Fiona Booth, head of external affairs and stakeholder engagement at Healthcode, explains that the fitness of an organisation is ultimately determined by its culture, leadership and people.
As sure as night follows day, a scandal in the health sector is followed by an inquiry which finds that governance failings within the organisation allowed poor practice to occur on its watch. Each time, there’s agreement that we need to improve governance to ensure quality and safety, but of course, that’s much easier said than done.
The Government sees tech as one of the biggest levers to solve current problems in the NHS and wider healthcare sector, including governance. The chancellor’s 2025 Spending Review committed up to £10 billion in NHS tech and digital transformation by 2028‑29, which will include the development of the first-ever AI early warning system to identify safety concerns in the NHS. The health secretary, Wes Streeting, said: “This tech will save lives – catching unsafe care before it becomes a tragedy. It’s a vital part of our commitment to move the NHS from analogue to digital, delivering better, safer care for everyone.”
Is tech a silver bullet that’ll transform clinical governance and guarantee better outcomes? It might surprise you coming from someone who works for a tech company, but my answer is: absolutely not! In my view, if we want effective governance, we need to think about these human factors too.
A healthy culture
As the Health and Safety Executive (HSE) puts it: “An organisation’s culture can have as big an influence on safety outcomes as the safety management system”.
NASA might be associated with some of the greatest technological achievements of the space age, but the agency’s credibility was severely shaken in 2003 when the Space Shuttle Columbia broke apart on its return from a scientific mission, killing all seven crew members. The Accident Investigation Board later found one of the root causes of the disaster to be organisational failures, including a “broken safety culture”. It reported: “Cultural traits and organisational practices detrimental to safety were allowed to develop, including: reliance on past success as a substitute for sound engineering practices… organisational barriers that prevented effective communication of critical safety information and stifled professional differences of opinion; lack of integrated management across program elements; and the evolution of an informal chain of command and decision-making processes that operated outside the organization’s rules.”
The story demonstrates how an unhealthy culture can undermine effective governance and safe practice, even within an organisation built on tech. Sadly, there are also examples of safety in healthcare being compromised by a culture of defensiveness, blame and cover-up in both the NHS and private sector. If we want to prevent slow-motion tragedies unfolding in our hospitals, we certainly need new and better systems of clinical governance, powered by tech, but that’s only part of the solution. It’s just as important to nurture a culture that celebrates openness where everyone feels empowered to raise concerns about patient safety and care standards.
Leadership qualities
This brings me to the next human ingredient of good governance: leadership. As part of its somewhat controversial single assessment framework for health and care providers, the Care Quality Commission (CQC) considers whether organisations are “well-led” and sets out a number of quality statements under this key question, including: “We have clear responsibilities, roles, systems of accountability and good governance. We use these to manage and deliver good quality, sustainable care, treatment and support. We act on the best information about risk, performance and outcomes, and we share this securely with others when appropriate.” There has also been growing recognition of the importance of effective leadership in healthcare settings, including university post-graduate qualifications, a Faculty of Medical Leadership, the NHS Leadership Academy and a Digital Health Leadership Programme which was established in 2017.
In my view, leadership and governance are entwined because high-calibre leaders set measurable objectives and standards, have robust quality assurance systems in place to uphold them and accept accountability. It is incumbent on leaders to deploy tech wisely within their organisations to support governance, having a clear understanding of the risks and benefits and ensuring effective oversight. Unfortunately, history is littered with examples of IT projects where leaders refused to countenance reported problems or fell victim to the sunk cost fallacy – continuing to pour money into an expensive failure.
Most of us were shocked by the news that hundreds of sub-postmasters had been wrongly prosecuted for theft and false accounting while those at the top of the Post Office continued to insist that its Horizon Accounting software was robust. However, there are plenty of examples of glaring overconfidence in IT within the healthcare sector too.
The CQC is a prime example after a botched programme to simplify its assessment process, which is already estimated to have cost £99 million. Following the sudden departure of its chief executive in June last year, the CQC’s interim boss apologised for the failures and for not listening to concerns raised by staff and providers. However, this mea culpa didn’t save the regulator from strong criticism in the Dash Review, which found that “poorly performing IT systems are hampering CQC’s ability to roll out [its single assessment framework] and appropriately manage concerns raised”.
A subsequent independent IT review in February 2025 highlighted a number of concerns with the way the CQC had implemented its regulatory platform, including a “lack of clear accountability and controlled governance” with high turnover of senior staff, a “lack of practical and clinical input in decision-making processes” and leaders promoting an “overly optimistic narrative that conflicted with the realities on the ground.” It recommended measures to improve oversight and governance, calling for “strong leadership and facilitation to guide and support” staff, including “providing direction, resources, and support to ensure successful outcomes”.
People’s responsibilities
Of course, those at the top are accountable, but in my experience, an organisation is only ever as strong as its people: we all have a responsibility to behave professionally, respect colleagues and service users, follow workplace policies and procedures and raise concerns about issues of quality or safety.
For healthcare professionals, this is reflected in the professional standards set by their regulatory body. The GMC’s core guidance, which came into effect in 2024, has a section called “Colleagues, culture and safety” which includes “contributing to a positive working and training environment”, “demonstrating leadership behaviours”, “keeping patients safe” and “responding to safety risks”. More broadly, I think it’s incumbent on all of us to recognise our agency and do the right thing at those “sliding door moments”. That might be calling out a disparaging comment, raising concerns about systems or colleagues or not being tempted to cut corners when sharing sensitive data.
When it comes to data protection, for example, the soon-to-be-replaced Information Commissioner’s Office (ICO) is clear that organisations are accountable for putting in place the necessary governance and information security measures, such as access controls, training, policies and record-keeping. However, it’s also notable from the ICO’s data security incident trends that most were the result of human error rather than ransomware or tech failures. Technological solutions can make a difference, but not if they are misused, by accident or design.
People > tech
Of course, great tech can make a difference. In my current role at Healthcode, we’re focused on finding online solutions to the operational challenges in private healthcare, including making better use of data to support governance. For example, the Private Practice Register enables hospitals (with the practitioner’s consent) to access the latest information about their own practitioner community, improving data transparency and accuracy. We’re now in the process of aligning the PPR with the principles of the Medical Practitioner’s Assurance Framework (MPAF), the Independent Healthcare Provider Network’s (IHPN) programme to strengthen the governance systems of healthcare providers, including areas such as the award of practising privileges.
At the same time, we still need healthcare organisations to commit to the common data standards and interoperable tech that will allow them to share data appropriately, securely and in a timely way with each other (and the NHS). In a recent report into quality and safety in the independent healthcare sector, IHPN highlighted further improvements in CQC ratings and the important contribution made by private providers to the UK health system but noted: “There is always more to do, particularly around contributions to national audits, the development of primary care benchmarking and use of freedom to speak up guardians”.
To sum up, I’m in no doubt that people are central to effective governance, especially in healthcare, where the outcomes – for good or ill – depend on the quality of the human connection with patients and between colleagues.
While advances in tech can support governance processes like identifying issues, benchmarking and data sharing, the fitness of an organisation is ultimately determined by its culture, leadership and people. In other words, all of us!
