Patient Care Aggregator Service beta assessment
Service Standard assessment report Patient Care Aggregator Service 01/11/2022
Service Standard assessment report
Patient Care Aggregator Service
| From: | Central Digital & Data Office (CDDO) |
| Assessment date: | 01/11/2022 |
| Stage: | Beta |
| Result: | Not Met |
| Service provider: | NHS England (NHSE) |
Previous assessment reports
Service description
A patient engagement portal within the NHS app to identify national interventions that would support patients waiting for treatment, and to mitigate the impact of longer waits on patients and the NHS itself. An aggregation service layer to collate patient data (appointments, referrals and wait times) and present the results back on the NHS App for patients to access and amend.
Service users
NHS App users with appointments at local hospitals that are using the partner Patient Engagement Portals (PEPs).
1. Understand users and their needs
Decision
The service met point 1 of the Standard.
What the team has done well
The panel was impressed that:
- the team has identified and characterised the users of their service, including internal users such as primary and secondary care clinicians
- the team has used a variety of methods including interviews, card sort and usability testing and in a variety of devices, which enabled them to build robust findings, particularly around usability issues and users pain points.
- the team has prioritised features taking into account the views of patients and clinicians
- the team has considered specific aspects of the service in their research such as not being able to present all data if there are PEPs who are not connected yet to Wayfinder
What the team needs to explore
Before their next assessment, the team needs to:
- make sure they understand the needs of users who for some reason do not or cannot use NHS Login. Using Wayfinder assumes users have gone through setting up NHS login and the NHS app. However there might be some users who won’t be able to do that. The team needs to make sure they know the needs and pain points of those users around managing referrals and appointments
- include a wider range of assistive tech types. The team has already done research with screen reader users and is considering doing more assistive tech user research. They need to make sure they include a wider range of assistive tech types, such as screen magnification or speech input for example
- consider proxy access in the user research plan. The team has done some research including proxy (delegated) access. They need to consider this in their user research plan, for example when looking at notifications or clinical letters
- make sure they include basic user research information in their presentation such as number of participants per round, proportion of low digital confidence participants, proportion and types of participants with disabilities and any other inclusion criteria used
2. Solve a whole problem for users
Decision
The service met point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the team has looked at the wider landscape of medical appointments and has made a considered decision to tackle secondary care first, and to work with NHS Trusts who can provide the best sample of patient users
- the team has mapped that wider landscape in order to avoid the potentially damaging knock-on effects of running a digital appointment management service for only a subset of all medical appointments
What the team needs to explore
Before their next assessment, the team needs to:
- continue to monitor the effects of taking an incremental approach and make very clear plans for closing the gap so that the live service really is solving a whole problem for patients
3. Provide a joined-up experience across all channels
Decision
The service did not meet point 3 of the Standard.
What the team has done well
The panel was impressed that:
- the team has shared with the PEPs design standards, Figma files and access to the prototype app, and have run workshops with them to discuss design issues
- the team has encouraged the PEPs to think innovatively about how they tackle design challenges in their areas of the service
What the team needs to explore
Before their next assessment, the team needs to:
- demonstrate thorough planning for information governance around content supplied by NHS trusts, to ensure its quality
- design a framework or set of guidelines to inform and guide decisions on which trust-led design innovations should be taken forward, and how they should be integrated into the appropriate design systems;
- consider sharing design improvements (for example, appointment cards) with other services inside the NHS app
The panel notes that the recommendation from the alpha assessment to “ensure that GPs are automatically sent hospital discharge summaries of their patients to complete the user journey” is out of scope for the Wayfinder programme.
4. Make the service simple to use
Decision
The service did not meet point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team is taking a content-first approach to service design, rather than tailoring content to fit the available space
- the team has brought in a dedicated content and interaction designer since the alpha assessment
- the team is reviewing the app content amongst the whole team as well as with stakeholders
- the team has demonstrated design iterations based on observing the needs of their user groups, for example the appointment cards and the removal of secondary text from some pages
What the team needs to explore
Before their next assessment, the team needs to:
- conduct further investigation into alternatives to the interstitial page when a patient navigates from the app and into a PEP; the panel appreciates that this user experience is common across the NHS app, however it should be explored further
- organise a content review process – not with other members of the Wayfinder team but with another content designer; all content should be peer reviewed by a content designer who comes to it with a fresh pair of eyes
- consider the questions raised and suggestions put forward in the content review supplied by the assessment panel
- connect to the cross-government design community to plug into the thinking of content, interaction and service designers and to ask questions about design challenges and request feedback on design proposals
5. Make sure everyone can use the service
Decision
The service met point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the team has completed an accessibility audit of the app, which shows it to be WCAG 2.1 compliant
- the team has explored peoples’ digital confidence before each user research session
- the team has recognised that the existing NHS app (portal) screens needed to be iterated to better meet the needs of the Wayfinder’s user base
What the team needs to explore
Before their next assessment, the team needs to:
- consider recruiting user research participants in advance, based on digital confidence to ensure a representative spread
- ensure that PEPs are also testing their parts of the service with patients who have a range of digital confidence and a range of accessibility needs and not just rely on accessibility compliance
- test the service with people who are neurodivergent or do not have English as their first language
6. Have a multidisciplinary team
Decision
The service met point 6 of the Standard.
What the team has done well
The panel was impressed that:
- the team is large and diverse in its nature with numerous suppliers and internal teams, the communication and agile ways of working are embedded and reviewed on a regular basis
- the teams’ governance is well established and frequent enough to make meaningful decisions for service strategy
- the teams’ stakeholder engagement with PEPs is established and it reports to the SRO regularly
What the team needs to explore
Before their next assessment, the team needs to:
- think about the permanent to contractor ratio and ensure effective knowledge transfer is in place
- add a Performance Analyst role to the team
7. Use agile ways of working
Decision
The service met point 7 of the Standard.
What the team has done well
The panel was impressed that:
- the team has agile ways of working well embedded and iterated frequently
- the team has well established ceremonies following agile methodologies
- the team’s scrum of scrums, stand ups and retros are working well
What the team needs to explore
Before their next assessment, the team needs to:
- ensure wider engagement with relevant Departments to align the strategy with similar services and avoid duplication
- continue to iterate ceremonies frequently to ensure all parties are included
8. Iterate and improve frequently
Decision
The service met point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the team have a very regular cadence of show and tells and stand ups ensuring the service can iterate frequently
What the team needs to explore
Before their next assessment, the team needs to:
-
plug in to wider strategic work to respond to changes in technology or government policy throughout the lifetime of the service
-
consider if any or all of the gatekeepers to production release can automate their decisions. For example, test coverage over x% or performance tests pass, then the release is good to go. This will support multiple releases a day and result in nominal risk between frequent releases
9. Create a secure service which protects users’ privacy
Decision
The service did not meet point 9 of the Standard.
What the team has done well
The panel was impressed that:
- the team has implemented a pragmatic approach to assuring mutual encryption and trust established between the various parties
What the team needs to explore
Before their next assessment, the team needs to:
- carry out a penetration test or IT Health Check (ITHC) that scopes everything that the team is responsible for. Including, but not limited to, the Kubernetes configuration, identity access management (IAM), control plane and other software delivery lifecycle (SDLC) enablers
- integrate into NHSD Security Operations Center (SOC) and Security Incident and Event Management (SIEM) with actionable alerts
- verify that data leaking via the administrative control plane has effective preventative controls and strong non-repudiation is achievable
10. Define what success looks like and publish performance data
Decision
The service did not meet point 10 of the Standard.
What the team has done well
The panel was impressed that:
- the team are considering the four mandatory key performance indicators (KPIs) and are working on developing them further
- the team has Business Analysts and Central Architects working on providing a Power BI dashboard to the team
- the team engaged closely with PEPs to ensure they provide them with measurement data
- the team has thought about how they can use user feedback data to help improve the service
What the team needs to explore
Before their next assessment, the team needs to:
- define a clear set of KPIs linked to the projects benefits and user need
- produce a measurement performance framework which will help establish the additional KPIs from the baseline
- explain how they use measurement data to feed into making improvements to the service, such as making data driven decisions when making changes to the service, insights discovered feeding into show and tells, and the backlog
-
understand how PEPs and others collect the performance data used in their reporting. Show:
- what tools do they use to collect and analyse the data?
-
evidence of processes where the PEP’s must meet privacy requirements before they are onboarded, for example
- are fully cookie compliant
- not collecting Personal Identifiable Information (PII) data in their analytics applications
- not collecting the full IP address from users with the analytics package (anonymise IP)
-
have a robust cookie compliant policy
- work with data.gov.uk on hosting the mandatory KPI data on that platform
11. Choose the right tools and technology
Decision
The service did not meet point 11 of the Standard.
What the team has done well
The panel was impressed that:
- the team developed in a complex solution with many uncontrollable dependencies
What the team needs to explore
Before their next assessment, the team needs to:
- assure the team have the capability and capacity to run the service, specifically the Kubernetes cluster management and implicit shared responsibility model this presents; there were for example specific gaps in the understanding of the security controls available, and potential threats.
- assure the SDLC, particularly supply chain vulnerability analysis
- consider implementing a web application firewall (WAF) or equivalent control over inbound requests
- consider how non-repudiable access logs are, especially to the control plane, to ensure that a threat actor cannot ‘cover their tracks’
12. Make new source code open
Decision
The service did not meet point 12 of the Standard.
What the team has done well
The panel was impressed that:
- the team had identified that there was a discrete area of the codebase with question over the IP ownership
- the team were otherwise happy that the code could be published and were not challenging of that requirement
What the team needs to explore
Before their next assessment, the team needs to:
- conclude the intellectual property ownership of all the code assets, and assure the department is happy with the licences for anything that is not owned by the Crown
- publish all Crown owned intellectual property openly
13. Use and contribute to open standards, common components and patterns
Decision
The service met point 13 of the Standard.
What the team has done well
The panel was impressed that:
- the team used shared design kit and open standards
What the team needs to explore
Before their next assessment, the team needs to:
- identify if there are reuse opportunities
14. Operate a reliable service
Decision
The service did not meet point 14 of the Standard.
What the team has done well
The panel was impressed that:
- the team integrated well with the wider service management team
What the team needs to explore
Before their next assessment, the team needs to:
- consider making operational decisions upfront, such as taking the service offline if given threats are identified
- consider if there are alternative technical solutions that would provide a more favourable shared responsibility model allowing the team to focus more on the business problems