NHS IT policies that waste NHS money (and could easily be fixed)
Thursday, January 3rd, 2013Computer systems built for national scales are expensive – especially given the perverse incentives for previous and current government IT projects which practically guarantee that they will go over budget. However it is also important to remember that a computer system should make it easy and quick for a user to do what they need to do – it should not get in their way and slow them down – fundamentally the user’s time is paid for by the NHS (some of them at quite a high rate) and if they spend hours dealing with irrelevant trivialities of the computer systems they are using then that money is wasted.
Much nhs email goes via nhsmail. This imposes a 200MB quota for all users. That is tiny. Disk space is cheap, really cheap at the 2GB level and really it should be possible to offer 20GB per user without too much difficulty. So every user of nhsmail must periodically spend their valuable time deleting emails that are no longer vital. Occasionally they will make mistakes and delete emails that are actually important potentially directly impacting patient care. This is just silly. I am guessing the order of magnitude of the cost of fixing this (by buying more servers) is X00,000 and that this would easily pay for itself in terms of increased efficiency across the NHS within a year.
The NHS systems also have a ridiculous system of requiring users to change their passwords periodically. This is well know[0] to actually make security worse and to provide no benefit as users pick worse passwords to make them easier to remember (and to break) and then increment numbers on the end or similar (which unfortunately makes it harder to remember due to within list effects – people can’t remember which password they are on). So this is a policy that wastes staff time, makes security worse and should be fixable by someone unticking a few boxes marked ‘force users to change their passwords’ or similar. Unfortunately various incompetent IT auditing agencies always tell organisations without periodic password changing policies that they need to institute one – this is good grounds for firing the agency as they clearly have no idea what they are doing.