A statement of principles

December 18, 2018 - by Dr Mark Wardle - 11 minutes read - 2176 words

On the 18th December, the Welsh Technical Standards Board discussed how we might draft some broad principles and a statement of intent, setting out our broad approach, our ethos, our principles and how we were going to tackle the work we need to do, so that, in effect, we set the standards to enable us to build a truly open platform for health and care in Wales.

After lots of discussion and debate, we submitted our work to Wales’ National Informatics Management Boards and they were endorsed in a meeting on 11th April 2019.

Here is our statement of principles. We want to hear your views.

Introduction

It is essential that better use is made of information in health and care.

Individuals and families expect their health and social care services to work effectively together. For both citizens and professionals, better care and better experience of that care depend on high quality information technology provided by the safe and appropriate sharing of meaningful information between the parties involved.

Our challenges in sharing information across individual system and organisational boundaries has meant that citizens experience a patchwork of different systems creating a feeling that ‘nothing is “joined-up”’. This often means that the same information must be given again and again, and that safety is compromised because information is simply not available when it is most needed.

Similarly, information should act as a shared platform, a single record, delivering safe and effective joint working between different organisations, as well as with citizens directly, supporting a range of applications. The accessibility and availability of this information will help us all raise the quality and value of health and social care services. This will deliver cost-effective and sustainable services and also bring our offer in line with increasing public expectations of technology in people’s day- to-day lives.

It is only by bringing information from different providers together that we can model and predict the demand for health and social care services, and improve understanding and management of how services work together.

A significant barrier to the appropriate sharing of information between systems and organisations has been a lack of appropriate standards defining how information can be shared across system and organisational boundaries. The Welsh Technical Standards Board (WTSB) has been created to take responsibility for defining technical standards relating to interoperability, security, infrastructure and development.

This document is a statement of intent, providing a clear declaration of the broad principles to be used to define technical standards together with our plan to deliver those standards in health and social care in Wales.

Our principles

WTSB has reviewed and adopted the GDS design principles and Welsh Government Digital Service Standards for health and social care services in Wales.

Our work is now focused on how we can accelerate the delivery of Healthier Wales and Informed Health and Care, considering and recommending options and solutions for the availability and linkage of data. This work will be guided by a set of principles, which are outlined here:

1. Focus on user need.

The use of technical standards within health and care is a core foundation from which to build services; Together, we must be focused on how standards can solve problems and meet the needs of users; for citizens and for professionals across health and care organisations.

2. Enable developer productivity and experience.

Developer productivity and experience are fundamental. The appropriate use of standards enables developer productivity by permitting the development of a modular architecture in which there are loosely-coupled components with well-defined interactions.

3. Encourage multi-disciplinary cross-functional teams.

Health and social care organisations in Wales should favour technologies to support modularisation of services that can be developed by small, cross-functional multi-disciplinary teams who are empowered and take responsibility for development, delivery and ongoing improvement of operational systems.

4. Open by default: open technical standards and open source code.

WTSB are cataloguing existing standards and systems used across NHS Wales, but we expect new services to use open, non-proprietary technical standards including HL7 FHIR to define application programming interfaces (APIs) and similarly, expect new applications to use those APIs instead of legacy.

WTSB will build a framework that favours the procurement of software that uses open standards and provide a roadmap on how we will align our use of these standards with partners. Likewise, we want to enable the better use of open-source solutions, while expecting developers working for the public sector to release code as open source by default.

5. Technical standards are for internal and external users.

We must recognise that information technology supporting health and social care services can and should be provided by a mix of national, local and external partners, including a vibrant ecosystem. As such, appropriate technical standards ensure that innovative work can be scaled across Wales once proven at a small-scale. As such, we need a public repository of technical documentation for NHS Wales and its partners, and that documentation should be kept updated, ideally by being generated automatically from the underlying implementation of any services. WTSB will collaborate with partners to create a developer portal, containing technical standards including API documentation and guides.

6. Technical standards must be used with appropriate information standards.

WTSB will work closely with colleagues in the information standards board particularly in relation to defining appropriate operational standards. We expect that SNOMED CT should be the lingua franca, codifying clinical and administrative concepts to support direct care and analytics. That means defining canonical value sets as SNOMED CT concepts, working with SNOMED International to ensure that the SNOMED CT model is fit for purpose in Wales, and mapping legacy bespoke value sets into SNOMED CT.

7. We need a programme of work to understand how to deliver technical standards for identity services, for citizens and for professionals.

Understanding identity, for citizens and their carers as well as professionals, underpins digital services across governmental services. Identity services need to work for professionals irrespective of their organisation, or whether they work for the NHS, care services or the third-sector. NHS Wales need to work with colleagues in local authorities and across government to build safe and secure services that appear seamless for citizens and ensures that professionals have access to the right information at the right time, and yet inappropriate access is prevented.

8. We expect security and safety to be part of the conception, design and development of services and standards.

Organisations will adopt security and privacy by design principles when setting up services, applications and processes. All organisations will complete Data Protection Impact Assessments as part of the preparatory work before adoption and implementation of any new or substantially changed service or application. Organisations will undertake risk assessments to determine the appropriate level of safety (including encryption) for data at rest and in transit. Each new application, where personal data is recorded, stored or accessed will include data access audit functionality to service user, subject and application “page” level, either inbuilt or linked to a separate auditing application. All organisations will develop a credible strategy for the ongoing maintenance, improvement and upgrade of services and software products, as well as for dealing with providers that have gone out of business or no longer support their products.

9. Developers in Wales need tools and infrastructure to enable continuous and automated testing.

We will favour technical standards for development that permit the creation of production-like environments for automated testing of components. As a result, developers should be able to develop and deploy software multiple times per day and support continuous testing and delivery, ensuring systems are deterministic both in their operation in isolation and in concern with other modules. We will promote mechanisms to build safe and resilient systems, including adopting measures to deliberately break functionality and assess how systems handle these failures gracefully.

We expect a steady increase in the use of cloud services for providing computing and storage for health and social care services in Wales. As such, we will favour technologies that abstract infrastructure, recognising that we will need a transition period between on-premises infrastructure and that provided by an increasingly commodity cloud which manages infrastructure on our behalf. NHS Wales’ current guidance on the use of cloud is published at https://www.wales.nhs.uk/nwis/news/48758. We expect these changes to impact funding and resource models for health and social care services in Wales.

11. We recognise that we don’t have all of the answers and everything will change.

We recognise that our work will never be complete, and that we will plan for incremental and evolutionary change. This means encouraging a switch from capital expenditure to an operating expense model for funding digital services, particularly those services that act as core components of the wider “open platform”.

12. We will adopt a pragmatic, prudent and phased approach to adopting standards.

Every organisation working in health and social care in Wales has large numbers of existing, working information systems. Some of these may use legacy standards or proprietary, bespoke interfaces. As such, the transition to a standards-based approach needs to be managed carefully. NHS Wales and its partners will work collaboratively to prioritise services and applications that would benefit most from a standards-based approach and refresh other components of the wider architecture when appropriate.

13. We encourage feedback. We don’t know everything and need your help.

One of our fundamental principles, from the GDS design principles, is to “Make things open: it makes things better” and, of course, that applies to our work as well as reflecting our expectation for how services are designed across health and social care in Wales. As such, we want your feedback.

We expect Welsh Government, health boards, NHS Trusts, local authorities and other organisations in Wales to tell us what impact our statement of intent will have on their work. Standards need to be used appropriately, as a tool to make things better. We don’t want standards to constrain innovation or unduly limit solving problems, but our view is that the right standards are a force for good. If you foresee a problem, we need to understand, discuss it and be open and transparent about the advantages and disadvantages.

15. We expect that standards will be enforced.

Welsh Government needs to build mechanisms to ensure that standards are used appropriately and organisations across Wales are held to account. While we need the same broad principles and standards across Wales, we recognise that different organisations may need different levels of scrutiny and help in applying those standards. That means incorporating appropriate controls and scrutiny at multiple levels, including conception, design, development, procurement and ongoing commissioning of core services. We expect to see collaboration with other public sector bodies on building digital capability into governance and procurement frameworks.

16. We expect leadership across public services to adopt a standards-based approach.

All public sector organisations must develop digital leaders who understand the benefits of using open standards, and ensure that those standards can, when appropriate, be shared among those organisations.

Our Roadmap

Our initial focus will be to develop the process and mechanisms to ensure that the timescales for adopting new standards are kept to a minimum, while ensuring that there is an appropriate opportunity for feedback and challenge from stakeholders.

We will be supporting the development of a procurement framework that favours software and services that use open standards and provide details on how we will align our use of these standards with partners.

We will define mechanisms to support API-lifecycle management which includes the planning, designing, testing, deployment and deprecation of application programming interfaces. As such, we will need to adopt technical standards to support authentication and authorisation of those APIs by developers on behalf of end-users and support the accreditation of external partners to use different operational environments such as those for testing as well as production environments.

We are also beginning to catalogue existing standards and systems used across NHS Wales. Even at this early stage, there appear to be a number of obvious standards that should be considered for early adoption in Wales.

Currently those being considered are:

New services to provide HL7 FHIR application programming interfaces (APIs).
All NHS websites to be delivered over HTTPS – in line with NCSC published guidance (https://www.ncsc.gov.uk/blog-post/serve-websites-over-https-always).
All NHS Websites to meet, as a minimum, level AA of the Web Content Accessibility Guidelines (WCAG 2.1)
The use of OAUTH2 as the standard for securing APIs.

WTSB recognises the need to balance rapid and focused change delivering short-term results with a medium to long-term strategic change focused on working with colleagues in all sectors to support architectural, governance and cultural change, to valuably support transformational change enabled by digital technology. We are convinced that the judicious and informed application of technical standards is a key component of those wider changes.

Mark Wardle on behalf of the Welsh Technical Standards Board 18th December 2018