Survey of FOI/DPA/EIR Tracking Procedures in the NHS

The Centre for Research in Information Management, University of Manchester has been sponsored by SIBILO (UK) Ltd to carry out a survey to ascertain how NHS bodies are coping with the information disclosure requirements of the Freedom of Information Act 2000, Data Protection Act 1998 and the Environmental Information Regulations 2000. This survey focuses on the way technology is used in assisting in recording, collating and processing requests.

The full powers of the Freedom of Information Act 2000 were unleashed to the public domain on the 1st of January 2005. Among other reasons, this was significant because it also opened the way for citizens to request environmental information. It was also anticipated that the passage of the FOI Act, in addition to increased public awareness would stimulate an increase in the number of subject access requests received by public bodies. It is for these reasons, that the FOI Act 2000 is a focal point of this report.

Prior to January 2005 there was a lot of speculation on the impact of FOI on public bodies. This speculation ranged from the numbers of requests to be expected to the ability of public bodies to handle request processing. The Lord Chancellor’s department predicted that we can expect to receive between 45,000 and 190,000 requests per year [1]. A survey conducted by The Stationary Office predicted that a large proportion of the civil service were unlikely to meet the demands of the Freedom of Information Act [2]. At the time of publication June 2002, it stated among other issues that 30% of government departments did not know the deadline for compliance, while over 20% of managers did not have an FOI policy in place [2].

Well the 1st of January has already come upon us and passed with no apparent casualties. So did any of the forecasts some of which were disturbing come to pass? By the looks of things, seemingly not! According to survey carried out by the UCL Constitution Unit, the large majority of NHS bodies surveyed each received between 1 and 100 requests between January and June 2005 [3]. Over half of the respondents surveyed have received between 1 to 100 requests, with a sizeable number receiving up to 300 requests [3]. These numbers are hardly the deluge of requests predicted, even though it has to be said that request numbers are highly sector dependent. With regards to FOI readiness, majority of practitioners confirmed that they had sufficient resources for request handling.

This survey aims to ascertain how NHS bodies are coping with the demands of information disclosure as required by the Freedom of Information Act, Data Protection Act and Environmental Information Regulations. Particular attention will be paid to tracking procedures and technological assistance employed in the NHS bodies surveyed.

Survey Aims

The aims of this study are threefold:

• To ascertain the request tracking procedures present in NHS bodies

• To ascertain how NHS bodies are coping with request numbers

• To find out any technological assistance that is employed

Survey Methodology

A short questionnaire was drawn up and was submitted to 767 NHS bodies, covering England, Scotland, Wales and Northern Ireland and sent out as a letter or email under the auspices of the Freedom of Information Act. A total of 62 questionnaires were returned unanswered. As of the 19th of September which was the cut-off date for processing, we received a total of 453 responses.

The questions covered the following areas:

• Tracking procedures employed

• The availability of software to track requests

• The origins of software; purchased from vendor or developed in-house

• Technology on which tracking software relies on and the number of developers involved

Survey Results

Responsivity of Regions

As was mentioned earlier, this survey was carried out under the auspices of the Freedom of Information Act, hence questionnaires were sent out as FOI requests. It is interesting to see that a significant number of NHS bodies, approximately 40% failed to respond.

The vast majority of respondents replied on time.

Of the regions that responded, Greater London was the most responsive region, with 71% of their bodies responding to the FOI request.

On the other hand, Scotland was the least responsive region, with only 18% of their bodies responding to the request.

Below is a breakdown of the responsivity by region

• Greater London – 71%
• North East – 65%
• East Midlands – 63%
• South West – 60%
• North West – 58%
• West Midlands – 54%
• Northern Ireland – 50%
• East Anglia – 46%
• Wales – 42%
• South East – 35%
• Scotland – 18%

One known reason that can be cited for the level of responsiveness is the presence of out of date or incorrect FOI contact information on websites. This is due to the returned mails we received.

Dependence on FOI/DPA/EIR Software

34% of all respondents utilised FOI/DPA/EIR specific software.

65% of respondents utilising FOI/DPA/EIR software made use of vendor-specific solutions.

35% of respondents utilising FOI/DPA/EIR software made use of software developed in-house

Of all the regions surveyed, the South West took advantage the most of software for the processing of their information requests. 50% of respondents in the South West had software specifically for FOI/DPA/EIR request processing.

On the other hand, NHS bodies in the West Midlands were the least dependent on FOI/DPA/EIR software. Only 17.5% of the respondents in the West Midlands utilised FOI/DPA/EIR software.

Of all the organisations surveyed, Health Agencies were the more heavily dependent on FOI/DPA/EIR software, with 67% utilising FOI/DPA/EIR software.

Of all the NHS organisations surveyed, Care Trusts were the least dependent on FOI/DPA/EIR software. None of the Care Trusts surveyed utilised FOI/DPA/EIR software

Preferred FOI/DPA/EIR Software

Datix Ltd’s ‘Request for Information’ module was the most preferred FOI/DPA/EIR software. 47% of respondents dependent on FOI/DPA/EIR software cited the use of Datix software.

Datix Ltd is a London-based company specialising in risk management software and training courses.

Ulysses’ proprietary risk management software, Safeguard is the second favourite. 22% of respondents utilising FOI/DPA/EIR software cited the use of Safeguard by Ulysses.

Ulysses is a Hampshire based software development company specialising in the development of Risk Management Software.

Prism Risk Management Ltd, is the third favourite. 6% of respondents utilising FOI/DPA/EIR software cited the use of Prism software.

Prism Risk Management Ltd specialises in the provision of risk management tools to the healthcare industry.

Livelink by OpenText, a Canadian company specialising in enterprise content management solutions, is the fourth favourite. 4% of respondents utilising FOI/DPA/EIR software cited the use of Livelink.

BT Case Manager, by BT is the fifth favourite with 3% of respondents utilising the FOI software.

This section gives a snapshot view of the state of the FOI software market for the NHS. The popularity of risk management solutions suggests that NHS bodies associate request management as an issue of risk rather than an information management problem. This increasingly litigatious nature of the health industry goes some way to explain this trend.

It is also important to note here, that BT who invested heavily (in a region of over £1 million) in developing their FOI solution, the BT Case Manager tool, including a heavy marketing push have pulled their solution out of the market. The reason cited being a low uptake by market.

The pull out of BT has some serious implications for the FOI market. Firstly, it indicates a slow uptake of FOI solutions by the public authorities. Secondly, this also indicates that a large number of public authorities seem to be coping with their request management through manual procedures. How long this can continue, it is difficult to forecast, but the necessity of providing long term electronic infrastructures for request management cannot be understated. The fact that FOI is here with us to stay coupled with the ongoing IEG (Implementing Electronic Government) agenda point towards the future need to electronically enable request management for future efficiency gains.

Preferred Tools for In-House FOI/DPA/EIR Software

Microsoft Access and SQL Server were the databases of choice for majority of respondents who resorted to in-house development. Respectively, 54% and 11% of respondents who developed their solutions in-house utilised the above database tools.

VB.NET was utilised by 7% of respondents who developed their FOI/DPA/EIR solutions in-house

ASP, VBA and Visual Studio.NET were also popular, being utilised by 5.5% of respondents respectively.

.NET was the platform of choice for 5% of respondents with in-house FOI/DPA/EIR software.

An average of 1 developer was responsible for the development of in-house FOI/DPA/EIR tools.

Dependence on Manual Procedures

The vast majority of NHS bodies, 66% do not utilise FOI/DPA/EIR software for their information request processing

However, they are dependent on manual processes (consisting of paper and manual filing systems) aided by the use of popular desktop software including

• spreadsheets: MS Excel
• email: MS Outlook
• simple database: MS Access
• electronic diary / calendar: MS Outlook, Novell Groupwise
• resident in-house applications

Majority of those using manual procedures also chose to stay that way. 73% of respondents stated that they will not be looking to utilise FOI/DPA/EIR software to aid in request tracking and processing.

The predominant reasons cited for choosing to stay manual were:

• Small request volume
• Manual procedures sufficient to cope with present request numbers
• Budget unavailability
• Waiting to see full impact of FOI

Conclusions

With regards to request tracking procedures, NHS bodies are predominantly manual. The corresponding reasons for such a high dependence on manual procedures illustrate that the deluge of requests, expected at the beginning of this year was not as high as anticipated.

On the flip side of the coin, the fact that such a high proportion (40%) of the questionnaires sent as FOI requests were not responded to raises serious questions about how a significant number of NHS bodies are actually coping with requests. As a result, it is important that NHS organisations review their request tracking procedures and institute any necessary enhancements.

Even though those NHS bodies with manual procedures profess to be coping at present with their request numbers, long-term assessment needs to be undertaken to ascertain the impact on the effectiveness of other organisational activities in the long run. Because accurate prediction of future requests is difficult as demonstrated by the 1 January predictions, it is important that request tracking procedures are reviewed on a regular basis to allow smooth adaptation to any changes in demand.

Software assistance can provide greater overall administrative efficiencies and identification of bottlenecks for more streamlined business processes. The provision of automated facilities such as reporting, workflow management and automated searches provide tighter process control which translates to benefits including tighter financial control. In an environment in which budget constraints are prevalent, investing in FOI/EIR/DPA software can act as a step towards achieving tighter financial control in the long term.

References

[1] Freedom of Information – Preparation of Draft Legislation, Lord Chancellor’s Department, February 2001

[2] Complacency Threatens to Undermine Government’s Freedom of Information Initiative, The Stationary Office - The Information Management Company, 2003

[3] Freedom of Information in the first six months: The FOI Practitioner’s Perspective, The Constitution Unit, September 2005