In this new blog from Maria Moors – former NHS A&E nurse and now Senior Account Manager at BridgeHead Software – she delves into a subject close to her heart… patient safety and the role of the CNIO in championing the patient-safety agenda. For Maria, it starts with timely access to patient data. But she identifies some serious hurdles that impede the ability for frontline clinical staff to quickly and easily access the right information they need, when they need it, impacting the efficient and effective delivery of care. She hopes that CNIOs continue to use their influence to ensure that the patient’s needs remain at the heart of every technology decision – from procurement to roll-out and beyond.
Patient Safety – The Core Tenet Of The CNIO
The role of the Chief Nursing Information Officer (CNIO) is relatively new. From my research, it seems that NHS Trusts first started to appoint CNIOs back in 2019, with the first national CNIO role (as part of the former NHSX organisation) in 2020. The CNIO has been positioned at the intersection of clinical care, digital strategy, and patient safety, ensuring that technology genuinely enhances patient care rather than becoming another IT-driven initiative. And the role continues to evolve. As a former nurse, you might argue I am a little biased, but I genuinely believe the CNIO is crucial in shaping the future of digital healthcare. Above all, the CNIO gives nurses a stronger voice in how digital tools are designed, implemented, and evaluated.
In this blog, I wanted to focus on the direct relationship between patient safety and patient data. With 11 years of experience on the NHS frontline, I am filled with dread when I think about the patient safety implications of clinical staff not having ready access to the full patient history. How can my NHS colleagues, who are already working in challenging conditions every day, be expected to make informed clinical decisions without quick and easy access to a complete patient record? To me, this is the foundation of safe, high-quality care – and it’s where the CNIO can make a real impact.
The EPR Is Only Part Of The Story!
There has – and continues to be – a major focus on the deployment and optimisation of electronic patient record (EPR) systems across the NHS. And rightly so, in my opinion. But, for many Trusts, there is one essential question that is overlooked, goes unanswered, or is pushed to the back of the priority list, that has a direct impact on patient safety: what happens to the data that doesn’t make it into the EPR? And, more importantly, how can we ensure continuous access to a patient’s full history – to inform care decisions, reduce clinical risk, and improve the patient’s experience?
Earlier this year, I penned a blog that explored why EPRs continue to be at the forefront of NHS digital transformation. Since then, the stats have changed – for the better. As it currently stands, over 94% of acute Trusts in England have an EPR solution in place (Digital Health) with predictions for 97% coverage by March 2026 (according to a report from Future Health Intelligence). This certainly should be applauded – the Frontline Digitisation programme has been a mammoth undertaking and, as with all initiatives of this scale, not without its challenges. Yet the evidence shows serious progress has been made towards digital maturity in the NHS.
Having said that, and to re-iterate on my previous post, EPRs are only part of the story. Why? Simply because they often store a fraction of a patient’s data – approximately 70% of clinical data never finds its way into the EPR. This data ranges from historical patient notes and scanned documents, through to radiology images, pathology reports and more – all residing elsewhere. Much of this data is trapped in legacy systems that do not support interoperability. Furthermore, full migrations of this data to the new EPR are deemed too complex, time-consuming, and/or expensive. The result… this patient data tends to stay where it is. And when it stays locked away, it increases the risk that decisions are being made without the full clinical context.
The Impact Of Legacy Systems On Patient Safety
According to the UK’s State of Digital Government review, across central government, the average amount of legacy technology comprised 28 percent of systems, up from 26 percent in 2023. In NHS Trusts, the research was less specific but still suggested between 10 – 50 percent of systems were legacy.
And, of course, patient data can be trapped in a range of legacy systems, from old PAS and EPRs, EDMS solutions, LIMS, RIS – the list seems endless. Due to lack of interoperability and integration, the only real way for clinicians to access this data would be to log in to each system, individually. And that’s assuming staff know which legacy systems contain the data they need; how to find and access those systems; and have the appropriate training and/or knowledge to use and interrogate those applications.
The reality (and from my personal experience) is that with the current, severe backlogs along with stretched resources, few – if any – will have time to go through this rigmarole. And, in my humble opinion, nor should they have to. Access to the right patient information, at the right time, should be a given. After all, context is everything when caring for a patient – especially for those with long-term, complex, chronic cases involving multiple morbidities. Having the full story of a patient’s care available to those that need it, when they need it, isn’t a luxury; it’s a safety requirement.
And it’s not just me standing on my soapbox. A news article in Digital Health, entitled “NHS trusts warned that ‘legacy debt’ could pose patient safety risk” published earlier this year flagged that NHS Trusts have been warned by Clinical Safety Officers that ‘legacy-debt’ poses a serious patient-safety risk. And the Financial Times provided a stark reminder of the impact of data and technology silos on the frontline in its article: “Operating in the Stone Age’: NHS staff’s daily struggle with outdated tech”. This harrowing but important piece brilliantly articulates a number of almost unfathomable scenarios that clinical staff have to endure when carrying out what you would expect to be routine tasks in delivering patient care. But the reality is that frontline staff are having to invent a series of inefficient and intricate workarounds for what seems like rudimentary activities. One point that really stood out for me was Dr Rosie Benneyworth, Head of the Health Services Safety Investigations Body, who stated that “lack of interoperability” of systems has led to errors in the mislabelling and misidentification of patient data; and delays in cancer diagnoses. Those are not IT inconveniences – they are patient-safety failures rooted in inaccessible data.
For me, the CNIO is well placed to drive the agenda to ensure patient data, especially information trapped in legacy systems, forms part of the longitudinal patient record. It is critical for patient safety that data flows where it’s needed, unimpeded by solvable technological barriers and data silos, whether within the confines of a Trust or beyond, such as across an ICS, clinical network, or nationally. That’s where leadership and advocacy from CNIOs can directly influence safer care delivery.
Taking Back Ownership Of Your Data
From my experience, one of the biggest challenges in digital transformation is avoiding vendor lock-in. Vendor lock-in happens when a healthcare organisation becomes so dependent on one technology supplier that it becomes difficult, costly, and risky to move to another system. And, often, the data in question is not readily available or accessible outside of the application that created it. In practice, this might mean that patient data, workflows, or integrations only work properly inside that supplier’s system. So, even if a better or cheaper solution comes along, switching would disrupt clinical services, risk data loss, or require expensive redevelopment – effectively “locking” the organisation in.
Imagine your hospital’s imaging data is stored in a system that only that vendor’s software can read. If you later choose a different image management system, you might find the data can’t easily be migrated – or that doing so requires months of specialist and potentially expensive work. The result… you’re tied to that vendor, even if that system no longer meets your needs.
Vendor lock-in is an issue we constantly hear about from our NHS customers – mostly in the context of frustrations around choice, flexibility, innovation and, of course, cost. But, I’d like to zone in on the impact vendor lock-in has on patient safety and clinical risk. When patient data is tied up in a proprietary system that doesn’t share information easily, staff can suffer from the inability to quickly access the full patient record. This is especially the case during transitions of care, or when a patient moves between health settings, e.g. from an acute Trust to a specialist, tertiary provider. And what happens to patients should one of these systems suffer from unplanned downtime, such as a cyberattack? Or from issues resulting from a new system implementation, as recently experienced by Nottingham University Hospitals NHS Trust who declared a ‘critical incident’ following the go-live of its new Nervecentre EPR, as reported in Digital Health last week?
Let’s face it – it is in the vendors’ commercial interests to keep their customers in a ‘closed environment’, where it is prohibitive for them to easily move away. But this is seldom in the interests of the NHS and, more importantly, the citizens it serves. When patient data becomes collateral in that dynamic, the consequences extend far beyond IT contracts.
Anything that leads to poor care decisions resulting from incomplete data needs to be examined. With the right care and attention, simple errors like missed allergies, the need for duplicate tests, or the administering of inappropriate treatments could all be avoided. In my view, the NHS must take ownership of its data – to ensure accessibility regardless of vendor. And CNIOs are in a good position to influence openness and transparency – ensuring vendors support healthcare data standards, and offer system interoperability. But, importantly, all of this must be predicated on the patient being at the heart of these decisions.
HealthStore®: Turning Data Strategy Into Patient Safety Practice
For me, this is where technology truly meets purpose. Throughout this blog, I’ve talked about how inaccessible or siloed data creates risks for patients and challenges for clinicians. BridgeHead’s Clinical Data Repository, HealthStore®, represents a way to close that gap – not as just another IT system, but as a means of giving clinicians the full picture they need to deliver safe, effective care.
At its heart, HealthStore® separates the data from the application that created it and the storage its sits on – essentially, freeing your patient data from the confines of legacy applications and bringing it together into a single, accessible view as part of the longitudinal patient record. When information from historical and live systems can be seen in one place, clinicians can make faster, more informed decisions with greater confidence and context. This not only improves clinical efficiency but also helps reduce the risk of avoidable harm linked to fragmented or missing data.
Equally important, HealthStore is vendor-neutral – meaning Trusts retain control and ownership of their data. This independence helps reduce the long-term risks associated with vendor lock-in and supports true interoperability, both within and beyond organisational boundaries. When patient data can move freely and securely across departments, Trusts, and Integrated Care Systems, it supports continuity of care and strengthens clinical collaboration.
For CNIOs, a Clinical Data Repository (CDR) platform offers a practical way to turn strategy into patient-safety practice. It underpins openness, accessibility, and resilience – the three pillars of safe digital transformation. But, most importantly, it keeps the focus where it belongs: on the patient, not the system.
A Rallying Cry For CNIOs – Keeping Patient Safety at the Heart of Digital Transformation
The real measure of a successful EPR implementation (or any other core healthcare application, for that matter) is not its go-live date, but whether clinicians trust, use, and rely on the system while maintaining seamless access to the complete patient record. Without visibility of all patient data, clinicians can find themselves working without vital context – forced into workarounds that undermine both efficiency and safety. By ensuring that both live and historical information remain accessible, CNIOs can help guarantee that clinical workflows stay uninterrupted and that the patient story is always available when it matters most.
Yet, too often, the perspectives of frontline clinicians, especially nurses, are underrepresented in digital transformation projects. Many systems are designed primarily around medical workflows, leaving nurses to adapt. The CNIO role bridges this gap – ensuring that the realities of frontline care are reflected in digital design, deployment, and improvement. With platforms like BridgeHead’s HealthStore®, nurses and clinicians can access a unified view of the patient record, supporting safer and more streamlined decision-making at every step.
The CNIO role has never been more vital. It’s about more than implementing new technology; it’s about ensuring that digital transformation directly improves care quality and reduces patient risk. Providing frontline teams with the data they need, when they need it, must be viewed as a patient-safety imperative, not simply an IT goal. Every CNIO has the opportunity to influence this – by actively advocating for open standards, challenging vendor lock-in, and championing data accessibility as a cornerstone of safe, modern care.
As healthcare continues to evolve, one guiding question should remain front of mind:
Are we empowering clinicians with the information they need to make the safest possible decisions for their patients?
If the answer is yes, digital transformation is doing its job. If not, it’s time to rethink.
By addressing the full data ecosystem – from legacy systems to live environments – CNIOs can lead the way toward a safer, more connected, and truly patient-centred NHS.
Maria Moors has over 20 years of experience in healthcare and health IT, combining clinical expertise with a strong background in healthcare technology. As Senior Account Manager at BridgeHead, Maria is working with organisations across the UK and Ireland to optimise their clinical data management strategies and drive digital transformation initiatives.
Maria began her career as an Accident & Emergency nurse, spending 11 years on the frontline of patient care. Before joining BridgeHead, Maria also worked for Philips, Hyland, and GE – specialising in Enterprise Imaging and healthcare informatics.
Maria lives in Berkshire with her husband and son. In her spare time, she enjoys walking her dogs, singing, and is the Welfare Officer for two local grassroots football clubs.
Are you ready to unify your data to provide clinicians with a complete patient history?
