Feeds

One standard, one Microsoft - how the NHS sold its choice

Uk.gov locks itself in for a generation

  • alert
  • submit to reddit

SANS - Survey on application security programs

Analysis Last week the UK's National Health Service announced a landmark licensing deal with Microsoft, trumpeting savings of £330 million over the lifespan of the agreement. And what a sweet deal it was - for Microsoft. The NHS, the "largest procurer of IT services in the world" is now locked into Windows and Microsoft Office for nine years; its IT suppliers, if they wish to remain its IT suppliers, must also lock themselves in, and anyone working with the new NHS National Programme for IT (NPfIT) has effectively had Windows chosen for them.

Which is not a bad outcome to a year of 'tough talking' from the NHS, and probably worth the odd discount. In the 'win' column for the NHS and the rest of the healthcare industry we have the £330 million saving (not much of a saving for some, as it's on licence fees they weren't paying in the first place) plus indeterminate licensing income, while for Microsoft we have the almost unprecedented length of the deal, a direct potential to almost double its user base in UK healthcare, and the UK health industry's adoption of a client UI that ties it to Windows and Office.

The scoresheet derives from two announcements, that of the new licensing agreement and a Microsoft undertaking to develop "a health specific user interface for clinical systems" at "no charge" to the NHS. The latter will "bring uniformity to the various clinical systems that are used across the NHS [and] Microsoft will also supply customised versions of Office and Windows to deliver a consistent look and feel to NHS computer users." Microsoft envisages healthcare ISVs using this UI in their applications, and in the case of the NHS they're not likely to have a choice, given that NHS IT director general Richard Granger sees it being used as "a common look and feel of all clinical applications to improve patient care and safety across the NHS."

The licensing deal provides the NHS with "up to 900,000 licences", compared to the 500,000 it currently has, and this meshes nicely with the UI agreement because Microsoft will be supplying customised versions of Office and Windows "for NHS computer users." Not all NHS users currently use Windows, and not all of the people working with the NHS would currently count themselves as NHS computers users as such, while not all of the Health Trusts would necessarily see Granger's writ as running as far as their choice of desktop software. The NPfIT however does bring with it a considerable increase in centralisation in terms of systems used and purchasing, so Microsoft has cutely contrived matters so that Granger has made his bed, and now everybody else is going to have to get into it with him.

Even before Microsoft is brought into the equation, centralisation has begun to squeeze out smaller suppliers. EMIS, for example, currently produces the most widely-used GP system, but claims it has been unable to sign contracts with any of the five English Local Service Providers (LSPs) for the NPfIT, because it says the conditions that would have been imposed on it were "untenable." In a letter stating its position the company claims the "NPfIT is intent on standardising NHS IT not by encouraging innovation and competition but by monopolising the market place... If the NPfIT policy is about rigorous standardisation that they feel can be achieved by two different suppliers then clearly a third supplier is just as likely to produce a quality system based on agreed standards."

The two clinical systems being used by the LSPs are iSOFT's Lorenzo and IDX's Carecast, these being the two examples of ISVs put forward in the NHS-MS health UI announcement, and also the "two 'core' clinical applications for the NHS", according to NPfIT guidance issued in recent months. According to E-Health Insider, NPfIT COO Gordon Hextall says that the numbers of other systems to be culled via this process should now be referred to as "existing" systems, "due to the pejorative connotations of the term 'legacy'". How sensitive of him.

The UI deal however means that Microsoft now stands to benefit greatly, leveraging Windows and Office into those GP practices which don't already use them, and rolling back rivals' penetration. Sun UK Head of Corporate Affairs Richard Barrington sees this as a direct threat to existing Sun customers in the NHS, pointing out that some health trusts are already using StarOffice, but may now find themselves forced to switch to MS Office instead. "Does Granger have the mandate to force everybody to use this stuff?", he asks irately.

Granger certainly has the power, because the deal was negotiated at the highest levels of Microsoft and the UK government. Last year he threw down the gauntlet, announcing a trial of Sun's Java Desktop System and threatening to roll it out across 800,000 desktops. This again is higher than the NHS' current 500,000 users, but still lower than the total NHS headcount of 1.2 million. Clearly Granger was anticipating a common system for all of the clinicians who would become users under the NPfIT regime, and this system being extended to people who previously hadn't used computers directly to access NHS services.

The new UI and the customised version of Office will also represent additional speedbumps for would-be competitors. If, for example, Sun wished to bid on a future NHS desktop contract, in addition to the current need to match as much general Microsoft functionality as possible it would have to match the UI and the NHS/health-specific version of Office, which would probably involve licensing technology from Microsoft.

The December announcement was swiftly followed in January of this year by a Bill Gates summit with Granger and Secretary of State for Health John Reid. This process is proudly referred to in the NHS' licensing deal announcement, the intent presumably being to impress us with the commercial acumen of Reid and Granger. Gates himself had a busy and rewarding time of it on the trip: the NHS, meetings with Chancellor Gordon Brown, the then OGC head Peter Gershon, a starring role at Brown's entrepreneur summit, and a knighthood. No great problem getting a club class ticket through this time, we'd hazard.

According to the announcement, the Gates meeting was followed by discussions between Granger and Microsoft CEO Steve Ballmer, leading to the formal deal. The timescale, however, is interesting, as the cycle commenced just as the NHS was beginning its JDS trial, and in September the NHS announced the purchase of 5,000 JDS licences for "tactical reasons", and allegedly to allow it to conduct further testing of open source deployments. The current Microsoft deal was at least very close to signing then, but there was an opportunity for some last minute haggling in early October, when Steve Ballmer was last in spotted in the UK.

"The option to use Open Source software in the future remains and continues to be evaluated", says the announcement, but it's difficult to see how this could realistically be the case. The contract, in effect, ties the NHS into a single supplier for desktops, and in that sense flies in the face of Office of Government Commerce advice in its OSS report to "determine whether current technologies and IT policies inhibit future choice; and if so consider what steps may be necessary to prevent future 'lock in'". The OGC has been evaluating open source precisely because it needs government departments to have an alternative to Microsoft. The NHS has meanwhile virtually extinguished the alternative for itself for nine years.

Coincidentally, one of the OGC OSS case studies, of "a government department" which did not wish to give its name, looks strangely familiar. The department "is undertaking a major program to update and improve its IT systems." The "desktop estate is Microsoft-based almost in its entirety, it was evident that deployment of an open source, low cost alternative desktop could provide substantial savings." Anybody we know, do you think? "Sun Microsystems Java Desktop System (JDS) has been identified as a possible alternative desktop solution. In January 2004, an agreement was reached with Sun to conduct a trial of the JDS to assess its suitability for use as a desktop within the organisation."

And in the conclusions, it is revealed that: "The organisation has procured a substantial number of JDS licences for deployment." The trial itself seems to have been of fairly low intensity, with "three notebooks and 12 copies of the JDS... supplied by Sun", but the issues identified and the suggested ways forward are significant. The organisation reported "problems opening files from Windows shared drives, and in using the JDS file manager to copy files." It also complained of "lack of integration with Microsoft Exchange Server", "lack of system management tools" (addressed by an upgrade during the trial), and lack of support for local file encryption. It does however report that "a satisfactory response/resolution was received from Sun Microsystems on all issues raised".

The verdict of the organisation was: "Indications are that the JDS is not yet suited for introduction into a Microsoft-based architecture, but it would be suitable for a green-field site". It's not entirely obvious how the published case study details (we've reproduced the bulk here) might lead to such a conclusion, but if a department were about to announce 900,000 Microsoft licences it would hardly want to be publishing a case study that said JDS would be fine for its purposes. It clearly wouldn't be in the case of some classes of user, but this also goes for one of the other 'anonymous' case studies, Bristol, which is going ahead with a 15-85 per cent Microsoft/StarOffice split. Sun's Barrington says Bristol's 15 per cent MSOffice machines are costing twice as much as the 85 per cent StarOffice: "Extrapolate that to 900,000."

The vast body of current thinking on OSS migration regards a mixed, evolutionary approach as the most rational one, but it's probable that Granger's vision for the NHS rules this out as an option. If, as seems to be the case, the NHS was looking for a single client environment that could work with all of its existing systems and duplicate all of the functionality of Microsoft Office, then Sun JDS could only win the contract if it could do all, not just 'most' or 'enough' of what a full-spec, up to date XP/Office combination could do. It's clearly impossible, and you could therefore say that requirements of this stringency are 'auto-lockin'.

But although the parallels are quite chilling, the anonymous organisation of the OGC case study cannot possibly have been the NHS. Both pilots may have commenced in January, but the NHS would surely have needed more than 12 copies of the JDS to convince Bill Gates it wasn't just bluffing in order to get a price cut. How about 5,000 copies then? Hmmm.... Health Minister John Hutton meanwhile tells us that the NHS-MS deal means improved patient safety, because "NHS staff will continue to use familiar software reducing the possibility of error". This will no doubt include the extra 400,000 not currently covered by Windows licences, those of the existing 500,000 who're not on XP yet, and all 900,000 who've yet to be shipped the familiar new health UI they're going to be using. This software sounds so clever one begins to wonder why anybody wouldn't buy it.

Hutton and the Department of Health however show little sign of grasping the full consequences of what they're doing. In the Commons Hutton has repeatedly painted a rosy picture of the choice-filled future that the NPfIT will bring, while the program itself is relentlessly concentrating power in the hands of a few chosen suppliers and driving choice out of the system as the network extends, culling the very suppliers that Hutton lists as "approved". The latest example, where choice now comes down to one single supplier, just takes the process to its illogical, unsatisfactory conclusion. For nine years. ®

Related stories:

Microsoft wins £500m NHS contract
BMA calls warning on NHS IT
UK Gov open source policy gets an upgrade
Open Source ready for prime time in UK.gov, says OGC
NHS OSS white paper is 'disappeared'
Doctors give sickly outlook for NHS IT
NHS IT costs skyrocket

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.