NHS Outsourcing: Is It Safe?

43 Min Read

Laurence Vick - Enable Law

Laurence Vick, Enable Law Legal Director, acted for the families at the Bristol Royal Infirmary Public Inquiry which concluded with the Kennedy Report of 2001. A passionate patient safety advocate, Laurence campaigns for greater transparency and accessibility of surgical outcomes data.

In this article Laurence comments on the hazards of outsourcing by the NHS to often inadequately vetted private hospitals and shortcomings in the supervision and monitoring of outsourced contracts when in progress.

He covers in a separate article NHS Outsourcing: who foots the bill? the question of whether private providers are reimbursing the NHS for compensation the NHS has to pay to outsourced patients who have suffered injury as a result of negligent care and, taking this a stage further, why should we as taxpayers be expected to absorb the cost to the NHS of having to provide care for those patients who have been harmed in the private sector.


After more than a decade of dealing with cases where outsourced patients have suffered injury, it is difficult not to harbour anxieties over the safety issues of these arrangements in an increasingly fragmented public-private health service. A number of events that have emerged in recent months serve as a reminder of the sometimes uneasy relationship between the NHS and private sector. My focus is on patient safety but outsourcing raises many wider issues.

There have been failures in outsourcing on a number of levels: the private companies and the staff they employ are not always vetted as fully as they should be; contracts do not appear to receive an appropriate level of supervision and monitoring by commissioning NHS organisations, and there is a concern that local NHS management may not intervene swiftly enough when problems occur and are brought to their attention. I also found a gap when seeking to establish who has overall responsibility at the highest level for the safety of outsourced care.

As patients we need to know that any outsourced treatment we undergo is carried out to the same if not better standard than if performed in the NHS and that if we suffer avoidable harm we will be fairly compensated. In all probability the vast majority of treatment carried out in the private sector goes ahead without mishap but how can we be sure and how can this be tested? The sector will point to the high quality of private health care but, given the lower transparency requirements, how do we know that the treatment they provide is safe?

Whereas NHS hospitals treat all-comers including accident victims, the dangerously ill, the old and frail, people with multiple illnesses, children with rare diseases – on ever-reducing budgets – private hospitals carrying out outsourced work for the NHS perform treatment that lends itself to packaged care that can be delivered at a predictable cost. One criticism of outsourcing is that the private sector can ‘cherry pick’ the most profitable forms of treatment. The sector will tend to take only low-risk patients undergoing a limited range of elective surgery; in theory a production line for uncomplicated procedures. This should present no difficulty for surgeons and their teams but problems do occur. There should be few if any complications, so the 50% complication rate – attributed to not one but to a ‘constellation’ of failures – only four days in to the ill-fated outsourcing contract for cataract procedures carried out by Vanguard Health in 2014 for the Musgrove NHS Trust in Taunton was particularly alarming. There were many lessons to be learned from this contract and I cover this and the subsequent Health Committee investigation in detail.

A lack of transparency and a culture of secrecy often seems to prevail when the private sector is involved in NHS contracts. I have referred to the recent Google DeepMind/Royal Free NHS data sharing contract to illustrate this culture when the NHS outsources data as well as clinical care. Given the obvious confidentiality issues surrounding this potentially huge haul of NHS patient data it was surprising that the parties ever felt that they could keep the terms of the contract under wraps. As taxpayers and NHS patients, shouldn’t we have the right to investigate the terms and details of contracts made with private operators and how they are to be monitored and supervised?

The impression is that the private sector shows a reluctance to participate in open joint investigations with the NHS when problems have occurred. This should surely be an automatic requirement so that information can be shared, standards and outcomes in the NHS and private sector compared and lessons learned.

A fundamental problem is that private operators are not subject to the Freedom of Information Act. If private providers are to do business with the NHS, it seems only reasonable that they should be required to face the probe of FOI requests and adhere to the standards of openness and transparency we are increasingly seeing in the NHS.

The NHS is far from perfect and still has a long way to go in many areas, but significant progress has been made. We won’t see the culture we have moved towards in the NHS if private providers, with obligations to shareholders as well as patients, are able to hide behind commercial confidentiality. Private hospitals have been successful in resisting publication of information which would allow their outcomes to be analysed and compared with NHS hospitals. Given that there should be a level playing field when contracts are awarded, is it right that private providers may be gaining unfair advantage over NHS bodies if they are allowed to hide behind commercial confidentiality?

The clinical governance structures in NHS hospitals seem to be lacking in the private sector. This has been highlighted by the Ian Paterson case. Alarmingly, before the recent agreement to settle claims arising from Paterson’s private cases, it was reported that Spire were suing the local NHS Trust in Solihull where he carried out his NHS operations for failing to warn them of his dangerous practices. The Paterson scandal inevitably looms large over the private healthcare sector and the implications for outsourcing to private providers. Failures in private healthcare are relevant because they involve the same hospitals to which the NHS is outsourcing their services. Spire, BMI and other private providers carry out a significant amount of work for the NHS. Spire’s NHS referrals account for almost a third of its £926m annual revenues

Unless the shortcomings I have identified in outsourcing to the private sector are addressed we risk losing the key advances that have been made in the law relating to consent before treatment and the duty of candour after treatment has been carried out. Although there may be a tendency for NHS providers to comply with the wording rather than the intended wider spirit of the duty, the introduction of the statutory duty of candour which applies to public and private providers was seen as the biggest breakthrough in patient safety and patient rights in modern times. The concern where NHS care has been outsourced is that the private provider may thwart the commissioning NHS body in complying fully with the duty imposed on them. Why should we be expected to forego these advances and protections in order to facilitate the increasing involvement of private health companies in our healthcare?

With more than half the private hospitals in the UK owned by overseas companies it can be difficult to establish their financial stability. The concern is that the NHS and patients can be left in the lurch if a private operator carrying out NHS work goes bust or its parent company withdraws support. Hinchingbrooke hospital was placed into special measures in 2014 after a CQC report revealed a catalogue of serious failings including staff shortages at the privately run hospital which the report concluded put patients in danger. Circle Health had been the first private company to operate a full-service NHS hospital but pulled out less than a third of the way through their 10 year contract after the CQC findings, saying that the project was no longer viable and they were unable to run the hospital on a sustainable basis. The CQC found that oversight of the contract was inadequate and tax-payers were left ‘exposed’ by the decision to allow Circle to run the hospital. Circle had previously been feted as a shining example of the benefits and know-how that a private operator can bring to the NHS.

So are we sliding into full-scale privatisation of our healthcare as many fear? After Circle’s unhappy experience with Hinchingbrooke there must be a doubt over the private sector’s appetite for taking over and accepting the operating risk and indemnity cost of running a full-service hospital, or a maternity unit or A & E department.

The growth of NHS outsourcing

With the NHS facing a reported £22bn funding shortfall and June 2017’s NHS England figures indicating that over 4 million patients are waiting for non-urgent treatment, there is concern that the current level of service and standard of care is unsustainable without a massive injection of cash. There is scepticism as to whether the sustainability and transformation plans (STPs) announced in December 2015 will succeed in resolving these problems and reducing this unprecedented deficit, and there are fears that we will ultimately lose our NHS to the private sector. An increase in outsourcing of specific elective treatment and services by the NHS to private providers seems inevitable.

The extent of the outsourcing of care by the NHS to the private sector was in the news in August after Professor Stephen Hawking’s criticism of the government over funding cuts and what he sees as a deliberate weakening the NHS through privatisation. Private firms have gained such a large role in treating NHS patients, Hawking argues, that the government is allowing the founding principles of the NHS to be undermined, opening the door to the Americanisation of care. Jeremy Hunt sought to defend the government’s record and responded that no more than 8% of NHS funding goes to the private sector.

The number of surgical procedures carried out on NHS patients in the private sector has risen steeply in recent years, from 350,000 in 2012 to 530,000 last year. Department of Health accounts published in July 2016 gave a figure of £8.7bn for the amount paid by the NHS to the private sector for services over the year 2015/16, equivalent to 7.6% of the DoH’s total budget (10.7% with the inclusion of all non-NHS providers). £8.7bn represented a doubling of the £4.1bn paid to private providers in 2009/2010. These global figures do not give the whole picture though: between 2011/12 and 2012/13 community health services saw increases in purchases of private care while spending in acute care fell between 2010/11 and 2012/13.

More than a third of the UK’s 160,000 hip and knee operations annually are now being carried out in private hospitals at a reported cost to the taxpayer of around £6,000 each. These and cataract and other ophthalmic procedures are regarded as suitable candidates for outsourcing. In recent years there has also been gradual outsourcing of radiology, pathology and sexual health as well IT services.

The Health Foundation think-tank reported in March 2017 that 1 in every £8 of local commissioners’ budgets was being spent on care provided by non-NHS bodies; £900m of the funds promised before the 2015 general election had been spent on purchasing care from independent and other non-NHS providers – compared with £800m spent on the same treatments from NHS trusts. The Health Foundation analysis, conducted for the Financial Times, concluded that NHS providers lack capacity to deal with rising demand. In their response to the report the DoH argued that the independent sector makes a valuable contribution to helping the NHS meet demand; the NHS, they said, now spent less than eight pence in every pound on outsourcing to private providers and the service is still free at the point of use. The private sector also defended this expenditure. Howard Freeman, clinical director of the NHS Partners Network, which represents non-NHS providers, said the private sector had played “a key role in providing extra capacity during times of huge service pressures.”

Against this background, coupled with an increase in rationing of NHS services and the pressure to secure cost savings in the procurement of ancillary services, the private sector has inevitably seen this as a perfect opportunity to step in. With Labour promising to ‘reverse privatisation’ in their manifesto, though, the private sector may feel it is vulnerable to changes in government health policy and some commentators think we may see a downturn in outsourcing. In the wake of the news that Spire were to pay out £27.2m to Paterson’s 750 private surgery victims, Spire’s shares fell by 28% and the company has warned that a decline in NHS activity was likely to hit profits.

There are fears that an ill-considered post-Brexit UK-USA trade deal on the lines of the controversial EU-TTIP treaties, with secretive ‘one-way’ courts making it difficult to challenge the tendering process, would allow American health companies to pitch for health contracts and take a share of the NHS. The STP plans for the NHS will create 44 regions across England, each to be run as an ACO (Accountable Care Organisation) – a variant of the Health Maintenance Organisation in the USA – in which all services are provided in a network of hospitals and clinics run by powerful privately owned HMO companies. These contracts could potentially go out to international tender.

Ian Paterson

The case of breast surgeon Ian Paterson, now serving 20 years in prison on counts of causing grievous bodily harm and wounding with intent after performing unnecessary radical mastectomies and ‘cleavage-sparing’ mastectomies which increased the risk of cancer returning, has highlighted multiple failures of governance and patient care at all levels in the NHS and private sector. He was allowed to continue his dangerous practices in the NHS and in the private sector where he worked at BUPA hospitals from 1993 and at two Spire hospitals from 2007 onwards. Although nearly a quarter of Spire’s activity at their Solihull Parkway and Little Aston hospitals is funded by the NHS, none of Paterson’s surgery appears to have been outsourced by the NHS. There are nevertheless concerns over the relationship between private hospitals and the NHS.

The recent reports, referred to earlier, that Spire were suing the NHS Trust which employed Paterson for not warning them of his dangerous practices seemed extraordinary. Spire were allowing Paterson to operate on their private patients but relying on the NHS to vet his competence and warn them of concerns over his treatment: a damaging position for a private health care provider to adopt, highlighting shortcomings in clinical governance.

Whereas NHS Resolution, formerly the NHSLA, which covers the liabilities of NHS hospitals, has paid out £17 million to compensate Paterson’s NHS victims, his private patients faced many obstacles in seeking justice. The contract for undertaking an entirely private operation in the private sector with no element of outsourcing is between the patient and the surgeon, with a separate contract between the patient and the hospital for the use of the hospital’s facilities and services. Until the recent settlement, his private patients were unable to recover compensation from Paterson personally and his professional indemnity insurers refused to meet claims on his behalf. Spire refused to accept responsibility for compensating his private patients, relying on the more limited role of the private hospital in line with the traditional formulation of the private hospital/surgeon/patient relationship. The liability position of private hospitals would have faced a severe testing at the trial listed for hearing later this year but Spire bowed to the inevitable and agreed to pay £27.2m into a fund to compensate 750 of Paterson’s private patients, equivalent to £49,600 per patient. A further £10m is to be provided by Paterson’s insurers and his former NHS Trust. Neither the NHS nor Spire have actually admitted liability.

Quoted on the 16 October 2017 BBC Panorama investigation into private health after the Paterson scandal, Royal College of Surgeons president Derek Alderson commented that private hospitals are not reporting enough data on patient outcomes. This meant that the private sector ‘cannot be as robust or as safe as the NHS.’ As Mr Alderson put it ‘We don’t know exactly what’s going on in the private sector… It cannot be as robust or as safe as the NHS at the moment for the simple reason that you do not have complete reporting of all patients who are treated… It’s not good enough. Things have to change’

Brian O’Connor of the Independent Doctors Federation which represents 1,200 private doctors said: ‘It’s up to private hospitals to raise their game and to show the data and the excellence of care, because there is nothing for them to hide. Those private hospitals which don’t have the data and are not transparent should be closed or not be allowed to conduct complex medical procedures.’
The RCS had previously called for a review of safety standards and transparency in the private sector after it emerged that Paterson was allowed to continue working as a surgeon for more than a decade despite concerns being raised about his practices. They recommended that private hospitals must be required to participate in clinical audits as a condition of registration by the CQC and should be forced to report similar patient safety data including ‘ never events,’ unexpected deaths and serious injuries is required of NHS hospitals.

If private hospitals can continue to escape legal liability for the actions of doctors working in their premises and who are using their equipment and working alongside their staff, the concern is that they have come to regard themselves as untouchable and lack the incentive to monitor the activities going on in their hospitals. As private companies involved in outsourced NHS care often employ NHS doctors, surely they should not be able to argue – as appears to have been Spire’s reported intention – that it is the sole responsibility of the NHS to vet those doctors.
It is crucial that the private sector should be accountable for the treatment carried out in their hospitals and the NHS should not be out of pocket as a result of their failures.


The NHS does not have a good track record when it comes to their treatment of whistleblowers but it is likely they are made to feel even less welcome in the private sector. It is hard to imagine there won’t have been employees at Spire who attempted to raise concerns over Paterson’s practices. Little seems to be known of how whistleblowers who raise concerns over outsourced contracts, would be treated.

Virgin Care took over a £700 million public health and social care services contract with Bath & North East Somerset Council and Bath and North East Somerset Clinical Commissioning Group in April 2017. According to reports in the Bath Chronicle, the first 100 days of the contract were reported to have been dogged by IT issues. Concerned in case the problems were affecting the safety of their services, a number of managers contacted the CQC as they were legally obliged to do. Virgin Care were reported to have intervened, asking staff to “hold off from submitting statutory notifications” and instead they should leave it to the company to provide a “consistent and comprehensive report” to the CQC. Staff were assured it was not an attempt to prevent “whistleblowing” but to avoid duplication as the issues were affecting a number of services. Virgin Care said it worked as an organisation with the CQC across all services in a coordinated approach and through a single point of contact as soon as issues were identified.

Is NHS outsourcing safe?

How do we know it’s safe?

Numbers of patients have been harmed following failed treatment carried out under NHS outsourcing arrangements. Leaving aside political considerations over private sector involvement in the NHS, these contracts raise serious concerns over the adequacy of vetting of the private providers the NHS is contracting with and how those contracts are then supervised and monitored and complications dealt with.

The ISTC programme and Netcare

My own involvement in handling failed outsourcing cases goes back to the Netcare ISTC (Independent Sector Treatment Centre) contracts of 2006, and is a stark reminder that the marketisation of the NHS, which has spanned successive Parliaments, has thrown up lessons that should have been heeded a decade ago.

The declared aim of the now defunct ISTC programme introduced after the NHS Plan of 2000 was to provide healthcare to NHS patients through privately owned and operated centres to increase capacity and drive down NHS waiting lists for routine elective surgery such as cataract removal, hip surgery and diagnostic tests. A Wave 1 ISTC contract to provide orthopaedic and cataract operations was negotiated by Hampshire and Isle of Wight Strategic Health Authority with the South African healthcare provider Netcare, which flew in surgeons and nursing staff from South Africa to carry out operations at the Haslar Hospital, Portsmouth.

One of our clients, a patient of Plymouth’s Derriford NHS Hospital, underwent a hip replacement at the Haslar under this ISTC initiative. The hip surgery failed and during the procedure she suffered a severe burn on the leg from the diathermy wand used to cauterise blood vessels. She was left in the invidious position of having to wait while her local NHS hospital argued with Netcare over responsibility for her care. Derriford argued that clinical as well as legal responsibility for her care had effectively been transferred to Netcare. This impasse was resolved by Derriford accepting responsibility for the treatment of the burn injury. They also arranged for the hip surgery to be re-done by a leading orthopaedic surgeon at a local private hospital. On the morning of the revision procedure, however, our client faced the private clinic’s receptionist demanding to know who would be paying for the operation. This was resolved with the NHS Trust picking up the bill; the revision surgery went ahead at no cost to our client, but not without a great deal of distress. We never discovered if the NHS recovered these costs or the damages paid to our client from Netcare but the suspicion was that they did not.

The report commissioned by the Strategic Health Authority into these failures in 2006 identified a range of shortcomings: inadequate vetting of the medical and surgical staff employed by Netcare; inadequate liaison, and often tension, between Netcare and local NHS personnel when addressing surgical complications and inadequate monitoring of the contract when in progress. The report also cited Netcare staff’s lack of familiarity with UK surgical techniques and equipment, an unintended consequence of the prohibition on Wave 1 ISTC providers recruiting staff who had worked for the NHS in the previous six months.

I submitted evidence of the Netcare failures and the obvious safety issues to the Commons Health Select Committee as part of their investigation into ISTCs in 2006. Their review revealed concerns over regulation and monitoring of quality of care demonstrated by ISTCs and included the recommendation that all organisations providing services to patients, public or private, must be regulated with the CQC. Our involvement in the Netcare cases we handled was referred to in Colin Leys and Stewart Player’s 2008 book ‘Confuse and Conceal: the NHS and Independent Sector Treatment Centres’
We hoped that lessons would have been learned from the Netcare ISTC experience but ten years later, in 2016, I provided evidence of the failed Musgrove/Vanguard outsourcing contract to the Commons Health Committee.

The Musgrove/Vanguard contract

Taunton and Somerset NHS Foundation Trust set up an outsourcing arrangement in May 2014 by which Vanguard Healthcare Limited was to carry out cataract operations in their mobile units at Musgrove Park hospital. The contract was reported to be worth £320,000, covering over 400 operations at a rate of 20 a day – at least six more than NHS consultants at Musgrove would routinely carry out each day. Those patients were otherwise at risk of waiting more than the NHS target time of 18 weeks. After only 4 days the contract had to be terminated by Musgrove after an astonishing 31 of the 62 patients treated suffered complications. The already over-burdened (highly regarded) NHS ophthalmic staff had raised concerns over the large number of patients they were having to treat after they had come to emergency eye services with post-operative complications. One of our clients, elderly like most of those affected, also suffering from dementia, was left blind in one eye.

The failure of the Musgrove/Vanguard contract is a classic example of all that can go wrong when the NHS outsources treatment to private contractors. I have chosen Musgrove not to single out Musgrove but because it illustrates the problems that can arise when the NHS outsources to the private sector. Musgrove were not alone in having to confront a failed outsourcing initiative. At about the same time in Devon, 19 outsourced NHS patients had to have the outcome of their cataract surgery reviewed, after problems emerged only a day into a contract between South Devon Healthcare NHS Foundation Trust, which runs Torbay Hospital, and Ramsay Healthcare’s private Mount Stuart hospital in Torquay.
To their credit, the Musgrove NHS Trust promptly announced that that they would commission a full internal report investigating the failings that had occurred and ‘Any financial responsibility would rest with us. If any patients wish to pursue compensation, we would work with them.’ The impression was that Musgrove wanted to get a report out as swiftly as possible. After a significant delay this report was eventually circulated to patients with a veiled threat of a possible injunction if it was published. Publication only took place after the report was leaked to the BBC.

The report established that there had been no single clear cause for the ‘constellation’ of failures that had occurred over the very short life of the contract. Two patients suffered burns, six lost pigment in their irises and four were left with microscopic shards of metal in their eyes. The report also exposed a complex chain of sub-contracting whereby three companies provided various elements of the outsourced service: Vanguard as moan contractor, The Practice PLC supplying the surgeons and Kestrel Ltd the equipment.

For details of specific failures and concerns identified, please click here.

The report also said that the “particular combination of staff, equipment and facilities had not been brought together before” and that staff had not had enough time for “on-site training” before patients began arriving on the first day. “Clearer escalation processes” could have led to an earlier decision to halt operations.

Complication rates in cataract procedures are generally less than 5%, so a 50% rate after only four days raised questions over the monitoring of the contract and when the first alarm bells began to ring.  It emerged that the excellent but obviously over-stretched ophthalmic NHS staff at Musgrove had raised concerns from the outset. We gained the impression of an argument behind the scenes over responsibility for these failures and a reluctance on the part of Vanguard, or possibly the sub-contractors, to participate in or agree to the publication of the NHS investigation. There was even a suggestion that the report would expose the Trust to an action for defamation. We believed that the threat of legal action if the report was released to the press may have come from one of the private contractors. Kestrel later claimed never to have had access to the report at all.

Vanguard acknowledged in media statements that there were lessons to be learned “by all parties”. The Practice said the two surgeons involved were experienced NHS consultant ophthalmologists with nearly 8,000 procedures between them.

Further details only emerged when the Trust responded to our FOI request.  We asked the Trust if their report had been officially published and why there had apparently been a threat of legal action if the report was circulated to the press.   The Trust said they had been advised that the report could only be shared with ‘patients, a core group of staff directly involved in the matter and key stakeholders’. They said this decision had been made to protect the hospital against a number of potential legal claims:  ‘In sharing a report with these groups we informed them that the report is strictly confidential and not to be disclosed to anyone else.’ They added that the report had been shared with Vanguard for them to comment on matters of ‘factual inaccuracy or concern’.

We asked the Trust to disclose documentation evidencing the vetting of Vanguard and The Practice, including data and outcomes from previous outsourcing contracts between the Trust and those companies. We were told that this information was ‘commercially sensitive’ and therefore would not be disclosed.  In response to the enquiry as to the type of implant and the supplier used by Vanguard and/or The Practice under the contract we were told that this question should be directed to Vanguard as the ‘contracted organisation’.

The CQC report on Vanguard published in September 2013 – before this contract was negotiated – had revealed what in hindsight was a lightweight consideration of safety issues.  The CQC, then relatively new to the private hospital sector, acknowledged that it had been unable to inspect any patient records because Vanguard operated from mobile units. Unless they had previously enjoyed a successful partnership this would not suggest a level of scrutiny that would support the accuracy of Musgrove’s assurances that Vanguard enjoyed an unblemished track record.

The RNIB expressed concern in press reports on the Musgrove-Vanguard contract over the wider issue of whether NHS ophthalmic safety guidelines, to which they contributed with the Royal College of Ophthalmologists in 2011, were being adhered to when cataract treatment is outsourced. This remains a concern as ophthalmic procedures are increasingly subject to rationing by the NHS and outsourcing to the private sector.

The investigation carried out by Musgrove as the commissioning NHS Trust into the reasons why the Vanguard contract failed so badly and the reluctance to allow its findings to be published raised concerns over the lack of transparency. Private sector involvement seems invariably to lead to delays in the public learning about medical failures. The conflicting duties of a private health company to deliver not only safe care to patients but also a profit to it’s shareholders and the tendency of the private sector to rely on ‘commercial sensitivity’ to avoid disclosing behind-the-scenes information represents a fundamental problem of outsourcing to the private sector.  The complexity of NHS contracts with the private sector combined with this lack of transparency means effective oversight can be difficult.  Vanguard had entered into sub-contracts with The Practice and Kestrel but we couldn’t establish whether these companies had been vetted and the sub-contracting arrangement approved by Musgrove.

Musgrove seemed keen to give full and frank answers to their patients but the problem may have been that Vanguard and their sub-contractors had not provided Musgrove with a firm commitment to participate fully and promptly in any investigation should problems occur.

The Health Select Committe

Our clients were far from happy with the responses we had received on their behalf and I submitted their concerns to the Health Select Committee chaired by Dr Sarah Wollaston MP in March 2016.

It was encouraging that Dr Wollaston took on board the wider issues and lessons to be learned from the failures of this contract and raised our concerns over patient safety and indemnity at the highest level. She wrote to and received detailed replies from Jeremy Hunt Secretary of State at the Department of Health, Simon Stevens Chief Executive of NHS England and David Behan Chief Executive of the Care Quality Commission.

The correspondence was published on the Commons Health website on 13 August 2016 ‘Responsibility for subcontracted services & detection of system-wide safety/quality issues’ to see this letter click here

The responses received by the Health Committee reveal a confusing picture with potentially dangerous gaps in the vetting of providers and monitoring of contracts when in progress. The position as to the overall high-level responsibility for outsourcing by the NHS remained far from clear. Despite the assurances she received Dr Wollaston remained concerned as to the lack of defined responsibility for vetting of contractors and monitoring and identifying systemic issues which may arise when the NHS outsources or sub-contracts services:  she referred to this as the need to ‘join the dots.’ Jeremy Hunt and NHS England Chief Executive Simon Stevens suggested that responsibility for identifying any ‘systemic problems’ under outsourcing and subcontracting arrangements lay with the CQC.  In his response to Dr Wollaston, CQC Chief Executive David Behan, however, was emphatic that this did not fall within the responsibility of his organisation.

The correspondence also suggests there is uncertainty over indemnity and the suspicion remains that the NHS continues to pick up the bill for failures of outsourced contracts. I will cover this in detail in Part 2 of this article: NHS Outsourcing: who foots the bill? (coming soon).

Transparency and Reporting

As mentioned earlier, the private sector is beyond the reach of an FOI request and often shows a reluctance verging on disdain for scrutiny and transparency.

Reliance on ‘commercial confidentiality’ to justify refusing to disclose information makes it hard to see if privatised services conform to national guidelines.

The availability and quality of data in the NHS is far from perfect, with the continuing reliance on 30 day mortality rates as virtually the only measure of performance. It is difficult enough to establish the results of an NHS unit including its readmission and (non-fatal) post-operative complication rates, to enable a patient to make a choice between different NHS hospitals but in the private sector this can be even more difficult.  Private hospitals do not face the same reporting requirements as NHS hospitals and there has been no requirement in the private sector to publish audited data on clinical performance.

Google DeepMind Streams app and the ‘commercial sensitivity’ FOI defence

The 5 year contract between London’s Royal Free NHS Foundation Trust and Google’s DeepMind artificial intelligence healthcare arm to share NHS patient data is an example of a private organisation contracting with the NHS and the difficult confidentiality issues that can arise. This debacle did little to allay concerns over confidentiality and sharing and integration of data between the NHS and the private sector which could have potential implications for outsourcing of care.

The arrangement between the two parties was aimed at developing Google Deep Mind’s Streams smartphone app, intended to help monitor NHS patients with or at risk of acute kidney disease. The Royal Free stressed that a quarter of deaths from acute kidney injuries are preventable if clinicians are able to intervene earlier and more effectively. This initiative could therefore have significant benefits for patients but those patients need to know that their data will be secure and cannot be sold to a private operator or used inappropriately.

The Royal Free-DeepMind deal first became public in February 2016 and caused controversy over the amount of patient information apparently being shared without public consultation. When Business Insider UK technology reporter Sam Shead made an FOI request for disclosure of the terms of the contract and how much the Royal Free was paying DeepMind to access its Streams app the NHS Trust relied on ‘commercial sensitivity’ and refused to comply.

Under section 43 (2) of the FOI Act information is exempt information if its disclosure under the Act would, or be likely to, prejudice the commercial interests of any person (including the public body holding it).  Balancing the competing interests for and against disclosure in accordance with the Information Commissioner’s guidance, the Royal Free refused to disclose on the basis that enabling DeepMind’s competitors to obtain commercially sensitive information would be likely to prejudice the commercial interests of the Trust or DeepMind as a ‘third party.’

Medical records which could personally identify approximately 1.6 million patients were reported to have been provided to Google’s DeepMind division during the early stages of the app test last year. The consent issues are complex.  Under common law, patients are deemed to have given implied consent to their information being shared if shared for the purpose of ‘direct’ clinical care. Otherwise patients must give their express written consent.

While for the Royal Free kidney patients treated via the app, direct care would be provided by the clinicians treating them, the argument was different in the case of patients who had no history and had not been diagnosed as having kidney problems. Their details would not appear in the app but their records would nonetheless be shared with the company.  It was contended by the two parties that these confidential medical records were to be shared with the company through implied rather than direct consent.

Dame Fiona Caldicott, the National Data Guardian at the Department of Health, investigated the contract and was quoted  as saying that Google DeepMind had received this data on an “inappropriate legal basis:”  the purpose of transferring the 1.6 million identifiable patient records to Google DeepMind was for the testing of the Streams app and not for the provision of direct care to patients. She ruled that implied consent was not sufficient.

The deal was referred to the Information Commissioner’s Office (ICO) which found in July 2017 that the data sharing deal failed to comply with data protection law; the hospital had not done enough to protect the privacy of patients; patients had not been notified correctly about how their data was to be used.


Both parties issued statements. The Royal Free accepted the ICO’s findings and confirmed they had made progress to address the areas of concern.  Dominic King, DeepMind’s clinical lead on health, and Mustafa Suleyman, DeepMind’s co-founder welcomed the “thoughtful resolution” of the case and acknowledged that they had “underestimated the complexity of the NHS and of the rules around patient data, as well as the potential fears about a well-known tech company working in health.” They were creating a public engagement strategy to be more transparent, and establishing an independent review panel.

Ironically it was reported on 23 June 2017 that a deal had been struck between Google DeepMind and the Musgrove NHS Trust to predict serious health issues including kidney failure.

Fawkham Manor BMI hospital

In her 29 January 2017 report for the  Bureau of Investigative Journalism on the concerns over consultant orthopaedic surgeon Mohammed Suhaib Sait’s treatment of patients at the private Fawkham Manor BMI hospital, Melanie Newman noted the current lack a national system for monitoring the care provided to NHS patients treated in the private sector. Regional NHS Clinical Commissioning Groups (CCGs) are responsible for handing out and overseeing contracts, but a senior NHS source quoted in the TBIJ article said that these bodies are overstretched and unable to carry out adequate checks.  ‘NHS commissioners are funding these treatments but don’t know which patients have had what done’ said another source: ‘They get a bill for a list of services and they pay it.’ He claimed that detailed audits were rarely carried out. Nearly half of the patients treated by BMI in their hospitals are NHS referrals.

The BMA 2016 report

In their report ‘Privatisation and independent sector provision of NHS healthcare’ published on 30 June 2016 the BMA found that private hospitals are often ill-equipped to deal with surgical complications; an estimated 6,000 patients each year required NHS care after failed treatment at private hospitals and clinics, with around half of that number classed as emergency cases requiring admission to NHS A&E departments. We don’t know the reasons for these admissions which makes it difficult to measure the cost to the NHS of treating these complications.

The BMA report suggested that the private sector relies on the NHS as a ‘safety net’ if things go wrong.  Many private hospitals lack intensive care beds and there is a fear that some/many lack experienced, expert medical cover when things go wrong.  Establishing the facilities at private hospitals where outsourced treatment is to be performed is not easy but clearly this should be part of the NHS’s vetting process.

It would be difficult to argue with the recommendations in the BMA report. Private providers should be held to the same safety and quality standards as NHS providers, as well as an obligation for transparent reporting, publication of data and learning from patient safety incidents. The Health and Social Care Information Centre (HSCIC) should be responsible for making performance data available for both independent sector and NHS providers. The requirements for all providers of NHS services to publish Quality Accounts should be properly enforced for independent sector providers and those accounts should be externally audited rather than just those of NHS providers. Finally, all providers of NHS services should fall under the jurisdiction of the PHSO Health Service Ombudsman and be subject to the Freedom of Information Act.


FOI in the private sector

Information Commissioner Elizabeth Denham who oversees FOI and data protection in the UK confirmed in an interview in July 2016 that she is seeking to improve the transparency of public services delivered by private companies.  “Private contractors above a certain threshold for a contract or doing some specific types of work could be included under the FOI Act. The government could do more to include private bodies that are basically doing work on behalf of the public.” This would be a welcome reform.



In an era of increased patient autonomy, outsourcing the care of an NHS patient to a private provider also raises important consent issues. In circumstances where the patient may not know who is going to be operating on him or the level of his experience and the extent of the care available, and how complications are dealt with, important questions of patient consent arise. Following the 2015 Supreme Court ruling in Montgomery v Lanarkshire Health it is a doctor’s duty to take reasonable care to ensure that a patient is aware of material risks inherent in treatment, and of reasonable alternatives. Patients are entitled to receive any information that they may reasonably find significant.  In order fully to advise, the doctor must engage in a dialogue with the patient, ensuring that the risks and complications are explained fully and genuinely understood in advance of surgery.  Failing this, consent given before a medical procedure may be rendered void.

So how does this translate to treatment that is outsourced by the NHS?  Clearly patients would have to be informed if legal responsibility for their care has actually transferred from the NHS to a private provider.  Derriford NHS hospital in Plymouth may have been under the impression that they had effectively passed on their legal responsibility for the lady who suffered a diathermy burn undergoing hip surgery by Netcare at Haslar hospital under the ISTC scheme 10 years ago but this was not, and will not be, the case where the patient remains an NHS patient whose care has simply been outsourced to a private provider.

This raises the question: how can an outsourced NHS patient be expected to give a valid consent if he is not informed of who is going to carry out operation – but one performed by an NHS surgeon whose record and complication rates can be established – and on the other, a fast-tracked outsourced procedure carried out by a surgeon who may not have been vetted by the NHS Trust or CCG that has outsourced the treatment or by the private provider employing him or sub-contracting his services. Details of the contract and how the private provider will be vetted and the contract monitored should certainly form part of the commissioning NHS organisation’s obligation to provide patients with a full explanation.

In their 2016 report the BMA found that some private hospitals still lack intensive care facilities. The CHPI thinktank reported in 2011 that five of the 17 private hospitals providing in-patient care in central London had no ‘critical care’ beds. More recently in their 20 October 2017 report ‘No Safety Without Liability: Reforming Private Hospitals in England after the Ian Paterson Scandal’ the CHPI found that little had changed since their earlier reports. There were a number of systemic patient safety risks specific to the private hospital sector; some junior doctors in private hospitals were left in charge of up to 96 beds and working weekly shifts of 168 hours; surgeons were often absent after carrying out surgery and not on site to deal with any complications. The absence of intensive care facilities in many private hospitals remains a concern.

Quite apart from the safety issues and the question of whether the NHS should be outsourcing to hospitals lacking what would seem to be essential facilities, surely in the interests of transparency patients should be warned about these shortcomings so they can make an informed choice and give a valid consent?

his treatment, his or her past experience, and the checks that have been made as to the track record of the surgeon or clinic?  A patient may be put in the invidious position of having to choose between what on the one hand could be a delayed NHS


The duty of candour

The duty of candour introduced in 2014 for the NHS and in 2015 for all healthcare providers imposed a duty to provide notification of a patient safety incident – a ‘notifiable event’ – which has or which could (in the future) give rise to specific, defined types of harm. This duty falls on the NHS or private sector provider rather than the individual doctor. Failure to comply is a criminal offence punishable by a fine of up to £2500 and may result in the CQC revoking the provider’s registration.

How does this operate when a patient’s treatment has been outsourced? Who has the obligation to inform patients if their treatment has gone wrong and what information must they provide?  The duty of candour and the extent of the information given to patients after treatment has taken place has not caught up with the law on consent and the impression from the guidance that has been issued within the NHS and private sector is that compliance has become a box ticking exercise, with the use of template letters often providing formulaic responses. The ‘apologise but don’t admit liability or acknowledge fault’ mantra on which much of the guidance seems to be based may comply with the wording but hardly reflects the spirit of the duty or the expectations of patients and their families who expect a full explanation of what has gone wrong and why.

It is important that when NHS care is outsourced, the responsibility to comply with the duty of candour should be clarified from the outset. There are implications of the relationship between a doctor and his employers and his conflicting duties to both patient and employer, whether an NHS Trust or private provider, which can thwart the compliance with the duty of candour. Individual doctors have a duty to do no harm to their patients. Has a doctor fulfilled his duty to the patient if he fails to warn him before treatment, or to explain after treatment has taken place, that there have been concerns over the competence of his colleagues or the resources or facilities available at his hospital or clinic or the numbers of suitably experienced staff – all of which may have played a part in the adverse outcome?

The ‘insurance factor’ and the fact that private companies have duties to their shareholders may be an obstacle to a genuine compliance with the duty of candour. Will a private provider’s insurers be happy for their insured hospital or clinic to explain the full reasons why an operation may have failed?  Paterson’s NHS and private operations pre-dated the introduction of the duty of candour but it would be interesting to know what patients could expect from the duty of candour if they had taken place today.


The CMA and PHIN

The UK’s competition regulator the Competition & Markets Authority (CMA) identified a lack of transparency for consumers in private healthcare in their 2014 investigation of the private healthcare market.  In response PHIN, the Private Healthcare Information Network, aims to publish performance measures over a range of medical procedures to improve the information available to patients who are considering private healthcare services. Their ambition is to bring standards of data quality and transparency in line with those in the NHS. Their data is currently limited to private hospitals rather than clinicians. Initially they adopted the NHS Friends and Family test to measure patient satisfaction.  PHIN, which is funded by the private sector, estimates that the information they publish covers over 80% of privately funded healthcare in the UK.

Over 500 hospitals that treat patients privately, both independent hospitals and NHS private units, were required by the CMA from September 2016 to submit data each quarter to enable PHIN to publish specified performance measures from 30 April 2017. Data covering mortality and infection rates, readmissions and adverse incidents and data for individual doctors will follow in 2018.

The CMA, however, has had to remind providers that submitting this information is a legal requirement. On 31 August 2017 the CMA were reported to have commenced formal action against seven NHS trusts that had failed to make sufficient progress to meet the deadline to enable PHIN to publish the required information on the quality of their private healthcare services.



Regardless of the political considerations and fears over what is seen as the increasing privatisation of the NHS, it is imperative that patient safety remains paramount. Outsourcing to the private sector may be inevitable as the NHS confronts its many challenges but the standard of care must be equal to, if not better than, that which patients can expect to receive in the NHS. Outsourcing can only be sustainable if contracts are monitored, and private providers to the NHS properly vetted and held to account for their errors. If the private sector wishes to work with the NHS it should face the same level of scrutiny and meet the same standards of transparency and disclosure as the NHS and should be subject to accepting the probe of FOI requests.

With the NHS currently struggling to cope, there is concern as to whether CCGs and Trusts have sufficient resources to enable them to oversee these contracts. The necessary checks and balances do not seem to be in place to prevent a repeat of the kind of fiasco we saw with Vanguard at Musgrove and, 10 years earlier, the ISTC Netcare failures at Haslar Hospital. Lines of accountability where services are outsourced are blurred and responsibilities must be clearly defined.

As the CHPI concluded in their latest report ‘No Safety Without Liability: Reforming Private Hospitals in England after the Ian Paterson Scandal’ accountability of the private sector is crucial. Systemic risks remain in the sector and reform is needed. The NHS should heed these warnings before any further expansion of outsourcing. Contracts should not simply be awarded to the lowest bidder. It is also important that private providers are required to participate in an open transparent investigation with NHS commissioners when things have gone wrong, otherwise lessons will not be learned.

The CHPI report adds that before any major new contracts are made with private providers there should be an independent enquiry into the capacity of CCGs to handle them. CCGs should be required to publish regular updates on all their contracts and how they are performing, ensuring that accountability is not allowed to disappear behind a screen of commercial confidentiality.

For a list of references and suggested further reading, please click here.