Introduction
The NHS National Programme for IT. £12 billion. The world’s largest civilian change programme at the time. A national attempt to digitise the entire NHS — patient records, clinical systems, infrastructure, imaging, care pathways — in one coordinated effort across every hospital, every primary care practice, and every mental health trust in England.
Its suppliers read like a directory of the global technology industry: Accenture, BT, Fujitsu, EDS, Atos Origin, CSC. Its stakeholders numbered in the hundreds of thousands — from the Secretary of State for Health to the ward clerk in a district general hospital who didn’t understand why her screen had changed overnight. Its ambition was, depending on your perspective, either visionary or reckless.
Probably both.
I was part of a small team responsible for governance and implementation assurance at a national level — final gatekeepers before any supplier could receive an Authority to Proceed with go-live. If their processes weren’t right, their systems weren’t compliant, their plans weren’t credible, their clinical engagement wasn’t adequate — they didn’t proceed. In practice, that meant understanding every dimension of what these suppliers were delivering, holding them to standards they had committed to, and making decisions under pressure that affected thousands of NHS staff and ultimately millions of patients.
It was the most complex environment I have ever worked in. And it taught me things about programme delivery that no smaller engagement — however demanding — could have.
NPfIT is often cited as a cautionary tale, and in some respects that is a fair characterisation. The programme was eventually scaled back significantly from its original scope. Some of the large supplier contracts were renegotiated or unwound. The story is complicated, as all stories at that scale are. But parts of it worked, very successfully — and the parts that worked had identifiable characteristics that I have carried into every engagement since.
These are four lessons that stayed with me.
1. Governance isn’t bureaucracy — it’s protection
At scale, governance is not a support function. It is the programme.
Before I joined the NPfIT, I had thought of governance as a necessary overhead — the documentation, the committees, the sign-off processes that ran alongside delivery rather than enabling it. Working on NPfIT changed that understanding completely.
At £12 billion, with a supplier ecosystem of global systems integrators each running their own parallel delivery streams across dozens of NHS trusts simultaneously, governance was the only mechanism that held the programme together. The frameworks we built — the Authority to Proceed process, the clinical safety standards, the implementation review methodology — were not about control for its own sake. They were about giving every stakeholder, from the Secretary of State to the clinical lead in a district general hospital, confidence that programme oversight was in safe hands and that someone was checking that the work was actually being done to the standards that had been committed to.
When governance was applied consistently, deployments were more likely to land well. When it was circumvented — when suppliers found ways around the process, or when local pressure to hit go-live dates overrode proper assurance — things went wrong in ways that were entirely predictable and entirely preventable.
I have never worked on a programme since where I thought governance was overdone. The failure mode is almost always the opposite: governance that exists on paper but is not practised, not enforced, and not taken seriously until something goes wrong.
Practical takeaway: Governance frameworks are worth nothing if they are not applied consistently, including when applying them is inconvenient. The moment you allow a supplier or a stakeholder to proceed without meeting the agreed standards — just this once, because the deadline is tight — you have undermined every governance decision that follows. The standard has to mean something, or it means nothing.
2. Supplier management is a discipline in its own right
The power dynamic between the NHS and a global systems integrator can feel, at first glance, uneven. Accenture and BT brought resources, expertise, and lobbying power that no single client organisation could match. They had negotiated contracts worth hundreds of millions of pounds. Their legal teams were formidable. Their relationships with government went to the highest levels.
But the power dynamic is only uneven if you allow it to be.
What the NPfIT taught me — sometimes through hard lessons — is that the discipline of supplier management is not about being adversarial. It is about being precise. Contracts that define deliverables in terms of outcomes, not activities. Milestone payments that are genuinely contingent on delivery, not on the passage of time. Escalation paths that are clearly defined and actually used. A documented understanding of what happens when commitments are missed — and the willingness to invoke those consequences when they are.
The NHS trusted the large suppliers to self-report on progress, and this created an information asymmetry that was systematically exploited. Programmes would report green on the dashboard while the underlying delivery was significantly behind. My job — and the job of my team — was to get behind the dashboard, to understand what was actually happening on the ground, and to make decisions based on evidence rather than presentations.
That experience shapes how I approach supplier relationships today. Trust, but verify. Always know more about the state of your supplier’s delivery than the supplier expects you to know. And never let the size or the reputation of a supplier become a reason not to hold them to what they promised.
Practical takeaway: In any significant supplier relationship, the programme team should be able to answer three questions at any point in time: What did this supplier commit to deliver by this date? What have they actually delivered? What is the plan to close the gap, and is it credible? If you cannot answer those three questions with evidence, you do not have visibility of your delivery — you have a presentation.
3. Scale exposes every weakness in your approach
There is a version of programme management that works reasonably well at small to medium scale through a combination of individual competence, informal communication, and the kind of organic co-ordination that happens when a team is small enough that everyone knows what everyone else is doing.
None of that survives at national scale.
On NPfIT, every process that worked informally at small scale had to be made explicit, documented, consistently trained, and systematically applied across an organisation — and a supplier ecosystem — that was geographically dispersed, organisationally diverse, and in many cases deeply sceptical of the programme’s ambitions.
The challenge was not just operational. It was cultural. NHS Trusts had their own ways of doing things, their own IT teams, their own clinical leadership, and their own ideas about what a national programme should look like. The expectation that they would simply adopt a nationally mandated approach to clinical systems — on a timeline set in Whitehall — was, in many cases, naive. The trusts that deployed most successfully were the ones where the national programme had invested in local relationships, where the clinical champions had been brought in early and given genuine influence over implementation decisions, and where the local IT team felt like partners rather than recipients.
The trusts that struggled were the ones where the programme had arrived as an imposition rather than a collaboration. Where clinicians were informed rather than involved. Where go-live had been driven by national milestones rather than local readiness.
Scale makes everything visible that was previously invisible. The things you were getting away with — the informal processes, the undocumented decisions, the relationships that were carrying more weight than the systems — all of it comes apart when you try to apply it across a thousand organisations rather than ten.
Practical takeaway: Before any programme scales up — whether from pilot to national, or from one region to many — do an honest assessment of what is actually working and why. Distinguish between things that are working because the process is good and things that are working because of individual heroics or fortunate relationships. The heroics and the fortunate relationships will not scale. The process has to.
4. The hardest part is never the technology
I knew this going in. I have known it for most of my career. And yet the NPfIT showed me the full consequences of that truth at a scale I had not previously experienced.
The technology, in many cases, eventually, worked. The clinical systems that were deployed — where they were deployed properly, with adequate training and genuine clinical engagement — functioned. The infrastructure held. The data moved. The integrations, where they were properly specified and tested, operated as intended.
What was harder than any of that was the people.
The consultant who had been practicing for thirty years and saw no reason to change how they documented a patient encounter. The ward sister who had developed paper-based processes over a decade that worked for their team and was deeply reluctant to abandon them. The GP practice manager who felt that the national programme was being done to their practice rather than with it. The board member who wanted assurance that the deployment was safe but also wanted to hit the go-live date and did not fully reckon with the tension between those two objectives.
Programme management, at its deepest level, is stakeholder management. It is the ability to understand what different people need from a programme, what they fear from it, what they stand to gain or lose, and how to navigate that landscape in a way that gets the work done without losing the people who have to live with the outcome.
On NPfIT, the deployments that succeeded did so because experienced people had invested time in those clinical relationships before a single system was installed. The deployments that struggled had typically underinvested in that relationship-building in favour of hitting technical milestones. It is a trade-off that looks rational in a project plan and catastrophic in a deployment that fails to achieve adoption.
Practical takeaway: Budget for change management as if it were as important as the technology. Not as a line item that gets cut when costs need to come down, but as a core delivery component that is non-negotiable. The ratio of investment between technology and people in most digital transformation programmes is the wrong way around. The evidence for this has been available for decades. It is still being ignored.
What NPfIT actually was
It is fashionable to write off the NHS National Programme for IT as a failure. The Public Accounts Committee reports, the National Audit Office reviews, the academic papers — most of them focus on what went wrong, the cost overruns, the contracts that were unwound, the ambitions that were scaled back.
That is a partial picture.
The deployments that were completed — the picture archiving and communications systems (PACS), the electronic patient record deployments (notably in Mental Health settings), the N3 broadband infrastructure that connected the entire NHS — were genuinely transformative for the trusts that received them. The governance and implementation standards developed on the programme became the basis for serious clinical safety frameworks that are still in use. Some of the supplier relationships and delivery models that were pioneered on NPfIT laid foundations for NHS digital capability that persisted long after the programme formally closed.
None of this is to minimise what went wrong. Some of it went badly wrong. But the instinct to treat the programme purely as a cautionary tale misses the more interesting question: what distinguished the parts that worked from the parts that didn’t? What was present in the successful deployments that was absent in the failed ones?
The answer, consistently, comes back to the same four things: rigorous governance applied without exception, supplier accountability grounded in evidence rather than presentations, processes designed for scale rather than borrowed from smaller environments, and sustained investment in the people and relationships that determine whether any technology is actually used.
Those lessons did not originate with NPfIT. They have been available in the programme management literature for decades. What NPfIT did was demonstrate their consequences, at extraordinary scale, in a way that I have never forgotten.
If you are navigating a complex digital transformation — in healthcare or anywhere else — I’d welcome a conversation about what those lessons might mean for your programme.
