Every NHS trust in England needs an electronic patient record (EPR) system in place by March 2026, as part of a government push to digitise the healthcare system.
In many ways, this is long overdue: some trusts have still been using pen-and-paper record-keeping until very recently.
EPRs have the potential to massively improve efficiency in the NHS. If working properly, they allow doctors to keep all of their records in one place, speed up prescribing and diagnostics, and make it easier for patients to access their own health information.
But these roll-outs have not been without problems. Concerns have been raised about how far these benefits can actually be realised. Some NHS trusts have experienced issues with integrating new systems and training staff on how to use them.
In the extreme, there have been reports of EPRs creating new problems for hospitals, with evidence suggesting these systems may have contributed to serious harm and even deaths among patients.
NHS trusts have been put in charge of procuring their own EPRs, meaning there are numerous different technology companies involved. Some providers of these systems are large US firms. This includes Oracle Health, provided by the Larry Ellison-led tech giant, and Epic, a tech firm based in Wisconsin.
Contracts can run into nine figures: Guy’s and St Thomas’, a trust in South London, launched a £450m system from Epic in late 2023. Some parts of the NHS have been using them for more than a decade, but a handful are still set to miss the government’s March deadline.
Data access
Pritesh Mistry is a fellow at the King’s Fund, where he researches the impact of digital transformation in the NHS. He says it has had “both positive and negative impacts”.
“In the last few years, we’ve seen doubling down on the focus around digital records,” says Mistry. These are now in place in more than 90% of all trusts, and every GP practice.
“That means we’ve now got [new] data that’s within the healthcare system, which allows us to do other things, like treat populations, and understand and track patient safety,” he says.
Despite this, he cautions some patients are still struggling to get hold of their own data.
“We’ve got a lot of data that’s in silos,” says Mistry. “It doesn’t flow. That’s the biggest challenge: making the data accessible and usable for patients and healthcare professionals to be able to provide care in a way that is joined up and meets with modern expectations.”
He says complaints with new technology haven’t just come from patients.
“We need to recognise that staff are really frustrated,” says Mistry. “Software often crashes. Computers are really slow, and technology adds to their workload, instead of simplifying things.” He caveats that some parts of the NHS are better than others on this.
Safeguarding patient data
Mistry adds that there are safeguards in place to ensure patient data isn’t ending up where it shouldn’t be – such as through data protection rules and procurement requirements.
However, he warns that “we need to make sure we move with the times in terms of what technology is available”. Mistry is more concerned about medical staff inadvertently putting personal information into a large language model, for instance.
“Digital exclusion remains a barrier as well,” he says, adding that these systems have the potential to widen inequalities in healthcare. Those less able to use new technology might struggle to access their records.
“People tend to assume it’s old people [who are most impacted], but that isn’t necessarily true,” says Mistry, instead highlighting the impact of poverty and deprivation, with some still unable to afford internet access.
He argues the NHS should be working to meet people where they are, and provide more “tailored” technology services.
Patient safety
Nick Woodier is a doctor and investigator at the Health Services Safety Investigations Body (HSSIB), which looks into issues with healthcare in the UK. He sees problems arising from how EPRs are deployed by trusts, especially when medical staff overestimate their capabilities.
He uses the example of prescribing medicines: “There’s an assumption that these electronic prescribing systems will stop you [from] doing something catastrophic.”
But this isn’t always the case. In one investigation, the HSSIB found a child had been prescribed nearly 10 times the recommended dose of an anti-coagulant medication, with doctors having assumed the EPR would flag an issue. The child ended up with a bleed on their brain.
Woodier also worries hospitals are not always picking up on when these systems are at fault.
“We will often see where incidents have happened and the contribution of the electronic system has not been recognised,” he says.
Woodier sees this as coming from a culture which prefers to put the blame for safety failures on individuals.
A 2024 investigation by the BBC found there were more than 126 instances of serious harm registered by NHS trusts across 31 trusts, including three deaths related to EPR problems.
The HSSIB has also encountered problems from patients being unable to access their digital records.
“We’ve seen in general practice, for example, some patients telling us that they’ve gone without care – because in their mind, they thought the only way they could access their GP was to fill in an electronic form,” says Woodier.
A spokesperson for NHS England says EPRs are “already having a significant impact on improving safety and care for patients”, for instance, by helping to identify conditions such as sepsis, and preventing medication errors.
“They have replaced outdated and often less-safe paper-based systems, and we are working closely with NHS trusts to ensure they are implemented safely alongside other systems with appropriate training – and are used to the highest quality and safety standards,” the spokesperson adds.
Interoperability
The EPR roll-out has also been criticised for problems with “interoperability” – the ability of different programs and modes of data collection to converse with each other. The patchwork of different systems used by different trusts means data stored in one system might not be useful for a system used by a different part of the NHS.
Woodier says this often happens in communications between hospitals and GP surgeries. This can involve someone manually inputting information from one system to another, which can create risks when data is not being transferred properly, or is missed completely.
“When you introduce a manual operation, that risk increases,” he warns. “The odds are that at some point, somebody won’t do the right thing, because that’s the reality of being human.”
Alex Lawrence, a fellow at the Health Foundation, describes interoperability as a “significant challenge”, which the NHS and technology companies have been “grappling with for a really long time”.
“Some trusts have found it much harder to access their own EPR data than they anticipated, because of where that data is stored,” she adds, referring to research the organisation carried out in 2024.
“If it’s taking you days to pull the data that you need, then it’s already not going to be useful for a lot of the purposes that you might want it for.”
However, Lawrence adds that there have been some steps made in the right direction, notably with the Data (Use and Access) Act, which was passed last year.
“The government is making information standards mandatory for EPR providers, as well as trusts, with the Secretary of State potentially having more powers to enforce those standards,” she says.
The longer term
Going forward, Lawrence would like to see a system involving “patients being empowered with access to their own data, and as far as appropriate, clinicians being able to see all of the history that they need for their patients”.
In an ideal system, different parts of the healthcare system would be able to “share a patient’s data where necessary and appropriate, in an easy and timely way”.
She says they have the “potential to offer enormous value”, but much of their functionality is going unused. “What our qualitative research suggested was that a lot of these systems are still functioning as digital notebooks,” says Lawrence.
Matthew Taylor is the head of the NHS Confederation and NHS Providers, membership bodies for healthcare organisations.
“NHS leaders say the gap between trusts on digital maturity is still stark – and it’s shaping how quickly organisations can move to modern EPRs,” he says.
This gap – combined with the organisational complexity of the healthcare system – means interoperability has “long been a thorn in the NHS’s side”.
Taylor adds that EPRs are not a “once-and-done” job, and argues they will result in savings in the long term, but that it may take around five years to see the benefits.
“Hospitals are housing a huge amount of paper records, and the cost of storing, retrieving and managing those records can run into millions of pounds each year,” he says.
These systems are part of a larger picture, and one facet of the conversation, around the use of artificial intelligence in the NHS. AI models for areas such as research and diagnostics will require extensive and standardised medical data.
Mistry warns these AI tools operate on the basis of “garbage in, garbage out”.
“There is a risk that we roll out AI tools without the underpinning data quality it needs,” he says, adding that this could exacerbate inequalities or biases from using AI.
As Woodier puts it: “We’ve got organisations who are still using archaic computers, have got infrastructure that’s not working, are still on old web systems, or have EPRs that don’t talk to each other. A few [trusts] don’t have EPRs.
“So, actually, are we trying to run before we’ve even managed to walk?”
