Board accountability
Each provider organisation should have a board level member with responsibility for information.
- All NHS organisations are required to appoint a Senior Information Risk Owner (SIRO) at board or governing body level. The SIRO has executive-level responsibility for the organisation's information risk policy, accountability for information risk across the organisation, and a duty to ensure staff understand their personal responsibility for safeguarding and sharing information appropriately. SIROs must produce annual reports to their boards (NHS England Digital, Data Security and Protection Toolkit).
- In addition to the SIRO, organisations must appoint a Caldicott Guardian (a senior person responsible for protecting patient information confidentiality) and a Data Protection Officer under UK GDPR. These roles are embedded at board or senior level.
- The DSPT requirement ensures board-level engagement with information governance: organisations must demonstrate that their board receives regular information governance reports and that a named senior individual takes responsibility for information risk.
- The NHS Leadership Competency Framework (effective 1 April 2024) includes "providing robust governance and assurance" as one of its six domains, within which information governance and data quality are expected competencies for board members (NHS England, NHS Leadership Competency Framework, February 2024).
How was this evidence gathered?
Response
Accepted in Part
Response
Accepted in PartThe government published "Hard Truths: the Journey to Putting Patients First" (Cm 8777) on 19 November 2013, responding to all 290 recommendations of the Francis Report. This followed an initial response "Patients First and Foremost" in March 2013. Key reforms included a new Chief Inspector of Hospitals, strengthened Care Quality Commission inspection regime, a statutory duty of candour, and the fit and proper person test for NHS directors. Volume 2 (Cm 8754) contains the government's detailed responses to each of the 290 recommendations. See: https://assets.publishing.service.gov.uk/media/5a7cd486ed915d63cc65d167/34658_Cm_8777_Vol_1_accessible.pdf
Published Evidence
Published assessments of progress from inspectorates, select committees, official progress reports, and other sources. Source type badge indicates whether each assessment is independent or government self-reported.
Research published 2023 marking ten years since the Francis Report found mixed results. Structural and legislative changes largely delivered (duty of candour, FPPR, CQC overhaul, revalidation, Freedom to Speak Up Guardians). However, cultural change not fully embedded; understaffing, fear of speaking up, and poor complaint handling persist in parts of the NHS.
Government published "Culture Change in the NHS" (Cm 9009) reporting progress on all 290 recommendations. Key achievements: 19 hospitals placed in special measures; those trusts recruited 109 additional doctors and 1,805 additional nurses; 129 board-level changes made; excess avoidable deaths fell by 450 in less than a year.
Government published "Hard Truths: The Journey to Putting Patients First" (Cm 8777) in two volumes. Vol 1 set out new actions; Vol 2 provided detailed response to each of the 290 recommendations. Approximately 204 of 290 recommendations were fully accepted.