Princess of Wales Hospital blood glucometer case
v2
Harold Thimbleby
10 September 2025
Automatically-generated evidence narrative file revisiting the 2014 Princess of Wales Hospital blood glucometer case. For an overview of the background to the case, with a full description of the meaning of the diagram and further details of its associated narrative, go to the REED web site home page at
the REED site home page.
REED v3 diagram (there is only one new node added in v3)
Quick overview — combined versions: v2; v3
| REED file | Digital signature |
| lib/pow-reed | 5023a723e0283fe3177aa533bb33d1b3 |
If a REED file has been changed since this report was made, then its digital signature will now be different. You can run the REED tool with flag ‘-s’ on any file to confirm its signature.
| 26 | nodes | — | 26 | with notes | (21 highlighted) |
| 28 | arrows | — | 7 | with notes |
There are 2 weakly connected components (i.e., there are 2 independent REED diagrams not connected to each other with any arrows, regardless of the directions of the arrows).
21 highlighted nodes
| ⚑ | blue used 11 times | Version 3 uses blue to highlight the impact of critical new evidence introduced by the Abbott engineer. Only one node was explicitly highlighted blue, but the REED tool is used to automatically cascade the blue highlight to all affected evidence. |
| ⚑ | red used 2 times | Specific, relevant computer problems as already admitted in evidence. Use of non-forensic tools like Excel (which, for instance, allows rows of data to be deleted without leaving any record of changing the data) used to process the evidence. In short, any evidence highlighted in red is unreliable. |
| ⚐ | white used 4 times | No information is available yet. This may or may not be considered a problem after relevant evidence is provided. |
| ⚑ | yellow used 4 times | Problems that have not yet been resolved. Concerns need to be addressed in cross-examination. |
⚑ Node v3-2.3 Unsupervised Abbott engineer
Mr. Nick Reece, a PrecisionWeb support Specialist employed by Abbott Diabetes Care, had been asked by the hospital to help when the Princess of Wales PrecisionWeb database faced problems in 2013. Mr. Reece then worked unsupervised on the PrecisionWeb database, apparently taking no notes and certainly not following any forensic process.
Reece gave evidence that he had failed to take notes on exactly what he did when editing, deleting, and modifying data in the PrecisionWeb database. He admitted he had deleted critical data, which would have created the impression that nurses had been negligent not performing blood glucose tests.
This deletion of computer evidence explains the discrepancy in patient records that the prosecution claims had been wholly and entirely caused by the nurses’ criminal negligence.
Node v2-1.2 Defendant nurses on Ward 2
The defendant nurses were named, and provided witness statements.
⚐ Node v2-1.3 Patients
The patients on Ward 2 had limited capacity.
⚐ Node v2-2.2 XceedPros on Ward 2 (group: Hospital IT Systems)
The nurse takes an XceedPro to a patient, and they must then tap the XceedPro with their ID card, then scan the patient’s ID card. Then the patient is pricked to obtain a small blood sample, which is inserted into the XceedPro. The XceedPro records the IDs, the date and time, and the blood glucose level. Nurses may share ID cards, or they may “double tap” and use their ID card twice instead of using the patient’s ID card.
See node
FROM v2-2.1 Abbott
labs:
Manufacturer evidence says XceedPros have numerous bugs; however none of the documented bugs lose patient data.
⚑ Node v2-3.2 No known backups that could have provided evidence (group: Hospital IT Systems)
If backups had been taken (we do not know) then it would have been natural to check if the alleged missing nurse data had ever been stored on the main PrecisionWeb database.
Backups would have shown whether failures happened in PrecisionWeb, or earlier for instance over arrows A (as the prosecution argued), B, C or D.
⚐ Node v2-3.3 XceedPro dock on ward (group: Hospital IT Systems)
No evidence of the reliability of the XceedPro dock (for example, hospital test results, or manufacturer claims of reliability, or even daily checks of integrity) has been offered. Its reliable use depends on hospital network reliability, and no evidence of the reliability of the hospital network has been offered. The network may have had outages during the relevant period.
⚑ Node v2-3.4 Unknown manual edits to PrecisionWeb database (group: Hospital IT Systems)
Written evidence shows that there have been unmanaged manual edits and manual maintenance of the PrecisionWeb database.
The impact of these edits on the case is as yet unknown.
If the technicians or engineers (potentially including Abbott maintenance staff) responsible for managing PrecisionWeb do not provide further more specific evidence, we will have no idea what they did to the database, potentially corrupting or deleting critical data it records that is likely to be relevant to the case.
Node v2-3.5 PrecisionWeb operators manual
The operators manual for PrecisionWeb says it should not be used for clinical purposes. All the evidence for this case assumed the clinical records in PrecisionWeb were reliable, despite the manufacturer’s warning.
⚑ Node v2-5.1 No evidence explaining scope of Ward PCs (group: Hospital IT Systems)
The Ward PCs can be used by nurses to review the PrecisionWeb database.
Beyond that there is no evidence to explain what else these PCs can do.
Can they be used to edit or delete existing records on PrecisionWeb? We don’t know.
⚑ Node v2-5.2 Abbott PrecisionWeb database (group: Hospital IT Systems)
PrecisionWeb is a proprietary database designed to monitor XceedPros, such as their battery health.
PrecisionWeb manual warns that it is not designed for clinical use, but the Princess of Wales hospital used it clinically — the blood glucose readings (amongst other data) are copied, via middleware (node
TO v2-7.1 Lots of unknown
complex middleware) to the main hospital database.
If it is not good enough for clinical use, why is it assumed good enough for evidence?
The prosecutors must therefore establish that PrecisionWeb and its sources of data are maintained and used to a standard to ensure it provides reliable evidence, and what they do to overcome the manufacturer’s explicit warnings about its quality.
⚐ Node v2-5.3 Hospital computer operators
We have no idea what the hospital computer system operators did, how they were managed, or what their security protocols (if any) were.
Note how (using Statechart conventions for diagrams) a
single arrow from this node (
HERE v2-5.3 Hospital
computer
operators) to the group
TO v2-9.1 Hospital IT Systems is sufficient to show that the computer operators affect
all nodes inside the box.
— Statecharts, invented by David Harel, are well-known diagrams widely used in computer science.
⚑ Node v2-5.4 Written evidence shows forensic methods used were unreliable
The police visited the hospital and exported CSV data from the hospital’s PrecisionWeb database to an unencrypted USB stick, a process that is insecure.
Although there were opportunities for the police to collect incorrect or incomplete evidence, or to corrupt the evidence that they had collected, there is no nothing to suggest that the police checked their final computer evidence against the original hospital sources. The police process took no precautions to detect or mitigate the effect of possible cyberattack (or other database problems, such as hardware faults, system crashes — which were known to occur — or operator error), such as comparing their collected data with backups.
Although the police used Excel to manage the evidence (which can delete data, columns and rows, etc, without leaving any record of changes) there is no record to show that they checked their final evidence against the original data.
The final evidence was presented to the court on both encrypted CDs and USB sticks and was explicitly claimed to be forensic quality evidence.
⚑ Node v2-6.1 Ward PCs (group: Hospital IT Systems)
The ward has PCs where nurses can review patient information.
It is not clear whether nurses can edit data, for instance in case two patients were mixed up with the XceedPros (e.g., by putting the wrong test strip in or using one with a second patient) — and if so, whether edits must be done by the nurse (or person with the same ID) who originally took the readings.
We do not know who had access to the Ward PCs (whether nurses or hospital operators).
⚑ Node v2-6.2 Frequent crashes documented (group: Hospital IT Systems)
Evidence revealed in court was that the PrecisionWeb database (or the server it ran on) frequently crashed. The evidence said nothing about the impact of crashes on the integrity of the database; presumably at least the transactions pending when crashes happened would be lost.
⚑ Node v2-6.3 Police forensic database system
The police used PrecisionWeb unsupervised, exported data to CSV format.— Hospital policy has since been revised.
The police certainly examined the PrecisionWeb data in Excel, as their written evidence says their first attempts crashed Excel (presumably because of the size of the Excel spreadsheet). I do not understand why the police did not use SQL (or any other decent database), as they could simply have copied the SQL PrecisionWeb database rather than relying on PrecisionWeb to convert it to CSV.
CSV is a very unsuitable data format to choose for evidence, as there is no way to detect edited, deleted, or inserted data.
Whatever CSV data they selected, they copied to a USB stick. This stick was then taken by car to a police forensic environment, and copied to an encrypted secure disk drive. Subsequently, unencrypted CDs were burned from the files on the secure disc.
The police evidence claimed their process was forensic — but it was only forensic
after copying CSV data to the secure disk drive, and provided that no police staff with password access modified the data.
⚑ Node v2-7.1 Lots of unknown complex middleware (group: Hospital IT Systems)
PrecisionWeb (node
FROM v2-5.2 Abbott
PrecisionWeb
database) is not interoperable with other hospital systems, so middleware Conworx is used to interface PrecisionWeb to the main patient databases.
No evidence of the reliability of Conworx and other middleware (for example, hospital test results, or manufacturer claims of reliability) has been mentioned in evidence.
The hospital refused access to technicians, which meant we have no idea of or the extent of the middleware or how it is supposed to work.
Such complex multi-manufacturer systems will have bugs, so it is very surprising not to have error logs (etc) presented in routine statements.
⚑ Node v2-7.2 No evidence of any testing ever performed
The hospital presented no evidence that it knew that any of its systems were reliable. However, the hospital did present evidence that PrecisionWeb regularly crashes (node FROM v2-6.2 Frequent crashes
documented).
⚑ Node v2-8.1 Main hospital databases (group: Hospital IT Systems)
The hospital databases are managed by hospital technicians. None provided evidence statements, and none were called to give evidence.
Such complex systems will have bugs, so it is very surprising not to have error logs (etc) presented in routine statements.
It is curious that the discrepancies were originally discovered from the main hospital databases, not from PrecisionWeb. The police never took evidence from the main hospital databases.
⚑ Node v2-8.2 No evidence of error logs or audits
It is astonishing there is no evidence that the hospital ever checked whether their computer systems were functioning normally.
It is also astonishing the police recorded data from hospital systems without confirming the reliability of the data, and did so without hospital supervision.
Node v2-9.1 Hospital IT Systems
We know nothing about the management of the hospital systems and any impact on the evidence. In a hospital (or any other critical environment) one would expect at least daily checks of reliable performance or error logs. The REED diagram shows there were no such checks.
⚑ Node v2-10.1 Nurse-written paper records (never disclosed)
Contemporaneously with treating patients, nurses should review the XceedPro they have used and copy its data to paper notes. The police never provided the nurse-written records.
The XceedPro can record up to 2,500 patient records and then it will start overwriting records. As I never had access to the relevant XceedPros, I do not know whether this bug was relevant: had an XceedPro recorded about 2,500 records it could have given the impression the nurse had not performed tests the nurse had documented on paper notes.
⚑ Node v2-1.1 Wrong XceedPros seized by police (group: Police handling of XceedPro evidence)
The PrecisionWeb data records XceedPro serial numbers, and shows that XceedPros routinely move around the hospital.
The PrecisionWeb data confirms that the police seized all three XceedPros that happened to be on Ward 2 on the date when they visited it. However, the seizure did not include any XceedPros that had been used by the defendants at the relevant times.
In addition to mistakenly seizing the wrong XceedPros, the police sent them to Abbott (node TO v2-2.1 Abbott
labs) to be checked for reliability. Abbott unsurprisingly confirmed the XceedPros worked correctly — it would have been better to chose an independent organization to check the XceedPros.
Furthermore, Abbott’s evidence says nothing about the reliability of the XceedPros actually used by the nurses. Checking the wrong XceedPros is irrelevant to the Prosecution’s contention that the nurses fabricated meter readings.
The
REED paper explains how the police came to seize the wrong XceedPros.
Node v2-2.1 Abbott labs (group: Police handling of XceedPro evidence)
The US company Abbott manufactured the XceedPros and the PrecisionWeb database, both critical components of this case.
The police sent the 3 seized XceedPros to Abbott to determine if they worked correctly. It is surprising the police chose Abbott themselves to check the XceedPros, as Abbott have a vested interest in saying their own products are reliable. Moreover, the police sent the wrong XceedPros to Abbott, as they had seized the glucometers on the ward when they visited, not the glucometers that the nurses had originally used.
The Abbott labs found no relevant problems with the XceedPros, but they did confirm that all XceedPros had bugs.
However, none of the bugs Abbott described would affect or cause loss of data, unless the XceedPros had been used to try to record over 2,500 tests, which is considerably higher than any XceedPro at the Princess of Wales had ever recorded (at least as established by the police’s PrecisionWeb evidence).
Node v2-4.1 Police handling of XceedPro evidence
The police examined the wrong XceedPros. The evidence presented on XceedPros is not relevant to the case.
Arrow narrative evidence
Arrow ?
Arrows marked “
?” indicate evidence flows that we
should know about, but no relevant information has been made available, despite requests. We think the evidence probably does not exist because (we surmise that) the IT operators probably did not do the appropriate work, such as testing (see
TO v2-7.2 No evidence
of any testing
ever performed).
Arrow A
A nurse uses an XceedPro to take a sample from a specific patient, and the XceedPro records the nurse’s and the patient’s IDs.
Arrow B
A blood sample from a patient enters an XceedPro.
Arrow C
The XceedPros provide date, time, XceedPro ID, nurse ID, patient ID, blood glucose level, etc.
Arrow E
The police manually exported a CSV file from the PrecisionWeb database (supposedly) of every record derived from all XceedPros in the hospital over the relevant period of time. This was then copied to a USB stick and taken by car to be copied to the police system, from where multiple CDs were made for copying to the prosecution and defence.
CSV is a non-forensic and very unreliable data format, and the police made no use of checksums or other techniques to assure that the final CDs correctly held the data from PrecisionWeb.