Policy context and the challenges facing digital transformation

Historically, digital transformation efforts have concentrated heavily on acute care, with many technologies deployed to address elective care backlogs and reduce hospital admissions. 

As the government pursues its vision of a neighbourhood health service and the shift of resources from acute to community, digital innovation will be essential to making this a reality. 

Neighbourhood health is not just about structural reform, moving services out of acute settings and into communities; it proposes a relational reform that empowers patients and mobilises local assets within communities to work in partnership with the NHS to co-manage their health. Digital technology will be a key enabler of this transformation, helping to connect services, empower patients and support proactive care. 

Empowering people and communities to fulfil the promise of neighbourhood health requires digital transformation, as outlined in the government’s 10 Year Health Plan. Ensuring strong digital foundations is essential to realising the full potential of transformation. 

Seamless interoperable digital systems will be the key to bringing together multidisciplinary teams and local partnerships in neighbourhood health teams. While the 10 Year Health Plan sets a bold direction, continued focus on the foundational infrastructure – such as electronic patient records (EPR) and cyber security – will be vital to success.

Significant progress has been made in recent years, yet many organisations are still building the necessary infrastructure required to support modern care delivery. 

Development of digital infrastructure has consistently fallen short of the policy ambition of successive governments. A review by the Health and Social Care Select Committee found that the limited progress was largely due to insufficient funding.  

NHS England has estimated that 70 per cent of trusts will reach the standard for the core level of digitisation that was set out in What Good Looks Like by March 2026 and there are currently still nine trusts without an established EPR. Across the NHS, 45 per cent of NHS services lack a digital pathway and between 10-70 per cent of NHS trusts’ technology estates are classified as legacy. 

The British Medical Association estimates that clinicians lose more than 13.5 million hours a year due to inadequate or malfunctioning IT. Analysis shows that trusts that are highly digitised have a 13 per cent lower cost per admitted patient episode and a 4.5 per cent reduction in inpatient length of stay.

Modernising IT and legacy infrastructure will improve and accelerate clinical decision making, improve diagnoses and treatment, and enhance coordination across services. Robust digital foundations also support leaders in using population-level data to better target resources, harness prevention opportunities, track outcomes and plan services effectively. 

 

Spotlight on policy: The neighbourhood health service

The government’s 10 Health Year Plan put the establishment of a neighbourhood health service front and centre. This will help deliver a model of care that is preventative and better supports those most in need, including those with long-term conditions who regularly come into contact with different health and care services. 

The government is determined to put an end to ‘hospital by default’ and hopes its alternative – the neighbourhood health service – will provide more personalised and coordinated care, thereby leading to better patient outcomes, more cost-effectively.

Further information
Read Delivering a neighbourhood health service: what the 10 Year Health Plan means for local integration. 

 

Investment

Successive governments have recognised the importance of digital transformation in the NHS with ambitious policy initiatives, although investment has historically fallen short of what is needed to deliver meaningful change.

A Health Foundation report estimated that over the next five years, the NHS in England will need £5 billion in capital spending, £2.25 billion in one-off revenue spending and £1.5 billion in annual revenue spending to make the shift from analogue to digital. 

The 2025 Spending Review announced up to £10 billion in NHS technology and digital transformation by 2028/29 – almost a 50 per cent increase from 2025/26. This substantial investment reflects growing recognition of the strategic importance of digital transformation and aligns closely with expert estimates of what is needed. Ensuring effective deployment across integrated care systems, regions and trusts will be key to maximising its impact – especially at a time of great organisational challenge.

Previous digital ambitions have been undermined by inconsistent and insufficient funding. As cloud-based subscription models become more prevalent, the balance between capital and revenue funding must also adapt, with greater emphasis on sustained revenue to unlock the full value of procured technologies. To achieve transformation that supports the shift to a preventative neighbourhood health service, funding must be rebalanced and comprehensive across the system. 

Crucially, successful digital transformation depends not only on technology, but on thoughtful implementation. Business cases for new technologies must include robust plans to realise the benefits of the investment, including staff training and financial support for change programmes. 

 

Workforce

Investing in a strong digital, data and technology (DDaT) workforce is vital to delivering transformation and NHS leaders have a critical role to play in addressing the persistent challenges facing the DDaT workforce. With the NHS employing a significantly lower proportion of digital and data professionals compared to other sectors, there is an over reliance on third-party suppliers and challenges in delivering transformation. Unfilled DDaT roles and limited in-house expertise hinder progress in delivering frontline digital priorities.  

The public sector struggles to attract and retain top digital and data talent across the board, as compensation is far below the private sector. On top of this, the roles themselves have not been prioritised, with the NHS having a low proportion of digital leaders represented in executive teams. 

NHS leaders should advocate for the elevation of digital roles within organisational structures, ensuring that digital leaders are represented at board level and empowered to shape strategic decisions

NHS Providers polled leaders in 2024 and found 36 per cent of trusts had a digital leader on their board, while it was estimated in 2023 that around 24 per cent of ICBs had a board-level digital leader. The uncertainty created by the current reorganisation of digital functions (and the delays to it) must be carefully managed so that the crucial DDaT workforce is either retained and empowered or recruited and respected as equal leaders. 

Protecting and empowering existing digital teams is essential to maintaining momentum and senior leaders should also foster a culture where technology is seen as an enabler, not a burden. Many staff still perceive IT systems as outdated, slow and disruptive to workflows. Leaders can address this by promoting interoperability, supporting the DDaT workforce and ensuring all staff are equipped with the right tools and training to use digital systems confidently and effectively.

The Darzi review found that NHS staff can perceive IT as an additional burden. Much of the IT infrastructure in the NHS is out of date and runs outdated operating systems that struggle to run basic tasks and are unable to support new software, including AI. Technology can have a negative impact on workflow due to a lack of integration and interoperability between systems, or by lengthening existing tasks or adding new ones. Empowering staff with the right tools and training will help build confidence, improve adoption and unlock the full value of digital transformation.

 

Cyber security

Cyber security is vital to digital transformation in the NHS. Increasing reliance on digital infrastructure like EPR, virtual wards and AI mean that protecting sensitive health data and ensuring operational resilience are paramount. 

Cyber threats are rising across all sectors. In 2024 the National Cyber Security Centre responded to 50 per cent more nationally significant incidents compared to the previous year, with a threefold increase in incident severity. The NHS is at a greater risk due to the large number of different systems and high levels of duplication creating a large surface area for attacks. Improving service reliability and strengthening incident response plans will be key to building a resilient digital NHS.

Past cyber-attacks on NHS organisations have underscored the importance of proactive security measures to protect patients and the NHS. The recent proliferation of new AI tools has increased the cyber security risk facing the NHS, and earlier this year NHS England had to issue a warning against using non-compliant Ambient AI (AVT) as organisations rushed to make use of new tools. Since then, a new self-certified registry for AVT has been announced to manage demand. 

To strengthen cybersecurity across systems and NHS organisations, NHS leaders should take a proactive and strategic approach that embeds cyber resilience into core governance and operational planning. This includes ensuring cybersecurity is regularly reviewed at a  Board level, with clear executive accountability and designated leadership roles. Leaders should adopt the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to assess organisational risk and guide improvement planning.

The government's plans for the Cyber Security and Resilience Bill, outlined in April 2025, will require more organisations and suppliers to meet robust cyber security requirements, including risk assessments to minimise the impact of attacks, improve data protection and network security. Under the plans, regulators will have more tools to improve cyber security and organisations will be required to report more incidents. 

INHS suppliers have been urged to sign a charter of cyber security best practice, which includes 24/7 cyber monitoring, multi-factor authentication and working collaboratively and openly in partnership with NHS England if a cyber-attack occurs. Alongside the charter, NHS England will be launching a self-assessment form in autumn 2025, for suppliers to work through as well as a series of summits and engagements to collaborate on security.

 

Spotlight on policy: Cyber Assessment Framework (CAF)

The CAF has been developed by the National Cyber Security Centre (NCSC) and is the primary framework used by all NHS organisations to assess and improve their cybersecurity. It includes four high-level objectives, 14 principles/outcomes, and indicators of good practice to help organisations measure cyber risk and resilience.

In September 2024, NHS England transitioned the Data Security and Protection Toolkit to align with the security centre’s CAF to strengthen cyber resilience across the NHS. The CAF is now the centralised standard by which NHS entities must assess their cyber security.

Further information

Read Keeping your integrated care system safer from cyber-attacks.