Home‎ > ‎Blog‎ > ‎Blog content‎ > ‎

Wolf or Sheep? Safety and due diligence for Commissioners

posted 15 Jun 2016, 09:43 by Philip O'Connell   [ updated 15 Jul 2016, 06:33 ]
simple.uk.net 
for patients, not profit  



Phil O'Connell 
Creator of the NHS's Simple Telehealth & Florence 


15 June 2016 


“Design the best healthcare first and only then see if technology can improve it” 
Sir John Oldham 



Recently a colleague in Australia reminded me of our commitment as a ‘for patients, not profit’ Social Enterprise to project a positive influence on the TECs sector.  He related a story about how things had gone wrong with a particular Telehealth implementation and the reason given being;  'the failure was due to the supplier’s sales people overstating the efficacy of their product'.  Sighing, he added, 'But that’s exactly what their job is!'.  Recently members have been discussing the resurgence of questionable practice in the UK TECs market at a time when we thought lessons had been learnt and our industry colleagues were embracing the NHS ethos, transparency and need for evidence.  

I'm sure readers will recall the £m's of NHS money wasted on  telehealth initiatives in recent years where NHS Commissioners were exposed to misleading sales practices, hype and overstated benefits of the latest shiny new apps, baubles, widgets & gadgets.  There are of course, ethical technology companies out there with proud evidence based histories working with the NHS, so how can you tell the difference?  We looked into a number of companies cited by members and we were surprised at some of the questionable practice used  by these companies.

Using the collective experience of our members, below we've complied a list of indicators.

Websites

Propensity for questionable practice can be glimpsed from a company's website.  This would typically be evidenced by the website being opaque and designed to convince you to buy their technology without independent evidence of clinical outcomes;
  • Lack of understanding of appropriate clinical practice but claims products are clinically led;
  • Promotes unsubstantiated opinion of the impact of the efficacy of the things it's trying to sell;
  • Does not disclose evidence but, talks about what might be achieved if you buy into their solution;
  • It’s own people write and 'spin' anecdotal case studies and blogs, rather than publishing articles written by clinicians  who have used the service, evaluated the clinical impact and stand by their evidence;
  • News tends to be hyped, focussing on the latest 'contract' or the companies opinion of themselves and their products;
  • Talks about 'enabling non face-to-face care pathways' without explaining the clinical reasoning, and safety implications. 'A solution looking for a problem'.
One more surprising but common item we noted was the lack of evidence about the safety of the 'apps' or services they are trying to sell, which simply would not be tolerated for anything else a patient would use.

Mandatory IG Requirements



Despite it being a mandatory requirement for commissioners to ensure via contract that organisations who process NHS Patient Data ( i.e. NHS digital/telehealth space) are compliant with IG requirements , many of these companies do not possess the correct level of accreditation.  To process NHS patient data for digital/telehealth services, companies must have a data processing agreement with the commissioner and accreditation under the category of 'NHS Business Partner' on the HSCIC IG Toolkit, which provides mandatory assurance that they are appropriately compliant with;

The Data Protection Act 1998.
The common law duty of confidentiality.
The Confidentiality NHS Code of Practice.
The NHS Care Record Guarantee for England.
The Social Care Record Guarantee for England.
The Information Security NHS Code of Practice.
The Records Management NHS Code of Practice.
The Freedom of Information Act 2000.
The Human Rights Act article 8.
The international information security standard: ISO/IEC 27002: 2013 and ISO/IEC 27001:2013.
The ‘Report on the review of patient-identifiable information’ (alternative title ‘The Caldicott Report’) and the ‘Information: To share or not to share? The Information Governance Review(also known as the Caldicott 2 Review).
Information: To share or not to share - Government Response to the Caldicott 2 Review.


 “All organisations that have access to NHS patient data must provide assurances that they are practising good information governance and use the IG Toolkit to evidence this.”  Section 9: IG Assurance Mandate.

Some companies register under the  base category of the IG Toolkit  as a 'Commercial Third Party'.  This is inappropriate for majority of digital/telehealth services because the company's software processes NHS patient data.  

"An NHS Business Partner is distinct (in IG Toolkit terms) from a Commercial Third Party (CTP), as the nature of their service(s) suggest that they are more likely to have a need to actively process patient or personal data on a regular basis.  A CTP should not under normal circumstances have such a requirement"  IGT user guide: Organisation Types.

Furthermore, Section 9 of the IG Assurance Mandate states;

“Where services are commissioned for NHS patients, the commissioner is required to obtain this assurance from the provider organisation and this requirement should be set out in the commissioner-provider contract. 

Although we'd expected companies to volunteer details of their IG Toolkit compliance, many don't.   To find out how a digital/telehealth provider rates; Visit www.igt.hscic.gov.uk, click on 'report' and enter the company name.  ( For Florence, enter 'Mediaburst' )

Pressure to make 'sales'


Companies with a pedigree in healthcare such as Philips,  take a responsible approach to their activities and are in the market for the medium to long term to make a difference to patients outcomes.  However tech companies entering the healthcare market can be under pressure to make 'sales' in the same way as they do in the commercial sector.  We found that in some of these companies, even the small ones, driving a pressured culture of 'sales', Executives can be rewarded with eye wateringly high salaries, and up to 40% of the workforce can be 'Sales People'.  

'the failure was due to the supplier’s sales people overstating the efficacy of their product'

Financial due diligence

Adding to the pressure to achieve 'sales' can be the company's finances.  We were again somewhat surprised to find that some companies are making substantial year on year losses.  The level of risk posed by this must be taken into consideration by commissioners.  For a private company it's not sustainable and given that most of these companies are created as independent entities to isolate their shareholders from risk, the risk and consequences are entirely the NHS commissioners.

We looked into two companies and both were losing substantial sums of money, one lost £1.5m last year and substantial amounts in the previous years.   Shareholders must be applying pressure to recoup their losses to date, to not to make a loss this year and to return a profit.  The second company has been making losses for a number of years, but has been temporarily 'bailed-out' by a pharma company for a share in their business ( this is not declared on the company's website).

Financial data on companies is freely available and more detailed information as contained in the annual returns can be easily obtained from Companies House too.

Summary

It's always good to pass a critical eye over a company's website, and to check out how they're structured, where the public money will flow once its paid to the company and what sales and financial pressure is exerted on the company to inform the likely propensity of the company to 'overstate' to make sales.   And of course an eye needs to be cast over the level of risk being entered into if consistent financial losses are being reported by the company and the final red line is the mandatory requirement for the correct level of IG compliance.