The result of the referendum last year was a wake up call for me.

I had recently retired from a lifelong career in the health service and was looking forward to time with friends and family.

Like many that morning I was devastated by the leave result and found it very hard to comprehend.

This has led to me seriously question my own values. It also led me to acknowledge that I had taken no action to fix the obvious problems that had been present in our society for decades.

I believe, like many of my generation, we have been asleep on our watch.

As a consequence of the lazyness of the post war generation, inequality has massively increased in the UK, both in terms of wealth and opportunity. Many people’s job security has been undermined and a new gig economy substituted. Every year since 1957 the happiness of the people in the UK has measurably declined.

This blog is an exploration of how we got here and what we can do to fix it.




Filed under Uncategorized

Welsh Clinical Communications Gateway – WCCG

WCGG is a bit of a mouthfulI but essentially its a secure postal service that carries electronic messages – referrals, discharges, letters etc. between care services. in addition It allows any type of common file type in to be attached to a message so it is very flexible.

We have now rolled it out to 94% of Welsh practices and all LHBs. To date it has carried over 400.000 referrals. It has proved very popular with GPs and Consultants as it uses the GP system to automatically load most of the relevant information into the referral message leaving the referrer to focus on adding the precise reason for referral. Pilots are underway to use it to send discharge communications from hospital back to primary care. it has also been integrated into the patient administration system at one hospital . There are 750,000 new referrals , about the same number of inpatient discharges and 3,000,000 out patient letters produced per year in Wales that could be carried by the WCCG.

The system is currently being used for communication between hospital and GPs. It should not be thought of in these restrictive terms as this is just the tip oft the iceberg of its potential use.

It is very flexible and provides guaranteed delivery of a communication, between any organisational or statutory body, that is secure, encrypted audit-able and trackable in real time. These features make it superior to email for statutory transfer of responsibility. This mean that it can be used for any to any referral , tertiary referrals supporting clinical networks, any transfer of care, request for service etc. This includes the referrals between health and social care, cross border, and primary care contractor services.

The design of the care IT systems requires this function at its core, We chose this solution because of its simplicity, security and its successful track record in Scotland. The Scots provided us with a enterprise wide licence so we can use it in as many different ways and across as many different care organisation in Wales as we want. We, our colleagues in Northern Ireland and the Scottish services are now all successfully collaborating on its further development and use. Our Scottish colleagues are very interested in how we have adapted the technology in Wales to enable us to put the electronic pathology and radiology ordering services initially deployed in the hospitals onto our GPs desks.

This importance and central position this system occupies in the care service is described in the new Welsh Information System Strategy WISS published this week at<

1 Comment

Filed under general

New Welsh Information Systems Strategy 2012 Published

The new WISS 2012 strategy was published last friday at
This is a description of the application level information services and system and how they fit together .This is a revised strategy reviewing progress on the development and deployment of the products in the original IHC Applications strategy and describing the way forward.

The WISS describes
The Welsh Care Records Service WCRS
a modern approach to document management and content level interation
Integration of Health care
using the common Welsh Platform and stapling approach we have created to suport clinical networks , reconfiguration, and innovation in workflow and pathways.
Integration of Health and Social care
using a number of approaches particularly in the community to support better communications and sharing of information across sectors and transformation of care services
Supporting Self Care
by harnessing the technology the citizen now has available to them.
Business Intelligence
making use of our existing services, SAIL and the transparency agenda to drive change in services

We are requesting that any comments be made before the end of October. The strategy is in draft and is the product of our current thinking and a number of discussions with NHS and NWIS boards and groups.
We are very interested in what you think and any comments or suggestions. It would be helpful if you could make these on the site above . You are also welcome to discuss these here.

Leave a comment

Filed under general

The IHR – a pragmatic solution to privacy and security

Making the information available from an individuals GP record makes you confront just about all the medical ethics, law and personal views you can think of. There is general support for the concept and the idea of sharing this information to provide better care for the individual is certainly moral high ground. We decided to start in emergency care. However, these records do contain for some people, very sensitive information that they wish to keep private. In addition the custodian of the record is subject to severe penalties for breaking confidentiality a fact that has created a very risk adverse mind set.

We had watched others attempts to do this notably in the home countries and none had addressed all the issues we had uncovered and had got into difficulties over a number of privacy and security issues. Notably there was a lack of understanding of the legal framework in which they were operating.

Our overall approach was guided by the principles outlined in the last blog. The idea was to go further than the law required to adopt in addition ethical standards which would engender trust. We therefore introduced the principle of consent to enable individuals to control the record. We also used privacy and security design principles alongside each other to secure the record.

We communicated what we were doing through CHCs, NHS organisations, practices, adverts, mail drops and council news letters. We offered the opportunity to opt out of the process and provided a professional friendly approach to this. We used implied consent for gathering the information.

The record extracted from the proactive was limited in several ways. Firstly we only required the coded information. no free text or letters were extracted as this was where the most sensitive information is often found. We did not extract “legally sensitive” information that cannot be moved from one system to another without the patients explicit consent e.g gender reassignment. however We went further to define a set of codes with GPs and patients that could be considered sensitive to many people such as contrception etc. We therefore defined a restricted record that contained all the important information but left out the sensitive information.

The next issue had led to conversations elsewhere along the lines of the number of angels on the head of a pin. How do you assert that a health progressional has a legitimate reason to access a specific IHR. One approach would be to allow a professional to go fishing in the entire database of 3 million records accessing whichever record they wished. This had been proved to be an unacceptable risk elsewhere , encouraging browsing of records and was therefore rejected. This problem was solved by allowing the machines to establish the relationship. So when you booked into out of hours as a patient you were registered on the system by the call taker ,and that system contacted the IHR database to obtain the IHR record. When the clinical professional saw you they were only provided with your record and no facilities to search for other records.

In addition when you were seen the clinician had to ask you consent before they could open the IHR. This put another control in the patients hands , the requirement for explicit consent before the record was viewed. A break glass function was also included to deal with extreme cases where an individual was incapacitated and unable to consent.

We were also concerned to keep the security framework simple and deliverable. We found that we only needed 4 roles to manage the entire system. However we used security design principles that build in detection and reaction as well as defence in depth. We therefore introduced proactive audit of all accesses to the IHRs to check for suspicious activity. We also reminded users that if they detected access by colleagues that was suspicious they had to report this or they too would be held accountable.

Using the above controls has satisfied most of the very real patient and professional concerns that we encountered. This is proving a pragmatic workable solution to these issues in Wales and I am glad to say has been copied successfully in the home countries.

As a result of our work an interesting standard has been established to clear the fog on excluded sensitive codes in summary records in the UK. We are so delighted that this list compiled without our involvement contains our original spelling mistakes ;-).


Filed under general

The IHR – Individual Health Record

For most people the most important information on their health is in their GP record. This forms their lifelong care record , bringing together information from different sources into one place where it is available to their GP. Out of hours and at weekends this information was effectively trapped in the practice and not available when the patient was seen for urgent care.

After discussion with the patients CHCs and professions we sought to find a secure way that we could enable the important information in the record to be made available during an emergency. We worked through the issues that needed to be addressed with the BMA, CHCs colleagues in ABHB. we formed the Welsh Information Governance Group (WIGG) to oversee the work and developed a solution that satisfied both the patients and the professionals .

In essence the solution was to focus on a set of principles that could be used to protect the record.
1. inform the patients what we were planning to do and provide the option to opt out of they wished
2.extract the important information from the GP record ( coded information, no free text, no legally sensitive codes, or codes deemed sensitive by the WIGG)
3. require that explicit consent from the patient before a record was viewed on each occasion
4. identify the clinical user uniquely on line
5. audit the access to the IHR
6. use existing employment , legal and professional sanctions in the case of inappropriate use

A design was delivered that ensured these principles were translated into a software solution that was safe secure and worked. The solution was piloted in ABHB and assured by the WIGG. The solution differs from England and Scotland in that the IHR is a “thicker ” record that contain all the coded information within the GP systems( excepting the data described above). the records are updated daily.

We have since been rolling the solution out across Wales and currently have over 2,000,000 records that are available for use today.

More technical information about the IHR is given in the next blogs.

Leave a comment

Filed under general

Services not systems – to deliver efficiency and safety

In the past systems were bought for running different part of the service. Such systems were expected to manage the patient ID, logon, note taking, booking , and interface to the large sump systems such as pathology.  This functionality had to be replicated in every system so a cardiology system or a community system would have to be provided with each of these functions separately. This is wasteful and unsafe as the information e.g. medicines will be presented differently in each system

The alternative approach is to identify the common functionality that we all need and supply them as a set of common services wherever they are needed. This is a service orientated approach  is more efficient and also safer as the presentation of information is standardised .

The Modular architectures underlying the service approach have been around for decades. They are the means by which we can deal with the complexity of real world solutions, breaking the problem down into workable but interoperable components. Systems on the other hand come at the solution differently, seeking to add elements that are tightly coupled to the original core, compounding the lock in problem.

The service approach provides a set of modular services that can be reused and recombined to provide the solutions you need. These service orientated architectures enable a “lego” approach , where you can substitute one of the services without having to change all the other services at the same time. So we have separate services for ordering test, reporting results, creating a medicines list, creating a discharge summary , identifying a patients, sending a referral   etc. this approach enabled us to use modern web services and tooling so the solutions would be delivered in a web browser.

This prescient choice means we are in a good position to deliver the services we have on  modern devices.

The architecture we developed has the advantage of being modular in both the technical design and in the functional clinical design. It allows a mix and match approach in that we can use commercial offerings alongside in house developments and open source collaborations.

In short it provides a flexible industry standard solution to meeting the current problems with plenty of room to evolve as new requirements emerge.

Interestingly it is now the approach being taken by all large health enterprises globally in the wake of the limitations experienced with the system type solutions.

Leave a comment

Filed under Uncategorized

Technical Lock In in NHS Wales and the difference between real and ideal computers

Ideal computer systems are great. Any programmer can knock one up in a few hours to do exactly what you want. You are delighted with result. Think App think MS word etc. And then you want to do something big in the real world and you have to connect that application to something else to do something useful. So you make them work together and you are happy .But each time you want something new you add another element to the system  and that affects all the other things you have already done, so you have rewrite it. Now you have a complicated real world computer system that does some useful things but boy is this becoming hard work. Before you know where you are you have become dependent on this behemoth to run your business. Congratulations you are now locked in. Welcome to historic NHS Wales  and the rest of the NHS in the UK.

Lock in bedevils  real computer systems. We are still using software that was installed 20 years ago. So was Nat West. We build computer systems on top of what we already have, and systems on top of this and eventually the merovingian old system creaks or falls over. We add layer upon layer of software to cover the cracks sometime euphemistically referred to putting lipstick on a pig until the poor dear is moribund. Why ? Because the cost, pain and complexity of changing the systems, uncovering all the often  undocumented interfaces and dependencies, is too large to face up to.  As we did this in the NHS in the UK each hospital made its own lock in worse. The cost of switching has been too high. So each unit developed its own solutions, with its own fixes and standards. Although some standards were used, even then the configuration of the systems was done in such a way that interoperability was sacrificed.

This situation was no different in Wales with 15 hospital systems each with its own unique solutions to the common problems we all faced. Even when we had deliberately bought the same systems as in the case of the Telepath laboratory systems we had configured them differently and interoperability stymied.

Dig yourself out of that hole Wales  ! We are doing. We have found a way out of the technical lock in whilst keeping the good stuff people have done going. Enabling a migration from the position we were stuck in,  to a modern web based platform across the whole of Wales.  We have a modern SOA modular architecture and have created a standard platform of services for use across the country.( more on standards in a later blog)

This job is hard and takes a long time  particularly as the systems being replaced are mission and safety critical . This is  usually not appreciated  by users or decision makers because we have to replace the systems that are invisible to them  to begin.  A good analogy is building a house . You have to put the foundations and the walls before the roof.

The new Welsh services now being implemented are providing a sound modern platform for NHS Wales to communicate over  and innovate  on. We are overcoming our lock in problem.



Filed under Background