This is such a familiar central government IT saga that it hardly ranks as news, yet the NAO report which detailed this scandal contains important insights for all IT professionals on contract management, agile development and offshoring.
The General Practice Extraction Service (GPES) is an IT system designed to allow NHS organisations to extract data from all GP practice computer systems in England. The aim of the project, first launched in June 2008, was to share data that could be used to monitor quality, plan and pay for health services and help medical research.
The bare bones of the NAO findings make stark reading, even from an audit body used to cataloguing government IT failure.
The project was significantly delayed. The original business case said the service would start in 2009-10, but it took until April 2014 for Health and Social Care Information Centre (HSCIC) to provide the first GPES data extract to a customer. Many intended customers have not had data from the service.
Mistakes in the original procurement and contract management contributed to losses of public funds, through asset write-offs and settlements with suppliers.
The costs of the GPES programme increased from £14 million to £40 million during the planning and procurement stage and have risen further. The project has incurred at least £5.5 million of write-offs and delay costs. Major contributing factors were mistakes in the original procurement and in contract management which led to asset write offs and additional payments to suppliers.
Only NHS England has so far received any data from GPES. Five other major NHS agencies have not received data they need and have been forced to bypass the system to get the information they require - for example to produce clinical guidelines, monitor the side effects of medicine, carry out clinical audits and support research.
"It is unlikely that GPES in its current form can provide the NHS-wide service planned," the NAO noted.
Problems with the system began at the contract and design phase.
The NHS Information Centre (NHS IC), which commissioned the project, and Atos, the supplier, "found it difficult to agree the requirements for the system", the NAO stated.
The procurement began in April 2009, with the NHS using a fixed-price contract model with 'agile' parts. This meant the supplier and the NHS agreeing some of the detailed system needs in workshops, after the contract had been signed.
"There was contemporary evidence in central government and the private sector that the NHS IC's contractual approach, combining agile with a fixed price, was high risk. Our report Shared Services in the Research Councils reviewed how research councils had created a shared service centre, where a similarly structured IT contract failed," the NAO wrote.
Such failings are not confined to the public sector. Diamond giant De Beers ended up in court in a similar dispute, again with Atos. Judges found fault on both sides but ultimately awarded De Beers £1.4 million compensation.
In the case of the NHS, the NAO highlighted a number of factors that increased risk - none of them news to project management professionals. These included:
Limited staff capacity at the customer - NHS ICTheir reliance on contractors for development and procurement expertiseHigh staff turnover in the project team. Ten project managers were responsible for GPES during the period from September 2008 to September 2013.
Once the query tool contract was signed the NHS and Atos struggled to agree the detailed requirements. "This delayed development, with Atos needing to start development work while some requirements had yet to be agreed. NHS IC and Atos agreed to remove some minor components. Others were built but never used by HSCIC," according to the report.
Warning flags were raised. The Gateway 4 external review in December 2012 said that problems deciding requirements were possibly exacerbated by an offshore development process.
The Gateway reviewers also warned about the difficulty of combining Agile development practices and traditional, waterfall project management techniques, noting: "The GPET-Q [query tool] delivery is being project managed using a traditional 'waterfall' methodology. Given the degree of bespoke development required and the difficulties with translation of requirements during the elaboration parts of R1, the Review Team considers that, with hindsight, it might have been beneficial to have adopted an Agile Project Management (PM) approach instead."
It went from bad to worse with Atos building core components of the system that were not adequately tested by the NHS itself before they were accepted. The NAO blamed the NHS directly for this:
"The NHS IC accepted delivery of the GPES query system in March 2013, after system testing which the NHS IC developed. This testing did not identify design flaws that meant it would be impossible to extract data from all GP practices. These problems were severe and required Atos and HSCIC technical staff to carry out remedial work, taking six months to complete.
"The test was not comprehensive enough to identify these problems. To work in a 'real life' situation, the GPES query system needs to accurately communicate with the four separate extraction systems and other systems relying on its data The test NHS IC and Atos agreed was less complex. It did not examine extractions from multiple extraction systems at once. Nor the complete process of extracting and then passing GPES data to third-party systems."
To compound its errors the NHS IC spurned specific warnings and advice from the Department of Health's National Integration Centre and Assurance unit to carry out more tests, specifically testing whether GPES could extract data from more than one system at once and whether it could handle a number of different queries at once.
Commenting on the problems with the system that was intially handed over by Atos and accepted by the NHS, Atos said: "We delivered the GP Extraction Service in line with requirements set out by NHS IC. When the service did not work as planned, we worked with them to improve functionality and have worked with the HSCIC since its inception to ensure the system was up and running to meet the deadline of the Quality and Outcomes Framework 13/14 year end."
The resultant failure has left the NHS IC putting more money into the project though the NAO notes, "it is still not certain that all aspects of GPES work". What is clear is that the NHS IC estimate that the health service will achieve less than two more years of use from the GPES in its current form, in contrast to the five-year minimum lifetime assumed for new IT systems.
The NHS's Health and Social Care Information Centre says that many of the problems were historic - before this latest incarnation of a centralised NHS IT body came into existence, and it argues that it will get vlaue from the system.
"The NAO report states that significant issues occurred with GPES in the years before the inception of the HSCIC, which was created two years ago with a new mandate, structure and senior leadership team. It is clear the GPES procurement and design stage was not good enough, regardless of the intent of predecessor bodies," the HSCIC notes.
"The HSCIC is equally clear that upon our creation we took full responsibility for delivering a data extraction service that is operationally and financially efficient. We are maximising the working aspects of GPES and replacing those parts that do not work. Our focus is on developing a suitable service that meets the needs of the NHS and patients."
Negotiations are currently underway with NHS bodies, other than NHS England on "their current requirements" with a promise of being "realistic on what can be achieved".
If the ability to extract and analyse health data from a number of health sources is a key requirement of the NHS today, there are significant issues around that data, beyond this troubled project. The NAO makes plain that it did not examine the methods or policy to govern using patient identifiable data that could be extracted via GPES, or the wider Care Data project, itself dubbed "unachievable" by the government's Major Projects Authority. These broader issues are far from resolved.