NHS Digital plans software development shake-up

Capability Review points to consolidation of software teams and new cyber security centre

NHS Digital is planning to pull together two of its software development teams and impose a single management structure over others to develop a more consistent approach.

It has revealed the plan as part of its new capability review, titled Fit for 2020, which also points to measures to improve its cyber security support for the NHS and some of its own digital shortcomings.

The organisation, which provides national information, data and IT systems for health and care services, inherited four in-house software development and support teams from its predecessor, the Health and Social Care Information Centre.

It says there have been advantages to this historically, but it now needs a single management structure to get rid of duplication, encourage more consistent development and obtain more flexible access to local labour markets.

As a result, it plans to merge the two digital delivery teams based in Leeds, set up a single digital delivery centre in the city, and bring in a single set of operating principles and processes for all of the teams.

Methodology mix

It is also standing back from any commitment to agile working methods – which have been widely promoted in central government – instead choosing from a small number of methodologies underpinned by consistent terminology, taxonomy, decision points and reporting requirements.

The organisation now intends to define and publish the details of these methods, and introduce a set of development and programme management tools for its teams.

The review’s observations on cyber resilience have a special relevance given the recent WannaCry cyber attacks that crippled IT systems for a few days in several NHS trusts. This prompted a recent report by BCS – The Chartered Institute for IT that said the NHS has not made sufficient investments in cyber security.

The review says that a Cyber Security Programme was set up over 2016-17 to help local organisations manage threats, backed by more than £40 million up to 2020-21, and that NHS Digital is working closely with the National Cyber Security Centre (NCSC). But the organisation sees a need to further develop its capabilities in the field and transfer its knowledge across the health and care system.

This has prompted plans to develop a single unified security operating model for itself based on the ISO27001 information security standard, set up a National Security Operations Centre with real time intelligence on cyber threats. It will also incorporate the Department of Health’s new Data Security Standards and create a new commercial framework for local health and care organisations.

Shortcomings

The review also points to areas in which NHS Digital could be doing better. These include its provision of data services, which feedback has shown are below users’ expectations and need to be modernised.

It is also using out-of-date technology, being too slow to adopt automation and new digital solutions, and has not defined its business architecture clearly enough. The latter has left operating structures compartmentalised and rigid, prompting the recommendation that any new initiatives should be considered as part of an end-to-end value chain.

In addition, people in local organisations have said NHS Digital is distant from the front line and needs to improve the way it communicates with them, and that there is a lack of clarity on the roles of national NHS organisations involved in data and technology.

Noel GordonNHS Digital chair Noel Gordon (pictured) says in the review’s covering letter that it has a lot to do to meet its vision.

“We are reinventing the culture of NHS Digital to become more flexible and responsive to the very dynamic environment in which we operate and to help this organisation meet the high expectations of the professionals and public we serve,” he says.

Image from NHS Digital, Open Government Licence v3.0