Murphy’s Law and the NHS Spine

I am very conflicted about the NHS spine.  This is (will be) the computer system whereby all patient records are stored in a single system and available to any appropriate NHS worker in the UK.

As a cynical IT professional, I laugh in the face of quotes like this:

The NHS Care Records Service uses the strongest national and international security measures available for storing and handling your information.

Ha ha!  I chortle. Tee hee.

I am sure they do use the strongest etc, etc.  But let’s face it, it’s going to leak like a sieve. Health service staff are not particularly IT savvy. There’s professionalism and an awareness of patient confidentiality on the one hand, and there’s keeping your notes on a USB stick and having your handbag nicked on the other.  There’s IT policy mentioned in your induction day, and there’s using someone else’s log on because yours isn’t yet activated and the patient’s going to die (or the Daily Mail will dance with glee) if you make the wrong decision in the next 3 minutes.

One Nation under CCTV – Banksy, photograph by unusualimage

But a far greater worry is the scope creep that surrounds any government technology. Of course they shouldn’t use our medical records to vet public sector job applications.  Of course they shouldn’t create an MRB check like a CRB check to ensure that people with – I dunno – chronic mental illness don’t get jobs as clowns (all that working with children and animals…)  Of course they shouldn’t let the anti-terrorist bunch trawl through to find whatever it is they look for these days.  Of course they shouldn’t. And of course they will.

So Ha ha! I say again.

But…

A lack of joined-up medical record-keeping kills.  I don’t have the stats, I don’t even know what audited stats exist, but hospital medics of my acquaintance assure me that a lack of vital and timely medical histories is a killer. And you only have to talk to anyone with a chronic condition to glimpse the exhausting grimness of having to explain their history to whoever it is they’ve landed in front of this time.

So… do I allow this privileged position to ease me out of the data danger zone? I am relatively healthy and check No, No, No, No on life insurance forms. Not being on the database won’t kill me. If I turn up in A&E what they see is what they have to deal with because there’s nothing nasty in my medical history.  And I am very well aware of how hard security is to achieve (I’m an IT worker in the financial sector). And I am old enough and cynical enough to know that if great big databases are there, they will be used by self-serving governments. Do I opt out at no risk to myself because Big Data is Evil and Should Not Be Encouraged?

Or should I support the health service’s laudable attempt to save lives not to mention reducing wear and tear on the patients’ patience, even though that will only encourage Big Government?  It’s a nice gesture, and with my nice clean bill of health when the CID looking for a sex killer search through the database for local nutters prescribed nonutterherein there is minimal risk to precious me.

What would Pastor Neimueller do?

What would he wish he had done?

I find this a tough ethical call.

Interactive Mapping – too cool a tool?

Some years ago, my friend Justin showed me a copy of Visual Thesaurus. I squealed with delight, which is always embarrassing at work. Click on the image below to see why.  (All the images in this post link to the examples, by the way).

Visual Thesaurus

Recently I came across an open source version of the technology underlying Visual Thesaurus at spicynodes.org.

What am I talking about?  Well, this is a way to present information so that people can explore it in a naturalistic way by clicking from concept to concept in an interactive ‘map’.  But seductive though it is, it’s  not always the best way to present information.

The Good

This approach is helpful when you want to hide the options you reject.  This can be with a rich and complex subject (the Visual Thesaurus) or a simple tree structure, as with the catalogue below.   It may not be the best choice for a catalogue but in this case I think it works.

This catalogue works well

It helps if the subject matter is well understood: this example covers the solar system and seems to have been abandoned, which is a shame.  If you click Sun > Mars > Phobos you realise what a neat explanation of the solar system this could be.

Providing information on a familiar subject

The technology also lends itself to certain forms of artistic endeavour, I like this one in particular:

A poetic journey

It’s also been used with reasonable success to  deliver Haiku

I think the technology lends itself to this sort of artistically guided happenstance, and I can certainly imagine an artistic installation along these lines.

The Bad

I looked at well over a hundred of these maps, and those the best. The worst are dreadful.

Do not use this technique if your users are likely to want to step backwards and forwards through the navigation.  This is how people navigate when they want to be sure they”ve not missed anything.  SpicyNodes own home page shows how exasperating this approach can be.

Spicy Nodes own home page

Don’t use it when a simpler tool would do.  Whoever created the example below was on top of their data, but their information would be much better presented in the form of bulleted slides. Using the interactive map just makes it unnecessarily fussy:

A bulleted list would be better

Here we see how important it is to get the hierarchical structure right. The map below is an A-Z of the world’s nations. But wouldn’t it have been more interesting to have them organised by geographical region? If you want an A-Z list, then I think a simple A-Z list would be better and would take up less space.

A-Z But is this the best use of the space?

And this is the worst scenario of all: a navigation tool for a web-site.  It actually subtracts value, because it takes up the whole page and makes it hard to view the content of the site in a logical sequence. It’s a relief to know the organisation concerned has a traditional side and top navigation structure.

Site Navigation - high on gimmick and short on benefit

Finally, I wasn’t sure how to categorise this map (which I found fascinating, by the way).  It would make a good teaching aid but it’s not particularly good for conveying information.

Teaching Aid

So where does that leave us?

Firstly it’s clever but not necessarily helpful. In fact mapping something this way is only useful when people know what they want to find out and want to ignore everything else: if they need an even view of the whole subject matter then this is not the tool to use.

Secondly it’s good for a certain type of artistic expression; it wouldn’t surprise me to see something like this in a gallery.

And finally, creating this sort of map is time-consuming and you really have to understand your data well, and so do your users.

I struggled to think of a situation where this would be the best tool for presenting data so I decided to go the artistic route, and see if it added anything to the experience of the sort of poem with repeated lines.

Dylan Thomas's Villanelle - Do not go gentle into that good night

I have to conclude that it doesn’t, but it was fun trying.

---

The Business Analyst: Facilitator or Designer?

Craig challenged me on the role of the BA recently.  I said that Web 2.0 is something you can only understand in practice and he posted:

Having said that what do you say to the role of the professional Business analyst; the person who doesn’t use the system but makes many of the key decisions about what goes into it?

It’s a good question and one I’ve been mulling over since he asked it. For the sake of brevity I’m going to park the generic question ‘what is the role of the Business Analyst’ and the vexed issue of whether or not the user should be the primary arbiter of what goes into a system.

Users do know about user experience.  One of the things I like about Lean Interventions is that you go to the people enmeshed in using the process and get them to re-design it.  If a BA has a role in this, it’s as an educator about Lean principles and as a facilitator. The BA does not design the process, the people using the process do that.  I should probably also mention focus groups as a way of involving users in the design phase, but I can’t really comment since I’ve never worked in that way.

But users are rarely available. In my career to date the actual end user has rarely had a seat at the table because with web stuff the user is quite often outside the organisation.   The Business is frequently the proxy for the user, and the Business is sometimes the team sponsoring the system, but it can also be a programme team whose expertise is in change not the system they are changing.  Either way they are representing the user, which brings us back to the underlying question:

‘is it possible for the user to be represented by anyone else?’

After thinking about it for some days and toying with this post for several hours, I think the short answer to that one is: Not always, but that is what use cases ¹ are for.’

So what to do about it?

I’ve mentioned focus groups, though I’ve not run any myself.  But let’s hear a shout out for prototypes and pilot studies here. Oh, the difference when you prototype a user journey! It’s like having a mystery shopper before the shop has opened. The great joy of a prototype is that the thing comes to life and suddenly everyone involved can have a go at being a user, and pilot implementations tell you where the weak spots are. This is closely linked to O’Reilly’s perpetual beta of course, and is also why Anything 2.0 is better than Anything 1.0.

Craig didn’t ask whether the BA could represent the user, he actually asked:

What do you say to the role of the professional Business Analyst?

I think my answer is that the BA should be a facilitator not a designer.  The facilitator enables the Business to produce a design that IT can use whereas a designer does that for them.  (Other operating models are available). It’s the BA’s job to use tools like use cases and prototypes to help the Business represent the user. That doesn’t mean the Business will do a good job of representing the user, but it’s a step closer than if the BA tries to do it. And even so, it’s a tad idealistic. At times the Business Analyst who’s a facilitator has to make calls that affect the design, but I think that’s something that we shouldn’t do by default.

As  you can see, Craig’s question gave me pause for a considerable amount of thought, a lot of it typed directly into this post and most of it cut straight  out again.  To pull it all together:

• Organisations deliver user-aggressive or ineffective systems for a myriad of reasons which include
  • organisational culture during the design stage resulting in a lack of user representation
  • pressures of time and cost
    which frequently result in
  • methodologies which lack rigour, in particular sloppy requirements definition and sign-off
• Good design requires holistic systems thinking (that’s one for the buzzword bingo) which incorporates the user’s point of view
• Only users are users, but tools like use cases, user journeys, prototyping and testing get you closer
• Ideally, the BA’s role is as a facilitator rather than a designer
• The local challenge is whether you
  • go directly to the user (eg a Lean Intervention)
  • allow the Business to act as a proxy (so much of my life to date)
  • use a prototype, or focus group or pilot study (love those)

I’m quite surprised Web 2.0 evangelists aren’t yet hypothesising Open Source Organisation Design which would be well wiki’d.

(Boom boom).

O’Reilly says ‘Users must be treated as co-developers’ which takes open source software build on into open source software design. If he or anyone else has taken this idea into the realms of open source organisation design and I’ve missed it, please drop a link in the comments.

---

1 – a Use Case is – for want of a better term – a scenario: ‘A white horse walks into a bar’; ‘A funny thing happened on the way to the theatre’; ‘Writing a blog, (what’s that all about)’. A use case can be large: ‘Government bails out banks’ or small ‘Customer buys a bottle of milk’.  If you want a less flippant definition, here’s the one from Wikipedia. But much better to go back to post

---

Selling collaboration services within an organisation

Selling collaboration services and development services within an organization? – Art Gelwicks recently posted this as a question in the SharePoint Users Group on LinkedIn, and I found myself writing more than would fit in a discussion forum. So here it is.

Are you selling ‘bottom up’ by putting SharePoint out there and letting people use it spontaneously, or are you selling ‘top down’ by finding a sponsor with a requirement and using SharePoint to fulfil it?

There are pros and cons to both. The keys to working out these pros and cons for your organisation are

• culture
• use cases and
• champions

Culture

How your organisation takes to SharePoint depends in part on the culture. Some cultures are enthusiastic about collaboration tools like Instant Messaging, Live Meeting and SharePoint, and others see these sorts of tools as time-wasters. Here’s how to work out which one yours is.

Goffee and Jones do a great 2×2 for the culture of an organisation. They say that the glue that enables a team (department, company) to work together is either sociability or solidarity; organisations with high sociability scores are ‘networked’ and organisations with high solidarity scores are ‘mercenary’. There’s more to it than that, their book is very readable and includes diagnostic tools.

I have seen people in departments where the glue has been sociability take well to the collaborative features of SharePoint like discussion forums, alerts, review workflows and MySites. I’ve not tested this, but if your organisation is networked (and read Goffee and Jones to decide if it is) then a bottom up approach would probably work well. Look out to see whether the people are already comfortable with tools like Instant Messaging and LiveMeeting, whether they are active on Twitter, LinkedIn and FaceBook, and whether Monday mornings start with a chat about the weekend. This isn’t about people who are early adopters of technology, it’s about people who like technology because it is a social and work enabler.

By contrast I have seen people in ‘mercenary’ organisations who are so busily focussed on deliver-deliver-deliver that they don’t have time to ‘waste’ learning how to use a new tool like SharePoint. In an organisation that’s mercenary (again read Goffee and Jones – they mean it in a particular way) you need a sponsor and a project. Work out what your sponsor’s driver is and fulfil it. They may want to cut down storage costs, or improve a specific set of working practices, or control the published versions of training material.

Find a sponsor with a specific need and fulfil that need.

Rinse and repeat.

This brings us on to:

Use Cases

One of the problems with SharePoint is that it’s a swiss army knife of a tool – useful for such a large number of things that it’s hard to stay focused on just one or two. In a ‘mercenary’ organisation the problem is handled for you – your sponsor has a specific task and you focus on that. The challenge is in the ‘networked’ organisations where everyone who comes across SharePoint wants to play with it all, now, as soon as possible, shiny, shiny, new, cool.

Rolling out the whole of SharePoint across the whole of the organisation is a distraction for them and a management nightmare for you. You need to identify a single use-case, but it is much harder because there isn’t a single obvious business requirement and there may not be a single sponsor. Worse, you may have a sponsor who has a vague vision like ‘collaboration’ or an unrealistic one like ‘getting everyone to use their My Site like an internal FaceBook profile’.

If you are going bottom-up you need to roll out solutions to one or a maximum of two use-cases at a time. To find out which one, put together a survey and ask what stops people collaborating well right now. Word it terms of how they work, not in terms of the SharePoint features so:

• full mail-boxes – not – emailing urls
• ‘shared’ drives you can’t share – not –local control of permissions
• documents you don’t know are out of date – not – control over the full document life-cycle
• keeping track of document sign-offs – not – workflows

Pick one of the popular ones, create a simple solution, and run with it.

Let’s read that again.

Pick one. Not a couple because they’re similar. Not three or four because Internal Communications want them (that’s your sponsor-and-project scenario and a very nice place it is to be too). Not two or three variants to cover all the bases. Just one.

Create a simple solution. Yes, there are half a dozen different ways to build and display a discussion forum in SharePoint. If you can’t tell which one works best, then put together one that works well and stick to it.

Then run with it. Get it out there. Get it used. Get comments and feedback. Improve it.

Only then move on to the next one. Bite size chunks. Could be as close to a month apart, but bite size chunks for you and your users.

The subtext here is simplicity. Turn off the ability to make subsites, remove most of the templates, switch off the themes. Lock it down. Shut it down. SharePoint is a casket of magical delights. You can always open a lid you’ve kept shut, but it is much harder to shut down a lid on something you’ve left open. SharePoint baffles new users and new organisations with choice. Lead them step by step through those choices.

And finally:

Champions

People like SharePoint. They really like SharePoint. Not everyone, but enough.

These people who like SharePoint are your friends. They are natural evangelists, experimenters and testers. They’ll pester you for the features that you’ve turned off, and they’ll come up with workarounds that’ll have you blessing and cursing them by turns. But they’ll promote it and provide free consultancy to their co-workers and come up with solutions to problems you didn’t know existed.

Really work your champions. Create a user forum and refuse to answer questions unless they are posted there. You’ll feel very prissy, but your Champions will gravitate there and get to know each other and do half your support work for you. Invite them to do in-house webinars on cool things in SharePoint, (20 minutes demo, 10 minutes Q&A). Create a SharePoint community of pratice with these people at its core. Take their advice on how to move your service forward.

So, how to sell collaboration services?

They key is asking the right question; in this case not ‘how do you roll-out SharePoint’ but ‘what does your organisation want to use SharePoint for?’

Oh, and bite size chunks.

Always bite size chunks.

---

When you have a hammer, everything looks like a nail

To what extent do the tools we use shape how we think? If we habitually use a certain set of tools, do they prevent us thinking outside their very own box? For example, if I use PowerPoint or Word in Outline mode I can really only think in bullet points. So if I want to move concepts around and see how they relate to each other, then I need Visio or the drawing options in PowerPoint, or even post-its and a whiteboard.

Anyone who is paid to think should worry that the tools they use impose boundaries and blindspots on how they think.

Recently I’ve been using SharePoint a lot, and one of the features is the ability to create categories or assign property to your information. You probably use properties instinctively already. For example, if you want to find an email from a specific person you click on the top of the ‘From’ column and the senders’ names show in alphabetical order. Know it came last week? Date is another property: sort by date. SharePoint lets you do the same thing, but you can create your own columns (categories, properties … whatever).

I use SharePoint a lot and I help people define columns a lot. It’s got to the point where I spot categorised columns in places where SharePoint has never been:

Meat / Sauce / Carbs

Categorising information in this orderly way is now a habit. It is also something I am good at, since I am blessed with the ability to spot a category error at 60 feet.

I'll have a tall skinny loft apartment with roses above the door

But what worries me is whether this habit of defining top level categories imposes its own blind-spots. If everything I eat is “Meat / Sauce / Carbs” then how can I have ice-cream for desert?

These blind-spots don’t matter as much if you can get enough eyes to look at the problem. But you know and I know that you can spend all day in a workshop and come out with nothing but a biscuit-rush and a headache.

A good, nit-picking, sceptical colleague who’ll give your final documents a really good going-over is invaluable.

We also underestimate the value of sleeping on it: model it visually on Friday and then on Monday write it up in words.

Now I’ve written this post, and now that you are reading it, this all seems rather obvious. But when you’re under pressure to deliver it’s quicker to do the same-old same-old than it is to think outside the toolbox. And that’s ok if fast really is more important than right, which sometimes it is. But sometimes it isn’t.

So when was the last time you used a different tool and looked at a problem in a slightly different way?

The medium is the model

One cardinal sin of requirements gathering is to discuss the solution during a meeting arranged to understand what the Business wants.  Traditionally, the Business tell you their requirements and you go away and build them.  You don’t bother their pretty little heads with technical limitations, you overcome them.   You are custom coders, geeks and gods.

I’m not so sure.  I think discussing what is and isn’t possible is an essential part of the requirements process, one you should introduce into the debate early on. The “no solutioning” rule may have been valid when every system was hand crafted from scratch by guys with PhDs  and leather patches on their elbows.  In those far off days better IT systems gave you a strategic advantage which could last for years.  But as Nick Carr reminds us, IT Is a commodity now, and our systems are customised rather than custom-built.

I believe it can be appropriate to touch on solutions during a requirements gathering exercise, so long as the discussion doesn’t suck all the time out of the room.  Technical limitations provide constraints, sure, but constraints don’t have to be a bad thing:  necesity is the mother of invention, and all that.  I would argue that the medium is the model.  You can only push the boundaries once you really understand them.  The Business don’t have an unfettered imagination; they want what they’ve already got but faster.   But maybe there’s a completely different way that’s better, and they need to be shaken up a little to be able to think of it:  I’m trying not to say ‘break the mould’ or ‘paradigm shift’ here.

Here’s a concrete example: Wikipedia and a BBC site called H2G2.  As you know anyone can correct an error in a Wikipedia entry at any time.  It’s hard now to remember how new this shared authorship model actually is.  No encyclopedia could be written like that before the Internet.  A few years before Wikipedia was launched, Douglas Adams created H2G2 as ‘The Earth Edition of the Hitch Hikers’ Guide to the Galaxy’.  It’s an online encyclopedia, but to get an “edited” entry on H2G2 takes months or even years.  Correcting one takes even longer.  This is because H2G2 has a print-based model with locked-down page ownership and a process of peer review with sub-editors and editors.  This model perpetuates constraints imposed by typescripts, compositors and printing presses.  It’s sad, but the only thing that stopped the team from building Wikipedia was their own imaginations.  They focused on what they wanted to build (the same thing, but on-line) and then built it.  They could have broken that mould and shifted that paradigm if they had let themselves riff off how it could be built and let that influence what they wanted (a new way of people to work together to create an encyclopedia).  I don’t blame them: it was 1998 and the web was new and no-one really understood it.

This is why I think it helps to introduce solutioning to the conversation because it helps the Business move on from the-same-but-faster (or larger, or pinker, or whatever) and in to areas that really are different and new.  You may introduce constraints, but you also open up new avenues and spark brand new ideas.

So I don’t think it’s wrong to talk about solutions in requirements meetings.

Heretic that I am.

Now you CD it, now you don’t

It is good to see that Paul Gray resigned from his position as chairman of Revenue and Customs. (It was even better to see Alistair Darling squirm, but that was a more vindictive delight). I’m wary of gratuitous scape-goating with this business of the CDs that have gone missing containing the details of 25m people and 13m bank accounts. However, whatever way I look at it I come back to the thought that there are two ways to secure data, and both start right to the top.

The first way to secure data is physical: you make it physically impossible for your staff to export data. You install PCs without CD drives and disable the CD drives on the PCs which have them. While you are at it you disable the USB ports and impose limits on sending emails with attachments. You place limits on the changes that most people can make to their PCs, and provide them with a help desk and an audited order process to use when they want to do something outwith their permissions. None of this is hard and none of it is particularly expensive, though all of it makes things inconvenient for your staff. Not as inconvenient as having to clear up the mess when the details of 13,000,000 bank accounts get into the wrong hands, of course, particularly when the banks turn sulky and say “we’ve done nothing wrong and we aren’t paying for your mistake Mr Darling”. The banks have every right to be irritated since they do make sure that it is very hard for any member of their staff to steal data. This approach does require that those at the top take security seriously and ensure that adequate security policies are written and that the technology is configured to support those policies. Not rocket science, more a question of those at the top prioritising security, employing competent staff and saying “Make it so”.

The second way to secure data is through cultural norms. You make it impossible for someone to think it’s ok to copy personal data on to CDs and bung them in the post. Likewise you make it impossible for someone to think it’s ok to use real data as test data for new systems, or to dispose of confidential waste other than by shredding it, or to walk away from their desk without activating a password controlled screensaver, or to write passwords on post-it notes, or to look up someone’s personal data without a valid reason, or to leave a laptop in a car or an unlocked cupboard. You make it socially acceptable for someone to say “no, I’m sorry, I’m not swiping you in to the building with my card” or “no, you can’t use my account if you’ve forgotten your password”. This sort of security-focused culture is hard to create where it does not exist already, but it is relatively easy to maintain. The code-breaking at Bletchley Park remained a secret until the 1970s despite the fact that over 10,000 people worked there. A culture of treating data security responsibly is, without a shadow of doubt, down to the leaders to create, take seriously, pay for and maintain.

Slackness about data appears to be endemic at HMRC, which is the point that I am making. According to the Guardian “The chancellor explained that in September the records of 15,000 Standard Life customers had been lost in transit from HMRC offices in Newcastle; in the same month a laptop and other materials were also lost.” The article also mentions 41 missing laptops.

So no matter how I slice and dice this one, I cannot let Gordie off the hook. HMRC was his bailiwick before it was Darling’s. This is the government who’s attitude to security was sufficiently cavalier for the personal details including names, addresses, religious beliefs and sexual orientation of tens of thousand of doctors to be posted unsecured on the internet. This is the government who wants to put you full medical history on the NHS spine. This is the government who want to impose ID cards on us all.

Data is incredibly powerful when it gets into the wrong hands.

The problem is, it’s already in the wrong hands.

So why did the MTAS site spring a leak?

It’s taken me almost two weeks to calm down enough to think clearly about the MTAS leaked documents fiasco.

I now have three questions to ask Mike Clement of MTAS:

Does he ascribe the MTAS leaked documents to:

1. Lack of clarity about the requirements for the system – was it being used to do things that were not agreed with the client at the requirements stage?
2. Lack of technical skill in those who specified the security architecture of the system?
   or
3. Lack of user-training – were users over-empowered but under-trained?

I’ve emailed him to ask the questions, but I doubt I’ll get any kind of answer.

I’ve been thinking about this off and on ever since it happened, and I can only ascribe it to one of the above three causes or a combination of them all. They are of course interlinked:

• if the requirements weren’t fully thought through then MTAS staff would do what was necessary to get the functionality they needed;
• if the system’s security had been properly built in from the start, then they would not have been able to do it even if they wanted to;
• if they had been properly trained then they would have known about crawlers and bots (which are automated systems dedicated to finding and harvesting personal data) and understood why they should only publish the data on a secure server even if they had the ability to publish it on open servers.

Whichever way you look at it, it’s a fuck-up; call me histopathological, but I want to understand why.

I nicked the slide from the Ferret Fancier. This is not just any jokey slide about IT security. This is from Sarah Thomas’s illiterate and uninformative slides specifically about MTAS.

They’d make great satire, but Ms Thomas (Dr Thomas?) is one of the masterminds behind the flawed MTAS: she is the Lead Dean for National Electronic Recruitment and MTAS is based – very very loosely – on some of her research. Oh, and call me a quibbler, but she cannot spell. I am now feeling a whole new wave of rage about this thing.