next up previous
Next: Privacy failure - an Up: Information technology in medical Previous: Introduction

Safety failure - an example

One of the best known safety failures was the collapse of the London Ambulance Service on 26-27 October and 4 November 1992. The London Ambulance Service covers an area of 600 square miles and deals with 1500 emergency calls per day. The overload and collapse of a new computerised despatching system left London with partial or no ambulance cover for extended periods, and is believed to have led to the loss of about 20 lives.

The report of the official inquiry that followed [1] is a catalogue of management incompetence: poor planning, wishful thinking, unwillingness to heed warnings, reliance on `cozy assurances' from suppliers, and a transition to an unstable system with no provision for reversion to manual working in the event of disaster. For example, the Service ignored an independent review in March 1992 which pointed out the need for a documented implementation strategy, proper change control and volume testing; but despite problems with several components of the system (including uncertainty about the effectiveness of automatic vehicle location, inadequacies of staff training and commitment, and problems with data transmission to and from mobile terminals) its chief executive claimed that `there is no evidence to suggest that the full system software, when commissioned, will not prove reliable'.

When the system went live, it could not cope with the volume of calls and broke under the strain. The transition to a back-up computer system had not been properly rehearsed and also failed. As often with management failures, there was a political angle: the Service was attempting to use the new system to change ambulance staff's working practices without consultation in a climate of poor industrial relations.


next up previous
Next: Privacy failure - an Up: Information technology in medical Previous: Introduction
Ross Anderson
1998-11-13