away from NPfIT would face tough penalties
under their contracts of up to 50 per cent of the total contract value, potentially £1 billion for
Accenture. In the end, Accenture was asked to pay only £63m in compensation, testament to
the likely legal challenge Accenture would have mounted against any significantly higher
amount, and the damage such punitive action would have done to the relationship between
government and Accenture, and to the relationships with other large consultancies doing
business with government.

Delivery and Implementation

Problems continued beyond procurement and supplier departures through to the delivery
and implementation of NPfIT’s systems and software. The implementation featured some
successes with elements of the programme that were on schedule and functioning well,
however it was also marked by missed deadlines, unreliable software and a lack of
engagement with end-users particularly heath-professionals and patients.

Among the success stories of NPfiT’s implementation were the electronic prescription
service and the rollout of the New National Network in early 2007, three months ahead of
schedule (PAC, 2007). The computer accessible x–ray system was also delivered smoothly
and on time. The x-ray system was a rare product of consultation with health professionals,
and was also assisted by plans that dated back to before NPfIT. This system was added to
NPfIT well after the original specifications were approved following a meeting between
Connecting for Health and health professionals (PAC, 2007; Interview with Cundy, 2014).

Elements of NPfIT that did not track so well in the implementation phase include Choose
and Book, an electronic system to enable patients to book first outpatient appointments. In
mid-2006 this had been deployed to over 7,600 locations however at this time the system
was under-utilised and Choose and Book accounted for only 20 per cent of GP referrals. This
was likely due to local implementation problems in clinics and out of date patient
administration systems in many hospitals (PAC, 2007). The patient administration systems
were out of date due to delays in the deliveries from LSPs. According to Connecting for
Health’s plans from 2005, 151 NHS Acute Trusts would have their new patient
administration systems by April 2007. In February 2007 only 18 NHS Acute Trusts had
received their systems (PAC, 2007).

Electronic Care Record Delays

NPfIT’s aim to create a fully integrated Electronic Care Records system comprised of
“Detailed Care Records” and “Summary Care Records”. The aim of this system was to reduce
reliance on paper files and make up-to-date patient records available to different parts of the
NHS at all times (NAO, 2011).

24
The Detailed Care Record (an evolution of the electronic health record introduced in the
early 2000s by ERDIP) would contain full details of a patient’s medical history for access
from local GPs, community health organisations and hospitals involved in treatment.
According to original timelines, Detailed Care Records were supposed to be delivered to all
NHS Trusts and GPs by the end of 2007 and full implementation completed by 2010. The
four suppliers contracted by the Department to support the development of the Detailed
Care Record had a total budget of £5 billion (NAO, 2011; PAC, 2007).

The systems for hosting the Detailed Care Records were to be delivered and implemented in
three releases. The first release involved enabling administrative functionality only with no
real clinical benefits. The second and third releases supported clinical functionality and
electronic integration between staff and settings. By late 2006, release one had not yet been
completed and there were no published timelines with expected delivery dates. In May 2008,
the National Audit Office published an updated review of NPfIT which highlighted the failure
to deliver the Detailed Care Record, which by this point was four years late.

The Summary Care Record (a centralised version of local electronic patient records of the
1980s and 1990s) would contain only limited information including allergies and major
treatments, and would be accessible nationwide to all NHS staff involved in treating the
patient. However, it presented ethical issues around privacy that needed to be addressed by
Connecting for Health. According to original plans, a Summary Care Record for each patient
was supposed to be delivered by 2010 and had a budget of £150 million (NAO, 2011; PAC,
2007).

The specifications for Electronic Care Records in 2003 detailed a clear vision and timeframe
however the scope became vague and inconsistent. By 2007, there was no word from the
Department on a detailed timeline of when Trusts should expect to have the systems
delivered. In 2007, the testing and deployment of the shared electronic records was two
years behind schedule, the clinical software development was incomplete and work on the
administrative software had ‘scarcely begun’  (Health Committee, 2007). According to
Connecting for Health, by the end of 2007, 155 of the 176 acute trusts should have installed
operating systems, however by this deadline only 15 of the 155 were installed (NAO, 2006;
Shackman, 2007).

This delay not only undermined the credibility of NPfIT but also made it harder to persuade
Trusts to shift IT systems again to Lorenzo. In 2008, it was reported that usage of Lorenzo
was low with only 24 people using the system (Kablenet 2008). The availability of iSoft’s
‘Lorenzo’  system to other Trusts suffered continued delays and was not expected to be fully
installed in some places until 2016, although the product was supposed to be available from
early 2004. While announcing on numerous occasions that contracted suppliers would not
be paid until they had delivered the product, and declaring that the finance and completion
risk had been largely shifted to suppliers, Connecting for Health still made forward
payments to suppliers. In December 2006, these payments totaled £639 million (PAC,
2007). By March 2007, the total expenditure on NPfIT was over £2 billion and this spending
was not backed up with any detailed information on advances to suppliers, service
improvements or a statement of the costs and benefits of the programme (PAC, 2007).

The delivery of the core software from LSPs was continually delayed. NHS Trusts waiting on
the software were left with the decision of whether to extend contracts with existing software

25
that was not necessarily part of NPfIT or to transition to the Department’s interim software
until the planned NPfIT software was ready. Rather than funding all contract extensions for
each Trust’s existing software, Connecting for Health funded only the new interim software
which it purchased through the LSPs, giving Trusts a choice of Cerner Millennium or an old
version of Lorenzo (Bacon & Hope, 2013; PAC, 2007). Using only two major software
providers inhibited innovation, progress and completion of the delivery and implementation
of NPfIT systems.

Installing interim systems was disruptive to the day-to-day operation of Trusts. Changing IT
systems required upgrading of hardware, networks, staff training and data transfer, all of
which took time and resources. Data transfer was difficult because methods of information
input differ between organisations and clinical care settings, and the individual fields needed
to be matched to the available fields on the new system (Cross, 2006, p.657). The effort to
shift to the new interim system seemed worthwhile to some Trusts, particularly those with
limited funding and out-of-date software. There were other Trusts however that were
satisfied with their pre-NPfIT IT systems and were not comfortable with the Department’s
pushing its own systems. Trusts that did not purchase NPfIT software were billed for the
software regardless and issued fines. IT Journalist Tony Collins refers to this as a “forceful
and manipulative” policy (2014).

The Public Accounts Committee found the Department’s decision to fund new patient
administration systems rather than upgrading a Trust’s current system was insufficient and
was failing to find solutions that were fit for purpose (2007). Their report called for
secondary care Trusts to be able to select from a wider range of patient administration
systems and clinical systems, much like GPs had been able to since the RFA of the late 1990s
and early 2000s. Strategically, this could have secured much needed support from clinicians
and managers whose feedback had been largely ignored from NPfIT’s inception.

Despite the many calls for NPfIT to improve stakeholder engagement, such as the 2002 Gate
Zero Review, this did not happen. In March 2007, Chief Executive of the NHS, David
Nicholson, announced the creation of the NHS Local Ownership Programme admitting ‘It’s
clear that up to now people locally, NHS staff, boards of NHS organisations, have not felt as
fully involved as they ought to have done’  (Ritter, 2007). The new local approach meant
local Primary Care Trusts, strategic health authorities and hospitals would take over the local
delivery and implementation, while the commercial strategy and contracts would remain the
responsibility of Connecting for Health.

On the implementation side, the newly established Strategic Health Authorities carried most
of the responsibility to individually tailor each system to fit local needs. This arrangement
reinforced the significant fragmentation between central delivery of IT systems and their
local implementation (PAC, 2007; Bacon & Hope, 2013). The 2002 Gate Zero Review’s
conclusion regarding NPfIT’s centralisation, as mentioned earlier, was it was that it needed
to be “combined effectively with locally controlled implementation”  (OGC, 2001, p.4). There
were claims however, that the Local Ownership Programme did not go far enough, for
example by extending flexibility in choice of IT systems for secondary care Trusts. This
fueled concerns that the NHS Local Ownership Programme was less about local control and
more about Connecting for Health distancing themselves from accountability for the
programme (Santry, 2007; Bacon & Hope, 2013).

26
System Functionality

In January 2008, Richard Granger resigned. His post was replaced with two positions, a
Chief Information Officer and a Director of IT Programmes and System Delivery (Bacon &
Hope, 2013). This, and other changes in leadership positions within the Department further
hindered engagement and rapport with health professionals and other NHS staff (PAC,
2007).

It is possible that thorough consultation with health professionals could have mitigated some
of the risks of sharing electronic care records, one of which was the potential for
miscommunication of information. During the initial implementation phase of NPfIT, there
was no whole-of-system coding language. A universal coding language is needed when
critical health care decisions are made by complete strangers, for example in Accident and
Emergency Departments. For example, the word ‘diabetes’ in a patient care record could be
interpreted as a family history of diabetes, a predisposition to the illness or a diagnosis. Any
shorthand, assumed knowledge or incomplete information in a patient’s care records is
potentially a risk to patient safety. Such concerns were reflected in a 2007 House of
Commons Report which recommended that there be clear standards and timetables for the
introduction of a universal coding language.

The delivery and implementation of Connecting for Health’s IT systems was characterised by
ongoing functionality concerns which began soon after the earliest installations of NPfIT
software. In 2005, the software in the Summary Care Records Demographics Service froze
and was shut down because it was incompatible with other versions of the GP systems and
prevented doctors from having access to Choose and Book (Cross, 2006: 657). According to
IT Health Campaigner Dr Mary Hawking the overall integration of the care records between
different systems and organisations was not planned for in the original specifications that
were provided to LSPs (2014).

There were also reliability concerns with individual software packages. CSC’s patient
administration system, Millennium, was proving to have a number of functionality problems
which caused clinicians to disengage from NPfIT and look elsewhere for clinical solutions. In
2006, the National Patient Safety Authority received reports on behalf of 79 doctors and
administration staff at Milton Keynes hospital that the software was not fit for purpose and
posed potential risks to patients as systems froze and files were lost (Ungoed-Thomas &
Rogers, 2006; Cross, 2006; PAC, 2007). In some cases the IT systems were not capable of
producing information used to record the immunisation status, or monitor the
immunisation side-effects among children (PAC, 2007). This contributed to delays in
providing vaccinations to children; one report claimed that up to 3,000 children were not
up-to-date with their vaccinations (Revill, 2006). The following year, in April 2007,
Connecting for Health admitted that there were unacceptable problems with some
Millennium Care Records Systems and that they required immediate attention (e-Health
Insider, 2007).

There were growing concerns that Connecting for Health was focused more on the local
implementation of NPfIT systems than protecting technical and clinical standards. To test
the reliability and functionality of NPfIT systems, early-adopter sites were set up. There were
instances among some early-adopters, such as Morecambe Bay, where system upgrades
failed. When malfunctions such as this occurred it discouraged other hospitals from

27
implementing the systems. This suggests the lack of a clear strategy in ensuring there was
technical infrastructure to support both the systems and organisational requirements for roll
out (PAC, 2007).

Changes in suppliers

In the face of frustrations about continuing delays and system functionality problems,
questions surfaced on whether the centrally designed system could be legally imposed on all
NHS Trusts. Where LSPs were contracted to provide all the GPs in their region with IT
systems (the London, North East and Eastern clusters), GPs were given a choice of two IT
systems – the LSP subcontractor’s system and an alternative. As the LSP subcontractor
systems (e.g. iSoft’s Lorenzo) were not yet developed, this choice was actually between an
older interim system supplied by the subcontractor and an alternative provider’s system. GPs
fought for recognition of an entitlement to a wider choice of systems, consistent with
provisions under the General Medical Services contract agreed with Government in February
2003 and approved by national ballot in June 2003 (PAC, 2007). When this entitlement was
recognised by the Department, the new approach, packaged as the ‘GP System of Choice
Programme’, meant potential negative impacts on suppliers’ sales (King & Crewe, 2013).

In July 2007, Fujitsu, Connecting for Health, and the Department entered negotiations for
Fujitsu’s 2004 contract, worth £896 million, to be ‘reset’. Fujitsu was contracted to deliver
the Cerner Millennium system across 86 local health Trusts in south and west England. In
light of the changes within NPfIT (including the GP System of Choice Programme) since
Fujitsu’s 10 year contract had been signed, there were disputes over whether the costings in
the original 2004 contract were still sufficient for timely delivery of fully functional care
records systems. After ten months, discussions broke down and Fujitsu withdrew from
further negotiations. This move effectively breached contractual obligations with Connecting
for Health and resulted in Fujitsu’s contract being terminated in 2008 and transferred to
CSC.

Privacy Concerns

A major task of NPfIT was for the NHS Care Records Service to include a Secondary Uses
Service to provide access to aggregated data for management, research and other ‘secondary’  
purposes. A House of Commons Report in 2007 into Electronic Patient Records found a lack
of transparency and clarity in communicating the type of information contained in the
aggregated records and there was also little clarity about the main purpose of sharing their
information. The Report cited a lack of communication to both health professionals and
patients around consent arrangements and recommended these arrangements be better
communicated (Health Committee, 2007). In 2008, the NHS contacted households about
the NHS’  use of patient information via an information campaign consisting of a leaflet drop
to cover off the Secondary Uses Service, the Summary Care Record and the Detailed Care
Record (NHS, 2014). The leaflet, however, omitted to explain in any detail what their
information would be used for and who would receive the data.

An ‘opt-out’ system, which was recommended some time earlier by Information for Health
(NHS Executive, 1998) was decided upon during NPfIT’s implementation phase. The opt-out
was to be developed for the creation of the aggregated care records, and all additional clinical

28
information would be added on an opt-in basis (Health Committee, 2007). Opting-out of the
system takes some effect as it requires a visit to a local GP. The required effort, combined
with a lack of information, pushes the ethical standard of ‘implied’ consent and privacy set
by the Information Commissioner (Thornton cited in Anderson et al., 2006).

While access controls and audit systems were attempted by Connecting for Health, the
successful implementation of these systems was not guaranteed and electronic care records
continued to be installed and shared regardless. Public debate on this issue peaked from
around 2006, during which support from the professionals working in the sector was also
low. In June 2006, the Local Medical Committees’  Conference passed a proposal to advise
GPs to consider withdrawing from the Spine on privacy and security grounds (E-Health
Insider, 2006). Several data risks with NPfIT around patient awareness, confidentiality,
accuracy and security were also acknowledged by the Information Commissioner, Richard
Thomas (Thomas, 2007).

Access to the Electronic Care Records is available via a smartcard that is issued to relevant
staff members. However, breaches of security and confidentiality were still possible and
evident. In 2007 for example, the board of a hospital agreed that clinicians working in an
Accident and Emergency Department could share their personal Smart Cards to access
patient records (Thomas, 2007). In the event of inappropriate use of patient records, this
allows the system to trace who provided the access. While this may discourage inappropriate
use of care-record access, it does not necessarily prevent abuse from taking place in the first
instance. To access patient records, only one Smart Card holder open to bribery or coercion
is needed (Cross, 2006, p.658).
The Department currently relies on pseudonymisation of data to mitigate risks around
privacy. The pseudonymisation and level of aggregation for Summary Care Records and
Secondary Uses Services does not appear to be based on any best practice evidence to ensure
it is enough to protect individual privacy rights (Health Committee, 2007). A 2009 report
into government databases found the Secondary Uses Service and the Detailed Care Records
to ‘almost certainly’  be in breach of human rights and/or data protection law. The Report
also raised concerns in relation to Summary Care Records regarding the potential for abuse
of staff access privileges and lack of clarity on the terms and conditions of opting-out of the
system (Anderson et al., 2007).

The continued push to implement NPfIT in the face of serious concerns about privacy,
protection and security reflected a desire to avoid resolving the necessary trade-offs between
clinical gains and confidentiality. This attitude can be traced back at least to the NHS
Information Management and Technology Strategy of the early 1990s.

NPfIT’s apparent disregard for these issues was particularly problematic in the wider context
of the reported lack of communication and consultation with the end users particularly
health professionals, patients and the public (Health Committee, 2007). On the ground,
hospitals were also still being subjected to pressure from the Department to accept immature
technology, ‘in order to help the programme save face’  as some critics described  (Bacon and
Hope, 2013, p.131). The same critics describe this period as ‘a stalemate between hospitals
who refused to be guinea pigs for poor software and suppliers who were in so deep that they
didn’t know how to find a way out’  (p.133).

29
The End of NPfIT

A death knell had begun to sound from January 2009, when the Public Accounts Committee
criticised costs and progress to date. Costs were escalating without evidence of benefits,
despite the programme having run for seven years already. The Committee suggested that it
might be time to start looking beyond the NPfIT framework (PAC, 2009).

In June, Martin Bellamy, the Director of Programme and Service Delivery who had taken on
part of Richard Granger’s role, moved on after only nine months. Computer Weekly reported
that “Bellamy's job description was not clearly defined”, and quoted one executive as saying,
that “Bellamy had vague responsibilities for everything and clear responsibilities for virtually
nothing” (Computer Weekly, 2009b). Despite setbacks and rotation at the senior level (never
a good sign on a major project) there were persistent claims that everything was fine. In
January, Richard Bacon MP had called for Connecting for Health to wake up and face reality;
instead, NHS CIO Connelly wrote to colleagues inside her organisation about “maintain[ing]
the movement of delivery”, a confusing goal given that delivery had been conspicuously
lacking. Connelly herself moved on in June 2011 after a “fascinating and challenging time”
(Hall, 2014).

Much of the debate over NPfIT could be characterised as a clash between those closest to it,
who were committed to defending the programme and pushing through at all costs, and
those who objected on practical, technical or professional grounds. The financial crisis of
2007-08 and the ensuing recession caused a step change in the surrounding political
environment. “Investment”  was no longer a byword for good governance; soon, “waste”  and
“fiscal responsibility”  dominated the national debate. This instigated a new line of attack on
NPfIT: scrap a failing programme to save money. It was easier said than done.

In December 2009, the Secretary of State for Health, Andy Burnham, claimed in debate that
the programme was “essential” (House of Commons Debate, 2009-10, 502, col. 21). Alistair
Darling said the exact opposite in a television interview a few days later and duly cut the
budget from £12.7 billion to £12.1 billion (Computer Weekly, 2009c). The Conservatives and
Liberal Democrats went on to denounce the programme during their 2010 election
campaigns and made promises to drastically change or scrap it (Barr, 2010; Bruce, 2010).

In 2010 and afterwards, some in the IT sector maintained the project was still viable and that
problems were the result of “negative vibes”  from clinicians (ITProPortal, 2010) and public
concerns over data privacy rather than the failure of those implementing the programme
(Parker, 2010). This was all the more incredible given the litany of errors and failures to
date.

There was plenty of pre-election speculation about what a new government would do with
NPfIT. In Autumn 2010, the coalition announced that a “centralised, national approach is no
longer required”  and that a further £700 million would be saved by allowing Trusts to choose
their systems from a more plural supplier base (DH, 2010). This was a concession to
clinicians’  anger at being left out of the original planning but CSC and BT were by no means
being ditched –  as health minister Simon Burns admitted to Parliament, “Existing contracts

30
will be honoured” (HC Deb., 2010-1, 515, col. 21WS). It was realised early on that political
will alone was not enough to extricate the NHS from the programme.

The next twelve months brought further criticism, not least from the NAO, PAC, and the
Major Projects Authority, causing the Government to announce an “acceleration of the
dismantling”  in September 2011. The Cabinet Secretary exaggerated the Government’s
decisiveness, announcing that  “This Government will not allow costly failure of major
projects to continue” (DH, 2011). In fact, contracts and the associated expenditure still
remained, although each component in the programme would have its own Senior
Responsible Owner with responsibility for delivery. Connecting for Health was abolished in
March 2013.

The coalition government did its best to present each announcement as the expunging of the
previous government’s costly mistakes. Such declarations were undermined by requirements
to honour the existing contracts with Local Service Providers. PAC Chairman Margaret
Hodge branded the announcement of the programme’s disbandment “a deck chairs on the
Titanic exercise”  (PAC, 2011, Q13). As the Guardian put it, scrapping NPfIT had turned into
“a journey, not a destination”  (Matthieson, 2011).

This journey saw the programme morph into a vague imitation of the project the health
sector actually needed, although still within the strictures of contracts that could only be
unsatisfactorily renegotiated rather than escaped. Fragmentation, it turns out, does not have
to be the disaster the programme’s architects thought it would be. This contrast was best
expressed by Computer Weekly, one of the programme’s most committed critics:

At the time the programme was initiated, way back in 2003, the concept of
regional providers with some national applications was pitched as a compromise
between total centralisation and complete decentralisation. In truth, it was what
the technology available at the time was best at delivering […] Since then, the
internet has connected everyone, and if you started NPfIT today, it would be
blatantly obvious that you set common standards, and allowed everyone to do
their own thing with a standardised, interconnected infrastructure.
(Glick, 2010)

While the programme has been disbanded, controversies over privacy did not subside
entirely. As of April last year, more than 27 million Summary Care Records had been created.
The scope of the data in the records was reduced but there remains controversy over
implementation, although the focus for campaigners has now shifted to the wider sharing of
information as part of care.data.

31
Delivery

In any discussion about the programme, the Department and suppliers stress that important
parts have been delivered. The Major Projects Authority acknowledged this much in 2011:

The Spine, N3 Network, NHSmail, Choose and Book, Secondary Uses Service
and Picture Archiving and Communications Service are all business as usual and
form essential infrastructure. They represent approximately one third of the
£6.4bn total programme expenditure up to 31 March [2011].
(MPA, 2011)

These, however, are not the most important parts of the programme, nor the most expensive
(see value for money, below). A group of IT experts who challenged government in written
evidence to the PAC made clear that the central point of NPfIT, if there was one, was the
Local Care Record Systems (Kwo et al., 2007). Despite this, there is a persistent
unwillingness among those closest to the project, be they contractor or official, to
acknowledge the extent of the problems with delivery of these systems.

CSC

In 2008, CSC’s Deputy Head of Testing emailed his Chief Executive saying, "The project is
on a death march where almost as many defects are being introduced as are being fixed"
(Bowers, 2011). Despite this, senior executives continued to maintain to investors that
Lorenzo was on track. In 2011, having failed to meet deadline after deadline, CSC’s
representative at a PAC hearing claimed:

[…]I think we are on a track that we still can deliver the programme, and, as my
experience has been in the past, this is the point in the programme where we
have the base functionality in place, and it will start to pick up through the
ensuing developments.
(PAC, 2011)

This was shortly before CSC’s own investors sued the company for making misleading
statements about progress on the contracts, leading to a $100m settlement late last year. The
spokesperson also implied that payment received for Lorenzo to date had been only £24
million. In fact, a £200 million advance payment had been made to CSC the month before.
Despite nine years of work and charging millions of pounds, they could offer only “base
functionality”. In reality, not even this had been achieved. By June 2013, Lorenzo had been
delivered on ten sites (out of a contracted 166), of which seven were running the off the shelf
1.0 version as an interim. Three other sites were running the desired 1.9 version but not with
satisfactory functionality. NHS England Chief Tim Donohoe admitted to MPs that at the
“key”  Morecambe Bay site, this system was working “with the exception of the parts of the
software that have not been fully delivered”.  The first Trust to take Lorenzo was still
reporting patient safety risks at the beginning of 2014 (Renaud-Komiya, 2014).

32
New agreements between CSC and the Department for Health called for funding of £600
million, which included payments to the 22 Trusts who, it was anticipated, would take up the
software. These were described as a “bung”  by Richard Bacon MP, as although Trusts in the
relevant areas could look for other software, additional money would only be on offer to
those that took the centrally mandated offering. The Department asked Trusts to
demonstrate value for money with a cost/benefit ratio of 2.4 to 1 if they wanted to qualify for
the extra cash (PAC, 2013, Q71). It’s unclear how the figure of 2.4 was chosen, but a Trust
determined to access this fund has probably not been deterred by the barrier. It also raises,
once again, the question of what Government is hoping to achieve by facilitating and paying
for the introduction of these systems – whether they are trying to improve the NHS for
patients or offer the same quality of care for less money.

BT

By 2010, BT had delivered systems to just five London hospital Trusts, when it had been
contracted to provide for all of them by 2005. It had a similar renegotiation of its contract
with the Department but while its obligations were massively reduced by no longer having to
provide systems for 1,234 GP practices and the London Ambulance Service, only £73 million
was knocked off the price of their £1 billion contract (PAC, 2013).

In October 2013, BT was responsible for installing Cerner’s Millennium patient records
system for Croydon Health Services NHS Trust. This was hailed as a “success”  by its chief
executive, although the next month’s board papers reported network downtime, A&E delays,
loss of patient data, budget overruns, and loss of income (Davies, 2013). The Health and
Social Care Information Centre, the Connecting for Health successor body, had to step in
with funding to account for shortfalls and cost overruns, on top of central funding to
facilitate the installation in the first place (Collins, 2013a and 2013b).

Both BT and CSC have thus struggled to make their systems work where they are introduced.
American researchers looking at the installation of electronic health record systems by both
LSPs have found that the Croydon experience is not unique. Hospitals end up incurring
significant unexpected costs in training staff, testing the software (due to “inadequate vendor
testing”), and lost productivity. Overall, implementation is much slower and more
challenging than planners anticipate (Slight et al., 2014). Tony Collins claims that a general
attitude has taken hold in which “patients may have to suffer for the benefit of the system in
the long term”, and alleges that Cerner has a template document apologising for the
disruption caused by the introduction of systems on its sites (Collins interview, 2014).

Value for Money

The Department and NHS England have resolutely stuck to the line that despite the reduced
obligations on contractors and continued problems with delivery, the sums being spent
might still represent value for money. After being asked more than once, the Department
finally delivered a cost benefit analysis last year. The NAO reported on it in June 2013. This
showed that after twelve years, the programme looks set to deliver £10.7 billion of benefits
compared to £9.8 billion of costs.

33
The National Infrastructure element of NPfIT will have cost £2.3 billion and delivered
expected benefits of £1.6 billion by the end of the project’s life (DH, 2013). These parts
account for a relatively small proportion of the total benefits of the programme overall and
are not cost effective in their own right. The national infrastructure and applications’
anticipated benefits are the ones the Department is most certain of achieving because most
of them have been delivered already, whereas the regional programmes remain far from
delivering any of their anticipated benefits (NAO, 2013). Our point here is that the success
or failure of the national elements cannot be used as the measure of NPfIT’s success, though
this is something those closest to the programme try to hide behind.

For the South Programme for IT, and the London Programme (plus the Electronic
Prescription Service and Summary Care Record), 98 per cent of the anticipated benefits were
yet to have materialised in 2013. In the North, Midlands and East Programme for IT the
figure was 86 per cent. Together, these account for the majority of the £7 billion of the
anticipated benefits that are yet to be delivered, and as noted above, these roll outs are
proving extraordinarily difficult to achieve. On top of this, the £9.8 billion figure excludes
future costs for Lorenzo and the cost of any ending to the dispute with Fujitsu.

For these reasons, the NAO concludes there is “very considerable uncertainty”  and
“considerable potential risks to the realisation of future benefits”  (NAO, 2013), a warning
that has been borne out by the recent experiences of installing the systems. Any realistic
assessment does not suggest that the programme will show itself to have been value for
money. Figure 4 tries to explain the point by visualising the relative sizes and benefits, both
expected and actual, for each part of the programme.

Why would the Department conclude that it has secured “a good deal for the taxpayer”, as a
senior official claimed in a Public Accounts Committee evidence session last year? One of the
factors muddying this question is that there was no comprehensive baseline established at
the outset of the programme against which progress could be compared. The baseline
officials are comparing against is what would have happened without contract
renegotiations. The feeling among those currently in charge appears to be that they are doing
quite well given the mess they started with. However, no-one has seriously claimed that this
is what they would wish for had the slate been wiped clean. The programme has certainly not
been value for money compared to the much cheaper and much less complex programme
that should have been implemented, which was the creation of common standards and
support for Trusts to produce their own systems, though it is impossible to know how much
would have been saved had this been the chosen path.

The continued pursuit of the now dismantled programme begs another question –  why not
simply walk away from the contracts? The answer is that it is not possible. After investing
many millions of pounds, suppliers were obliged to realise the expected value of the
programme. The Department tried terminating Fujitsu’s contract (though what happened is
variously described as a “termination”  or a “withdrawal”, depending on who is asked). They
later explained:
When we cancelled the contract with Fujitsu, the advice we were given at the
time was that everything would be fine. But of course several years later we are
still involved in legal details.
(PAC, 2013)

34
 Contractors accused of contractual breaches are incentivised to counter-sue and recover as
much of their costs (and perhaps some of the value of the contract) as they can. The cost of
lawyers alone has exceeded £30m and that’s before the cost of any settlement (PAC, 2013).
With such complex contracts, it was not a surprise to discover that the Department had
undermined its negotiating position by failing to meet some of its own contractual
obligations, most notably the obligation to provide Trusts that would be willing to buy the
systems. The Department could thus only negotiate weak settlements with CSC and BT. This
was tantamount to paying a similar amount for less, and was contrary to the obvious political
desire to scrap the whole thing.

4000  

3500  
BENEFITS   COSTS  
3000  

2500  

2000  

1500  

1000  

500  

0  
£  (millions)  

 
Local  Care  Record  Programmes  

Figure 4. Data taken from DH, 2013.

This chart compares costs and benefits for each aspect of the programme. Blue columns represent costs, orange columns
represent benefits. The dark lower halves of the columns represent actual costs or benefits as they stood in March 2012.
The light upper parts represent further anticipated costs or benefits that were to accrue over the life of the components.

Those overseeing the programme have pointed to national infrastructure and applications (picture archiving and
everything else to the right of the chart) as evidence that the programme has been relatively successful. While there have
undoubtedly been benefits, much of it has been relatively modest compared to that expected from the programme as a
whole, and even then in some cases the benefits have failed to match cost. This is especially true for the Summary Care
Records, which was another high profile element of NPfIT that failed to deliver.

£6.4 billion of the £9.7 billion overall cost is tied up in the Local Care Records Systems (the London, South, North,
Midlands, and East programmes). Here, very high costs have already been accrued for almost no benefits. The costs
analysis presented here does not take into account money that has been or will be spent settling with Fujitsu or future
costs that may be associated with the deployment of Lorenzo. It does not take into account the cost burden experienced
by Trusts which were left with poor functioning systems due to delays. The chart does not take into account the benefits
that might have accrued if functional systems had been delivered to the 150-plus Trusts that were originally meant to
receive them. The anticipated benefits are very soft. They depend on further roll outs which are far from guaranteed.

We should acknowledge the warnings we heard from some quarters that these figures are not as reliable as their
specificity would suggest. But we do believe they help convey one of the key criticisms of NPfIT. Its success or failure was
not about the Spine, Choose and Book, or the Summary Care 35Record. The real potential of NPfIT, and its costs, was in
the local care records for which there was proven need. Compared to what might have been, the programme has been a
costly – even abject - failure.
Conclusion

The opening chapter listed a whole series of IT failures and reports based on those failures. It
made clear through its examples that the causes of IT project failure were well understood
when NPfIT was set in motion. NPfIT’s story contains many well-worn themes, which we
can group into three broad categories:

Haste
• An unrealistic timetable
• No time to engage with users and privacy campaigners
• Inadequate preliminary work
• Failure to check progress against expectations
• Failure to test systems

Design
• Failure to recognise the risks or limitations of big IT projects
• Failure to recognise that the longer the project takes, the more likely it is to be overtaken
by new technology
• Sheer ambition
• The project is too large for the leadership to manage competently
• Confidentiality issues

Culture and Skills

• A lack of clear leadership  
• Not knowing, or continually changing, the aim of the project  
• Not committing necessary budget from the outset
• Not providing training
• A lack of concern for privacy issues
• No exit plans and no alternatives
• Lack of project management skills
• Treasury emphasis on price over quality
• IT suppliers depend on lowballing for contracts and charge heavily for variations to poorly
written specifications

All of these issues can be identified to varying extent in the story of NPfIT and they have
been repeated in government projects since. We acknowledge that many of these problems
interact. For instance, politicians inexperienced in the creation of complex systems allow
their political ambitions to influence their desire to create large projects that can be
completed in the life of a single Parliament. This is, all at once, a problem of haste, design,
skills and culture.

Would it happen again today?

There has been a major overhaul in government procurement policy since NPfIT was
initiated. Recently, the Government Chief Procurement Officer railed against the IT
“oligopoly”, citing the example of a department buying a new computer cable (BBC, 2013).

36
The far reaching, comprehensive contract that had been signed with the supplier required
the new cable to come from them only. It cost £65 despite having a retail value of £20. One
industry figure commented, “The main thing that surprises me about this statement is that
someone from inside government has been prepared to openly go on record about it.”

Clearly, government has become leery of being lured into such captive relationships. Since
February last year, the government has adopted a policy of “buying and managing
government goods and services more efficiently and effectively”, part of which aims to
“make sure that small and medium-sized enterprises (SMEs) have access to government
contract opportunities” and also includes the formation of a Crown Commercial Service to
consolidate procurement knowledge within government (Cabinet Office, 2013). To date, lead
in times for all forms of procurement have fallen from an average of 200 days to fewer than
100 (Cabinet Office, 2011; Government Procurement Service, 2012). The Cabinet Secretary
has also announced his “red lines” for IT purchases. These include:

• no IT contract over £100 million in value will be allowed unless there is an

exceptional reason to do so. Smaller contracts mean competition from the
widest possible range of suppliers
• companies with a contract for service provision will not be allowed to provide
system integration in the same part of government
• there will be no automatic contract extensions and no existing contracts will be
extended unless there is a compelling case
• new hosting contracts will not last for more than 2 years
(Cabinet Office, 2014)

There are challenges in breaking up contracts, as government will have to co-ordinate

multiple suppliers. But as one of our interviewees pointed out, it’s not as though the private
sector has been doing a good job at this to date. Smaller contracts also means government
will be able to follow through on its promise to open up access to contracts to SMEs. Perhaps
more public money will start flowing to the small scale health IT providers that were so badly
hit when central government imposed its own solutions.

There has also been the news that an open-source database will be used to rebuild the Spine,
part of a general push to use more open-source technology in government. This is a positive
step for government, which thought being risk averse meant signing long term contracts with
high profile companies, only to make itself captive to proprietary technologies and liable to
enormous long term costs (Baldwin, 2013).

A long term, aggregated, disjointed, multi-billion pound monster like NPfIT could never fit
inside the newly defined red lines. Smaller programmes mean less complexity, less time, and
lower costs. This addresses two of our criticisms, regarding design and haste. We cannot say,
however, that these reforms will be enough on their own to prevent NPfIT style disasters.
There are skill deficits in government and serious cultural issues in both government and its
suppliers.

37
For one thing, the end of big IT contracts and emphasis on procuring from SMEs does not
mean an end to big company involvement. Even while in legal dispute with Fujitsu,
government was signing new deals for IT services with them (HC Deb. (2013-14) 573, col.
609W). The major supplier habit is one that will be hard to break. There are also clear signs
that whatever the intentions of government, big companies are strategising to maintain their
privileged positions. Fujitsu recently published research entitled “Collaboration Nation”
(2014) which claimed that just 6% of SMEs felt Government contracts had become easier to
access and that a majority of SMEs want to partner with bigger companies on major
contracts – presumably they mean companies like Fujitsu.

Another problem is that government is already supposed to have methods for keeping
projects on the straight and narrow but the culture of political expediency can overwhelm
them. There are supposed to be risk assessments before major projects are initiated. As
Bacon has pointed out, NPfIT’s were created and then expunged or ignored (PAC, 2011,
Q145). There are supposed to be senior responsible owners to ensure continuity of
leadership and accountability. NPfIT had any number of leaders, some of whom lasted for
only a matter of months. Creating new paperwork or processes is no guarantee of change.

The latest push to improve has come from the Cabinet Office but other Departments do not
seem to appreciate the interference, reflecting a deeply engrained protectiveness and the
siloed nature of government. The Government Digital Service, although lauded for its
success to date, is yet to prove that it can bring modern, “agile” IT project management
methods to bear on major public initiatives, or that it can successfully overcome
Departments’ efforts to block them from intervening.

There are also major problems that these plans simply cannot address: lawyers, officials and
negotiators in industry who are better co-ordinated and better incentivised than their
government counterparts; the skills deficit among the ministers and officials who initiate
and manage such projects; civil servant rotation, which aggravates skills deficits, breaks up
continuity of leadership and lines of responsibility, and causes a lack of institutional
memory; ministerial activism, driven by a desire to be noticed and promoted; an electoral
cycle that demands results within the life of a Parliament; even the very system of
departmental government itself (Bacon and Hope, 2013; King and Crewe, 2013).

In short, there’s not yet any failsafe way of stopping a new senior minister with a strong
personality, a big mandate, campaign promises, short deadlines, and no experience of major
IT systems from sweeping all before them and initiating yet another disaster. Producing a
solution to this is tricky. Tony Collins glibly suggests that as “politicians want to be
immortalised by their actions”, instead of letting them launch ill-advised IT projects, “it
would be much cheaper to just build them a statue” (Collins, 2014).

38
One senior civil servant we spoke to acknowledged that, given many ministers have never
run anything like a government department before, it is too much to expect them to know
the challenges inherent to IT procurement. In this person’s view, the burden lies on officials
to stand in the way of politicians’ ambitions:

If a senior official lets a politician dictate such a situation, it will end with poor
results. The fault lies with the official. That is poor service. The minister is
probably not an expert in a subject such as IT. If Tony Blair demanded it today,
and I yield, then more fool me. I should be articulate in giving advice.

“Speak truth to power” is a phrase that has become associated with the cause of civil service
reform (Maude, 2013, and Public Administration Committee, 2013). We look forward to the
day when officials in all departments are willing and able to better address policies that
entail IT procurement. We put equal emphasis on both willingness and ability. We put
emphasis on the development of those at every level of the civil service, be they advising on
policy or implementing it. We identify this as the key remaining challenge, though how to
address it is beyond the scope of this project.

39
Appendix 1

Structure of NHS in 2002, (adapted from Brennan, 2005, p.24, Figure 3.1)

40
Bibliography

Anderson, R. 1995. NHS-wide networking and patient confidentiality. British Medical

Journal, 311, 5-6.

Anderson, R. 1996. Security in Clinical Information Systems. [report] Cambridge, UK:

Computer Laboratory, University of Cambridge.

Anderson, R. 2001. Undermining data privacy in health information. British Medical

Journal, 322, 442-443.

Anderson, R., Brown, I., Dowty, T., Heath, W., Inglesant, P., Sasse, A. 2009. Database State.
York: Joseph Rowntree Reform. [online]. Available from:
http://www.cl.cam.ac.uk/~rja14/Papers/database-state.pdf. [Accessed 9 February
2014].

Anderson, R., Randell, B., Backhouse, J., Reddy, U., Bustard, D., Ryan, P….Tully, C. 2010.
The NHS’s National Programme for Information Technology: A Dossier of Concerns.
[online]. Available from: http://homepages.cs.ncl.ac.uk/brian.randell/Concerns.pdf
[Accessed 5 February 2014].

Bacon, R. and Hope, C. 2013. Conundrum: why every government gets things wrong and
what we can do about it. [Kindle edition] London, UK: Biteback Publishing.

Baldwin, C. 2013. NHS to replace NPfIT Spine system with open-source technology.
[online] Available from: http://www.computerweekly.com/news/2240207023/NHS-
turns-to-open-source-technology-as-replacement-to-NPfIT-Spine-programme
[Accessed: 15 February 2014].

Barr, F. 2010. E-Health Insider: Lamb sets out ideas for NHS and IT. [online] Available
from: http://www.ehi.co.uk/news/EHI/5620/lamb-sets-out-ideas-for-nhs-and-it
[Accessed: 15 February 2014].

Brennan, S. 2001a. EPR Arms (March 2001). British Journal of Healthcare Computing and
Information Management, 18 (2), 18.

Brennan, S. 2001b. EPR Arms: ‘Investing in information’ (April 2001). British Journal of
Healthcare Computing and Information Management, 18 (3), 16.

Brennan, S. 2001c. EPR Arms: ‘Targets, targets, targets’ (May 2001). British Journal of
Healthcare Computing and Information Management, 18 (4), 21.

Brennan, S. 2002a. EPR Arms: ‘Reviewing progress’ (February 2002). British Journal of
Healthcare Computing and Information Management, 19 (1), 13-17.

Brennan, S. 2002b. EPR Arms: ‘Corporate ignorance’ (June 2002). British Journal of
Healthcare Computing and Information Management, 19 (5), 13.

Brennan, S. 2005. The NHS IT project: The biggest computer programme in the world...
ever! Oxford, UK: Radcliffe Publishing Ltd.

Brennan, S. 2014. Interview on the National Programme for IT in the NHS. Interviewed by
Alexander Hayton and Mark Vuaran [telephone interview] University of Cambridge,
Cambridge, UK, Friday 7 February 2014.

41
Bowers, S. 2011. CSC sued by investors over losses on disastrous NHS contract. [online]
Available from: http://www.theguardian.com/technology/2011/oct/02/csc-sued-by-
investors-nhs-contract [Accessed: 15 February 2014].

Brown, T. 2001. Modernisation or failure? IT development projects in the UK public sector.

Financial Accountability & Management, 17 (4), 363-381.

Bruce, S. 2014. E-Health Insider: Tories to publish government contracts. [online] Available
from: http://www.ehi.co.uk/news/ehi/5634/tories-to-publish-government-contracts
[Accessed: 15 February 2014].

Cabinet Office. 2000. Successful IT: Modernising Government in Action. Modernising

Government. [report] London, UK: The Stationery Office Ltd.

Cabinet Office. 2013. Ministers and Mandarins: speaking truth unto power - Speeches -
GOV.UK. [online] Available from:
https://www.gov.uk/government/speeches/ministers-and-mandarins-speaking-truth-
unto-power [Accessed: 15 February 2014].

Collins, T. 2013. An NPfIT, BT and Cerner go-live success?. [online] Available from:
http://blogs.computerworlduk.com/the-tony-collins-blog/2013/12/a-new-npfit-
success/index.htm [Accessed: 15 February 2014].

Collins, T. 2013. Patient records go-live "success" – or a new NPfIT failure?. [online]
Available from: http://ukcampaign4change.com/2013/12/09/patient-records-go-live-
success-or-a-new-npfit-failure/ [Accessed: 15 February 2014].

Collins, T. 2014. Interview on the National Programme for IT in the NHS. Interviewed by
Oliver Campion-Awwad, Alexander Hayton, Leila Smith and Mark Vuaran [telephone
interview] University of Cambridge, Cambridge, UK, Thursday 6 February 2014.

Computerweekly.com. 2007. Richard Granger's departure may jeopardise NHS IT

programme. [online] Available from:
http://www.computerweekly.com/news/2240081088/Richard-Grangers-departure-
may-jeopardise-NHS-IT-programme [Accessed: 7 February 2014].

Computerweekly.com. 2009 (a). Public Accounts Committee criticises NPfIT. [online]

Available from: http://www.computerweekly.com/news/2240088135/Public-Accounts-
Committee-criticises-NPfIT [Accessed: 14 Feb 2014].

Computerweekly.com. 2009 (b). NHS CIO e-mail announces loss of NPfIT leader. [online]
Available from: http://www.computerweekly.com/news/1280089990/NHS-CIO-e-
mail-announces-loss-of-NPfIT-leader [Accessed: 14 Feb 2014].

Computerweekly.com. 2009 (c). NHS IT scheme to be scaled back. [online] Available from:
http://www.computerweekly.com/news/1280091579/NHS-IT-scheme-to-be-scaled-
back [Accessed: 14 Feb 2014].

Cross, M. 2006. Keeping the NHS electronic spine on track. British Medical Journal. Vol
332, 656-659.

Cundy, P. 2014. Interview on the National Programme for IT in the NHS. Interviewed by
Alexander Hayton, Leila Smith and Mark Vuaran [telephone interview] University of
Cambridge, Cambridge, UK, Monday 3 February 2014.

42
Davies, G. 2014. Hospital's new IT system 'has increased waiting times and led to lost
patient data'. [online] Available from: http://www.croydonadvertiser.co.uk/Hospital-s-
new-increased-waiting-times-led-lost/story-20529534-detail/story.html [Accessed: 15
February 2014].

Denley, I., W, Smith, S. 1999. Privacy in clinical information systems in secondary care.
British Medical Journal, 318, 1328-1330.

Department of Health (DH). 1997. The Caldicott Committee: Report on the Review of
Patient-Identifiable Information. [report] London, UK: The Stationery Office Ltd.

Department of Health (DH). 1997. The New NHS: Modern. Dependable. [report] London,
UK: The Stationery Office Ltd.

Department of Health (DH). 2002. Delivering 21st Century IT Support for the NHS:
National Strategic Programme. [report] London, UK: The Stationery Office Ltd.

Department of Health (DH), 2010. The future of the National Programme for IT :
Department of Health - Media Centre. [online] Available at:
http://webarchive.nationalarchives.gov.uk/20130107105354/http://www.dh.gov.uk/en
/MediaCentre/Pressreleases/DH_119293 [Accessed: 15 February 2014].

Department of Health (DH), 2013. Final benefits statement for programmes previously
managed under the National Programme for IT [online]. Available at:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/2056
87/Benefits_statement.pdf [Accessed: 15 February 2014].

e-Health Insider. 2008. E-Health Insider: Six years since Blair seminar began NPfIT.
[online] Available from: http://www.ehi.co.uk/news/ehi/3484 [Accessed: 6 February
2014].

e-Health Insider. 2007. NHS chief exec pledges to help resolve CRS issues. 5 June. [online].
Available from:
http://ehidev.clients.monochromedns.co.uk/news/2753/nhs_chief_exec_pledges_to_h
elp_resolve_crs_issues [Accessed 5 February 2014].

e-Health Insider. 2006. GPs and their families urged to boycott NHS 'spine'. 20 June.
[online]. Available from: http://www.ehi.co.uk/news/ehi/1956/gps-and-their-families-
urged-to-boycott-nhs-'spine' [Accessed 9 February 2014].

Flint, C. 2007. House of Commons Debate: Daily Hansard – Debate. 6 June 2007, c280.
[online]. Available from:
http://www.publications.parliament.uk/pa/cm200607/cmhansrd/cm070606/debtext/
70606-0007.htm#07060669001620. [Accessed 9 February 2014]

Fujitsu.com. 2014. Fujitsu and SMEs: Collaboration Nation - Fujitsu UK. [online] Available
from: http://www.fujitsu.com/uk/about/local/smes/collaboration-nation/ [Accessed:
15 February 2014].

Glick, B. 2010. NHS National Programme for IT - the last of the government mega-projects
- Computer Weekly Editor's Blog. [online] Available from:
http://www.computerweekly.com/blogs/editors-blog/2010/09/nhs-national-
programme-for-it.html [Accessed: 15 February 2014].

43
Gov.uk. 2011. Dismantling the NHS National Programme for IT - Press releases - GOV.UK.
[online] Available from: https://www.gov.uk/government/news/dismantling-the-nhs-
national-programme-for-it [Accessed: 15 February 2014].

Gov.uk. 2011. Major Projects Authority Assessment Review of the National Programme for
IT. [online] Available from:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/6225
6/mpa-review-nhs-it.pdf [Accessed: 15 February 2014].

Gov.uk. 2013. Buying and managing government goods and services more efficiently and
effectively - Policy - GOV.UK. [online] Available from:
https://www.gov.uk/government/policies/buying-and-managing-government-goods-
and-services-more-efficiently-and-effectively [Accessed: 15 February 2014].

Gov.uk. 2014. Government draws the line on bloated and wasteful IT contracts - Press
releases - GOV.UK. [online] Available from:
https://www.gov.uk/government/news/government-draws-the-line-on-bloated-and-
wasteful-it-contracts [Accessed: 15 February 2014].

Hall, K. 2011. Christine Connelly quits as NHS CIO. [online] Available from:
http://www.computerweekly.com/news/2240104858/Christine-Connelly-quits-as-
NHS-CIO [Accessed: 14 Feb 2014].

Hawking, M. 2014. Interview on the National Programme for IT in the NHS. Interviewed by
Leila Smith and Mark Vuaran [telephone interview] University of Cambridge,
Cambridge, UK, Friday 31 January 2014.

Health Committee. 2007. The Electronic Patient Record. London: House of Commons.
[online]. Available from:
http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422.pd
f . [Accessed 5 February 2014].

Heeks, R., Mundy, D. and Salazar, A. 1999. Why Health Care Information Systems Succeed
or Fail. Information Systems for Public Sector Management Working Paper Series.
[report] Manchester, UK: Institute for Development Policy and Management, University
of Manchester.

Hippisley-Cox, J., Pringle, M., Cater, R., Wynn, A., Hammersley, V., Coupland, C., Hapgood,
R., Horsfield, P., Teasdale, S. and Johnson, C. 2003. The electronic patient record in
primary care—regression or progression? A cross sectional study. British Medical
Journal, 326, 1439-1443.

House of Commons Public Accounts Committee (PAC). 2000a. Improving the delivery of
government IT projects. Public Accounts - Session 1999-2000 - First report. [report]
London, UK: The Stationery Office Ltd.

House of Commons Public Accounts Committee (PAC). 2000b. The 1992 and 1998
information management and technology strategies of the NHS Executive. Public
Accounts - Session 1999-2000 - Thirteenth report. [report] London, UK: The Stationery
Office Ltd.

House of Commons Public Accounts Committee (PAC). 2007. Department of Health: The
National Programme for IT in the NHS. Session 2006-2007 - Twentieth report. HC
390 [report] London, UK: The Stationery Office Ltd.

44
House of Lords Science and Technology Committee (STC). 1998. Resistance to Antibiotics
and Other Antimicrobial Agents. Science and Technology - Session 1997-1998 - Seventh
report. [report] London, UK: The Stationery Office Ltd.

ITProPortal. 2010. Dell: don't scrap NHS IT programme. [online] Available at:
http://www.itproportal.com/2010/05/21/dell-dont-scrap-nhs-it-
programme/#ixzz2saggwTfT [Accessed: 15 February 2014].

Kablenet. 2008. Minister confirms low Lorenzo usage. 17 December. [online]. Available
from: http://www.theregister.co.uk/2008/12/17/lorenzo_low_use/ [Accessed 5
February 2014].

King, A., Crewe, I. 2013. The Blunders of our Governments. London: Oneworld.

Kwo, D., Shackman, A. and Hunter, B. 2007. House of Commons - Public Accounts -
Minutes of Evidence. [online] Available from:
http://www.publications.parliament.uk/pa/cm200607/cmselect/cmpubacc/390/6062
644.htm [Accessed: 15 Feb 2014].

Lærum, H., Ellingsen, G. and Faxvaag, A. 2001. Doctors’ use of electronic medical records
systems in hospitals: cross sectional survey. British Medical Journal, 323, 1344-1348.

Laporte, R. E. 1994. Global public health and the information superhighway. British Medical
Journal, 308, 1651-1652.

Mathieson, S. 2011. Scrapping the National Programme for IT: a journey not a destination.
[online] Available from: http://www.theguardian.com/healthcare-
network/2011/sep/22/npfit-ends-cfh-andrew-lansley-bt-csc [Accessed: 15 February
2014].

Major Projects Authority (MPA). 2011. Programme Assessment Review of the National
Programme for IT. [report] London, UK: MPA.

Mandl, K., Szolovits, P. and Kohane, I. 2001. Public standards and patients’ control: how to
keep electronic medical records accessible but private. British Medical Journal, 322,
283-285.

National Audit Office (NAO). 2013. Review of the final benefits statement for programmes
previously managed under the National Programme for IT in the NHS. [online]
Available from: https://www.nao.org.uk/report/review-of-the-final-benefits-statement-
for-programmes-previously-managed-under-the-national-programme-for-it-in-the-
nhs/ [Accessed: 15 February 2014].

National Audit Office (NAO). 2006. Department of Health: The National Programme for IT
in the NHS. HC 1173 [report] London, UK: The Stationery Office Ltd.

National Audit Office (NAO). 2011. Department of Health: The National Programme for IT
in the NHS: an update on the delivery of detailed care records systems. London: House
of Commons. [online]. Available from: http://www.nao.org.uk/wp-
content/uploads/2011/05/1012888.pdf. [Accessed 5 February 2014].

NHS Executive. 1998. Information for Health: An Information Strategy for the Modern
NHS 1998-2005. A national strategy for local implementation. [report] Leeds, UK:
NHS Executive.

45
NHS, 2014. Better Information Means Better Care: NHS contacts all English households
from today. [online]. Available from: http://www.england.nhs.uk/wp-
content/uploads/2014/01/cd-leaflet-01-14.pdf.[Accessed 5 February 2014].

Official Report, 2009-10. House of Commons, Vol. 502, col. 21.

Official Report, 2010-11. Vol 515, col. 21WS

Office of Government Commerce (OGC), 2002. Title of Project: Delivering 21st Century IT
support in the NHS – National Strategic Programme. Gate Review: 0 – Strategic
Assessment. Available from:
http://www.connectingforhealth.nhs.uk/about/foi/g0nsp0217.pdf [Accessed: 9
February 2014]

Parker, T. 2010. Future of NHS IT Programme Thrown Into Doubt « E-Government

Bulletin Live. [online] Available from: http://www.headstar.com/egblive/?p=483
[Accessed: 15 February 2014].

Public Administration Committee. 2013. Truth to power: how Civil Service reform can
succeed. [online] Available at:
http://www.publications.parliament.uk/pa/cm201314/cmselect/cmpubadm/74/74.pdf
[Accessed: 15 February 2014].

Publications.parliament.uk. 2009. House of Commons - The National Programme for IT in

the NHS: Progress since 2006 - Public Accounts Committee. [online] Available from:
http://www.publications.parliament.uk/pa/cm200809/cmselect/cmpubacc/153/15302.
htm [Accessed: 14 February 2014].

Publications.parliament.uk. 2011. House of Commons - Public Accounts Committee - No -

Minutes of Evidence: HC 294. [online] Available from:
http://www.publications.parliament.uk/pa/cm201314/cmselect/cmpubacc/294/130612
.htm [Accessed: 15 February 2014].

QinetiQ, 2005. NHS Connecting for Health: Process Capability Appraisal. [online]
Available from: http://www.nao.org.uk/wp-
content/uploads/2006/06/05061173_Qinetiq.pdf [Accessed: 5 February 2014]

Renaud-Komiya, N. 2014. Tameside's Lorenzo difficulties continue. [online] Available from:

http://www.hsj.co.uk/news/tamesides-lorenzo-difficulties-
continue/5067015.article#.Uvk9cPl_v4Y [Accessed: 15 February 2014].

Revill, J. 2006. Thousands of children at risk after computer fault. The Observer. 26
February. [online]. Available from:
http://www.theguardian.com/society/2006/feb/26/health.medicineandhealth1
[Accessed 5 February 2014].

Ritter, T. 2008a. Secret papers reveal Blair's rushed NPfIT plans - Public Sector IT. [online]
Available from: http://www.computerweekly.com/blogs/public-sector/2008/02/secret-
papers-reveal-blairs-ru.html [Accessed: 6 February 2014].

Ritter, T. 2008b. NPfIT - a prescient warning from 2002 - Public Sector IT. [online]
Available from: http://www.computerweekly.com/blogs/public-sector/2008/06/npfit-
a-prescient-warning-from.html [Accessed: 6 February 2014].

Ritter, T. 2007. The biggest challenge - speech by Lord Hunt, minister in charge of the
NHS's £12.4bn National Programme for IT. Public Sector IT. March 20. [online].

46
 Available from: http://www.computerweekly.com/blogs/public-sector/2007/03/the-
biggest-challenge-speech-b.html. [Accessed 5 February 2014].

Santry, C. 2007. New national IT setback as devolution is delayed. Health Services Journal.
12 April. [online]. Available from: http://www.hsj.co.uk/news/new-national-it-setback-
as-devolution-is-delayed/56422.article#.UvKVFnm50xI [Accessed 5 February 2014].

Select Committee on Health, 2007. Sixth Report. House of Commons. [online]. Available
from: http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/
42202.htm

Shackman, A. 2007. Select Committee on Health Written Evidence: Evidence submitted by

Alan Shackman (EPR 38). [online]. Available from:
http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422we
67.htm#n108 [Accessed 6 February 2014].

Slight, S.P., Quinn, C., Avery, A.J., Bates, D.W., Sheikh, A., 2014. A qualitative study
identifying the cost categories associated with electronic health record implementation
in the UK. Journal of the American Medical Information Association. Available from:
http://jamia.bmj.com/citmgr?gca=amiajnl;amiajnl-2013-002404v1 [Accessed: 15
February 2014].

Thomas, R. 2007. Select Committee on Health Written Evidence: Evidence submitted by the
Information Commissioner (EPR 24). [online]. Available from:
http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422we
26.htm [Accessed 9 February 2014].

Tonks, A. 1993. Information management and patient privacy in the NHS. British Medical
Journal, 307, 1227-1228.

Todd, R. 2013. E-Health Insider: £50m of tech fund rolled over. [online] Available from:
http://www.ehi.co.uk/news/ehi/9098/%C2%A350m-of-tech-fund-rolled-over
[Accessed: 15 February 2014].

Ungoed-Thomas, J., Rogers, L. 2006. Focus: Anatomy of a £15bn gamble. The Sunday
Times. 16 April. [online]. Available from:
http://www.thesundaytimes.co.uk/sto/news/uk_news/article199597.ece. [Accessed: 5
February 2014].

Wanless, D. 2002. Securing our Future Health: Taking a Long-Term View. [report]
London, UK: The Stationery Office Ltd.

Watson, N. 2001. Using information technology in the modern NHS: March 2001. [online]
Available from:
http://www.eguidelines.co.uk/eguidelinesmain/gip/vol_4/mar_01/watson_it_march0
1.htm#.Uvdt2XnFZ9s [Accessed: 9 Feb 2014].

47