Comment: Workforce planning and data governance: excel without Excel

Scott Baker of Hicom reveals an overwhelming reliance on spreadsheets for key workforce planning activities within the NHS - an approach that is inherently unsafe and puts trusts at risk of data breach. Here, he provides an insight into how the health sector can overcome this challenge

With increasing evidence that moving from traditional data management to more-collaborative, centralised approaches empowers decision-making and helps trusts revolutionise operations, Scott Baker, chief operating officer at Hicom, explains the need for trusts to ditch spreadsheets and how technology is helping the industry address the challenges of data security, the Information Commissioner's Office ICO fines, and the forthcoming GDPR.

Technical guidance from NHS Improvement and Health Education England urges healthcare providers to make further use of workforce data to inform planning through to 2018/19.

Why? Because this will enable trusts to better measure performance against workforce.

Death by spreadsheet

Effective workforce planning is key to a sustainable NHS.

Spreadsheets can easily become unwieldy, outdated and inaccurate documents – and yet countless organisations still rely on them as the basis for decisions

As the challenge of managing growing demand with diminishing resources intensifies, providers know their workforce plans must maintain the delivery of high-quality patient services while accommodating the long-term requirements of the NHS of tomorrow. Success hinges on nurturing an efficient, trained and productive workforce.

One area of opportunity is in how the NHS manages its workforce data.

Last year’s technical guidance from NHS Improvement and Health Education England outlined how such data would enable trusts to measure performance against workforce KPIs ranging from absence, staff turnover and appraisals, to new starters, agency staffing and mandatory training completion rates.

The logic is compelling: with secure access to real-time information, trusts are better able to plan resource to meet demand, respond to fluctuating staffing levels, and ensure training enables continuity of services.

Unfortunately, this is far from today’s reality.

There is currently an overwhelming reliance on spreadsheets for key workforce planning activities; employee records, staff levels, training & study leave, and safe staff rotations. Similarly, confidential information to support recruitment decisions – pre-employment checks, certificates, career history, disciplinary records and basic personal details – is commonly stored on spreadsheets and accessed across shared networks.

With the new GDPR coming into force from May 2018, it’s anticipated that ICO penalties will increase in both volume and size. Trusts can ill afford the financial and reputational costs

Such an approach is inherently unsafe and puts trusts at risk of data breach. Moreover, spreadsheet-led methodologies minimise the opportunity for joined-up decision-making informed by real-time analytics.

The flaws in relying on spreadsheets are well documented. Widely-cited research reveals that almost nine out of 10 spreadsheets (88%) contain errors. These can emanate from human errors in data input, formatting and calculations – but they’re also symptomatic of spreadsheet behaviour; multiple versions, poor version control, uncontrolled accessibility and free-for-all editing permissions.

Spreadsheets can easily become unwieldy, outdated and inaccurate documents – and yet countless organisations still rely on them as the basis for decisions.

The encryption factor

The spreadsheet’s partner in crime is email. Every day, countless spreadsheets are routinely shared across, and outside of, NHS trusts via email – exacerbating the problem of multiple versions and resulting in questionable data integrity and potential security breaches.

There’s a popular misconception that email communication across the NHS is secure simply because it’s done over the N3 network. This is not the case.

Every email that’s accessed outside of the network – either via an external partner or an NHS employee working remotely – is unencrypted and therefore vulnerable.

Providers have undoubtedly worked hard to meet compliance with Information Governance (IG) requirements to protect patient data. However, few have applied the same scrutiny to processes around workforce data – leaving themselves vulnerable to breaches of the new EU General Data Protection Regulation (GDPR).

It’s a risky approach.

In the past year, trusts have made the headlines for breaches exposing the personal information of NHS staff.

Last month an investigation was launched after the personal details of over 500 GP trainees in Merseyside were published online. And, in May 2016, a Lancashire Trust was fined £185,000 for a similar offence.

The centralised approach, underpinned by robust access control, eradicates the problem of inconsistent data sets, giving trusts greater control over their data

With the new GDPR coming into force from May 2018, it’s anticipated that ICO penalties will increase in both volume and size. Trusts can ill afford the financial and reputational costs. Therefore, providers should consider strengthening their information management capabilities to gain greater control of their data.

If the threat of an ICO fine represents the ‘stick’, motivating trusts to act, the value of maintaining accurate and accessible data (the ‘carrot’) goes beyond compliance. It can be the key to enhanced workforce planning and fuel better, more-sustainable patient services. But how?

Centralised solutions

The key to using information to fuel effective workforce planning is straightforward. Simple-yet-powerful technology can be used to integrate all aspects of workforce information into trust-specific, centralised data repositories that support the full lifecycle of planning; recruitment, training, deployment and management.

The centralised approach, underpinned by robust access control, eradicates the problem of inconsistent data sets, giving trusts greater control over their data.

At a more-granular level, centralised data warehousing allows trusts to take a customised, modular approach to business processes – powering solutions that support the challenges most pertinent to their organisation.

For example, medical education and HR managers can safely conduct pre-employment checks, with full visibility of all appropriate documentation. Similarly, managing and measuring mandatory training is less onerous, enhanced by access to reliable data that supports the entire training and development cycle; from registration and induction through to course management, delivery and certification.

Technology can help workforce teams secure greater visibility of study leave. Study leave is often agreed through direct communication between managers and their staff rather than logged on accessible systems.

As the NHS gears up for some high-profile challenges, the pressure on workforce planning is likely to intensify. Survival by spreadsheet is not an option. It’s time for trusts to take control

The implications for staffing levels and services can be substantial. Centralised management of this aspect alone can make a huge difference to workforce planning. Additionally, it can enhance a trust’s ability to record, manage and report KPI data, as well as providing audit capabilities to evidence workforce activity.

As the NHS gears up for some high-profile challenges, the pressure on workforce planning is likely to intensify. Survival by spreadsheet is not an option. It’s time for trusts to take control.

Companies