Public Accounts Committee
Oral evidence: General Practice Extraction Service—Investigation, HC 503
Monday 26 October 2015
Ordered by the House of Commons to be published on 26 October 2015
Watch the meeting: http://www.parliamentlive.tv/Event/Index/9583ef4f-0dec-41bf-8bcf-a1858523d6b5
Members present: Meg Hillier (Chair), Mr Richard Bacon, Deidre Brock, Kevin Foster, Mr Stewart Jackson, Nigel Mills, David Mowat, Stephen Phillips, Karin Smyth, Mrs Anne-Marie Trevelyan
Sir Amyas Morse, Comptroller and Auditor General, Adrian Jenner, Director of Parliamentary Relations, and Colin Wilcox, Director, National Audit Office, and Marius Gallaher, Alternate Treasury Officer of Accounts, were in attendance.
Witnesses: Will Cavendish, Director General of Innovation, Growth and Technology, Department of Health, Andy Williams, Chief Executive Officer, Health and Social Care Information Centre, James Hawkins, Senior Responsible Officer, Health and Social Care Information Centre, and Adrian Gregory, CEO, Atos UK and Ireland, gave evidence.
Q1 Chair: Good afternoon. Welcome. We are here to discuss the GP Extraction Service, which I will explain briefly in a moment. Our witnesses today are, from my left to right, James Hawkins, the director of programmes at HSCIC; Andy Williams, who has the same job title at the same organisation; Will Cavendish, director general of innovation, growth and technology at the Department of Health; and Adrian Gregory, the chief executive of Atos UK and Ireland. Welcome to you all.
Today we are looking at the GP Extraction Service. This is an IT system designed by Atos and the Department of Health that was supposed to extract data from four IT systems commonly used by GPs as part of the care.data programme and to provide it to eight national health bodies to help to identify key health trends nationally. It has so far delivered data only to NHS England, after seven years. Quite clearly, the project is a failure and, given the real concerns about data encryption and preserving the security of personal data, people need real confidence in the systems that manage their sensitive health data, so I will ask Will Cavendish first: is people’s data safe in this system?
Will Cavendish: The data that we are referring to, which is held in GP systems, is—[Interruption.] Sorry, Chair, do you want to—
Chair: Apologies. I had some wrong information; I thought it was a bit odd. Andy Williams is actually the accounting officer at HSCIC—sorry.
Will Cavendish: The data that is held in the health and social care system on people, generally speaking, is safe. We have significant programmes—not to do with the GP Extraction Service—to ensure that the data we hold, whether in the Information Centre or in local NHS bodies, is held safely and securely.
Q2 Chair: What sort of encryption is there? Everyone says that their data is safe and secure, but we have seen—most recently over the weekend, for instance—a number of data breaches and hackings. Can you be sure that there is no chance of that happening with this system?
Will Cavendish: It is impossible to give— The question of data encryption and data security does not relate too strongly to the General Practice Extraction Service, because that is a service to take data from where it is stored into the Health and Social Care Information Centre, which is a safe haven, but the broader question of data security is one that we take extremely seriously. We have a range of mechanisms and programmes to ensure that data in the Health and Social Care Information Centre is held safely and securely—I am sure that Andy will be able to talk to you about that at length—and we have similar programmes in relation to hospital data, GP data and data held on individuals in community care settings.
Q3 Chair: The point is that there a lot of people’s very personal information floating around this system from the GP to the GP Extraction Service and through to the central bodies that receive that data. Obviously there have been concerns about care.data. Most of us want to see data sensibly shared, but where it is personal, people are concerned. In this case, it is not about their bank details and their money; it is about very personal information. You tell us that it is fine—the data goes to the centre and everything is fine—but how can you reassure the public that that is actually the case?
Will Cavendish: I am not saying it is 100% fine; I don’t think I said that. I am saying that we take it very seriously and that it matters a lot. At the moment we have a set of programmes under way to test that and to make sure that we are on top of it. So a month ago the Secretary of State asked the regulatory body, the CQC, to look at the standards of data security in the health and social care system—whether held on paper or electronically, that does not matter; data should be held safely and securely. The National Data Guardian, Dame Fiona Caldicott, has been asked to produce a set of standards for the safe and secure holding of people’s confidential data across health and social care. CQC and Dame Fiona will come back to Government to propose mechanisms by which organisations are held to account for the safety and security of their data. Roughly a month ago we consulted on a new set of powers for the National Data Guardian to be put on a statutory footing and to ensure that, if organisations do not live up to the security and safety standards, there are consequences.
Q4 Chair: What sort of consequences?
Will Cavendish: Referral to organisations that can fine: for example, referral to the Information Commissioner’s office and referral to professional bodies. If somebody is in breach of their data security standards, that is a professional issue as much as it is an organisational issue. So the consultation asked the public and specialist bodies how far we should go on those sorts of questions—again, I say from memory, that was about four weeks ago. So we are putting in a range of things to take that seriously.
Equally, the Health and Social Care Information Centre is developing an emergency response facility called CareCERT. It exists in the centre of Government and we want it to exist in the health and social care system so that we in health and social care have a rapid, effective and credible approach to tackling any security problems that emerge. It alerts organisations if there are any kinds of potential disruptions and it has a much more effective way of dealing with them systematically than we had in the past. So there is a serious programme under way to do that. I will be very happy to go on at great length about that if you want me to.
Q5 Chair: No, but I think it is important and helpful to know that there is a programme under way. Mr Cavendish, you mentioned the CQC; we are hearing from it on Wednesday, but from my knowledge of the CQC and having read the recent NAO Report on its progress, I was not aware that it dealt with data issues as well. Are you convinced that it is really equipped to look at that?
Will Cavendish: Under what is called a section 48 arrangement, the Secretary of State can write to the CQC to request them to undertake investigations of special interest. It is not necessarily something they have been doing routinely, but it is something that, as a regulatory body and an inspection body, they can do. They have inspectors going out all the time to hospitals, GPs and social care as well.
Q6 Chair: Are they qualified to look at data breaches to that extent? I might bring Andy Williams in in a minute.
Will Cavendish: The answer is they have been asked to conduct this review from the Secretary of State, they are putting in place the team that will do this for them and they confirmed to the Secretary of State that they would be able to do that review for us.
Q7 Chair: Is the Department of Health giving them extra funds to do that work on top of its existing heavy workload?
Will Cavendish: I cannot remember. I do not think so, but—
Q8 Chair: If you could drop as a note about that, that would be helpful. Before I go on to Richard Bacon, who is leading for us today on this issue as our lead member on failed health IT systems—I am afraid to say we have such a specialist on the Committee, because it is a recurrent theme—Andy Williams, did you want to add anything to what Will Cavendish said about data security? Reassure the public if you can, or tell us where you think there is work still to be done.
Andy Williams: Just a couple of things to embellish some of what Will said. Very specifically on the question of the CQC and their expertise, the HSCIC—my organisation—has a lot of expertise in data security and we are putting that expertise at the CQC’s disposal to carry out that piece of work.
On the general question of the security of patients and members of the general public’s personal, confidential health information, as an organisation we take that extremely seriously, to reiterate what Will said, but on measures that specifically we have been taking and are taking: we have had a cyber-security risk committee, which is a combination of our executive team and our non-executive team, in place for the last two and a half years, overseeing all aspects of looking at the security of patients’ data both within the HSCIC and across the system as a whole.
Q9 Chair: That is a committee of what sounds like non-expert people—non-cyber-experts—but presumably they are overseeing a team of experts.
Andy Williams: They are overseeing a team of experts. We have a lot of expertise within the organisation—experts in cyber-security, encryption and so on. That is the body from an accountability point of view that oversees that expertise and makes sure that they are doing the right sort of things to protect—
Q10 Chair: I only observe that I hope they are more expert than the people who signed off the GP Extraction Service we are looking at today.
Andy Williams: No doubt we will get to that.
Chair: Okay.
Q11 Mr Bacon: Mr Williams, can I start with you? When did the project sign-off with Atos occur?
Andy Williams: You are talking about when the Atos portion of the GPES system was signed off as being fit for purpose?
Mr Bacon: When it was accepted by the Information Centre and taken delivery of.
Andy Williams: It was accepted in March 2013.
Q12 Mr Bacon: That’s what I have as well. Do you have the exact date?
Andy Williams: Within March? Do we have the exact date? No, I’m sorry, I don’t, but I’m sure—
Q13 Mr Bacon: I have between 21 and 25 March. Does that sound about right?
Andy Williams: That sounds about right.
Q14 Mr Bacon: Do you have a better date, Mr Hawkins?
James Hawkins: The 25th of March is what I was going to say.
Q15 Mr Bacon: It is also true that a number of statements were made by the Information Centre that it was a success, is it not? Mr Mark Davies—is he the medical director, or was he?
Andy Williams: He was the medical director of the Information Centre at the time.
Q16 Mr Bacon: He made a statement on 11 March 2013 that it was a success; and indeed in your annual report in 2012-13 you also referred to it as one of the achievements of the year. I am looking at the 2012-13 annual report and accounts for the Health and Social Care Information Centre, where in the foreword, on page 5, Kingsley Manning, the chair, states: “Achievements during the year included:” and then there are some bullet points, one of which is “developing new services…including the data linkage service, General Practice Extraction Service and indicator portal”. So it is accurate, isn’t it, to say that there were public statements that it was a success—it was an achievement that you could talk about?
Andy Williams: It was signed off on the 25th, as you say. Shortly after that—James will know the exact date, but somewhere in the period May to June—
Q17 Mr Bacon: With respect, I am asking you a different question. It is accurate, isn’t it, to say that there were statements that it was a success made both by Mr Mark Davies and then later in your annual report that was published on 2 July?
Andy Williams: Yes, that is correct.
Q18 Mr Bacon: Good. And is what the Report itself says in paragraph 2.3 correct? It says: “In March 2013, the NHS IC accepted the system from Atos. The system transferred to the HSCIC from 1 April 2013, who found that it had fundamental design flaws and did not work.” Is that an accurate sentence?
Andy Williams: Yes, that is correct, and I would just like to more broadly say that we completely accept everything that is in the NAO Report.
Q19 Mr Bacon: Okay. Can you then explain this, because I think, reading this Report, it is what everyone will want to know: given that it had fundamental flaws and, in the words of the Report, which you agree with, did not work, why only days previously was it signed off, accepted and delivered?
Andy Williams: I think there are a number of contributing issues to why the system was signed off as working and subsequently found not to be. Many are referred to in the Report, but they range from: the responsibility for this programme was with an organisation, the NHS IC, that was expert in data, but not in complex IT programmes; as a result of that, it hired a lot of contractor staff, rather than using permanent staff, which—this is in the Report—meant a lot of staff turnover. I don’t think that the governance of the programme was, at least in my professional opinion, fit for purpose. There were a range of issues, and then, very specifically, there was the testing regime that accepted—bearing in mind that this was accepting part of the programme, the Atos part of the programme. I don’t, with hindsight, believe that that testing regime was sufficiently robust.
Q20 Mr Bacon: Okay. Let’s just take those one at a time. You mentioned governance, staff turnover and testing. On staff turnover, you said a lot of these people were consultants. Paragraph 2.18 says: “Ten project managers were responsible for GPES during the period from September 2008 to September 2013.” That is 10 managers in five years. Were they staff or were some of these contractors?
James Hawkins: Some of them were contractors and some of them were permanent, but I do not have the breakdown.
Q21 Mr Bacon: It was a mixture. Can you write to us with the breakdown?
James Hawkins: I can do that.
Q22 Mr Bacon: Mr Cavendish, this is probably for you. Is it correct that the failure to have stable leadership is well known as a generic problem in IT failure?
Will Cavendish: Yes, it is.
Q23 Mr Bacon: This is nearly a record. The National Probation Service Information Systems Strategy had seven programme directors in seven years. The National Programme for IT, which you are all familiar with, had six responsible owners in five years, but this is 10 in five years—one every six months.
Will Cavendish: Yes.
Mr Bacon: How do you get to the point where you can have 10 in five years without someone saying, “There is something systemically wrong here”? How does one get to that point?
Will Cavendish: The rotating, as it were, SROs or programme directors or leaders within the IC should have been picked up.
Q24 Mr Bacon: How could they not have been?
Will Cavendish: That is the reason we do not do oversight and governance of technology now in the way that happened then. We obviously do not have an Information Centre any more—that is being brought into a wider and better organisation—and as you know, partly as a result of the PAC’s own Report, we have fundamentally changed our approach to the National Programme. We simply do this in a different way now from how we did it then.
Q25 David Mowat: To whom did these 10 people report in your organisation?
Will Cavendish: The Information Centre—
Q26 David Mowat: No, the project managers who you kept replacing presumably had someone to whom they reported. Who was it?
Will Cavendish: They would have been replaced by the Information Centre, not by the Department of Health.
Q27 Chair: Who did they report to in the Department of Health?
Will Cavendish: They would have reported to a programme board in the Department of Health, and the chief executive of the Information Centre would have reported to a counterpart in DH.
Q28 David Mowat: So they reported to a programme board.
Will Cavendish: Yes, which would oversee the programme.
Q29 David Mowat: So they didn’t report to anybody—for example, when that person was a civil servant, someone presumably was filling out a staff report on these 10 project managers and might have noticed they were being rotated through every six months. I am just interested in who that was, higher up the food chain.
Will Cavendish: There would have been a director in the Department of Health at that time who chaired the programme board overseeing this project.
Q30 David Mowat: That director was therefore the person responsible in line management terms for that turnover.
Will Cavendish: The chair of the programme board, yes. We had another issue: the chair of that board changed three times in three years, which was not—
Q31 Mr Bacon: The chair of the board changed, so the guardian of the guardians changed regularly.
Will Cavendish: Indeed. Again, this is why we accept the findings in the Report, and why we do not do technology and data projects now in the way they were done then. This is another Report that demonstrates the way in which technology and data projects were done at that time—
Q32 Mr Bacon: Yes, although it is not only technology; the Department for Transport, after all, managed to have four permanent secretaries in two years. There is a systemic problem with stable leadership in Whitehall, isn’t there?
Will Cavendish: That permanent secretary point is well above my pay grade, as you know.
Q33 Mr Bacon: No it’s not. You are a director general; it is one notch above your pay grade, if we are going to be accurate.
Will Cavendish: It is the Prime Minister who appoints them. That is significantly above my pay grade.
Q34 Mr Bacon: Okay. Can I return to the question of testing? This is a starter for ten: can you think of some examples of Whitehall projects that have gone wrong where the failure to test properly was a significant contributing factor, Mr Cavendish?
Will Cavendish: I suspect that is a leading question. Clearly, some of the models that were used in the transport franchising—
Q35 Mr Bacon: You mean the InterCity West Coast franchising competition?
Will Cavendish: What was found to have gone wrong there was an insufficient testing of the economic modelling underlying the different calculations and the net present value of the contracts. That led to—well, you know what it led to.
Q36 Mr Bacon: I had not included that in my list. I came up with seven, very quickly: tax credits, Criminal Records Bureau, universal credit, fire control, Rural Payments Agency, junior doctors’ recruitment and the Student Loans Company, nearly all of which we have done on this Committee. Would it be fair to say that the failure to test properly is also a systemic problem in Whitehall?
Will Cavendish: I have not worked on all those projects and I have not sat on the Public Accounts Committee, so I cannot really say, but I can say that making sure we have proper and robust assurance and testing of IT projects as they come through the system is absolutely vital. That has to be commercial testing, financial testing, digital testing, technology testing—that assurance is really important.
Q37 Mr Bacon: It is terrific that you say it is absolutely vital, and I completely agree with you, but the evidence—including the evidence in relation to this project—is that lots of people in the organisation do not feel it is vital enough to do something about it.
I am looking at an email dated 7 February 2013—shortly before the sign-off—from NHS Connecting for Health to the GPES team. It talks about the discovery of an unrealistic scenario: “I would suggest that GPETQ”—that is the query function—“run a test where a query is sent to more than one supplier at the same time”—for example, TPP and INPS—“to give confidence that this business scenario can be supported. In theory it should work, but I recommend it is proved through the integration test, in case there are any issues, especially as the integration test is currently focused on testing with one GPETE supplier at a time.” It goes on to say—I also recall having other discussions over this—“around the value of ensuring that GPETQ can handle a number of queries at once. Again, I recommend that this is proved through integration test, if it is not already.” The response from the project team was: “Due to the parallel running of testing and tight timescales, we are struggling to fit in your request.” Surely the correct answer would have been, as Mr Cavendish himself has subsequently said—of course, you cannot read into the future, but you described it accurately when you said it was absolutely vital—“I agree, it is absolutely vital.” So why was the testing compressed? This is such a common problem. Why? It happens all the time.
Andy Williams: Yes, and one of the issues that you are rightly homing in on around the question of testing was that in my opinion, the programme team were marking their own homework. In any professional technology organisation, you would separate testing from the team that is delivering it, and that is what we now do. No programme enters live service without being separately tested by a completely different part of the organisation.
James Hawkins: Today, the colleagues who have sent those risks across to the NHS Information Centre are the people who would protect things from going live without them being fully tested, and we acknowledged that those risks were not heeded.
Will Cavendish: We do now—touch wood—take this vastly more seriously. In the last year, significant services have been in-sourced to the Health and Social Care Information Centre, with an inevitable element of risk. Things like the NHS Spine, the Secondary Uses Service, the Identity Access Management service have all undertaken very significant testing as part of the programme of in-sourcing and service transformation, and they have all been successfully delivered in the last year. Indeed, on the NHS Spine we delayed the transfer because the testing said that it was not ready, so we moved it back a fortnight.
Q38 Mr Bacon: We are not talking about the success of other things; we are talking about the failure of this. I appreciate that you are saying that things have changed, which is good, if true, although most of the examples that I quote where failure to test probably was a big issue were significantly earlier than two years ago, so the lesson should have been tattooed on people’s eyelids by the spring of 2013 that this was a very serious generic problem, and it clearly was not.
Worse still, there is clear evidence in this Report, in paragraph 2.17, for example, where there is discussion of the failure to have an appropriate contracting model. The NAO refers to its own Report, “Shared Services in the Research Council”, and points out that “the fixed-rate contract awarded by the project proved to be unsuitable when the customers’ requirements were still unclear”. Yet that, none the less, was the route taken in relation to the gateway team. In paragraph 2.10 on page 13, the Report states: “The Department’s gateway team expressed concerns through their Gateway 3 Review in May 2010 that delays to procurement could delay the project to the point where it was no longer viable.” So very serious concerns about testing were being flagged up as late as 2013.
There were concerns about the contracting method not being suitable—using essentially a fixed-term contract but trying to do it in an agile way—and there were, at the same time, three years previously—five years ago now—concerns that these delays would make the whole thing unviable. Still, like Magnus Magnusson on “Mastermind”, it ploughed on and on without finishing. I just do not understand why, because none of this is new. People were talking about PRINCE methodology 20 years ago. You are saying, “We have learned the lessons and we do things very differently”. With respect, people were saying that three, five, eight, nine years ago. I have been on this Committee for 14 years, and I have heard that for a long time. Why should we believe now, frankly, that it is any different?
Will Cavendish: It is different now because, first, a significant reason why all those things happened was that the organisation—the Information Centre—that was delivering this programme did not have the capabilities, the skill set or the approach to technology projects that one needs to have to make them successful. It was not a technology organisation; it was a data statistics organisation. Many of the mistakes that you are talking about, which, as you say, are not new, were the result of an organisation that did not have the right capabilities and the right people in it. One of our reasons for creating the Health and Social Care Information Centre was to bring together data and technology in one organisation so that these projects could be professionally managed and properly led, and the lessons you describe are taken on board in that approach.
Q39 Mr Bacon: Hang on. “One of our reasons for creating the Health and Social Care Information Centre was to bring together data and technology.” Actually, the NHS Information Centre was doing that many, many years previously—informatics experts were doing all that. This is basically a rebadged organisation with “social care” added on as a result of the Health and Social Care Act 2012, isn’t it?
Will Cavendish: No, it is not. The Information Centre was responsible for collecting and disseminating data. Connecting for Health, which was separate and was part of the Department, was responsible for the National Programme for IT and technology. They were not in the same place. Actually, data and technology are becoming the same thing: data are becoming technology, and technology is becoming data. It is right that we have an organisation that is professional and takes responsibility for those projects. If you look across the projects for which I am responsible, and which the Health and Social Care Information Centre delivers, performance is improving and risk is reducing. Last year, out of £393 million-worth of savings in IT, health contributed £159 million through better contracting and better procurement[1]. We have succeeded in delivery in the last year in a way that we had not previously, so I am confident that things are improving. It is not perfect—of course, it isn’t—but are we on the right path? I think we are.
Q40 Mr Bacon: Can we briefly examine the person who was responsible at the time as accounting officer? That obviously is not you, Mr Williams, but Mr Tim Straughan, who was the chief executive. Do you know what his emoluments were for the year 2012-13?
Andy Williams: I don’t have the details.
Q41 Mr Bacon: Do you, Mr Cavendish?
Will Cavendish: I don’t have it to hand.
Q42 Mr Bacon: Mr Gregory, do you by any chance? What were his emoluments? You wouldn’t necessarily know. What about you, Mr Hawkins?
James Hawkins: No.
Q43 Mr Bacon: I have it in front of me. He was paid £470,000. That was his salary plus £330,000 of redundancy. Actually, the NHS Information Centre had changed according to this; it was already the HSCIC. The Health and Social Care Information Centre report includes both names. Anyway, his role seemed to cease and he got redundancy—quite generous redundancy—but that was after having been the accounting officer responsible for accepting delivery of something that was fundamentally flawed and didn’t work. Why did he get paid all this money?
Will Cavendish: I am afraid that I cannot answer that question. I do not know the details, but I am very happy to—
Q44 Mr Bacon: Do most NHS contracts have a clause? For the record, let me check with Mr Wilcox. Is it correct that Mr Straughan got what was considered to be his contractual entitlement under the contract that he had?
Colin Wilcox: Terms and conditions for redundancy as part of the NHS scheme, yes.
Q45 Mr Bacon: Okay. Mr Cavendish, is it normal in NHS contracts, or indeed in any public sector employment contract, that, as well as the terms and conditions for termination, including redundancy in certain circumstances, there are generally clauses that provide for those terms and conditions to be obviated if there is misconduct or gross incompetence? Is that correct?
Will Cavendish: Generally speaking, that is the case. I am genuinely not in possession of the facts of this particular case.
Q46 Mr Bacon: There are enough facts in the public domain, so you don’t need to be in possession of any more. The record shows that he was the accounting officer at the time. The record shows, and you have agreed with this, that it was signed off. The record shows that it didn’t work and was fundamentally flawed. And the record shows that he was paid £330,000. He then handed it on to the new Health and Social Care Information Centre and left with nearly £0.5 million in his pocket, or at least an extra £330,000—he earned nearly £0.5 million during that year. That sounds to me like misconduct. If you are being paid a lot of money—taxpayers’ money—and are attesting to something working when manifestly it doesn’t, why is that not misconduct?
Will Cavendish: I am very happy to come back after looking into the circumstances surrounding the redundancy payment and the deal that was done at the time. I am not in possession of those facts. Of course, he was chief executive of an organisation that wasn’t just about this programme—it was about many other things, too. I simply do not know about the personal agreement that was reached with him as chief executive.
Q47 Mr Bacon: I am focused on the question of misconduct. Plainly, something catastrophic happened. His organisation attested, signed for and took delivery of a piece of IT equipment, software mostly, and the auditors found out that it was being written down only a few weeks later. They asked why, and it turned out that it was being written down because it didn’t work and was fundamentally flawed. But, as accounting officer, he—or his staff or his project manager on his behalf—signed it off as okay. Indeed, there were then public statements by Mark Davies that it was okay, and an annual report saying that it was okay. As we now know from the Report, which you accept, it was fundamentally flawed. Why is that not misconduct?
Will Cavendish: Again, all I can say is that I am simply not in possession of the arrangements under which he left that post, and—
Q48Mr Bacon: With respect, I am not asking about your knowledge of the arrangements; I am asking you why the sequence of events, which are on the public record and on which we all agree, did not amount to misconduct.
Will Cavendish: Misconduct is quite a serious charge.
Mr Bacon: Not necessarily. Gross misconduct would be a serious one, and gross incompetence. Frankly, squandering £40 million—or, as Mr Phillips tells me, £60 million—on something that is fundamentally flawed and does not work, while getting a huge wedge into the bargain, might sound unfair to me and to the average layperson, but the fact that he was able to do this and hand it over as working when it did not work sounds to me like misconduct.
Q49Chair: Given that this arose at the point when or just after the individual had left, what arrangements does the Department of Health have in place to claw back the money that it paid people?
Will Cavendish: Again, I am very happy to go back, ask those questions directly and write back to the Committee, or come in front of the Committee again. Chair: We may call you back to do that, but if you could write to us in the meantime, it would be very helpful. We have seen this repeatedly on this Committee. I have only been on it for four years, but Mr Bacon has been here for 15, and so have other Members. It is quite a lot if you add it up. The Department of Health is particularly bad for people leaving with a big payoff and going around the revolving door and back into the same system, working elsewhere. It is a real concern. This is taxpayers’ money, and it is being wasted.
Q50 Mr Bacon: On that point, can any of you tell me what Mr Tim Straughan is doing now?
Will Cavendish: I do not have any information that he is being employed in healthcare or in the NHS in the public sector, but I would need to go triple-check that. I do not know.
Q51 Mr Bacon: Mr Hawkins? Anybody? I have information that he is doing things for clinical commissioning groups in a consulting capacity. Whether he is employed directly or through a joint venture I am not certain, but it is fairly easy to find out that he is doing things in an NHS space, together with the clinical commissioning group and Leeds city council. Presumably, at some level somewhere, taxpayers’ money is involved, is it not? Mr Hawkins? It would seem quite likely; they are public bodies. Could you write to us with information on that when you find out?
Finally, on that point, Mr Gallaher, as you know from previous hearings, the Treasury must approve the maximum redundancy payments made. Sometimes public sector employers negotiate smaller amounts, and then it is not referred back to the Treasury that the amount ended up being smaller. What is the maximum that the Treasury approved in this case?
Marius Gallaher: I do not have the facts to hand, but—
Q52 Mr Bacon: But a payment of this size would have come to the Treasury, would it not?
Marius Gallaher: If it goes beyond the contractual entitlement, it will come to the Treasury. If it is within the contractual entitlement, it does not necessarily come to the Treasury.
Q53 Mr Bacon: Right. So even though it was £330,000 in redundancy, if it was within the contractual entitlement, it would not necessarily have come to the Treasury?
Marius Gallaher: Correct.
Q54 Chair: From memory, though, the former Chief Secretary to the Treasury required reporting to him on figures above a certain amount. Is that right?
Marius Gallaher: I do not think it was in the same context, but he did require Departments and organisations to come to the Treasury when payoffs were involved that were outside the contractual agreement.
Q55 Stephen Phillips: Mr Cavendish, when you write to us, can you also deal with whether an approach was made to the Treasury to approve this redundancy payment?
Will Cavendish: Of course.
Q56 Mr Bacon: The report by your organisation says that a total of 73 people are on what is called an exit package, 49 of them compulsory and 24 others. Of those 73 people, how many are now working in the NHS?
Andy Williams: I would need to—
Chair: Could you get us a note on that?
Mr Bacon: If we could get an analysis, that would be very helpful. To go back to what the Chair said, this has been a common problem. Could you show us the termination dates—when they stopped with the Information Centre, in whichever form it was; NHS or health and social care—and the start date or dates of their new employment or employments? There are NHS rules about the gaps that are supposed to apply. That would be very helpful.
I have one other specific question about the annual report. Page 57 of the 2014-15 annual report refers to a public interest disclosure. It says, “One member of staff raised a matter as a public interest disclosure (whistleblowing) during 2014-15. This manner has now been investigated by independent auditors.” Who were the independent auditors?
Andy Williams: Again, if I may, I will confirm by reply.
Q57 Mr Bacon: It goes on, “This report will be passed to our assurance and risk committee in early 2015-16 and we will take appropriate action as a consequence of this investigation.” Has that now happened? It says “early 2015-16”—that is, early in the financial year.
Andy Williams: I am sure it has, but I will write with the details.
Q58 Mr Bacon: Okay. So you don’t know for sure whether it has been passed to the assurance committee yet?
Andy Williams: I am almost certain that it has been, but I would prefer to check—
Q59 Mr Bacon: Sure. When you write to us, can you also tell us what action—the report describes it as “appropriate” action—was taken as a result?
Andy Williams: Yes.
Q60 Mr Bacon: And if you could give us a bit of background on what the public interest disclosure was, that would be very helpful.
Q61 David Mowat: I have a couple of questions for Origin. However, just before we do that, I am intrigued to learn a little bit more about the sign-off process. Mr Cavendish, I think you said that the sign-off process related to the Origin part of the contract—I think that is what you said earlier in the evidence—i.e. the acceptance process is the acceptance of Origin’s role. Is that correct?
Will Cavendish: I don’t remember using those words.
Q62 David Mowat: You don’t? All right. In that case, let me ask you another question. How high up in the organisation does the process of sign-off go? Clearly, the project manager signed off. Did any of the people to whom he reported sign off? I ask that because it is quite common, certainly in commercial organisations, that, in order to enforce accountability, you go quite high in sign-off, because it makes people ask questions and not just ignore the whole thing because they are on a board. How high did it go?
Andy Williams: I can answer in the particular case here, and if I may I will answer in two ways. First, what is the situation today, and, secondly, what actually happened at the time on the GPES programme? Normally, it would be the project or programme board that would sign off something like this, and that would be minuted and done with the agreement of the members of the programme board. In the case of this particular project, a sub-committee of the board was formed, which recommended the sign-off to the overall programme.
Q63 David Mowat: I don’t want to dwell on this, but quite often what commercial organisations do is enforce point accountability by individual people signing something, albeit with a caveat, so that when something like this happens their signature can be found, and you can go back and find out what they are doing now, rather than just blaming the project manager, who, in any event, only lasted six months.
Andy Williams: Yes, and that was the point I was trying to make earlier, which is in today’s world—in other words, the way in which we deal with that now—they are separated.
Q64 David Mowat: Fair enough. You have said several times that you have learned from this and that today’s world is different. I just observe that this whole thing took place after possibly the biggest civil IT debacle that has ever occurred in this country. The larger IT project lost many billions and for which you are still engaged in litigation about with Computer Sciences Corporation. It’s not as if you hadn’t had a previous track record within the Department of very severe IT difficulties.
Andy Williams: Yes—
Q65 David Mowat: You concede that. So you hadn’t learned from that when you did this, or hadn’t learned enough to prevent this from happening.
Andy Williams: The way I would answer that—I wasn’t around at the time, although I am not using that as an excuse—is by saying that this was happening in parallel, and all the lessons that are learned from the broader National Programme for IT matter. With this project in particular, the way the organisation works today is that we have put much better accountability and governance in place in projects.
Q66 David Mowat: Okay, I will just make the point that that big bust that occurred on the big IT projects—the spine, and all that went with it—was happening in 2007, 2008 and 2009, and a lot of this stuff happened later than that.
However, I will ask about Origin; I want to move on to Origin. What was the size of the contract for Origin, of the total amount here?
Adrian Gregory: It’s Atos. Sorry to correct, but—
Q67 David Mowat: I beg your pardon; I am probably out of date.
Adrian Gregory: We kept the Atos bit; dropped the Origin. Originally, it was £8 million.
Q68 David Mowat: And what did it end up being?
Adrian Gregory: Let me just break that down further, because I think it would be helpful.
Q69 Mr Bacon: Did you say billion or million?
Adrian Gregory: Million. So, £5 million for the project and £3 million for ongoing support. In total for the lifetime, which runs to July 2018, it will be £11.4 million.
Q70 David Mowat: And how long were you going to support it for that?
Adrian Gregory: Five years.
Q71 David Mowat: And what did it end up being?
Adrian Gregory: It is £11.4 million.
Q72 David Mowat: I beg your pardon—so it’s gone from £8 million to £11.4 million.
Adrian Gregory: It’s gone from £8 million. It’s £5 million for the project and £3 million for ongoing support. It is now a total of £11.4 million, which is £4 million for the service and £7.4 million for the project. That is for the lifetime, which runs to July 2018.
Q73 David Mowat: Okay. So you are supporting it until then.
Adrian Gregory: Correct.
Q74 Chair: But it hasn’t really started working yet. Only one client—
James Hawkins: It is working. I became aware of problems in July 2014 when I was responsible for the payment and it was necessary to get the data from the system. We got the system up and working to pay Quality Outcomes Framework (QOF) points in April 2014. We now have more than one customer and are supplying data to Public Health England for diabetic retinopathy screening.
Chair: So Public Health England and then the NHS.
James Hawkins: We are also extracting data for ourselves to handle patient opt-outs.
Q75 David Mowat: It is live. It is clear that it’s live.
James Hawkins: It is absolutely live—
Q76 David Mowat: What is not clear is that—I do not know how many users were in the business case when it was set up, but in my reading of the Report it looks as if you have a lot fewer users than you had at that time. I think that is the Chair’s point.
Andy Williams: Can I try and give a perspective on that? The crucial date, as pointed out by Mr Bacon earlier, was March 2013, which was when the system was accepted as working. Shortly afterwards, it was discovered that it wasn’t. The question that the team had to answer then was whether they should try to rectify what they had to make it work and meet its original requirements or throw everything out and start again. That is always the most difficult question to answer. The decision that was taken—rightly in my view—was to identify the problems and to fix them going forwards. That is the process that James and his team have been on ever since.
The situation at the moment is that we are late. The program is clearly late. That is one of the things that is in the National Audit Office Report. We have looked very hard at the costs, but we are satisfied that we can make the program work to its original specification and crucially more because there are now more requirements of the system.
Q77 David Mowat: When you say that it was clear after acceptance that it apparently didn’t work, was that also agreed by Atos? Did Atos agree that it didn’t work? You obviously delivered something.
Adrian Gregory: If I can provide some more detail, that may be helpful. The query tool that we provide as part of this is one of eight components in the system. The other seven components include four GP software services that provide extraction tools, with Spine 2 messaging in between, and the CQRS, which is the calculating quality reporting service. There are a number of component parts.
Q78 David Mowat: To answer the question, are you about to say that your bit worked, but the whole thing didn’t?
Adrian Gregory: In testing, what was supposed to be provided was the quality output framework query as an end-to-end test. That was unable to be provided, so we moved to something called an integration test, which is an HSCIC testing process. That is what it passed. It had to be tested at the component level.
Q79 Chair: The watered-down test that the system had to pass to pass it.
Adrian Gregory: You have a choice of either waiting for the components to be there, which clearly burns time and effort, or you move to a component test.
David Mowat: So because the other bits weren’t ready and your bit was, you insisted that, to get accepted, your bit would be tested in a way that you came up with.
Q80 Chair: You tested it on your own. Who set up that test? Did HSCIC or the predecessor body set up the test? Because you wouldn’t get paid until you proved that it worked, but you couldn’t prove that it worked until the tests had taken place even though the components weren’t there. Which of you takes responsibility for resetting the testing?
Q81 David Mowat: What I was going to say is that the answers that you have given me are consistent with Atos acting as a contractor, rather than taking any kind of responsibility for the overall delivery. You are saying, “Our bit did work and because the other stuff wasn’t ready we had to have a test done to make it clear that our bit worked.” Given the experience of the people whom you employ, it should have been obvious that the bigger picture wasn’t working and that therefore Atos had a reputational risk just being involved in the whole thing.
Adrian Gregory: You have a choice in any programme: you wait for the end-to-end test, which will cost time and money because of the effort of working through that, or you test the component parts if that is not available.
Q82 Mr Bacon: I do not think it is a choice at all. I had a manufacturer in my constituency that makes electronic components—sadly, because it is global and exports to China, it has moved its business to Mexico now. It makes components that go into cars. It tests those components, but when the car is built people also test that car. In fact, companies employ test drivers to test cars—I have a car manufacturer in my constituency that tests the whole thing. Why is it a choice in the way you describe? Surely anybody with any sense would do both—you test the components and you test the whole thing when it is plugged together as a unity. Mr Williams is nodding at this point; although he is an expert on this in a way that I am not, it is a fairly straightforward point. Why wasn’t there an end-to-end test?
Adrian Gregory: Because the end-to-end test was not available.
Chair: What both Mr Mowat and Mr Bacon are rightly saying is that, as a contractor, you were there to deliver something, but you became just the contractor, rather than part of the solution.
Q83 David Mowat: I am saying that you chose to define your scope quite narrowly. Presumably there was a commercial incentive to get it accepted, and because the rest of it was not ready to be accepted you came up with a way of it being accepted that the NHS bought. You got that commercial payment, I guess, because it was deemed to have worked, but the bigger picture did not work. The issue that arises when you behave like that is the reputational damage to the sort of advice that Atos was giving as an expert.
Adrian Gregory: We didn’t define our scope. When the end-to-end test came through and it was discovered that there were issues we fixed those issues at our cost.
Q84 David Mowat: But I don’t believe your people did not know that the bigger picture was likely to be more difficult. You just took the view that it was not contractually your problem and that the big mess further away could be left to sort itself out, which is what is happening now. That is what it looks like to me. All I am saying is that that might be commercially true in terms of your contract, but it is not a very good reputational way of acting.
Adrian Gregory: We worked closely together. The test regime was defined and we delivered to that. When there were issues as part of the end-to-end test, we fixed them.
Q85 David Mowat: Okay, so when the whole thing did not work a couple of months later, you were surprised by that.
Adrian Gregory: Yes. It was difficult, and we fixed the issues that we had.
Mr Bacon: You were surprised that it did not work? I find that very difficult to believe.
Q86 Chair: You said it was difficult—you must have known.
Adrian Gregory: End-to-end testing is always something that you should do, but it was not available at the time.
Q87 Stephen Phillips: Mr Gregory, you say that you were responsible for one part of the system of seven parts and that that part worked. The first point I would like to get clear in my head is whether or not it did work. You say it did; what do HSCIC and the Department of Health have to say in that regard—did it work or not?
James Hawkins: It could not respond to the volumes that were required.
Q88 Stephen Phillips: It did not meet the functionality that was set out in the specification.
James Hawkins: I am not sure what was set out on functionality, but it did not meet the volume that we needed it to serve—the 8,000 GP practices.
Andy Williams: If I may, the important point, however, is that we did not find that out until afterwards.
Q89 Stephen Phillips: Okay. Mr Gregory, you said it worked. It does not work at the volumes that were required when it was specified, so in fact it did not work.
Adrian Gregory: The functionality was there. In the original test, it passed. When the end-to-end system was available there were then a number of issues across all the—
Q90 Stephen Phillips: Mr Gregory, Atos designed something to function within the environment of six other components, including yours, and it didn’t work.
Adrian Gregory: It did work, and it provided the functionality. It was only when the end-to-end system—
Q91 Stephen Phillips: It worked on the very limited testing that it was put through because you were not able to conduct an end-to-end test. When it was actually put into the system in the real world, it didn’t work. In my mind, that means that it didn’t work. Why did Atos then not step up to the plate, put the funding in and make sure that it did work?
Adrian Gregory: We did. We fixed the issues related to that system that were Atos issues, at our cost.
Stephen Phillips: You have been very careful—
Chair: The Comptroller and Auditor General wants to come in. I think we need clarification.
Sir Amyas Morse: As I am sure you know, Mr Gregory, we have quite different views on this. If I can use your phrase, you fixed the system and in the process of fixing it, you got paid £1.9 million.
Stephen Phillips: Another £1.9 million.
Sir Amyas Morse: To be fair, we had a dispute with Atos, which describes that as
additional work, not fixing work. Atos says, we threw in the fixing work and then we did additional work for £1.9 million. None the less, it meant that you got a pretty tidy chunk of additional income at that time for doing a composite activity. I must admit that I am left wondering. You had these friends or these people you were working closely with, who were, admittedly, not the most skilful counterparties in the world. Don’t you think they got taken for suckers?
Adrian Gregory: Absolutely not. We fixed the issues to do with our system. The £1.7 million—it was £1.7 million for the project and £200,000 for additional support—was related to 15 new features over nine releases, and changes in requirements.
Sir Amyas Morse: Mr Williams, they would not get away with that today, would they?
Q92 David Mowat: I want to come back on that. The point you made was right. It is pretty clear that you had a weak client. When you have a weak client, it is dangerous for you as well as for the client. The reason it is dangerous for you is that they do not properly hold you to account at the time in the way that they should. That is why we all end up in a room like this. The question that arises is whether, when those 10 project managers were going through, you were putting senior people in the NHS and whether the problem was unnoticed. You are the organisation that is full of IT experts—testing experts and everything experts. That is why you are hired. In hindsight, were you too quick to take advantage of the fact that the client was completely useless and that you did not properly draw people’s attention to that?
Adrian Gregory: No, because we did not get paid for that work until it was nearly complete. We took the attitude of getting stuck in and helping to resolve issues across the board. We settled on that quite far down the line—
Q93 Chair: But you got paid after the limited test, not the end-to-end test. From what you say, you pushed a bit for that limited test to happen so that you could get the money. Is that right?
Adrian Gregory: No, that is not right. It wasn’t our test. It wasn’t defined by us.
Q94 Mr Bacon: I know that most IT suppliers are usually lawyered up to the gills—much better than the clients, frankly. Somebody mentioned the National Programme for IT earlier: the Fujitsu arbitration alone is costing £31 million so far because people like you guard your backs extremely carefully, and you do so better than the clients. The fact is that your company’s name is already a swearword, Mr Gregory, people of what happened in the disability centres—the DWP testing.
In this, you had a responsibility to the client. You had an inexpert client and you had a responsibility to try to ensure that they understood, as you surely did, that it did not work properly and was fundamentally flawed. I will read you this: “Several of the cases we have looked at in this book have involved failure to allow for adequate testing of software before the system went live…. The timetable for testing the IT was compressed, there was a limited amount of testing and there was no end-to-end testing. That is from book that was published two years ago—in fact, I wrote it. I quote Mr Cavendish in it elsewhere.
You know all of that, because that is vanilla. Everybody knows that if they know anything about IT. I am not an IT specialist; I learnt this by reading about it. Why did you not take on your responsibility to the client? It is just that you do not care about the reputation of Atos?
Adrian Gregory: We would have liked to have end-to-end tested. We did that but it just was not available at the time when—
Mr Bacon: So why did you not say, “We’re not ready to go live. It’s not ready”? That was your responsibility as a good supplier.
Q95 Chair: When did you first warn the Information Centre that things were not going well? Did you?
Adrian Gregory: In terms of our delivery, that was on time according to a revised request around the quality and outcomes framework.
Q96 Chair: We know there have been revisions. When those revisions were being made, did your company, at any time, say to the people in the Information Centre, who were—as Mr Bacon highlighted and has been acknowledged by the witnesses—not experts in this sort of commissioning, “This is going to cause problems and delay it. It will cost more”? Did you give them those warnings?
Adrian Gregory: Yes, we know it is not ideal. We did, in fact, write in September 2013 to say that we would like end-to-end testing again.
Q97 Chair: That was September 2013, but this is something that has been going on since 2007 or 2008, depending on when you consider it started. When did you first warn the client—the weak client—that things were not going well and that there would be problems because of some of the problems that they were causing? Did you raise that as an issue at any point before September 2013?
Adrian Gregory: We did not have visibility of the end-to-end programme. We were delivering one of eight component parts.
Q98 Mr Bacon: Are you seriously telling me that when it was accepted in March 2013 and the client signed of, you could hold up your head in pride? You say that it was not going well. The fact is that the Report says that as soon as it was signed over and the system was transferred from 1 April 2013, the HSCIC found that it had “fundamental design flaws and did not work.” You knew that. Your company must have known that.
Adrian Gregory: I do not accept that. The query tool that we delivered, one of eight component parts, was only able to be tested at a component level, because the end-to-end test for QOF, which was what we were supposed to be tested against, was not available.
Q99 Mr Bacon: Mr Cavendish, would you go out of your way to use Atos in future?
Will Cavendish: I would go out of my way to make sure that, as we tender and procure, we get the best value for money and are rigorous about ensuring that we only accept bids that we think will achieve the quality and price that we want.
Q100 Mr Bacon: And in relation to Atos? You are shaking your head.
Will Cavendish: There are a number of organisations that will compete for such contracts. At the moment, the ICT service for the Department of Health, and a number of its arm’s length bodies, is provided by Atos. It is performing satisfactorily at the moment and at a reduced cost than previously. For me, it depends on the functionality that you need and the skills that the organisation has to offer.
Q101 Stephen Phillips: Mr Gregory, I want to come back to your part of this system. You say that it was one of eight components. You were working to a fixed-price contract. What was the price that you were being paid to deliver this component?
Adrian Gregory: As I said before, the original contract was £8 million. It was £5 million for the project and £3 million for the support services.
Q102 Stephen Phillips: Right, and the original budget was £26 million, so you were responsible for something in the order of 33% of the project, even though it was one component.
Adrian Gregory: I can see the logic from the maths.
Q103 Stephen Phillips: How much were you actually paid in the end?
Adrian Gregory: In the lifetime up to July 2018, it will be £11.4 million.
Q104 Stephen Phillips: Looking at paragraph 2.17 of the Report, we know that this was a fixed-price contract for you, but it had agile elements, which I think means that the functionality can be defined after the contract has been signed to some extent. Is that right?
Adrian Gregory: After looking into this, I do not think that any aspects of this contract were agile.
Q105 Stephen Phillips: Right, as regards you, no part of this contract was agile. As far as you were concerned, something was specified and you were supposed to deliver it for £8 million. It didn’t work in end-to-end testing when it was delivered, and you actually fixed that while managing to charge another £1.9 million and some extra money as well. Is that right?
Adrian Gregory: There was some collective working after the end-to-end testing threw up some issues and defects. There was a real collaboration with HSCIC—
Q106 Stephen Phillips: Forgive me, Mr Gregory, but you have told me that, as far as your part of this contract was concerned, it was not agile. In other words, you were delivering a specification to a fixed price.
Adrian Gregory: Correct.
Q107 Stephen Phillips: So you should have delivered it for the original contract price. Why didn’t you?
Adrian Gregory: We did. We delivered—
Q108 Stephen Phillips: No, you didn’t.
Adrian Gregory: If you want me to walk you through the history of it, I can.
Q109 Stephen Phillips: But you told me that no part of it was agile. You said that you were required to deliver a functionality for a fixed price. Why didn’t you do that?
Adrian Gregory: We did deliver the functionality. If you wish, I can take you through the detail of what that was.
Q110 Stephen Phillips: Help me with this. It is a fixed-price contract that you say had no agile elements. Does that mean that it had no risk at all for Atos?
Adrian Gregory: No, not at all, because we would have to take on the effort of delivering the functionality of our component part.
Q111 Stephen Phillips: Which you had presumably priced as part of your tender.
Adrian Gregory: Correct.
Q112 Stephen Phillips: Right, so you should have delivered it for £8 million. Why did you charge £11 million and then another £1.9 million for additional functionality?
Adrian Gregory: Okay. I can go through the breakdown if you wish.
Stephen Phillips: Briefly.
Adrian Gregory: Originally, there were 16 core features in the product. It got moved into two releases in March 2013, because the GP software system contracts were not signed until March 2012[2]. Release 1 delivered 11 of those features, plus one additional feature, support for the commissioning framework.
Q113 Stephen Phillips: You have just described additional features. That is something specified after the contract was signed, is that right?
Adrian Gregory: Correct.
Q114 Stephen Phillips: And yet you say there is no element of this contract that was agile. Do you want to change that evidence?
Adrian Gregory: No, that is a different meaning. That means a requirements change. Agile is a different methodology.
Stephen Phillips: All right. Keep going.
Adrian Gregory: Releases 2 and 3 were delivered with two additional features, and three features de-scoped because they were no longer needed, so—
Q115 Stephen Phillips: It is no doubt my fault; I may have misunderstood the use of the word “agile”. What you seem to be describing is a contract which had additional elements of functionality that arose during the period after you had signed the contract. Is that correct?
Adrian Gregory: Yes.
Q116 Stephen Phillips: Right. That is what I meant by “agile”. You said, “We’re going to deliver this for a fixed price.” That obviously imposes risks on the contractor, because to deliver the functionality might cost more than you have estimated in the tender process. Once we are into a regime, like this one, where the functionality can change after the contract has been signed—I just want you to agree with me—that has significant risks for the clients, doesn’t it?
Adrian Gregory: Well, it is against the functionality that you are contracted to deliver, so if—
Q117 Stephen Phillips: If the client wants more functionality, you might have to pay for it, so there are big risks for the client.
Adrian Gregory: Correct, but if the functionality costs more to deliver, the contractor has to pay for that.
Q118 Stephen Phillips: Fine. I understand that. Now I come to you, Mr Cavendish. Why on earth did you not specify precisely what you wanted from the contractor before the contract was finalised?
Will Cavendish: This wasn’t me personally. The contract was signed in—
Q119 Stephen Phillips: When I say “you”, I mean the Department. It is not personal.
Will Cavendish: I understand. The contract was signed in 2009[3], and over the next couple of years, the environment around the programme changed significantly. Virtually none of the bodies that were recipients of the data in 2009 were legally recipients in 2011-12. The nature of the data required changed significantly, too. It was originally designed to be quite a small-scale extraction tool to do specific things. Over time, particularly after NHS England came about, it became something for much wider scale GP data. That requirement did change.
Q120 Stephen Phillips: Right. I understand; you say the environment is changing. Now look back at paragraph 2.17: “There was contemporary evidence in central Government and the private sector”—this is at the time the contract was concluded—“that the NHS IC’s contractual approach, combining agile with a fixed price, was high risk.” Why on earth, in those circumstances, is this a route the Department went down?
Will Cavendish: To my mind, that is not a structure that should have been adopted at the time. Again, it goes back to the problem—
Q121 Stephen Phillips: I understand the future is a different country, and you now say we are in a completely different world, but this Committee is concerned in this particular case with why £60 million in taxpayer money has been wasted on a system that does not work.
Will Cavendish: For the record, £60 million has not been wasted. Money has definitely been misspent, and there have been write-offs in the programme, which is a wrong use of public money. We now have a tool that, although late, is starting to work. It is not fully functional, but it is required. We have to get the GP data to underpin the transactions that take place. We do not face the choice of cancelling it; we need to make it work. Money has been—not misspent; that is inappropriate.
Q122 Stephen Phillips: That is what you said just now. Public money has been misspent; that is what you said. That was your evidence just now. What I want to know now is who has responsibility for that. Who has been disciplined? Who has lost their job as a result of the fact that, in your words, public money has been misspent?
Will Cavendish: In terms of the people in the Information Centre—Andy can speak to that. In terms of the oversight we talked about earlier, the people responsible for that are no longer in their posts.
Q123 Stephen Phillips: There is a project board inside the Department. Who has been disciplined on that project board?
Will Cavendish: I don’t think anybody has been disciplined.
Q124 Stephen Phillips: Nobody has, have they? In true Whitehall fashion. Mr Williams, who has carried the can at your organisation?
Andy Williams: If by “carried the can”, you mean who has been fired, the answer is nobody. I took a look at this when I arrived.
Q125 Stephen Phillips: Can I ask when you arrived?
Andy Williams: In April 2014. As you can imagine, in April 2014 I was looking at everything that was going on.
Q126 Stephen Phillips: It must have been a baptism of fire for you. I understand.
Chair: It was five days after the sign-off of this.
James Hawkins: It was a year after, for the record.
Andy Williams: To be fair to James and to Atos Origin, there was a course of action already being taken that was leading to the programme—
Q127 Stephen Phillips: I am sorry, but you are answering a question I am not asking. I asked whether anyone had been disciplined or fired. The answer, in true public sector and Whitehall fashion, is no. Public money has been misspent and nobody has carried the can for it. That is right, is it not?
Andy Williams: That is right from my point of view.
Will Cavendish: I am not aware that anybody has been disciplined as a result of the project.
Q128 Mr Bacon: I have one question for Mr Williams and one for Mr Cavendish. Mr Williams, your CV says you have a lot of private sector experience, and it is pretty widespread, so you came to this organisation with a serious background. What do you make of the position as at April 2013, when suddenly the organisation found that it had something it had signed off on that did not work? Do you regard the explanations we have heard from Atos as an adequate account of what was going on? Would you have expected something more from a supplier?
Andy Williams: If I may, there are two parts to answering that question. The first part concerns where the line of questioning was, which was to what extent Atos knew of the problems. I am afraid I cannot comment on that. The second part I think is quite important for the record. At the point that the newly formed HSCIC—the organisation—discovered that although the system had been signed off in March 2013 as working, in fact it did not work. When it came to what to do about that, Atos worked extremely collaboratively to fix the problems, on a no blame basis. The other crucial thing that has not come up is that the system was required to make GP payments in 2014. It successfully did that, but had the organisation and the suppliers not been able to do that it would have been a catastrophic situation and a significant amount of public money—
Q129 Mr Bacon: I am glad that Atos collaborated, and they were paid an extra £1.9 million for their trouble. I am sure you would find me very collaborative if you paid me £1.9 million, as well.
Andy Williams: They did not know that at the time they decided to—
Q130 Mr Bacon: None the less, they probably read the small print and figured out they would get some extra, and they did, so if that is what they assumed, they were right. I was asking a different question. I know that you did not start until a year later—that is correct, isn’t it? When it first happened—this is hypothetical—had you been in charge at the time, uncovered this and found it signed off, what would have been your attitude to the supplier that had landed you in that mess?
Andy Williams: Not very friendly.
Q131 Mr Bacon: Right. Thank you. Mr Cavendish, you said earlier that this is needed and you have to keep going, because the data is needed, and so on. On the final page of the Report, just before paragraph 4.10, there is the heading, “There is unlikely to be a long-term future for GPES”. That is slightly different from what you have just said. It is also true that certainly the people I have talked to regard much of this as irrelevant, because as it has not worked properly people have come up with alternatives, including commercial ones. Indeed, correct me if I am wrong, but the new GP supplier contracts will make the interfaces required to make this data available to all authorised organisations free of charge from April 2016. Is that correct?
Will Cavendish: No, I do not think that is correct. I would like to check that.
Q132 Mr Bacon: Well, if you can, but that is my information. I thought it was going to be part of the standard GP supplier contract. If that is wrong, please write to us and say so.
James Hawkins: For the record, we pay GP system suppliers to give us technical solutions at cost—whatever it costs them to deliver. We are working with GP system suppliers to open up the interface so that we can share data more widely.
Mr Bacon: Sure.
James Hawkins: There is a need for an IT system to collect data. With the system we have today it looks like we are going to be at 45% of the predicted capacity by next year.
Q133 Mr Bacon: But going to the list of suppliers in paragraph 1.6, there are EMIS, the Phoenix Partnership, Microtest and In Practice Systems. People can harvest data from those four now, can’t they?
James Hawkins: Not for free.
Q134 Mr Bacon: I didn’t say for free. From April 2016, the GP suppliers will make the interfaces required to make this data available to all authorised organisations free of charge. That is what I was told. If that is wrong, please write to us and let us know.
Andy Williams: We need to write to you to clarify that.
Will Cavendish: When I said the data are needed—we need to collect the data from GPs in order to underpin the payments systems and the performance systems we have in primary care. That does not mean GPES, as it is currently constituted, will stay the same forever. I am not satisfied that we are getting value for money from this service yet. We are getting 60% next year of the contracted or forecast specification against full cost; that is not value for money. That is the reason the HSCIC is looking again at reforming and improving the system. It is the reason I will take this to the board I chair that oversees all the technology and data programmes, which we have scheduled for early next year, when we will look again at the business case and the improvements that could be made.
There are a range of things that can be done to make GPES work better. The query times can be reduced. The extraction volumes can be increased. It may not be the medium-term future. The medium-term future, to me, probably lies in the kind of standardisation through the GP suppliers that you are talking about, and a different and much more seamless approach to collection of data, but here and now, which is what you asked me, this is the only system we have. The commercial systems do not provide the scale of data or all of the data we need. They are cheaper, but they provide a subset of the data that does not underpin the payments systems we need in place. That is the reason we have taken the judgment that it is a necessary system for now, but it is not yet good enough.
Q135 Mr Bacon: How much extra money will be spent on it between now and it going out of use because it is not fit for the medium term?
Andy Williams: I will attempt to answer that, but we will confirm those numbers, as Will says, in February next year, because there is a lot of work going on at the moment.
Q136 Mr Bacon: Without signing your name in black, give us a rough idea.
Andy Williams: I think we will be within £5 million of the appointment business case referred to in the Report, which was £40.2 million.
James Hawkins: For the record, that is to address a number of new requirements as well as the existing requirements in the Appointment Business Case (ABC).
Q137 Chair: That is a ballpark figure; we understand that, but we will write to you or expect you to write to us in February, when it is confirmed. If the figure is not around that, we would like to know why.
Will Cavendish: The annual running costs are around £4 million. The contribution from customers and clients is around £2.5 million at the moment, as planned. That is forecast to rise next year. The HSCIC is negotiating that with NHS England and others at the moment, so although late and delayed and not done perfectly at all, things are coming together better than previously expected.
Q138 David Mowat: To be clear, this is the main application used for working out GP remuneration—the extract from this.
James Hawkins: This is the main application for extracting the data used to calculate GP remuneration.
Q139 David Mowat: Which you then put into another application to do the calculation. How many users does this application have?
James Hawkins: The system gets data from around 8,000—
Q140 David Mowat: How many users does it have? How many people use it?
Andy Williams: The number of people?
Q141 David Mowat: Yes, people—100, 200, 600, 10?
James Hawkins: The system collects data from 8,000 GP practice systems.
Q142 David Mowat: Yes, but most of those cannot access it, can they? I thought you could not have local access.
Andy Williams: The reason it is a difficult question to answer—we probably need to go away and think about it a little—is that the number of organisations using the system and getting data from it is three today. The number of people who access the data that has been extracted could run into the hundreds.
Q143 David Mowat: Maybe that is the answer. So you are saying hundreds of people.
Andy Williams: We would need to check that.
Q144 David Mowat: Okay. Given that we have spent £40 million, how many users it serves is quite an interesting thing to know.
James Hawkins: It is collecting data on the full 55 million population of England, and therefore calculating payment for GPs on—
David Mowat: But it doesn’t calculate the payment, does it? I thought you said that it provides the data and another application calculates the payment.
Mr Bacon: Another 30 million quid.
Q145 David Mowat: What is your prognosis for its life expectancy?
James Hawkins: We have these options being considered now. We are looking at the options in February, as discussed. We think there is a longer lifespan for the GP systems, and we are taking into account the options to decide what we do with the Atos part of that system. We will always need an IT system to collect data. It is serving the population and delivering benefit, but we have taken the decision to write down the Atos asset in our books quicker than the GP systems.
Q146 David Mowat: Okay. That didn’t sound like an answer to my question. Ten years? Twenty years? Three years?
James Hawkins: It is July 2018. We have a window that we are planning to operate with.
Q147 David Mowat: But you are not intending to replace it by that date.
James Hawkins: We may take a decision to replace part of that system[4] earlier than July ’18. That is the work that we are doing currently.
Mr Bacon: When will you know how much earlier? You said that we may do it earlier than July 2018.
Q148 Chair: February next year.
I say this particularly to Mr Cavendish. You have all accepted what the Report says—perhaps not so much Mr Gregory—but your defence to the whole thing has been that everything is different now and that you wouldn’t do it this way now. Some of these problems, however, arose when we knew lessons from previous IT failures, particularly in the health system, so if you are saying that things are different now, are there any lessons that you have learned from this? You touched on that in an earlier answer, Mr Cavendish, but perhaps you could expand on what those lessons are and what you are doing to ensure that future NHS IT projects don’t go down this path.
Will Cavendish: At the level of oversight, assurance and the technology and data portfolio, which is my responsibility, it was the wrong organisation with the wrong capabilities on this one.
Q149 Chair: So in future you would ensure that it wasn’t—
Will Cavendish: It is my responsibility, as I oversee HSCIC, to ensure that this is an organisation with the right capabilities doing the right thing.
Secondly, there was a lack of suitable oversight and assurance. There weren’t the proper mechanisms for ensuring that this project was on track, that suitable procedures were under way and that the right testing, as referred to earlier, was done. That didn’t happen systematically and properly. Again, we have put in place and are putting in place proper processes for sign-off, scrutiny and assurance to ensure that technology and data spend is properly and robustly checked in advance and is properly and robustly scrutinised as it goes through its timetable.
Q150Chair: Will there be consequences if people do not meet those milestones or checks?
Will Cavendish: As you know, we are in a different world now, where SROs are properly appointed to significant technology and data projects. They are appointed and signed off by myself, as the informatics accountable officer, and the Cabinet Office. They have a formal delegated responsibility and there is a clarity of accountability that means that they will be removed if they don’t perform properly.
Chair: Fine, that’s what I was driving at.
Will Cavendish: The third point is the absence of strategic management of this portfolio. When I say strategic management, I don’t mean something airy-fairy, but something that understands the connections between these different projects. That is true of NPfIT and of this individual one that sat with the NHSIC. That is something that we are changing and changing systematically.
I took over this responsibility on behalf of the Department in June 2014. I am confident that, as a result of the work that we are doing, the governance, oversight and delivery of the health IT and data programmes are improving significantly.
Chair: We will hold you to account for that.
Q151 Stephen Phillips: You came out with three and you said that the last one was your final one, which is why I am jumping in. You have learned a fourth lesson, which is not to have the functional requirement specification shift after you have signed the contract.
Will Cavendish: Yes. That is about how you manage particular programmes all the way through. If you are not sure about the ultimate requirements and you need some agile methods, as you were describing, you would not do a fixed-price contract. That is just inappropriate for this kind of service.
Chair: Repeatedly on this Committee we have heard about the lack of planning and specification at the beginning of a project. If what you’re saying is that you have learned that lesson, that is great. We will obviously be holding you to account for that. Mr Bacon has nearly made a living out of failed IT projects in the NHS.
Mr Bacon: It’s called “Conundrum: Why every government gets things wrong and what we can do about it” and is available from all good remaining bookshops.
Q152 Chair: Perhaps the four of you will buy it. There’s a little plug. Let’s hope that he doesn’t have enough material to write another book in future, because it’s not good for the taxpayer.
On Atos, have you taken any legal advice about whether proceedings should be taken against Atos or any other supplier in this process?
Will Cavendish: From the departmental perspective, during the time I have been in this post, I am not aware of that, but, again, I am very happy to check.
Q153 Chair: Please do. Mr Williams?
Andy Williams: I understand that we did take legal advice and decided not to. The two principal reasons were, first, that the Information Centre and the HSCIC subsequently were in quite a weak position contractually because the system had been signed off. Secondly, but not as important as that, we wanted to work collaboratively with Atos because we had some GP payments to be made.
Stephen Phillips: In other words, Mr Gregory dodged a bullet.
Q154 Chair: You got off lightly.
Andy Williams: I just want to add a couple of things on the more general question of what lessons are learned. I emphasise the separation of testing and acceptance—that is really important. Another point is the acceptance in our organisation, in the HSCIC, of external validation of programmes. For example, we welcome the Major Projects Authority and track all the actions from all the reviews on the projects. We are putting in place a whole series of things from a delivery accountability point of view.
Q155 Chair: It is true, Mr Gregory, that your organisation has, as one of my colleagues put it, dodged a bullet. As a Hackney MP, I do not like that term, but you have certainly got off lightly. Had there not been a big mistake by the client, you would have faced legal action. You have heard from the Committee that as a partner in the public sector receiving taxpayers’ money, we expected that you would also play a role in making sure that the whole thing was fit for purpose. Do you want to add any comments on that?
Adrian Gregory: I believe that we did. We paid for issues in our system. It cost us £750,000 as part of that. We worked very collaboratively with HSCIC at that point and very rapidly provided 15 features in nine new releases, so the relationship was very good after that point and we worked together to get things resolved.
Q156 Chair: I do not want to over-repeat the point, but there was a weak client. If you are receiving taxpayers’ money to deliver something, you do have some responsibility to the taxpayer to ensure that you are highlighting some of those problems. From what you have said, it seems that you did not do that. I want to go back to something. Mr Williams, Mr Cavendish or perhaps Mr Hawkins—forgive me—talked about taking some of this out of service next summer. Is that not a way of admitting that there is a big problem and that it is not fit for purpose?
Sir Amyas Morse: I think Mr Hawkins said something about that.
James Hawkins: We have had a lot of success by insourcing some of these systems and we have saved significant amounts of public money. One of the options we are looking at is to take some of the functionality delivered by Atos into HSCIC and deliver it as part of our organisation’s portfolio. That is one of the options we are looking at. We will come back in February.
Chair: But does that not suggest, Mr Gregory and Mr Hawkins, that it is not really working?
Q157 David Mowat: That’s nothing to do with the application; it is just who operates it. You can take that inside or outside or whatever. I thought you answered previously that you were looking at bits of the functionality and replacing that.
James Hawkins: As I say, we have some new requirements for which we will need to change the functionality. The system is currently working. It is delivering half of what was originally asked. It is delivering benefit to patients, but we have been asked to deliver more and we therefore need to look at the options—whether we build more on what we have or replace it.
Sir Amyas Morse: You say it is working, but it is pretty slow at the moment, let’s face it. It might get better though, I admit. What I read from your remarks, Mr Hawkins, is that you might just quietly drop this bit of functionality and replace it with something better. That is not an unreasonable construction of what you said, is it?
James Hawkins: I do not agree with the “quietly”. We will look transparently and openly, go through the options and take the best decision on behalf of the taxpayer.
Sir Amyas Morse: I am pressing this point only because you thought it right to mention to the Committee. You specifically mentioned that Atos piece of work—we did not put those words in your mouth; you specifically mentioned it. I think that was probably because if in future you did drop it you did not want to be called back here and asked why you did not mention it.
James Hawkins: I think it is in the Report that we have taken a decision to write down that asset quicker than we normally do, so that is in the public domain. I am not saying anything because I am trying to steer the Committee in a different direction; we are genuinely trying to deliver a system that will deliver benefits to patients and to enable the NHS to plan care and identify patients that are at risk and do that at the best value for the taxpayer. That is what we are genuinely trying to do.
Chair: I am glad that you have mentioned value for taxpayers, finally, after a project that has frankly been a fiasco. I welcome the candour of those of you who have admitted that it has not gone well. Mr Cavendish, we will be holding you to account for what you promised. Mr Gregory, I am sure we will have you in front of us again, because Atos delivers a lot of public services funded by the taxpayer. Let me just remind you, if you are not aware, that this Committee takes taxpayers’ money very seriously and whoever spends it, we will follow it, whether it is the private sector, Whitehall, local government or the charity sector.
I thank you all for your time.
Oral evidence: General Practice Extraction Service—Investigation, HC 503 23
[1] Note from witness: Figures given at hearing were incorrect. Sentence should read “Last year, out of £391 million-worth of savings in IT, health contributed £157 million through better contracting and better procurement.
[2] Mr Gregory later clarified that the two releases were introduced from March 2012, and not March 2013 as he initially stated but then corrected as part of his evidence.
[3] Note from witness: The GPET-Q contract with Atos was signed in December 2011 (not 2009).
[4] The Atos part of that system