The Government's Digital Health and Social Care Plan (January 2025) outlines an ambitious strategy to enhance digital capabilities within the NHS, focusing on digitising health and social care records, promoting digitally-supported diagnoses, and accelerating the adoption of proven technologies.
However, experts like Jonathan Hinchliffe, Delivery Director at St Vincent, highlight that, despite these promising efforts, the digitisation of the NHS is moving at a slow pace.
The Government's Digital Health and Social Care Plan (January 2025) outlines an ambitious strategy to enhance digital capabilities within the NHS
“Compared to other government departments, the NHS and DHSC are digitally immature and working to catch up,” he says.
According to Hinchliffe, while there are standout examples of progress, true large-scale modernisation will only be realised with a shift towards a people-first approach that integrates technology with cultural and organisational change.
Challenges and barriers to progress
Hinchliffe explains that the “building blocks” for the digital transformation of the NHS are there, with digital enablers, the workforce capacity is growing, and the right infrastructure is emerging.
However, he warns that digital transformation is often misunderstood as a purely technological challenge.
“True transformation requires a people-first approach with enabling technology—not simply more tech that is not understood, deployed, or delivering tangible benefits. Furthermore, transformation is not just ‘digital’—around 40% of transformation is digital enablement, with the rest dependent on people, processes, and culture shifts.”
Hinchliffe highlights that a shortage of digital leadership, skills gaps, and a lack of sustained funding all hold progress back.
Digital transformation is often misunderstood as a purely technological challenge
He also highlights poor data quality as a major hurdle, arguing that without accurate and well-structured data, even the best digital solutions will fail to deliver their intended benefits.
He also points out that while the NHS remains capital-rich but revenue-poor, many trusts find themselves unable to secure ongoing financial support for cloud-based or subscription-model digital services.
“The NHS is revenue-poor but capital-rich. With central funding allocated through CDEL (Capital Departmental Expenditure Limits), even well-planned projects with the right leadership and skills often cannot secure the financial backing required to modernise digital service delivery.”
Delivering change on the ground
St Vincent has supported several major NHS trusts with digital upgrades, including large-scale EPR rollouts. Hinchliffe stresses that these are not IT projects, but organisational transformation programmes.
St Vincent’s work with East Lancashire Hospitals NHS Trust is a case in point.
St Vincent has supported several major NHS trusts with digital upgrades
After supporting the trust through its EPR rollout and optimisation, St Vincent helped refine outpatient functionality to improve both clinical efficiency and financial performance through better coding.
Beyond immediate programme leadership, St Vincent also provided mentorship to ensure the trust could confidently take control of its long-term digital strategy.
Similarly, at Princess Alexandra Hospital NHS Trust, the consultancy’s experience helped ensure the EPR programme went live on time—something Hinchliffe notes is rare in a landscape where delays are the norm.
The cybersecurity challenge: Securing patient data in a complex environment
The NHS operates one of the most complex and data-rich environments in the UK, making it a prime target for cyberattacks.
According to Hinchliffe, ransomware is the most significant threat facing NHS hospitals today, often targeting staff members as the entry point.
The prevalence of ‘shadow IT’—an area of IT that exists outside the direct control of the IT department—also presents a major vulnerability.
Shadow IT often results in application platforms that have flaws and security weaknesses, leaving NHS trusts open to attacks.
The NHS operates one of the most complex and data-rich environments in the UK, making it a prime target for cyberattacks
In response to these growing threats, St Vincent adopts a pragmatic, partnership-driven approach to cybersecurity.
“We work closely with NHS trusts to implement modern identity and access management solutions that ensure only the right people access the right data at the right time,” Hinchliffe explains. “Cybersecurity is embedded in every project we undertake from the outset, rather than being treated as an afterthought.”
To further bolster NHS cybersecurity, St Vincent partners with various cybersecurity service providers, recognising that there is no one-size-fits-all solution.
This tailored approach helps identify the most appropriate protection levels for each trust’s unique needs.
Conducting regular risk assessments and incident simulations is key to preparing for incidents and ensuring rapid recovery if a breach occurs
Hinchliffe stresses that NHS trusts should prioritise staff training and awareness, as human error remains the most exploited vulnerability in cyberattacks.
He also recommends implementing multi-factor authentication, particularly for remote access and critical systems, to strengthen security.
Many trusts still rely on outdated platforms, so it is essential to patch and update legacy systems to reduce the risk of cyberattacks, especially in areas like shadow IT.
It is crucial for NHS trusts to have tight cybersecurity governance
Additionally, conducting regular risk assessments and incident simulations is key to preparing for incidents and ensuring rapid recovery if a breach occurs.
Adopting a zero-trust architecture will further protect NHS systems by ensuring all access is verified, limited, and continuously monitored.
Finally, it is crucial for NHS trusts to have tight cybersecurity governance, with clear accountability and internal oversight to manage and strengthen their security efforts.
Culture: The missing Ingredient
As the NHS continues to navigate its digital transformation, Hinchliffe believes that cultural change is just as crucial as technological advancements.
For St Vincent, this people-centric approach is essential in delivering digital solutions that improve both the patient and staff experience.
The consultancy works closely with trusts to ensure their digital strategies are aligned with their organisational culture and operational needs.
St Vincent’s work with East Lancashire Hospitals NHS Trust and Princess Alexandra Hospital NHS Trust, for example, demonstrates the importance of integrating clinical teams early in the process, from workflow planning to post-go-live support.
Cultural change is equally vital
“One thing that we have learned over the many years of implementing new digital technologies is that the real area of focus is on the ‘people.’
“The technology and tools generally will work themselves out and be able to deliver. However, without individuals being truly engaged in transforming their processes with a clear ‘why’ statement, organisations are frequently left with shiny new equipment and digital solutions but experience poor adoption, poor data quality, and poor outcomes,” explains Hinchliffe.
Cultural change is equally vital. Large-scale digital programmes often act as catalysts for organisations to collaborate for the first time.
“While leadership prioritises reducing variation and saving costs through synergies, teams on the shop floor simply want to get the job done. Ensuring that cultural elements are also accommodated helps smooth the transition from legacy tools to a new digital record.”
“We stand by the motto: ‘Clinically led, digitally enabled.’ This is the key to delivering real value in digital transformation,” Hinchliffe adds.
Looking to the future: Smarter, more integrated hospitals
Hinchliffe believes that while emerging tools like AI, smart scheduling, and Automated Guided Vehicles (AGVs) promise efficiency gains, Hinchliffe insists that interoperability must come first.
“Future NHS hospitals will be designed around digital infrastructure, ensuring data flows seamlessly between departments, clinicians, and care settings. Smart hospitals will use automation, AI-driven insights, and real-time analytics to enhance patient care and optimise operations. However, the path to achieving this transformation must be carefully managed to ensure minimal disruption and maximum benefit,” Hinchliffe explains.
Lessons learned: It is not just about tech
According to Hinchliffe, among the most common misconceptions are the belief that digital change is a “silver bullet” or that installing an EPR automatically equals transformation.
He also emphasises that while vertical healthcare structures improve care within hospitals, true transformation requires horizontal integration across social care, primary care, and community services.
According to Hinchliffe, among the most common misconceptions are the belief that digital change is a “silver bullet”
Hinchliffe's advice for NHS leaders embarking on their digital journey?
“Understand your starting point. Be honest about your team’s skills and capacity. Be clinically led. And always ask yourself—are we improving patient outcomes and staff experience? That is the real benchmark.”
Overall, Hinchliffe remains optimistic about the future of NHS digital transformation. He believes that, with the right leadership, investment, and cultural engagement, the NHS can build a healthcare system that is truly patient-centred, data-driven, and seamlessly integrated.