Incident: Incorrect Risk Calculation in NHS IT System Leads to Statin Misprescriptions

Published Date: 2016-05-11

Postmortem Analysis
Timeline 1. The software failure incident happened in 2009 [44171, 43896].
System 1. SystmOne software used by 2,500 surgeries in England [44171, 43896] 2. Digital calculator tool used by some GPs to assess the potential risk of cardiovascular disease in patients [43896]
Responsible Organization 1. The IT firm involved in developing the faulty software, TPP, was responsible for causing the software failure incident [44171, 43896].
Impacted Organization 1. Patients, including at least 300,000 heart patients, who may have been given the wrong drugs or advice due to the computer error in the NHS system [44171, 43896] 2. GPs who used the SystmOne software for risk assessment and treatment planning, leading to potential errors in patient care [44171, 43896] 3. The IT firm involved in developing the faulty software, TPP, which had to address the issues identified and inform clinicians of affected patients [44171, 43896] 4. Health regulators, such as the Medicines and Healthcare products Regulatory Agency (MHRA), who launched an investigation into the digital calculator used by some GPs [43896]
Software Causes 1. Bug in the SystmOne software used by GPs' surgeries, leading to miscalculation of patients' risk of heart attack since 2009 [44171, 43896]
Non-software Causes 1. Lack of proper oversight and quality control in the development and implementation of the IT system used in GPs' surgeries [44171, 43896] 2. Reliance on unreliable IT systems by doctors and the NHS, leading to potential errors in patient risk assessments [44171] 3. Potential misinterpretation of the system's output by doctors, assuming decisions were based on medical knowledge rather than computer-generated scores [44171]
Impacts 1. At least 300,000 heart patients may have been given the wrong drugs or advice due to the computer blunder in the NHS, leading to some adults being needlessly prescribed statins and enduring severe side effects [44171]. 2. Patients may have suffered heart attacks or strokes after being wrongly told they were at low risk of cardiovascular disease [44171]. 3. The error caused huge anxiety for patients and created additional work for overstretched surgeries as up to 300,000 patients needed to be contacted and booked in for repeat tests [44171]. 4. The mistake exposed the growing dependence of doctors and the NHS on unreliable IT, leading to a loss of trust in the accuracy of the technology used in healthcare [44171]. 5. GPs were advised not to use the faulty software and to rely on their clinical judgment or alternative software, indicating a disruption in the normal workflow of healthcare professionals [44171]. 6. The incident highlighted the potential risks associated with inaccurate technology tools used in healthcare, particularly in decisions regarding controversial treatments like statins [43896].
Preventions 1. Regular and thorough testing of the software before deployment could have potentially prevented the software failure incident [44171, 43896]. 2. Implementing proper quality assurance processes during the development of the software to catch any bugs or errors could have helped prevent the incident [44171, 43896]. 3. Conducting regular audits and checks on the software system to ensure its accuracy and reliability could have been a preventive measure [44171, 43896]. 4. Providing adequate training to healthcare professionals on how to use the software correctly and interpret its results could have reduced the chances of errors leading to patient harm [44171, 43896].
Fixes 1. Conduct a thorough review and update of the SystmOne software to fix the bug causing the miscalculation of patients' risk of heart attack [44171, 43896]. 2. Implement additional quality assurance measures during the development and testing phases of the software to prevent similar errors in the future [44171, 43896]. 3. Provide training and support to healthcare professionals on how to use the software accurately and effectively to minimize the risk of incorrect risk assessments [44171, 43896]. 4. Enhance communication channels between the IT firm responsible for the software (TPP) and healthcare providers to ensure prompt identification and resolution of any software issues [44171, 43896]. 5. Increase oversight and monitoring by health regulators, such as the Medicines and Healthcare Products Regulatory Agency, to prevent similar incidents and ensure patient safety [44171, 43896].
References 1. GPs using the SystmOne software [44171, 43896] 2. Medicines and Healthcare Products Regulatory Agency (MHRA) [44171, 43896] 3. IT company TPP [44171, 43896] 4. Royal College of GPs [43896]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident has happened again at one_organization: - The software failure incident involving the miscalculation of patients' risk of heart attack due to a bug in the SystmOne software has been ongoing since 2009 [44171]. - The error in the SystmOne clinical IT software has been present since 2009, affecting the risk assessment of cardiovascular disease for patients [43896]. (b) The software failure incident has happened again at multiple_organization: - The software failure incident involving the miscalculation of patients' risk of heart attack due to a bug in the SystmOne software has affected nearly a third of the surgeries in England, indicating a widespread impact [44171]. - The SystmOne clinical IT software, manufactured by IT company TPP, has been found to have a bug affecting the risk assessment of cardiovascular disease in patients, indicating a broader impact beyond a single organization [43896].
Phase (Design/Operation) design, operation (a) The software failure incident in the articles is related to the design phase. The incident was caused by a bug in the SystmOne software used by GPs' surgeries, which miscalculated patients' risk of heart attack since 2009 [44171, 43896]. This bug in the system design led to patients being inappropriately put on statins or taken off them, resulting in their risk of cardiovascular disease being miscalculated. (b) The software failure incident is also related to the operation phase. The error in the software affected the operation of GPs who relied on the system to calculate patients' risk of heart attack during health checks. GPs were advised not to use the system and instead rely on their clinical judgment or alternative software, indicating a disruption in the operation of the system [44171].
Boundary (Internal/External) within_system (a) within_system: The software failure incident related to the miscalculation of patients' risk of heart attack due to a bug in the SystmOne software used by GPs' surgeries [44171, 43896]. The error in the system led to patients being inappropriately put on statins or taken off them, potentially causing severe side effects and impacting patient care decisions. The issue originated within the system itself, specifically in the calculation process of patients' risk assessments for cardiovascular disease. The software bug affected how GPs determined the appropriate treatment plans for their patients, highlighting a critical flaw in the system's functionality.
Nature (Human/Non-human) non-human_actions (a) The software failure incident in the articles was primarily due to non-human actions, specifically a bug in the SystmOne software used by GPs' surgeries. The bug in the software led to miscalculations of patients' risk of heart attack since 2009, potentially resulting in patients being inappropriately put on statins or taken off them, and enduring severe side effects [44171, 43896]. The error was not a result of human actions but rather a technical issue within the software itself.
Dimension (Hardware/Software) software (a) The software failure incident occurring due to hardware: - There is no specific mention in the articles about the software failure incident being caused by hardware issues. The focus is primarily on a bug in the SystmOne software used by GPs, which led to miscalculations in patients' risk of cardiovascular disease [44171, 43896]. (b) The software failure incident occurring due to software: - The software failure incident was primarily attributed to a bug in the SystmOne software used by GPs, which resulted in incorrect risk assessments for patients regarding cardiovascular disease [44171, 43896].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the articles is non-malicious. The incident was caused by a bug in the SystmOne software used by GPs' surgeries, leading to miscalculations of patients' risk of heart attack since 2009. The error resulted in some patients being inappropriately put on statins or taken off them, potentially causing harm to patients due to incorrect risk assessments [44171, 43896].
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The software failure incident related to the incorrect calculation of patients' risk of heart attack due to a bug in the SystmOne software used by GPs' surgeries was primarily a result of poor decisions. The error had been ongoing since 2009, indicating a long-standing issue that persisted due to the software's flawed design or implementation [44171, 43896]. Additionally, the reliance on unreliable IT systems and the growing dependence of doctors and the NHS on technology highlight poor decisions in terms of system implementation and oversight [44171]. (b) The software failure incident also involved accidental decisions, as patients may have been inappropriately put on statins or taken off them as a result of the computer error, which was a mistake or unintended consequence of the software bug [43896]. The unintended miscalculation of patients' risk of cardiovascular disease due to the bug in the system reflects accidental decisions that led to incorrect medical advice and potential harm to patients [43896].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident in the articles seems to be related to development incompetence. The incident was caused by a bug in the SystmOne software used by GPs' surgeries, which miscalculated patients' risk of heart attack since 2009 [44171, 43896]. The error led to some adults being needlessly prescribed statins and enduring severe side effects, while others may have suffered heart attacks or strokes after being wrongly told they were at low risk. The IT firm involved is still trying to establish the exact number of patients affected, indicating a lack of professional competence in the development and testing of the software. (b) The software failure incident does not seem to be related to accidental factors.
Duration permanent (a) The software failure incident in the articles seems to be more of a permanent nature. The error in the SystmOne software used by GPs' surgeries has been ongoing since 2009 [44171, 43896]. The articles mention that the error has been present for a significant duration, affecting the calculation of patients' risk of heart attack and potentially leading to inappropriate prescriptions of statins or other drugs. The IT system miscalculating patients' risk since 2009 indicates a long-standing issue that persisted over time, making it a more permanent failure.
Behaviour crash, omission, value, other (a) crash: The software failure incident described in the articles can be categorized as a crash. The system was miscalculating patients' risk of heart attack since 2009, leading to incorrect assessments and potentially harmful consequences for patients [44171, 43896]. (b) omission: The software failure incident can also be categorized as an omission. Patients may have been inappropriately put on statins or taken off them due to the computer error, indicating an omission in performing the intended functions accurately [43896]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the articles. Therefore, it is unknown if the failure was related to the system performing its intended functions too late or too early. (d) value: The software failure incident can be categorized as a value failure. The system was providing incorrect risk assessments to patients, leading to some adults being prescribed statins unnecessarily and enduring severe side effects, while others were wrongly told they were at low risk [44171, 43896]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves inconsistent responses and interactions. The incident described in the articles primarily revolves around miscalculations and inaccuracies in risk assessments. (f) other: The software failure incident can be further described as a critical failure impacting patient safety and trust in the healthcare system. The error in the software led to potential harm for patients, highlighting the importance of accurate and reliable IT systems in healthcare settings [44171, 43896].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, theoretical_consequence (a) death: There is no mention of people losing their lives due to the software failure incident in the articles [44171, 43896]. (b) harm: The software failure incident led to harm as some adults may have been needlessly prescribed statins and endured severe side effects, while others may have suffered heart attacks or strokes after being wrongly told they were at low risk [44171]. (c) basic: There is no mention of people's access to food or shelter being impacted due to the software failure incident in the articles [44171, 43896]. (d) property: The software failure incident did not directly impact people's material goods, money, or data as per the articles [44171, 43896]. (e) delay: People did not have to postpone an activity due to the software failure incident as per the articles [44171, 43896]. (f) non-human: There is no mention of non-human entities being impacted due to the software failure incident in the articles [44171, 43896]. (g) no_consequence: The software failure incident had real observed consequences, so the option of no real consequences does not apply [44171, 43896]. (h) theoretical_consequence: The articles discuss potential consequences of the software failure incident, such as patients being inappropriately put on statins or taken off them, but it is mentioned that the risk to patients is low and only a limited number may have been affected [43896]. (i) other: There are no other consequences of the software failure incident mentioned in the articles [44171, 43896].
Domain health (a) The failed system was intended to support the health industry. The software failure incident was related to a computer error in the NHS IT system used in GPs' surgeries, which miscalculated patients' risk of heart attack, potentially leading to inappropriate prescriptions of statins and severe side effects [44171, 43896]. The system, known as SystmOne software, was used by 2,500 surgeries in England [44171]. (b) N/A (c) N/A (d) N/A (e) N/A (f) N/A (g) N/A (h) N/A (i) N/A (j) The software failure incident was specifically related to the health industry, affecting the assessment of patients' risk of cardiovascular disease and potentially leading to incorrect prescriptions of statins [44171, 43896]. (k) N/A (l) N/A (m) N/A

Sources

Back to List