The fortnightly newsletter that unpacks system leaders’ priorities for digital technology and the impact they are having on delivering health services. Contact Ben Heather in confidence here.

Each new technology brings with it unique benefits and risks.

The motor vehicle gets us from A to B faster than a horse and cart, but the trade-off is we must tolerate an increased risk of dying engulfed in flames in transit.

As the NHS moves from paper records and ageing, simple and isolated IT systems to complex flexible interconnected digital services, there is both advantage and risk.

On Saturday, a fault at a data centres shutdown access to hundreds of thousands of NHS email accounts across the country. A software upgrade a few weeks before led to an error that went undetected until it collapsed completely. Parts of the NHS that had not opted into this central “NHSmail” service were unaffected.

Last Thursday, the smallest hospital trust in the country, Weston Area Health Trust, had to cancel all non-urgent electives for the day after its IT systems shutdown. A broken air-conditioning unit was to blame. Last month, faulty air conditioning was again the culprit when dozens of GP practices in Yorkshire could not access some IT systems for more than a week. And then there’s WannaCry, the cyber-attack in May last year, when reliance on paper briefly became an asset as large swathes of the NHS lost access to their IT.

Risk can be mitigated or exacerbated. Ending a car journey in flames is more likely with infrequent servicing and poor road maintenance, less so with an experienced driver and new tyres.

So how risky is NHS IT?

Digital hazard

Using a pen and paper to prescribe medicine, by some measures, is twice as likely to lead to medical errors when compared to using a closed looped electronic prescribing and medicines administration system. Electronic prescribing has, rightly, received targeted central funding on the basis that it saves lives.

However, access to millions of hard copy prescriptions can’t be blocked by a malicious virus, software bugs, or dying air-conditioning units.

These are risks inherent in electronic systems. This isn’t an argument against switching to digital clinical services, or for clinging to paper and fax machines, but an acknowledgement that a switch to a new medium comes with new risk.

For instance, the Care Quality Commission noted the rise of digital GP services came with unique risks around verifying patient identity and, in some cases, higher rates of prescribing opiates.

But saying some risk is inherent in a technology is not the same as tolerating avoidable risk. And a convincing argument can be made that the NHS has made IT riskier than it needs to be.

Sweating the assets

Brand new air-conditioning units rarely fail. IT systems with the latest security updates and operating systems are protected from all but the most sophisticated cyber-attacks.

There are few hard measures of IT infrastructure investment in the NHS. However, it is widely accepted that since NHS trusts were left to fund their own IT in the wake of the National Programme for IT, investment has dropped and the maintenance backlog has grown. The overall NHS estate backlog has increased year-on-year since 2013-14 to nearly £6bn last year, including £1bn deemed “high risk”.

As trusts put off replacing end-of-life IT hardware or software, or slap ad-hoc solutions over the top, the risk of fault and cyber vulnerability increases. Faults can be more than just an inconvenience. They can cost lives.

A fault in the national breast screening IT system was partly to blame for 174,000 women not being invited for a screening appointment and 75 having their lives shortened as a result. A review of that incident, obtained by HSJ this week, said the “complexity in the operation of ageing IT legacy systems”, parts of which date back to the late 1980s, was one of three underlying causes.

The layers of legacy IT also lead to great fragmentation of information, generating those everyday IT failures of patient information not reaching clinicians that need it, and complexity. The reason many hospital trusts had not applied the security patch that would have shielded them from WannaCry wasn’t that their IT departments were lazy and careless. It was due to a well-founded fear that the update might break a piece of ancient software running an MRI machine or managing oncology appointments. Moving off these systems is harder again when NHS organisations are locked into decade-long inflexible contracts with suppliers that include few incentives for improvements.

Minimising the risk

There is no easy solution to the above problems, and certainly none without greater investment in replacing ageing IT systems before they fail or become too embedded to remove. However, there could be ways to ensure any additional investment is spent reducing the risk of IT failure in the future.

Health and social care secretary Matt Hancock’s “tech vision”, published in October, outlines some possible solutions. Ensuring that all IT systems meet the same basic technical and clinical standards and speak to one another (are interoperable) would help reduce complexity and fragmentation.

Shorter contracts with suppliers and a “modular” approach to software – that is replacing smaller pieces more frequently rather than in one “big bang” – should reduce the disruption of an IT upgrade and allow the NHS to change direction faster. A push to move NHS IT services onto the public cloud, although not without its own risks, and separating NHS data from applications should increase flexibility and reduce the cost of upgrading software.

But these steps rely on additional investment and growing the cohort of NHS staff with the digital skills to navigate the more flexible approach.

Until then, damaging IT failures are not just a risk, but unavoidable.