Search the hub

These two reports summarise findings from the National Commission into the Regulation of Artificial Intelligence (AI) in Healthcare’s research and engagement activities and call for evidence. The Commission’s purpose is to advise the Medicines and Healthcare products Regulatory Agency (MHRA) on improving its regulatory framework and to accelerate safe access to AI in healthcare and across the NHS. You can read a summary of Patient Safety Learning’s response to this call for evidence here. The work brought together evidence from patients and the public, healthcare professionals, industry, academics and wider health system stakeholders through public polling, surveys, stakeholder engagement, deliberative research, an open call for evidence, a public Ask Me Anything session and insights from the MHRA’s AI Airlock programme. Thorough analysis of this evidence, 10 key findings have been identified. The report summarises these as follows: 1. There is a clear call for a proportionate, lifecycle-based approach to regulation Stakeholders noted that the current framework, which is designed for more static medical devices, is not well suited to iterative and adaptive AI systems. Across groups, stakeholders called for a proportionate approach that is risk-based, considers patients’ safety and fairness, with clear practical guidance and addresses existing duplication and fragmented oversight. Stakeholders also underlined the importance of strengthening clinical evidence requirements, with strong support for enhancing post-market surveillance and improving coordination. With a more proportionate approach seen as essential for balancing innovation with patient safety. 2. There is strong consensus for significant regulatory reform Across respondent groups of healthcare professionals, healthcare providers and industry, most people said that the existing regulatory framework needed “significant reform” but did not need a “complete overhaul”. Amongst patients and the public, the number of respondents calling for “significant reform” and a “complete overhaul” were similar, with 34% asking for “significant reform”, and 35% for a complete overhaul. 3. There was broad consensus that AI systems will increasingly require continuous post-market surveillance and monitoring Several stakeholders highlighted the need to upgrade current approaches to post market surveillance and monitoring, so they are better suited to AI systems. There was strong consensus that performance and risk cannot be adequately assessed through one-off approvals alone but instead require ongoing, real-world oversight across the lifecycle. Through qualitative evidence, stakeholders called for a more continuous and ongoing approach which helps track performance, monitor safety, and manage compliance across the AI system lifecycle. They also suggested that upgraded approaches need to help manage performance drift, validate performance in real world settings, and track changes in performance over time. 4. Responsibility should be shared across the system, with each individual and institution understanding their essential role and responsibilities There was strong consensus that accountability should not rest with a single person or institution, with respondents favouring a model which better distributes liability across the lifecycle. Patients and members of the public called for a comprehensive approach to accountability that addresses current gaps, healthcare professionals stressed that clinical accountability should be maintained whilst healthcare providers emphasised the need for robust governance structures and clear organisational responsibility. Stakeholders also highlighted uncertainty in how roles, responsibilities, and liability are defined and applied in practice. There were differing views on where liability should sit when an AI system causes or contributes to harm. Some respondents believed that liability should sit with the healthcare professional using the AI system. Another group of respondents argued that liability should sit with the healthcare provider who deploys the AI system. Others suggested that liability should sit with manufacturers, given their role in developing the technology and then maintaining their AI system’s performance. Across responses, there was a consistent emphasis on the need for greater clarity and consistency in how liability is allocated. Many respondents called for structured approaches to distributing liability that reflect the roles of different actors, including manufacturers, healthcare providers, and healthcare professionals. Suggested approaches included shared or distributed liability models that apportion responsibility based on specific circumstances. Stakeholders noted that clearer and more consistent frameworks would help address uncertainty and support the safe use of AI systems in healthcare. 5. Human oversight and responsibility for clinical judgment should be retained There was strong consensus from respondents that AI systems should continue to augment the work of professionals and should not be fully responsible for clinical decision making. Patients and the public emphasised the importance of human involvement in their care, including expectations that clinical decisions involving AI should be checked and validated by a human clinician. Healthcare professionals and professional bodies highlighted the risk of over-reliance on AI outputs at the expense of professional judgement. Industry respondents were supportive of ‘human-in-the-loop' safeguards. 6. Transparency and explainability will be key for the ongoing deployment of AI systems The ability to easily understand how an AI system works and to interpret its outputs will be key for building trust, enabling deployment, and ensuring the safety of an AI system. Patients, public and professionals advised that explanations of AI system outputs need to be clear, and providers called for greater transparency in the procurement process for sourcing AI systems. Industry organisations commented on the need for clearer and more structured regulatory documentation. 7. Data access and use is central to the role of AI in healthcare moving forward Respondents to the Call for Evidence noted that healthcare data is simultaneously an enabler and a barrier to the development and deployment of AI systems in healthcare. Patients and public expressed strong concerns about current approaches to consent for data access and how data is used by commercial entities. Some respondents cited governance and compliance burdens and fragmented data infrastructure as key barriers to development and deployment. Industry respondents called for clear and robust frameworks for accessing data including shared data governance templates and clearer guidance on data standards. 8. There is a need for robust training and improved AI literacy The Call for Evidence found a clear view that robust, ongoing training and clear understanding of AI in healthcare is critical for safe adoption. Healthcare professionals highlighted the risks of a lack of AI-specific training can bring such as increased risk of automation bias. Healthcare providers called for more structured workforce training on AI moving forward. Industry respondents advised that training is also needed for individuals who oversee the governance of AI systems in healthcare. 9. There is a need to improve incident reporting and learning mechanisms There were widespread calls for standardised reporting mechanisms for AI systems. Patients and public called for greater transparency and accountability over where AI is involved in care, including clearer communication when things go wrong. Healthcare professionals raised concerns about underreporting of safety incidents in healthcare more broadly, noting that workload pressures are a significant contributing factor. Responses also suggested limited awareness amongst some healthcare professionals that the existing Yellow Card scheme already applies to medical devices, including AI enabled devices. Healthcare providers highlighted the operational challenges of implementing incident reporting consistently across different settings. Industry respondents called for clearer guidance on how incident reporting should work within AI specific post-market surveillance frameworks. Several respondents also proposed improvements to surveillance and monitoring approaches, including establishing a national reporting system for AI incidents and providing guidance for healthcare professionals on what to report. 10. Patient and public engagement, trust, and communication will continue to be key for the deployment of AI systems. Through the Call for Evidence, trust emerged as a core enabler of AI adoption in healthcare. Patients and the public called for consistent involvement, consent, and clarity over the role of AI systems, whilst professionals highlighted the need to take a proportionate approach to explaining how AI is being used to patients. Providers advised that clear and consistent transparency and communication frameworks are needed whilst industry respondents recognised that trust is key for the uptake of AI systems in healthcare.

The UK stands at a crossroads, where technological innovation, healthcare transformation, and economic renewal converge, forcing the nation to make decisive choices about its future path. As the UK navigates modest economic growth and a healthcare system under profound pressure, Generative AI has emerged not merely as a technological advancement but as a strategic catalyst capable of addressing pressing national imperatives. This report was commissioned by Healthcare UK and identified five strategic imperatives to position the UK as a global leader in healthcare AI and drive meaningful economic growth. Establish the UK as the global leader in healthcare AI Make the UK the first port-of-call for safe, effective Generative AI by establishing a premier evidence-generation hub, implementing a focused model development strategy, strengthening a national conformity-assessment hub, running adaptive, risk-based regulatory sandboxes, and projecting UK standards internationally so innovators can take a product from proof-of-concept to global market. Turn UK health data into a strategic growth engine Convert the health service’s comprehensive longitudinal data into an economic asset by creating a sovereign healthcare data resource, simplifying secure access, cultivating a domestic synthetic-data industry, offering incentives for UK-based development, and building the energy and compute infrastructure that keeps workloads on-shore and sustainable Secure public trust through transparency, co-production and patient empowerment Put citizens at the centre by engaging the public early and often, ensuring transparent, accountable benefit-sharing and data-use reporting, handing patients meaningful control over their data, and embedding co-production in every Generative AI project—demonstrating that economic growth and responsible use go hand-in-hand. Unlock capital and new commercial models for scale-up Fuel adoption through a UK Health Data Sovereign Wealth Fund, extending fit-for purpose funding pathways, fixing market fragmentation that hampers deployment, bridging healthcare, academia and industry, and piloting sustainable payment models that reward real-world outcomes Develop world-class healthcare AI workforce and leadership Equip the system to implement Generative AI safely by modernising healthcare education, professionalising the data workforce, enhancing digital leadership, strengthening procurement expertise, and rolling out streamlined implementation frameworks that let frontline teams adopt proven tools quickly and responsibly.

The King’s College London Cyber Security Research Group has published a white paper, Building NHS Resilience to Ransomware: Central Oversight and Shared Capability. The paper identifies ransomware as the most acute cyber threat facing NHS Trusts. This is driven not only by the nature of the threat itself, but by inconsistent implementation of established security controls and uneven governance maturity across organisations. The report finds that the primary constraint is often cultural rather than technical or financial. While the NHS has a strong patient safety culture, this has not yet fully extended to digital systems and third-party dependencies. As a result, cyber risk is still too often treated as an IT or procurement issue, rather than as a direct risk to service continuity, public trust, and patient safety. The paper proposes a Cyber Leadership Framework centred on Board-level ownership and empowered CIO or CISO leadership. It emphasises the need to connect technical controls with the operational realities of care delivery. It also argues for greater centralisation of core cyber capabilities and shared services to reduce fragmentation and support weaker Trusts in reaching consistent standards. The report highlights the importance of organisational culture alongside technical capability. This includes leadership tone, clear accountability, translating cyber risk into operational terms, and moving beyond compliance towards demonstrable resilience in care delivery. Ultimately, the paper argues that the future digital legitimacy of the NHS will depend not only on improved tools, but on embedding cyber resilience within the culture of safe care. Former Health Secretary Alan Milburn welcomed the report, noting in particular its focus on governance and cultural change as key to reducing risk, rather than relying solely on increased resources.

A study supported by the NIHR North West London PSRC examined the implementation of the Scan4Safety programme at an NHS demonstrator site to understand the hospital experience of adopting barcoding technologies and standards to improve patient safety and quality of care. Researchers found that using standardised data to identify patients, products, places and procedures, Scan4Safety helps build a robust information infrastructure across both internal and external hospital supply chains, with the potential to deliver significant value to patients, clinicians and the NHS. Related reading on the hub: Using barcode scanning technology to improve blood group testing in unborn babies Patient barcode scanning in NHS hospitals: safety, snags and workarounds. A nurse’s perspective

Productivity-enhancing technologies remain the big hope for sustaining a high-quality NHS in future. The Health Foundation Chief Executive, Jennifer Dixon, looks at efforts to adopt AI applications quickly and at scale. Learning from the world’s most technology-enabled health care providers, Jennifer draws on case examples from some familiar places, such as Kaiser Permanente, the Mayo Clinic, Johns Hopkins Hospital, Massachusetts General Hospital and Memorial Sloan Kettering Cancer Centre. And some less familiar, such as Samsung Medical Centre (South Korea), Changi General Hospital (Singapore) and the Rigshospitalet in Denmark. Common ingredients for success While the regulatory environment for each country is different, some common ingredients for success are emerging. Across these examples we tended to see: Significant investment made over the years in their data infrastructure. Some kind of innovation centre or hub allowing access by in-house clinicians and scientists, and by vendor partners, to test ideas using patient-level data. A balanced approach to AI development – part in-house, often led by clinicians, and part procured from an AI vendor. A centre or unit focused on AI governance, including standard agreed rules for testing AI in real-world contexts. These focused on going beyond the early-stage development of AI models to investigate how things panned out ‘on the ground’ when implemented. Partnerships with large technology companies, such as Amazon Web Services, Microsoft and Google, stretching over years. Built-in training for staff on how to develop, test and use AI effectively. Many of these health facilities focused on AI to tackle challenges common to many settings, such as: Improving productivity and releasing clinical capacity, particularly by reducing administrative burden and improving operational efficiencies. Reducing waiting times by enabling earlier clinical interventions, streamlining processes and pathways, and speeding up discharge. Improving safety and clinical outcomes via predictive analytics to identify high-risk patients or post-operative complications. Promoting personalised medicine, combining genomics, imaging and electronic health record data to advance research and provide tailored treatments.

To explore current use of electronic patient record (EPR) systems, The Health Foundation commissioned a survey of 1,725 NHS staff members in England between July and October 2025 to better understand NHS staff views towards them. Staff views provide valuable intelligence about the performance of EPR systems in practice. And as the primary users of these systems, staff support is essential if EPRs are to be implemented and used effectively. Buy-in from staff can help EPR systems become more useful and reliable, improving data quality and increasing opportunities for refinement and innovation.  Key points The survey found that EPRs are in widespread use, with 83% of respondents saying they now use them as part of their job in the NHS. On balance, the NHS staff we surveyed were positive about the impact of EPRs in several areas and felt these systems are already improving both patient care (75%) and patient safety (73%). Yet 37% of staff also felt EPRs are not currently working well in their organisation. The survey points to a mix of frustrations and barriers to the effective use of EPRs, including having to use multiple EPR systems every day, a lack of real-time support and limited opportunities to give feedback on how they are working. An area of particular concern is training. Only around half (49%) of survey respondents had received training on how to use the EPR system for their role, and less than a third (28%) had received training on how to fix or troubleshoot problems. Unlocking the full value of EPRs will require coordinated action across the NHS to improve the integration of systems, training and support for staff. Without this, there is a risk that many of the potential benefits for productivity, safety and quality of care will remain unrealised. Related reading on the hub: HSSIB Investigation Report: Patient safety issues associated with electronic patient record (EPR) systems – a thematic review Patient safety and electronic patient record systems: Patient Safety Learning’s response to HSSIB report Electronic patient record systems: Putting patient safety at the heart of implementation