IoT poses ethical dilemma for carers of vulnerable people

Newcastle University, Institute for Ageing, have questioned the ethics of monitoring older people living alone with mundane household appliances, such as kettles. The Internet of Things (IoT) now has the capacity to place sensors unobtrusively and collect data continuously, generating concerns about “informed consent”. Four were identified:

• Smartphones passively monitor activities and send alert to families or carers in public spaces outside the control of the observed person;
• Potential stigmatisation of the observed person;
• Greater liability to the carer who has constant availability of data;
• Reduced face-to-face or telephone communication.

However, they urge caution to avoid over-emphasising potential harms compared to the likelihood of improved outcomes.

Innovate UK funded the study, which also included a focus group report of the Kemuri® Wellbeing Monitor. This is an IoT smart power socket that senses temperature, motion, and power used by kettles and microwaves in kitchens. Web software learns patterns of behaviour and checks for changes from normal behaviour every hour. The objective is to reduce NHS and Social Care costs by families identifying the risk of hypothermia, dehydration, malnutrition and unattended falls.

The focus group from VOICENorth were all carers of older people who had symptoms of dementia. The findings included:

• “… an overwhelmingly positive response that the three types of information was the most appropriate to support carers to provide reassurance that all was well”;
• “Most felt the kitchen was a place where ordinary day-to-day activities happen”;
• “… there was unanimity that the device was user-friendly in terms of the user interface (screen, readability, and instructions)”.

The full report, “Ethics of passive wellbeing monitoring and focus group report“, is available to download.

KISS: The NHS explained

The NHS explained in one short animation.

7DIG: Identify Risk with Confidence

Using Confidence to Identify Risks

Rather than starting the search for risks in a negative way, Quarkside recommends using the reverse psychology to ask about success – “How confident are you that targets will be met?” Asking about confidence levels not only helps to identify risks, it shows a positive view rather than a negative one.  Simple bar charts can be used to show targets, changes of opinion and alerts for areas of concern felt by staff.

Average Confidence

The chart above may look gloomy, but this was the state of play in a large public sector project. It was the result of interviewing many levels of staff.

• Anything below 50% confidence is worth further investigation and should be entered in the risk log.  Immediate risk reduction action should be taken.
•  For intermediate levels of confidence, say between 50% and 75%, risk log entries should reflect the reduced level of risk.  The root cause for reduced confidence should be investigated.
• Even if there is high confidence of success, greater than 75%, then there should be a risk log entry if the impact of failure is high.

Without claiming intellectual rigour,

Risk Probability% = 100% – Confidence%

Managers are comfortable with this concept – high confidence equates to low risk and vice versa.  Discussion helps people to accept that simple quantification of risks is neither difficult nor threatening.

Confidence Management Process

Confidence Management Process

It may be old-fashioned, but Quarkside is a proponent of managing to a baseline, or vision or goal or whatever you want to call it.  Lets also call them strategic objectives.  The main point is that they are organisation wide, and that leadership has ensured that everybody understands and has bought into them.

Interviews are carried out using a one-page questionnaire that records levels of confidence.  A five-point scale ranges from totally confident to minimally confident.  Subsequently, values from 90% to 10% are allocated.  The analyst can also select extreme values, say 100% or 0%, if the interviewee stresses strong opinions during the course of an interview.  Comments on the reasons for low values are welcomed – highlighting the root cause of a risk if raised by several interviewees.

To encourage open and frank responses, an independent interviewer asks questions in confidence and ensures that comments are not attributable to a specific person.  Interview data is analysed and presented in a report.  The contents include commentary on areas of high and low confidence and references to the risk log.

After several months second and subsequent reports discuss the change in confidence levels since the previous report.  A change chart graphically indicates the effect of risk reduction since the previous review.  The process provides feedback into the risk management control loop.

Most importantly it supports the risk management process by flushing out risks that may not have been formalised.  In extreme circumstances, it could contribute to a decision to change the baseline business or project targets.

Experience

The method has shown benefits in £billion programmes – but it could be applied in any form of project – even Agile ones.    Some key findings were:

• Confidential, non-attributable interviews help to open up discussions and identify root causes of problems.  It allows comment at peer level that might not surface in the presence of overbearing managers
•   The initial interview requires a few minutes to explain the concepts and establish understanding of the business objectives.  Subsequent interviews are quicker to execute and frank answers are obtained in less than one hour.
•  The questioning technique encourages managers to think more quantitatively about business targets and the probability of achieving them.  They feel comfortable that 90% confidence has a residual 10% risk, and that it is fair to include it in a risk log.
• Levels of confidence can diverge extremely between interviewees.  Whether lack of communication or “head in sand”, it is useful data worthy of further investigation.
• In programmes experiencing difficulties, the results provide a focus for debate at board level.  One organisation used the results to renegotiate a major contract.
• Even with generally satisfactory levels of confidence, it is worth investigating the target with the lowest confidence.  One internal audit team raised a security risk with an impact greater than £1 billion; procedures were tightened.  This is the company-threatening risk that is missed by using traditional risk matrices and resulted in the Risk Index to be described in the final section.

Looking to the future, the method should be used on all public sector programmes that rely on computer information for success eg Universal Credit, Health Service ICT, Individual Electoral Registration,  the Government ICT Strategy and Identity Management.

            

NHS: Not Here Sir. Receptionists rule the roost.

GPs are going to be the gatekeepers of the NHS. Well, that’s what I thought. It seems that bureaucratic, control-freak, receptionists may have even more power than anticipated from this personal anecdote.

My simple request was to move from a surgery 5 miles away to one 400 yards away.  The distance, historically, was not a problem with visits being made once in a Preston Guild.  The right to select my own GP would appear to be in line with the NHS Charter giving patient choice.

In cometh the bureaucracy.  A receptionist gave me a form to fill, but I would have to return with identification before proceeding. (Thinks, would an eID have helped?). This I completed and duly presented some time later.  The dragon at the hatch said I shouldn’t have been given the form, because it had to be completed on the premises and gave me a virtually identical form and told to refill exactly the same details.  What a waste of time, but then it was my time not hers.

However, the application was refused because I had an old driving licence, which proved to her that I had not recently changed address – the sleuth was correct.  I moved more than 25 years ago.  My plaintive request for selecting a surgery I could walk to, and helping to save the planet, was not a good enough reason.  She was obviously proud of her role in the prevention of Patient Poaching.  Only after I claimed a tenuous, but significant, relationship to the senior partner did she relent.  She gave me leave to appeal, by letter, if I could find some good reason. When I asked what sort of reason, she helpfully suggested criticising my current GP, whom I have never met.  It’s not what you know, but who you know.

So I have had to waste more of my time, and the GP’s time, in writing a letter and a blog.  If the receptionist, or the GP refuses to accept me (the NHS web site says that the surgery is accepting new patients) then:

“However, if the GP does refuse to accept you, then they must have reasonable grounds for doing so. These must not have anything to do with race, gender, social class, age, religion, sexual orientation, appearance, disability or medical condition. The GP must give you the reasons for their decision in writing.”

The message about us being in the Post Bureaucratic Age has not reached the parts that gatekeepers protect.

Top Marks for Big Brother Watch

Only rarely does the bloggosphere publish such a complete and balanced review of information assurance.  It was so difficult to challenge any point that Quarkside has only extracted some points for brevity.  Toby Stevens quoted in full an article that was originally published by Big Brother Watch in their book “The state of civil liberties in Modern Britain”.

It is prefaced on “The Department of ‘No’”

• NO central information assurance function in the Government.  It is thinly spread among many agencies.  For example the Cabinet Office is responsible for CESG, the Cabinet Office Security Policy Division (COSPD) and the Office of Cyber Security and Information Assurance (OCSIA).  The MOD and other departments do their own thing.
• “NO ‘Government Chief Information Security Officer’ or ‘Office for Government Information Assurance’. …  no one individual or organisation accepts accountability for the proper governance of data in the public sector“. “Each department and agency has to pay to support its own security infrastructure rather than drawing upon the economies of scale that might be achieved by a central security team working for the common good of government. The information assurance environment is far from cost-effective.”
• NO rational Information Risk Management.  Security incidents will always occur, and the public sector culture is to look for someone to blame.  As a result, public authorities are unable to obtain cost-effective information security controls.
• NO Secure Systems.  “Local authorities and arm’s length bodies very often fail to comply with government security standards simply because they don’t know that those standards even exist, and if they do, they can’t gain access to either the standards or cost-effective individuals who are able to assist them.“
• NO Privacy by Design. “How else could designs such as the ill-fated Contactpoint, or the NHS Summary Care Record, be allowed to exist where hundreds of thousands of users can access millions of individuals’ sensitive private records?“
• NO Open Source Software. “Without a vendor to pay for security testing the patches and updates under the current regime, open source software will remain largely inaccessible for government.”

However, the report is not entirely negative.  Seven recommendations are given which seem to show great common sense.  Again, it is worth reading the full document and not just scan the list below:

1. Appoint a pan-government Chief Information Security Officer as a new focal point for information assurance.
2. Create a government CISO Council.
3. Consolidate existing duplicate information assurance services.
4. Ease the administrative security regime for lower-value data.
5. Sort out the existing mess of unaccredited Whitehall systems.
6. Voluntarily accredit open source software where appropriate.
7. Develop the information assurance profession.

“If we want an information assurance function that really supports public authorities, and that can deliver more for less, then these changes are cheap and easily done. We simply have to ask OCSIA to reform the information assurance function, give that office the power to do so, and support it when it encounters inevitable resistance from within the security establishment. All it takes is the will to say ‘YES’.”

Thanks are due to Robin Wilton for tweeting Toby Steven’s blog entry.

IG Outcomes: Focus on Benefits

Quarkside’s reason for promoting Information Governance (IG) processes is a belief that better public services are possible. Better Outcomes. Benefits.

Information Governance is the setting of Objectives to achieve measurable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.

Improved service levels and efficiency can result if more effective use is made of documents and data that is amassed in archives, filing cabinets and computer data stores. The current budget reductions need innovative thinking to abstract more from historical data, sharing data and sharing data centres.

The portents are good. It is now possible to share data between local authorities and the NHS by linking the N3 and GCSX networks. The Information Governance requirements have been met. This removes a major constraint to implementing the recommendations of Lord Laming’s Enquiry into the death of Victoria Climbié.

Examples of outcomes can be found in the Scottish Government web site.  They are easy to understand and credibly linked to one another.  Information sharing partnerships could benefit from reviewing these and basing their own desired Outcomes upon them; children, crime, employment, health and enviroment all feature in the list of fifteen.

Outcomes, with good governance, should be comparable to the Objectives. The previous IG blog listed seven candidate secondary dimensions for Objectives. Let’s take them forward as an example of using the Framework; as questions that could appear in quality assurance of the results:

• Policy: How far have we progressed towards the political vision and maximising value from the information assets? Are transformation targets being achieved?
• Strategy: How many programmes have benefited from information sharing and improved knowledge management? Are the benefits being realised?
• Law: Can we be assured that all laws, regulations and statutes have been followed?
• Constraints: Have local conditions, culture and practice been factored into the Information Governance regime?
• Scope: Have all target business area and organisational functions been included in the Information Governance processes?
• Context: Has the impact on external and internal organisations met expectations?
• Specifications: Has performance met the requirements and are control mechanisms in place? What is the evidence that information sharing has obeyed Information Assurance standards?

Secondary dimensions should be tailored to the organisation and its aspirations.  They need not be all embracing, but focussed on current and future priorities.

The political pressure for more shared services, in both central and local government, amplifies the requirement for shared Objectives and Outcomes.  Good Information Governance is necessary to build trust between partners.  Each partner has to be assured that other partners treat information with equal or greater respect, and this starts by aligning Objectives and desired Outcomes.  It should finish with an information assurance process that confirm that trust is deserved.

Identifying Outcomes and using them as a primary driver is not easy. The Local Government Improvement and Development agency (formerly IDeA) studied “Implementing outcomes based accountability in children’s services“.  Whereas People can easily accept the concepts, formal methods require a high level of training and adoption of common language.  This takes more time than People are prepared to invest.  Quarkside believes that Outcomes should be governed qualitatively, not quantitatively with manufactured measures that just feed bureaucrats.  Superficially at least, Scotland seems to have a more pragmatic approach.

Cultural considerations are so important for introducing change in Process, particularly in new information sharing partnerships. Culture is included in the People dimension of the 7DIG framework, to follow.

Partnership Pie. Recipe Revealed

Independent review of performance and local accountability is needed to reduce the costs of internal public sector bureaucracy – or so suggests the Centre for Public Service Partnerships.   They responded to the HM Treasury and Cabinet Office call for evidence on public service reform.

Partnerships have to be the key to improving efficiency through shared and sharing services.  Quarkside hinted at this in November in relation to cooperation between the NHS and local authorities.  A key enabler is a process for building adaptable and sustainable partnerships.  The groundwork for a viable multi-agency framework was completed in a DCLG national project.  There’s also a roadmap to use at the initial stages of building a partnership, showing partners the critical success factors and levels of risk.  It can be done in a standard (ie common) way across any (or all) recipe(s) for partnership pie.

The full response is worth a read, but the last point supports Quarkside’s pressure for improving public sector governance:

18. What specific data or information would you like to see made publicly available in order to help individuals and local communities hold services to account?

There is a need for some standardised data for public service performance and costs which is comparable between agencies and services; verifiable; independently audited; and accessible and understandable to the public. This data should be available irrespective of the provider of the service and/or its commissioner or procurer. Prime accountability for public services should be either directly through an economic relationship between provider and user or through local government accountability

Yesterday’s blog was a prime example of how NHS bureaucracy only succeeds in baffling the public, hiding the facts and costing a fortune to operate.  It is hardly an easy model to follow in multi-agency shared services.

NHS: Payment by bureaucracy

Actually it’s called Payment by Results (PbR).  It is a huge part of the NHS £100 billion budget.

A friend of mine reported unexpected behaviour in a hospital when going in for a simple procedure.  They offered (or insisted on) a blood test.  He feels perfectly fit, with no other symptoms but was referred to two more departments.  They went through the motions of a few appointments, most involving delays in waiting rooms.  The specialists, in the end, said that he was perfectly in the normal range, but he could request further investigations.  It seems that administration bureaucracy will charge the full tariff, even though there was no treatment.

Then my suspicious, and somewhat cynical, friend heard about PbR.   Apparently tariffs are set for each procedure and I downloaded a copy of arrangements for 2010-11.  We may stand to be corrected, but his two unnecessary set of referrals will earn the hospital several thousand pounds.  No treatment was undertaken, but the hospital (or perhaps the consultants?) will earn the full fee.

It has become clearer why we need so much administration in the NHS. This is one of the thousands of tariffs:

AA04Z: Intracranial Procedures Except Trauma with Non-Transient Stroke or Cerebrovascular Accident, Nervous system infections or Encephalopathy Category 4

• Combined Daycase / Elective tariff (£): 11,033
• Elective long stay trimpoint (days): 87
• Non-elective spell tariff (£): 11,035
• Non-elective long stay trimpoint (days): 87
• Per day long stay payment (for days exceeding trimpoint) (£):  248

A few questions spring to mind:

• How much effort went into collect these numbers?
• How time is spent by clinicians and administrators trying to understand the subtle differences?
• What if a better procedure is not on the list?
• How variable are the true costs in different parts of the country?
• How susceptible are these figures to accidental upgrading of an AA03Z to an AA04Z and the gaining of £10,400 income for the hospital?
• Is this what GP surgeries are now expected to control?
• Are the same tariffs going to be paid to private sector health suppliers?
• Is it possible to pick through this list and only provide procedures that can clearly make a profit?

Governance Matters.  Policy should be reviewed for all possible outcomes before massive change should be implemented.  I just don’t know who is sufficiently wise and neutral to reconstruct the payment regime for the guardians of the nation’s health and public purse.

Quarkside thinks there must be a more economical way of controlling the cost of quacks.

No excuses, LAs and NHS must talk

A good news story for a change. Simple connectivity between local authorities and the NHS has been needed for years.  I recall having to spend 15 months with the agreements and protocols to join 2 servers one foot apart in a server rack.

Joe Harley (DWP) and Christine Connelly (DH) have jointly published a letter encouraging local authorities to connecting to the NHS N3 network via their existing GCSX connection.    They explain that it is now possible for local authorities to access NHS Spine without the need to install a separate N3 connection.  The reverse is also true; NHS organisations can access local authority data via their existing N3 connections.

Everything these days come at a price, however.  The N3 Interconnect Service is an additional service charge to the GCSX service.  Expect to pay £5,760 for 10Mb.  There’s also value in sharing the service between LA partners: £7,200 for 4 local authorities (£1,800 each) then £1500 per additional local authority using the same aggregation route.

Now that the connectivity should no longer a barrier, we should revitalise the attempt at building information sharing partnerships and utilising systems interoperability standards, such as ISO 18876.   Exchange of data between Health and Social Services has long been the call of Enquiries into Victoria Climbié and Baby Peter.  One key excuse for non-cooperation has been removed.

For Standards, follow India

UK Public Sector Information Governance standards may as well not exist.  They do exist in pockets, such as the NHS and SIF, but not across government departments.  Compare this with India.  Their vision may sound strange:

“Make all Government services accessible to the Common man in his locality, through common service delivery outlets and ensure efficiency, transparency and reliability of such services at affordable costs to realize the basic needs of the common man ”

But at least they have a vision produced by their Ministry of Communications and Information Technology.  What is the equivalent in the UK?  Quarkside was unable to find one.  Yes there is a web site with a few random archived documents dating from way back.  For example, “The e-Government Interoperability Framework (e-GIF) mandates the adoption of XML and the development of XML schemas as the cornerstone of the government interoperability and integration strategy.”  has one document dated 15th May 2001.  Is this really still valid and part of the coalition policy?

This peek into standards was triggered by Bryan Glick who compared India’s approach to Open Standards with the EU and UK.  I could not even trace the EU documents.  How do we expect to compete with emerging economies with large numbers of educated systems developers?  They seem to be following best practice – which we developed a generation ago.   Some rightly argue that standards may stultify innovation, but when it comes to high volume information sharing applications they are critical to success.    The old, boring, approaches must get back on the Government CIO’s agenda.

It is all well and good for ministers to promote moving all transactions on-line, but their officials must tell them that our standards infrastructure is woefully inadequate and not fit for interoperability purposes.  We risk being demoted to the second division by teams that are investing in first class skills and competencies.