Skip to main content

Investigating UK NHS and Public Services

From never events and mortality data to private contractor accountability and deaths in custody, this guide covers the data sources, regulatory reports and FOI techniques for investigating health and public services.

Information only. Health investigations require particular sensitivity around patient confidentiality. This guide does not constitute legal advice. Read our full disclaimer.

Last reviewed: Next review due:

The NHS transparency landscape

The NHS in England generates vast amounts of published data: CQC inspection reports, NHS England statistics, never events data, mortality indicators, patient experience surveys (the Friends and Family Test and the National Patient Survey Programme), board meeting papers, and annual reports. Layered on top of these are FOI rights, the duty of candour (a legal obligation on healthcare providers to be open with patients when things go wrong), and serious incident reporting requirements. Scotland, Wales and Northern Ireland have broadly comparable frameworks through their respective health bodies.

The structural complexity of the NHS — with integrated care systems, foundation trusts, NHS England, NHSE regional teams, community health trusts and private contractors all playing roles — means that accountability can be difficult to pin down. The journalist’s task is to follow the money and the responsibility, not just the structural label.

When NHS investigations matter most

  • 1A trust has a pattern of never events suggesting a systemic failure in a specific procedure or ward.
  • 2Mortality data for a trust is a statistical outlier — both SHMI and HSMR are publicly available and can be compared with peer trusts.
  • 3A CQC inspection finds Inadequate or Requires Improvement ratings that have persisted across multiple inspections.
  • 4A private contractor delivering NHS services faces allegations of poor quality but the contract terms are opaque.
  • 5Deaths in custody at a mental health secure unit or prison healthcare setting reveal failures in the duty of care.
  • 6A serious case review or safeguarding case review identifies repeated systemic failures — these are published locally by safeguarding partnerships.
  • 7A senior NHS executive departs with a large settlement and the trust refuses to confirm the details.

Red flags in NHS data

  • Multiple CQC Warning Notices issued to the same trust within a short period — particularly for the Safe domain.
  • A trust whose board minutes repeatedly defer or note-without-action patient safety reports.
  • Never event counts rising year-on-year at a trust where surgery volumes are stable or falling.
  • HSMR (Hospital Standardised Mortality Ratio) significantly above 100 for multiple consecutive years without explanation.
  • A private contractor whose NHS contract has been quietly renewed despite a poor performance record — check board papers.
  • A duty-of-candour failure identified in a coroner's narrative verdict — search Preventable Deaths reports (Reg 28).
  • Safeguarding case review findings that are published with heavy redactions, combined with a cluster of similar cases.

Practical checklist for NHS investigations

  • Download the trust's latest CQC inspection report and all previous reports to identify whether issues are new or persistent.
  • Check NHS England's published never events data for the trust and request the individual incident reports via FOI.
  • Search the HSMR and SHMI mortality data tools to benchmark the trust against national figures and peers.
  • Review the trust board meeting papers (published on the trust website) for patient safety reports and risk registers.
  • FOI the number of patient complaints by category and year, and the resolution outcomes.
  • For private contractor accountability, request the contract, KPIs and most recent performance review from the commissioning ICB.
  • Search the Regulation 28 (Prevention of Future Deaths) database at the Courts and Tribunals Judiciary website for reports naming the trust.
  • Where deaths in custody are involved, contact the Prisons and Probation Ombudsman and check their published investigation reports.
  • For safeguarding, check the local Safeguarding Adults Board and Child Safeguarding Practice Review Panel for published reviews.
  • Check the NHS Resolution annual report for the trust's clinical negligence claims profile if the story involves systemic harm.

Tools for NHS investigations

Build NHS FOI requests and track your story’s source and legal risk.

Common mistakes

  • Treating never event data as an exhaustive record of harm — most serious patient safety incidents are reported as serious incidents, not never events.
  • Identifying patients, directly or indirectly, without explicit consent — the legal and ethical risk is severe.
  • Using a single year of mortality data to imply systemic failure — mortality rates fluctuate; multi-year trends are more meaningful.
  • Not checking whether a CQC inspection is current — a Good rating from five years ago may be entirely outdated.
  • Assuming a private contractor delivering NHS services is subject to FOIA — they generally are not; the commissioning ICB is.
  • Failing to request the full serious incident report, not just the summary — the detail is in the appendices.
  • Not seeking comment from the trust's communications team with enough time to get a substantive response.

Related guides

Primary sources

Frequently asked questions

What is a never event and where is the data published?
Never events are serious, wholly preventable patient safety incidents that should not occur if established safeguards are in place — for example, wrong-site surgery or a retained foreign object after an operation. NHS England publishes quarterly never events data by trust and type, available at england.nhs.uk. The data is aggregated, not patient-level, but when combined with an FOI request to the relevant trust, journalists can often establish whether a specific incident occurred and what action followed.
What are CQC inspection reports and how current are they?
The Care Quality Commission publishes inspection reports for every NHS trust, independent hospital, care home and GP surgery it regulates, available at cqc.org.uk. Reports are rated Outstanding, Good, Requires Improvement or Inadequate across five domains: Safe, Effective, Caring, Responsive, Well-Led. The inspection date matters: some trusts have not been re-inspected for several years. The CQC also publishes enforcement actions, warning notices and urgent conditions — these are more immediately newsworthy than routine inspection reports.
Are NHS trusts subject to the Freedom of Information Act?
Yes. NHS trusts, NHS foundation trusts, ICBs and NHS England are all subject to the Freedom of Information Act 2000. Many have a designated FOI officer. Common effective requests include: number and outcome of patient complaints by year and category; never events and serious incident reports (though clinical details may be exempt); contract values for private providers; pay-off agreements with departing executives; and staffing ratios on specific wards. Responses must arrive within 20 working days. Refusals can be challenged via the ICO.
How do I handle patient confidentiality in NHS investigations?
Patient identities are protected by the common law duty of confidentiality, the Data Protection Act 2018, and — where relevant — Article 8 ECHR. You should never identify a patient without their explicit consent, unless they are deceased and their family has consented, or there is an overwhelming public interest that cannot be served without identification. Anonymising details carefully does not always protect identity in small communities or rare conditions. Take legal advice before publishing any case study where identification is possible.
What happened to Clinical Commissioning Groups and what are ICBs?
Clinical Commissioning Groups (CCGs) were abolished in July 2022 and replaced by Integrated Care Boards (ICBs) under the Health and Care Act 2022. ICBs are statutory NHS bodies responsible for planning and commissioning health services for their area within an Integrated Care System (ICS). They are subject to FOIA. Their constitutions, meeting agendas and board minutes are published. The structural change means some commissioning accountability that previously sat with CCGs now sits with ICBs or with NHS England directly.