Intended for healthcare professionals

  1. News & Views
  2. Failing IT...
  3. Failing IT infrastructure is undermining safe healthcare in the NHS
Editorials

Failing IT infrastructure is undermining safe healthcare in the NHS

BMJ 2022; 379 doi: https://doi.org/10.1136/bmj-2022-073166 (Published 09 November 2022) Cite this as: BMJ 2022;379:e073166
  1. Joe Zhang, clinical research fellow1,
  2. Sanjay Budhdeo, clinical research fellow2,
  3. Hutan Ashrafian, lead for applied artificial intelligence and big data analytics1
  1. 1Institute of Global Health Innovation, Imperial College London, London, UK
  2. 2Department of Clinical and Movement Neurosciences, University College London, London
  1. Correspondence to: J Zhang joe.zhang{at}imperial.ac.uk

Improvement is an urgent priority

Earlier this year, information technology (IT) systems at one of the largest hospital trusts in the NHS stopped working for 10 days.1 This was the latest in a long history of NHS IT system failures across primary and secondary care.23

As “paperless” is now the default operating mode for many healthcare systems globally, IT failures block access to records, prevent clinicians from ordering investigations, restrict service provision,4 and bring to a halt the everyday business of healthcare. Increasing digital transformation means such failures are no longer mere inconvenience but fundamentally affect our ability to deliver safe and effective care. They result in patient harm5 and increased costs.6

This year’s 10 day outage occurred during a record breaking heatwave, but the immediate climate related trigger masked the root cause: chronic lack of attention to IT infrastructure,7 the physical resources underpinning an organisation’s software and data. These vital resources include computers, servers, and networks, as well as the supporting processes and staff to ensure their usability, stability, and security. Unlike the procurement of electronic health records, for example, investment in infrastructure is rarely prioritised and easily viewed as a cost to keep down rather than an investment that increases productivity.8

The consequences are substantial. A recent survey of NHS trusts commissioned by NHS England9 shows that electronic health records do not improve user experience in settings with unreliable, slow IT. Inefficient or unavailable systems compromise patient safety, and the BMA estimates that a substantial proportion (27%) of NHS clinicians lose over four hours a week through inefficient IT systems.10 The BMA report also found deficiencies in investment and lack of clinician engagement in procurement.

Outdated infrastructure is also a risk to data security. UK central guidance recommends backing up healthcare data off site.1112 However, without a transparent audit process, it is unclear how well providers conform to these guidelines. The unprecedented duration of the most recent incident indicates that data security procedures at the affected trust were inadequate.

There is a growing disconnect between government messaging promoting a digital future for healthcare (including artificial intelligence) and the lived experience of clinical staff coping daily with ongoing IT problems.13 Digital capabilities exist in a strict hierarchy, with IT infrastructure as the foundational layer. This digital future will not materialise without closer attention to crumbling IT infrastructure and poor user experiences.

How to do better

There is no one-size-fits-all solution. However, the NHS can learn from approaches taken elsewhere. In the US, for example, the effect of health IT on end users is an active area of research, particularly on how functionality of IT systems affects clinician burnout and effectiveness.14 Federal oversight of healthcare IT infrastructure (through the Office of the National Coordinator) can identify problems and coordinate a response.

To facilitate a transformation of IT infrastructure in the NHS we need to start with systematic and transparent measurement of IT procurement, capability, and functionality at the level of clinicians, organisations, and commissioners. Higher level data paired with outcomes from end users, including clinicians and patients, would help identify gaps between procurement decisions and the effectiveness of infrastructure on the ground. Transparency will facilitate sharing of best practice and allow independent scrutiny of the health and economic effects of IT failures (much as serious cybersecurity events such as Wannacry have been dissected15). In the NHS, the What Good Looks Like framework sets national standards for such granular assessments.16

Armed with this understanding, quality improvement cycles must become routine in IT governance, as they are in clinical care. This means developing local cultures amenable to learning and change, along with commissioning body oversight of any variations in practice and quality among regional providers. IT problems—including single incidents that compromise care—should be flagged as quality and safety concerns for urgent attention. Regular re-evaluation of provider performance against peers nationally will introduce regular pressure for improvement.

A centrally directed “carrot and stick” approach could create incentives for change. Government must provide the investment needed to identify and rectify poor performance but also demand accountability, with minimum standards for IT function and stability. Adoption of key standards in areas with known safety and security implications should be enforced through legislation. The NHS has no dedicated health IT regulator, but inclusion of digital issues in the Care Quality Commission’s assessments of quality and safety is long overdue.17

We must not tolerate problems with IT infrastructure as normal. Poorly functioning IT systems are a clear and present threat to patient safety that also limit the potential for future transformative investment in healthcare. Urgent improvement is an NHS priority.

Footnotes

  • Competing interests: The BMJ has judged that there are no disqualifying financial ties to commercial companies. The authors declare the following other interests: JZ acknowledges funding from the Wellcome Trust (203928/Z/16/Z) and support from the National Institute for Health Research (NIHR) biomedical research centre based at Imperial College NHS Trust and Imperial College London. SB acknowledges funding from the Wellcome Trust (566701). Further details of The BMJ policy on financial interests are here: https://www.bmj.com/sites/default/files/attachments/resources/2016/03/16-current-bmj-education-coi-form.pdf.

  • Provenance and peer review: Not commissioned; externally peer reviewed.

References

  1. Abbs I. An apology from the chief executive for the IT failure at Guy’s and St Thomas’. 2022. https://www.guysandstthomas.nhs.uk/news/apology-chief-executive-it-failure-guys-and-st-thomas
  2. Potter C. GPs playing catch-up on patient consultations after Monday morning EMIS outage. Pulse Today 2021 Apr 19. https://www.pulsetoday.co.uk/news/technology/gps-playing-catch-up-on-patient-consultations-after-monday-morning-emis-outage/
  3. Hughs O. FOI: NHS IT systems suffer 55 days’ downtime over three-year period. Digital Health 2018 Jul 11. https://www.digitalhealth.net/2018/07/nhs-it-systems-suffer-55-days-downtime-over-three-year/
  4. Campbell D. London NHS trust cancels operations as IT system fails in heatwave. Guardian2022 Jul 21. https://www.theguardian.com/society/2022/jul/21/london-nhs-trust-cancels-operations-as-it-system-fails-in-heatwave
    1. Larsen E,
    2. Fong A,
    3. Wernz C,
    4. Ratwani RM
    . Implications of electronic health record downtime: an analysis of patient safety event reports. J Am Med Inform Assoc2018;25:187-91. doi:10.1093/jamia/ocx057 pmid:28575417
    OpenUrlCrossRefPubMed
  6. Ponemon Institute. Cost of data center outages. Ponemon Institute, 2016. https://www.summit-healthcare.com/the-cost-of-an-ehr-downtime/
  7. Kraindler J, Gershlick B, Charlesworth A. Briefing: failing to capitalise. Health Foundation, 2019. https://www.health.org.uk/sites/default/files/upload/publications/2019/Failing-to-capitalise.pdf
    1. Cross M
    . There IT goes again. BMJ2011;343:d5317. doi:10.1136/bmj.d5317 pmid:21890565
    OpenUrlFREE Full Text
  9. Storey T. NHS acute supplier presentation. 2022. https://t.co/RSv5EUdiiu
  11. Central Digital and Data Office. Government cloud first policy. 2017. https://www.gov.uk/guidance/government-cloud-first-policy
  12. Darren M. Data security standard 7. 2020:31. https://www.dsptoolkit.nhs.uk/Help/Attachment/615
    1. Starren JB,
    2. Tierney WM,
    3. Williams MS,
    4. et al
    . A retrospective look at the predictions and recommendations from the 2009 AMIA policy meeting: did we see EHR-related clinician burnout coming?J Am Med Inform Assoc2021;28:948-54. doi:10.1093/jamia/ocaa320 pmid:33585936
    OpenUrlCrossRefPubMed
  15. National Audit Office. Investigation: WannaCry cyber attack and the NHS. 2017. https://www.nao.org.uk/reports/investigation-wannacry-cyber-attack-and-the-nhs/
    1. Zhang J,
    2. Sood H,
    3. Harrison OT,
    4. Horner B,
    5. Sharma N,
    6. Budhdeo S
    . Interoperability in NHS hospitals must be improved: the Care Quality Commission should be a key actor in this process. J R Soc Med2020;113:101-4. doi:10.1177/0141076819894664 pmid:31904306
    OpenUrlCrossRefPubMed
Back to top