The fortnightly newsletter that unpacks system leaders’ priorities for digital technology and the impact they are having on delivering health services. Contact Ben Heather in confidence here.

In his early flurry of public appearances, NHSX chief executive Matthew Gould has singled out one task above all others: improving IT standards.

By standards, he does not mean improving the standard of NHS IT – although hopefully that will be a consequence – but rather the rules that govern how we build and use information technology in the NHS. And making sure everyone sticks to them.

Standards are not as exciting as AI, remote digital consultations or big data. But all these innovations rely on some agreed IT rules of engagement to spread. In other words, common IT standards across the NHS are a necessary pre-condition for the coming health tech revolution prophesied by successive health secretaries.

Standardisation enables scale. The world wide web would not be worldwide without international web standards (HTML, etc). Instead, it would be many siloed networks, each with its own peculiar rules preventing communication with other siloed networks (sound familiar?). 

On paper, Mr Gould is better positioned than his predecessors to make meaningful progress on NHS IT standards. But he also inherits a confusing mash of existing rules, a sceptical NHS IT workforce and incumbent suppliers protecting their patch.

Standards for everything

The NHS already has many standards for how information should be electronically recorded, stored, accessed, and presented.

There are standards for how clinical information should be expressed in electronic systems. This includes rules for clinical terminology (SNOMED CT), what to call medicines (dm+d), even what specific information should be included in an outpatient letter.

There are also technical standards, that is how the IT plumbing is configured rather than the information it carries. These include not using unsupported software, restricting access to sensitive information, having open pathways for information to flow between IT systems (open APIs, FHIR), and connecting local systems to a national digital identity verification service (NHS Log-in).

Some of these standards are global, some are developed specifically for the NHS. A few are mandatory or will be soon, while others are works in progress.

Most are adhered to only sporadically.


The NHS number is a good example. Its use has been mandated by law since 2015 but is still not universally applied.

Standards around the clinical content more broadly, such as those propagated by the professional records standard body, are often ignored.

There are many reasons for this.

Local eccentricities in how IT systems are configured, and information therein organised, are deeply ingrained. Without strong incentives to make what can be painful changes to meet national standards, change is slow.

Meeting some of the standards, such as those around data security, requires an investment in new IT systems that many organisations cannot afford.

There have also been complaints from IT leaders in local organisations that the centre has lacked a coherent strategy on setting NHS IT standards.

A Nuffield Trust report, published in May and based on surveying NHS IT leaders, reveals “widespread frustration” about the centre’s confused approach, with impossible deadlines set with little regard to local circumstance. Many of these deadlines have consequently been ignored.

Commercial standards

Setting IT standards across the NHS also faces a second hurdle: incumbent IT system suppliers.

Some of the concerns raised by these companies echo NHS IT staff’s concerns; that the centre does not appreciate the time and resources required to make complicated changes to their software.

However, many of these companies also have strong commercial incentives not to comply with new standards, particularly those that require them to make it easier for information to flow into and out of their products (interoperability). Allowing data to easily escape your IT system erodes market control. It makes it easier for customers to switch to another product and for rival companies to build products that use that data, such as an online consultation app that plugs into an electronic patient record. If a company can’t control the flow of information, it becomes more difficult to charge customers or rival companies for access.

Convincing incumbent IT supplies that opening up and generally improving their IT system in line with new standards is good for business (or conversely very bad for business not to) will be crucial.

Enforcing standards

Making progress will be difficult for all the reasons outlined above, but there are a few reasons for more optimism than before.

NHSX itself is one reason. There remains justifiable scepticism about the joint venture NHS England/Improvement/Department of Health and Social Care tech strategy unit built on borrowed bits of other agencies. But the centralisation of NHS IT oversight in NHSX creates a new avenue for enforcing standards.

At a basic level, it brings together the overview of standards into one place under people that have a strong understanding of how they work in practice. NHSX’s new interim chief technology officer, Hadley Beeman, sits on a committee for the organisation that sets the international standards for the world wide web. Mr Gould has been heavily involved in developing IT standards for UK public services more broadly in his previous roles.

NHSX has also commandeered NHS Improvement’s power to approve (or not) major NHS trust IT projects. Under NHSI, whether the IT system a trust was planning to buy had a good user-interface, used open standards and was interoperable did not feature prominently in the assessment. NHSX has said it will use this power to enforce IT standards, rejecting projects that don’t measure up. In theory, this creates a new and powerful incentive for both trusts and NHS IT suppliers to comply.

Greater competition in the NHS IT market from smaller digital companies may also help spread the adoption of IT standards. These upstarts have more to gain from buying into the standards and competing with the incumbents on the strength of their product when unburdened by cumbersome legacy. They could have the edge. As NHS organisations come off lengthy and expensive contracts, these smaller companies will be more than willing to fill the void, especially if a big incumbent supplier cannot tick NHSX’s IT boxes.

All of the above will rely on NHSX corralling a coherent and realistic set of standards. Without that clarity and drive from the centre, the NHS and IT suppliers will likely muddle on much as they have and the health tech revolution will have to wait.