There’s a particular kind of optimism that shows up whenever health tech gets discussed in boardrooms, and conference halls. It’s the “we’ll fix it with an app” optimism. And look-sometimes that optimism is justified. The NHS App has moved the needle for lots of people. Digital triage can reduce pressure. Electronic prescribing can cut errors. Remote monitoring can stop a patient bouncing back into hospital.
And yet.
Walk through the back corridors of many hospitals and you’ll still find the tell-tale signs of digital debt: workarounds taped to monitors, passwords on Post-its, printers that have seen more winters than some junior doctors, and “temporary” systems that have been temporary for a decade. It’s not that the NHS lacks ambition. It’s that the ambition keeps colliding with the basics.
Here’s the thing: digital debt isn’t a single problem. It’s a bundle of small, boring problems that multiply-quietly, until the big shiny plans start to wobble.
Digital debt isn’t just old tech. It’s old promises.
When people say “technical debt”, they often mean legacy systems. Old servers. Unsupported operating systems. Applications no one dares to touch because the one person who understood them took early retirement and now breeds Labradoodles.
That’s part of it. But in the NHS, “digital debt” is bigger and messier:
- Tech debt: ageing estates, brittle apps, out-of-date infrastructure.
- Data debt: duplicates, inconsistent coding, missing fields, and “local truths” that don’t travel well between organisations.
- Process debt: paper-era workflows dragged into digital forms without redesign (hello, scanned PDFs as “digital records”).
- Cyber debt: gaps in patching, segmentation, identity controls, and incident readiness-made worse by complexity and under-resourcing.
The National Audit Office has been blunt about the challenge: the NHS has struggled to hit its own targets, including the long-promised “paperless” ambition, and local organisations face outdated systems alongside competing pressures.
So when a strategy says “AI will save time”, the uncomfortable reply is: Sure-after we fix the Wi-Fi, the device estate, the logins, the integration, the training, the governance, and the funding model.
That’s the debt talking.
A short history of big dreams (and the bruises they left)
The NHS has lived through some genuinely heroic digital efforts. It has also lived through some expensive disappointments.
Let’s start with the big one people still reference in hushed tones: the National Programme for IT (NPfIT). Parliament’s Public Accounts Committee reported a forecast cost figure of £9.8bn, with ongoing uncertainty around full costs and future commitments.
That programme didn’t just leave a financial scar. It left a cultural one-wariness of grand central solutions, scepticism about “one-size-fits-all”, and a tendency to favour local autonomy even when it makes interoperability harder than it needs to be.
Then came the “paperless” promise. A target of a paperless NHS by 2018 became a kind of recurring IT fairy tale-retold, revised, and still not delivered. The NAO called out that the target had not been achieved.
You know what’s sneaky about missed targets? They don’t just fail. They create behaviour: hurried procurements, short-term fixes, and the “we’ll make it work somehow” mindset. That mindset is how debt gets issued.
Where the low-spec reality bites hardest
1) EPRs: the headline project that turns into ten smaller projects
Electronic Patient Records (EPRs) are often treated as the centrepiece-buy the platform, switch it on, and jobs are done. In practice, EPR is never “one project”. It’s a portfolio:
- devices and ward connectivity
- identity, access, and role design
- data migration and coding standards
- training and floor-walking
- integration with labs, imaging, pharmacy, community services
- reporting, analytics, and safety controls
- cyber hardening and resilience testing
And there’s a hard deadline mood in the air. A UK government accounting officer assessment for the Frontline Digitisation Programme set out an ambition that 100% of trusts will have an EPR, or an EPR implementation in progress, by March 2026. The NHS Confederation also references a target for all trusts to have implemented an EPR to a minimum standard by March 2026.
Now, here’s the mild contradiction: having an EPR is not the same as getting value from it. It can be both “done” and not really done.
A Health Foundation-linked discussion in the press has pointed out that while many trusts have EPRs, staff can still struggle to use them well, often because training, workflows, and interoperability lag behind the installation.
So yes, rollouts matter. But so does the unglamorous work after go-live: adoption, optimisation, safety events, and fixing the 200 tiny irritations that slow a clinician down.
2) Interoperability: the quiet tax on every “digital” idea
Interoperability is where good intentions go to get stuck in a meeting.
The NHS is not one organisation. It’s a network of trusts, GP practices, community providers, social care, and suppliers. Even inside a single trust, different departments can run different systems and different data definitions. Add in mergers, reorganisations, and local procurement, and you end up with a patchwork.
That patchwork turns every new digital service into an integration exercise. A “simple” patient flow app needs bed data, staffing data, theatre schedules, lab turnaround times, discharge summaries, and a reliable identity match. If those pieces don’t connect cleanly, the app becomes another screen clinicians politely ignore.
This is why “high-tech” ambition keeps crashing: the ambition is often front-of-house, while the blockers live back-of-house.
3) Cyber resilience: debt that shows up on the worst possible day
If you want a textbook case of cyber debt meeting operational reality, you don’t have to invent one. The NHS already had it.
The 2017 WannaCry attack was described by Parliament as a “wake-up call”, with widespread disruption and almost 20,000 appointments cancelled. The NAO’s investigation into WannaCry documents the impact and response across the NHS.
And it wasn’t just “bad luck”. The Public Accounts Committee report notes that, despite warnings as far back as 2014, parts of the NHS estate were still using old software such as Windows XP, and it cites that 5% of the NHS IT estate was still on Windows XP at the time of WannaCry.
That’s what cyber debt looks like: not a theoretical risk register entry, but cancelled clinics, diverted ambulances, and staff reverting to paper in a hurry.
Also worth remembering: even when national bodies produce guidance, local organisations often hold the keys. An NHS England “lessons learned” review noted the limits of national mandate power in practice.
So cyber resilience isn’t a bolt-on. It’s part of the foundations. Patch management. Asset visibility. Identity controls. Segmentation. Backups that actually restore. Tested incident playbooks. The boring stuff. The life-saving stuff.
4) “We’ll just replace the pagers” and other deceptively simple ideas
Pagers became a symbol for NHS tech lag, partly because they’re so visible. In 2019, the government announced that trusts would be required to phase out pagers by the end of 2021, replacing them with modern alternatives like phones and apps.
Even that “simple” change has hidden dependencies: mobile coverage inside thick-walled buildings, device management, secure messaging, integration with on-call rotas, and clinical safety standards. You can’t swap the gadget and call it progress if the underlying system is still built for the 1990s.
It’s a small example, but it captures the wider point: digital change is usually constrained by infrastructure, not ideas.
Why the NHS keeps paying interest on this debt
Let’s talk incentives for a second-because this isn’t only a tech story.
Digital debt grows when:
- capital is easier to find than revenue, so trusts buy systems but struggle to fund training, support, optimisation, and ongoing cyber tooling;
- targets focus on “installed” rather than “used well”, so teams sprint to go-live and then move on;
- procurement rewards compliance and speed, not long-term maintainability;
- data standards vary, so every integration becomes bespoke;
- frontline time is scarce, so redesigning workflows competes with patient care (guess which wins).
And there’s a funding reality that’s hard to wish away. The NAO has pointed to £4.7bn of national funding tied to digital programmes and maturity improvements (in the context it examined), while still warning about the scale of the challenge and the risk of not meeting ambitions.
More recently, the Health Foundation estimated £21bn over five years to digitise the NHS and adult social care across the UK, with £14.75bn of that for England, plus a mix of capital and revenue requirements for implementation, licensing, maintenance, and training.
That figure isn’t just a price tag. It’s a reminder: the NHS can’t “innovation theatre” its way out of decades of under-investment in digital foundations.
A brief trip to the IT myth graveyard (bring a shovel)
The NHS isn’t alone here. Most large organisations have fallen for these at least once:
Myth 1: “Paperless by a date” is a plan.
It’s a slogan. A plan includes estates, workflows, data, people, and sustained funding. The NAO’s point about the missed paperless target is basically a polite version of that.
Myth 2: “One system fixes everything.”
NPfIT is the cautionary tale, but the myth shows up everywhere: one ERP, one CRM, one EPR, one magic platform. Reality is more like a well-run airport: lots of systems, lots of interfaces, lots of disciplined operations.
Myth 3: “Big bang = faster.”
Big bang cutovers are thrilling-right up until they’re not. Healthcare is high-stakes, variable, and deeply human. Safer progress often looks slower: staged rollouts, measured adoption, and a relentless focus on clinical safety.
Myth 4: “AI will make the backlog vanish.”
AI can help. It can triage. It can summarise. It can spot patterns. But it still needs clean data, reliable infrastructure, clear accountability, and staff who trust the outputs. Otherwise it becomes another dashboard no one asked for.
So what now? A foundations-first route that doesn’t pretend it’s glamorous
If you’re a senior exec or parliamentarian sitting on a committee reading this, you don’t need another manifesto. You need something you can govern.
Here’s a practical way to think about paying down NHS digital debt, without pretending it’ll be painless.
1) Make the “boring layer” a board-level topic
Connectivity, devices, identity, resilience, integration, treat them like clinical infrastructure. Because they are.
2) Fund adoption like you fund installation
Training, floor-walking, clinical informatics time, and continuous improvement are not optional extras. If EPR value is the goal, the “after go-live” budget should be visible and protected.
3) Measure outcomes that reflect real work
Not “system live”, but:
- time saved per shift (verified)
- reduction in duplication and re-keying
- medication safety indicators
- discharge process time
- incident response readiness (tested)
4) Standardise where it hurts most: identity and data exchange
Local flexibility has value. But patient matching, data definitions, and interface standards are where variation becomes a tax.
5) Treat cyber resilience as service continuity, not IT hygiene
WannaCry showed what happens when old estates meet modern threats. Build resilience like you build emergency preparedness: drills, clear roles, and evidence that you can recover.
6) Stop chasing “new” while the foundations are cracking
This is the hard call. Sometimes the brave decision is to pause the shiny pilot and fix the plumbing. Not forever. Just long enough that the pilot has a chance of sticking.
The uncomfortable truth (and the hopeful one)
The uncomfortable truth: the NHS can’t out-innovate its own foundations. If the underlying estate is fragile, every ambitious digital programme becomes a high-wire act.
The hopeful truth:the path forward is known. The targets are being set. Programmes like Frontline Digitisation exist to lift baseline capability. And the conversation is shifting from “buy tech” to “make tech work”, including recognition of the true cost of digitisation across health and care.
Honestly, the NHS doesn’t need another grand story about futuristic hospitals. It needs long, patient craft. The kind that replaces ageing kit, fixes the data plumbing, trains people properly, and makes resilience boringly dependable.
That’s what paying down digital debt looks like.
And when the foundations are right? Then the high-tech ambition stops crashing. It lands. And it helps.
