Sunday 13 April 2014

The HealthWatch People's Panel

When all this care.data stuff kicked off in February, my local HealthWatch in Devon (@HWDevon) sent out a tweet asking people to respond to a quick questionnaire about care.data.  



The questionnaire was very quick and simple and asked your opinions about care.data, alongside other easy questions like "have you had a leaflet?"  The results were posted by HWDevon at http://www.healthwatchdevon.co.uk/healthwatch-devon-report-care-data/

With only limited time and resources, HWDevon garnered 97 responses.

I started to muse that if every HW had done this, then maybe each of the 150 HWs could have got 100 responses, then that would have been 15,000 responses!  Wow!  NHS England does something, and within a couple of weeks 15,000 people respond back to tell them what they thought about it! Brilliant!

Of course HWDevon will be first to agree their report is flawed.  The sample size is low, but even if it wasn't, it's still a self-selected sample.  The people responding all care about care.data.  And we've no idea really who these people are.  Sometimes, the most important response to a question or questionnaire is "I don't know anything about this".  It tells the questioner that maybe we're collectively just not that bothered about it.

So, I think I've got an idea, to make it better and fix the flaws...

The HealthWatch Peoples Panel

Who would be invited?

Obviously it's open to all, but routes to populating it quickly are:
  • email all people who have already responded to HWDevon online questions
  • all HWDevon members
What would they tell us about themselves?
  • Name
  • Address
  • Date of birth
  • Occupation
  • Employer details.
Employment is important, because we get the chance then see the NHS employees themselves (or social care), which could be very important for questions relating specifically to attitudes of the workforce.

What would the Panel commit to?

The Panel agree to answer regular questionnaires from HWDevon (or HWEngland).  And the agreement is to answer the questions honestly and quickly.  And HW make it clear that null responses are just as valid.  So, if they want to know about our perception of A+E over the last 6 months then its a perfectly valid and useful response to say "I haven't been to A+E in the last 6 months".  Indeed, if this had been in place for the care.data round of questioning in February, we would have had a much better handle on whether the furore in the press was actually reflected by the general public actually giving a monkeys.

And there would be a stick too.  Panel members MUST respond to nearly all the questionnaires.  Without that we'll miss key denominator information.  Therefore, I'd propose that a panel member could be removed, if they fail to take part in, say, three consecutive questionnaires.  Remember, these questionnaires would only take two or three minutes to complete so it would not be onerous.

The benefits.

Because we have the demographics and employment data, the HW analysis of the responses will be much clearer.  If all the responders are retired people, that's fine, but we then know that and can tailor our overall view of the response accordingly.  Likewise if all the responders are NHS employees, then that too would be very useful info.

What next?

Lets try this in Devon for three months.  If we can build a panel of 300, wouldn't that be great.  And if we can do it, then we can spread it throughout HWEngland.  300 x 150 = 45,000 people... can you imagine.  Ask a question and a week later 45,000 responses...

Sunday 6 April 2014

"Publish the Risk Log!"

There seems to be a clarion call these days for public projects to "publish the risk register!".  It's as if the risk register will tell us something fundamental about the project in question.  Of course, it might.  But in the hands of journalists the answer is that it will just create ill-informed column inches of spin and hyperbole.

I've done a lot of IT projects in my time and rattled off a fair few risk registers.  If any NHS IT project holds patient identifiable data (and most of them do) then in that risk register is bound to be entries about that data being taken or being revealed to unauthorised users by mistake.  It's a serious thing and any project should be ensuring that this risk is constantly reviewed and always kept at a complete minimum. 

What is Risk?

Lets start with the simple question.  What actually is "risk".  The problem the press and public has is that they use the word lazily in common speech when they really mean "probability".  People say "I'm at risk of losing my job" when they really mean "there is a high probability that I will lose my job in the short term".  OK.  Fasir enough.  But lets try  an example...

Lets look at the overall risk of going to Tesco shopping in the car.  We'll call the risk, "being killed or seriously injured whilst going to Tesco in the car".

Risk Name:   I am killed or seriously injured whilst going shopping at Tescos in the car
Probabilty:    Extremely unlikely (I've never had an accident or even seen one whilst doing this)
Impact:         Very, very high (if this actually happens I may be dead or living my life in a wheelchair etc etc)
Overall risk score:    High enough for me to think about mitigating (ie. lowering) this perceived risk

As with most risk situations, we decide to try and mitigate the risk.  First off, we lower the impact.  In this case, we wear a seatbelt.  So, at least if we had a crash, we've got a better chance of survival.

Then we maybe also lower the probability.  "I never go to Tescos during the rush hour.  The by-pass is like a bloody racetrack!".  If there's less cars about, it seems reasonable that the probability of a crash is less likely.  Likewise we all generally decide that it is a good idea not to drive to Tescos after a good night in the pub and six pints of strong ale.  That would actually raise the probability!

Mitigation:    Wear seatbelt at all times
                      Travel at less busy times
                      Do not travel if drunk or tired

Risk after mitigation: Now low enough for me to happily go shopping at Tesco and not worry about getting hurt.

So if you don't understand what you're reading a risk register can look like a very scary place to live.  It can look like bad things are happening all the time.  But in reality the reverse is true.  Its exactly because we put an entry on the risk register and seriously consider how to avoid it happening or make it less horrible if it should happen that should be a reason for solace, not fear.


Ben Goldacre Peddles Risk Fear

My Twitter popped up the other day with a feed from @bengoldacre, a respected authority on things to do with healthcare data.  He'd downloaded the HSCIC corporate risk register and then unhelpfully clipped out a tiny bit.  Here it is:
Embedded image permalink
The HSCIC give a risk a value of 0-5 for probability and for impact and then multiply the two together to get overall "risk".  Its crude, but thats how they do it.

What's the biggest impact?  Risk 8 has an impact of 5.  So the HSCIC thinks this is the worst thing that could possibly happen in the list.  Risk 7, not sorting out the legal gateway for the data flows leading to the reputation of the HSCIC being damaged, is not viwed as being such a catastophe.

However, it is more likely to happen and is therefore the biggest risk that needs to be mitigated.

Back in Twitter world, the next posting appears:








And immediately the first commenter already gets the wrong end of the stick.  No Pascale, the HSCIC thinks that identifiable data becoming public IS the worst thing that can happen...

But wait.  Hasn't Mr Goldacre been a bit economic with the truth?  When we look at the risk register itself, rather than this selective cut, we find there is another column telling us all about the mitigations that HSCIC has, or is planning to out in place.  And finally another column where they report a revised probability AFTER the mitigations.  Suddenly things look a whole lot different.  Here's the final scores for these three risks...



So how do you review a risk register?

You have to check that the impact and probability AFTER mitigation is correctly estimated.  And you have to check that those mitigations are going to be effective.  And finally, you have to be able to spot the missing risks.  Trickier than just doing a selective copy/paste and writing a scary headline.

Sunday 23 February 2014

NHS England Director of Patients Slams NHS England Director of Information

This whole care.data debacle has led to a number of very helpful and informative blogs, and I certainly do not intend to rerun all the column inches that have been spent discussing the pros and cons of the project.

For me, this tale has highlighted an odd decision to create a senior position in NHS England of Director of Patients and Information.  A job description that was bound to lead the job holder into a predicament where media outlets and patient groups would inevitably question whether he could reflect 'patient voice' with any authority, whilst also advocating an IT project that appeared to them to have listened very poorly to that same voice

Imagine, if you will, a different past, where there were two jobs, not one.  The Director of Information and the Director of Patients.  Now imagine what would have happened in the corridors of Quarry House when the Director of Patients realised that the Director of Information was going to breeze ahead with a junk mail drop about care.data in the face of mounting disquiet in primary care, and without even the overt support of HealthWatch England!  We might make a reasonable guess that the Director of Patients would be requesting urgent meetings with the Director of Information and most likely bending the ear of Sir David Nicholson.  There would, no doubt, be 'robust' exchanges.

Of course, none of this can happen as the two directors are the same person.

What I think should happen during this 6 month hiatus, is that NHS England should consider freeing up Tim Kelsey to focus on his role as Director of Information.  Not as a demotion or on any way as a failure, but to highlight that IT is just too important to have a part-time head.  And Tim remains the charismatic leader that can make real changes in the way the NHS thinks about its IT, and continue the drive for a more open and transparent future.  He can help make patients voices better heard through the delivery of innovative and open solutions.

And the Director of Patients?  Frankly, I think that the role is moot.  For NHS England to imply that this is separate job, implies that the other Directors have less responsibility to patients.  That is obviously a nonsense.  For a Director of Patients to successfully reflect 'patient voice', they need complete independence from the Board.  But if the Board pays their wages, then the public and media are never going to quite buy into it.  My choice would be to take the budget for 'patients' out of NHS England and deliver it to where it should be, in HealthWatch England.  Failing that, then move 'patient voice' as a direct function of the office of the Chief Executive, which would at least reflect the central, core role that patient voice has within the new NHS.

Monday 17 February 2014

Introduction. Who I am and what I'll be talking about.

Johnny Hoover works in IT for the NHS. I've been doing this for about the last 20 years, and before that spent a further 10 years doing IT for lots of different businesses right across the UK.

So I've seen a lot of changes. And as most people my age would say, there's a lot of different stuff and yet there's also the same old problems to solve.

I've been moved to start a blog, because I have found Twitter to be an excellent place to gather information, but an appallingly bad place to actually discuss any issues with a proper level of rigour.  Twitter's 140 characters leaves posts as bland sound bites turning the important subjects into trivia.

If I've got an overall philosophy, then it is that successful projects in the NHS:
  • have a well defined and manageable scope
  • are delivered by a reasonably small group of committed and skilled individuals in the core team
  • attract the full backing of both national and local management
  • must clearly answer Hopkinson's Question, "How does this improve patient care?"
Great advances are never made by visionaries who think they can change everything in [enter time period until next election] years. It just doesn't happen and the structure of the NHS beast means that it cannot happen. 

Anyway, I've got a lot I want to say about NHS IT, so in the coming months I hope people might find some of what I say interesting. And of course, all the comments and opinions written here will in no way reflect an official position of my employer or any stakeholders on my projects.