A juggernaut like the NHS won’t find it easy to drop Windows for open source - but it should

If it ain’t broke don’t fix it - but sometimes it’s just time to move on. Otherthings, CC BY-NC

Like many large modern organisations, the NHS has grown up with constant change – not only in medical practice, but also in the systems that support the daily routine of one of the world’s largest health services. And one current issue is whether the NHS should be using more open-source software.

The challenge is twofold: how does one of the largest employers in the world, whose primary focus is medical care, ensure that the information technology it uses is current, relevant, safe and easy to use for medical staff? And how does it ensure that its vast army of IT staff are suitably skilled and capable of supporting current, and future, technology? Tackling both of these is no mean feat.

The legacy of legacy

The larger you become, the more likely it is that you will have legacy systems supporting many critical services. This is not unique for the NHS – banks, defence and many retailers have to grapple with systems that originated as far back as the 1960s but which have operate to continue to run things smoothly.

With legacy systems, there is an immediate drag on what new technologies can be employed even if there are new, fun, flashy and possibly free technologies available. If a system works and many lives depend on its successful operation then changing it for a new technological whim is simply bad practice – especially for the NHS.

The big system used by the NHS is Windows, which became a globally popular desktop and server operating system. Through strong marketing and a professional certification programme, by the late 1990s it had cornered the market – and the NHS.

Open source

Microsoft is a commercial venture so it is reasonable for them to sell their products, which they do via licensing per unit. The NHS has about 100,000 computers, so it pays a considerable amount and also has a lot of work to do each time there’s a required update for any of their server technologies or desktop computers. While it needs some technical tweaking, Windows is sold as something that comes out of the box and should work. Designed to work with a wide range of different types of systems, the one size that fits (almost) all computers is a bonus for many technical managers.

But it hasn’t been problem-free. Most hospitals still have thousands of PCs running Windows XP which stopped being supported earlier this year.

An alternative might be Linux, an open-source operating system. While increasingly popular, Linux has taken longer to gain dominance. There are many Linux-based systems now available, like Android and Ubuntu, and it is now probably more extensively used than any Windows-based system around. Because (unlike Microsoft) the Linux community lacks one central “owner” it wasn’t until Google and Canionical – among many others – began using it, it gained support and more popular recognition in the technical community. For example, most web servers in the world and all of Google’s severs run Linux, as well as every Android phone.

Risk aversion

The NHS, perhaps because of its scale, has been risk-averse and let’s not forget that it has already had to contend with the failure of a new system. Its abandoned patient record system, reported to have cost at least £10 billion and dubbed “the biggest IT failure ever seen” makes it no surprise that the NHS is wary of getting its fingers burned again.

But choosing what system to use in the NHS needs careful risk management. Despite the potential to fork out less cash for support and updates, the majority of risk-averse IT managers won’t simply jump from one technology to another just because it’s open source. They have to consider what guarantee of external support they will get and what in-house skills they have to operate and support a system for many years.

While we might think of open source as “free”, the NHS would need to factor in additional costs of developing it, whereas off-the-shelf technology moves the risk and potential legal liability to the software seller. But as Microsoft showed in its withdrawal of support for XP, this isn’t always the case and it might be better to take a short-term hit of pain for a longer-term gain. Investing in professionals with the right open-source skills, for example, may pay dividends later on. And organisations such as the Linux Professional Institute are now creating professional programmes to ensure technical experts have a strong foundation in these skills.

Calls for more openness in software

Recent calls for the pharmaceutical industry to be open and transparent about the results of both successful and failed drug trials have a parallel in the software world. Just as poor drug trial disclosure results in flaws being hidden from the public, flaws in proprietary software can be kept secret by software vendors while being exploited by criminals or spies.

It is well known in the security community that the only way to thoroughly test the reliability of security software is to publish the source code. Otherwise you are vulnerable to anyone who is smarter than the people who wrote your software; better to have more people testing it for you and openly reporting problems.

The open-source community can often identify and fix problems faster than software vendors and open-source software can evolve to address local issues as versions “branch” from the main source tree. An innovation in one area of the country may be adopted elsewhere if it is seen to work – or if it doesn’t it can be left to wither and die while the main software tree remains intact.

The NHS is responding to calls to use more open-source software but there is resistance, as you would expect in a large organisation whose directors have to be conservative in their outlook. But there are clear signs of change beginning, and just like Big Pharma, Big NHS IT is headed for more openness.