The Beaumont Hospital Information System (BHIS) is arguably the “biggest risk” to delivery of services at the hospital, its board heard earlier this year.
A board meeting in March heard that the audit and risk committee (ARC) considered that an independent review of the BHIS replacement project was essential for the board to demonstrate it had taken all reasonable steps on the matter.
Progressing the replacement of the BHIS was described as a key action in Beaumont’s 2015-2020 strategy. This document outlined that the system was then 25 years old and “becoming progressively unstable”.
The BHIS is comprised of three modules, two of which are to be replaced with national systems being implemented by the HSE (MedLIS and PAS). There have been delays in implementing MedLIS and Beaumont’s new system cannot go live until after MedLIS and PAS are delivered, according to information provided to the comptroller and auditor general (C&AG).
As of November 2022, MedLIS was due to be delivered in May 2024. Thereafter, the two other systems were expected to be implemented in parallel and delivered in September 2025. The BHIS will cease to function after 31 December 2025.
Beaumont and its board remained “concerned” with the delays in delivering HSE systems given the “very tight” deadlines in ensuring a full suite of replacement modules, according to the statement of internal control submitted to the C&AG in December 2022. Any further delays would have “serious consequences” for the hospital.
In late 2022, the board had approved two requests for procurement (RFPs) for independent reviews of the BHIS replacement project and cybersecurity. However, in January 2023, the process to post the RFPs was deferred to allow management to present papers on both matters to the ARC.
The ARC noted recommendations by the HSE and C&AG for bodies to undertake an independent review of cyber security. It also noted that the status of Beaumont’s “old systems” had been referenced by the C&AG in 2022 and at a meeting of the public accounts committee.
The ARC approved a recommendation to the board to proceed with both IT engagements.
At the board meeting in March, there was a detailed discussion on the matter and management attendees repeated their concerns on the possible impact of the engagements on “limited key IT resources”. Ultimately, the board approved the recommendation of the ARC.
No comment was received from Beaumont despite requests.