Last reviewed: Next review due:
The NHS transparency landscape
The NHS in England generates vast amounts of published data: CQC inspection reports, NHS England statistics, never events data, mortality indicators, patient experience surveys (the Friends and Family Test and the National Patient Survey Programme), board meeting papers, and annual reports. Layered on top of these are FOI rights, the duty of candour (a legal obligation on healthcare providers to be open with patients when things go wrong), and serious incident reporting requirements. Scotland, Wales and Northern Ireland have broadly comparable frameworks through their respective health bodies.
The structural complexity of the NHS — with integrated care systems, foundation trusts, NHS England, NHSE regional teams, community health trusts and private contractors all playing roles — means that accountability can be difficult to pin down. The journalist’s task is to follow the money and the responsibility, not just the structural label.
When NHS investigations matter most
- 1A trust has a pattern of never events suggesting a systemic failure in a specific procedure or ward.
- 2Mortality data for a trust is a statistical outlier — both SHMI and HSMR are publicly available and can be compared with peer trusts.
- 3A CQC inspection finds Inadequate or Requires Improvement ratings that have persisted across multiple inspections.
- 4A private contractor delivering NHS services faces allegations of poor quality but the contract terms are opaque.
- 5Deaths in custody at a mental health secure unit or prison healthcare setting reveal failures in the duty of care.
- 6A serious case review or safeguarding case review identifies repeated systemic failures — these are published locally by safeguarding partnerships.
- 7A senior NHS executive departs with a large settlement and the trust refuses to confirm the details.
Red flags in NHS data
- Multiple CQC Warning Notices issued to the same trust within a short period — particularly for the Safe domain.
- A trust whose board minutes repeatedly defer or note-without-action patient safety reports.
- Never event counts rising year-on-year at a trust where surgery volumes are stable or falling.
- HSMR (Hospital Standardised Mortality Ratio) significantly above 100 for multiple consecutive years without explanation.
- A private contractor whose NHS contract has been quietly renewed despite a poor performance record — check board papers.
- A duty-of-candour failure identified in a coroner's narrative verdict — search Preventable Deaths reports (Reg 28).
- Safeguarding case review findings that are published with heavy redactions, combined with a cluster of similar cases.
Practical checklist for NHS investigations
- Download the trust's latest CQC inspection report and all previous reports to identify whether issues are new or persistent.
- Check NHS England's published never events data for the trust and request the individual incident reports via FOI.
- Search the HSMR and SHMI mortality data tools to benchmark the trust against national figures and peers.
- Review the trust board meeting papers (published on the trust website) for patient safety reports and risk registers.
- FOI the number of patient complaints by category and year, and the resolution outcomes.
- For private contractor accountability, request the contract, KPIs and most recent performance review from the commissioning ICB.
- Search the Regulation 28 (Prevention of Future Deaths) database at the Courts and Tribunals Judiciary website for reports naming the trust.
- Where deaths in custody are involved, contact the Prisons and Probation Ombudsman and check their published investigation reports.
- For safeguarding, check the local Safeguarding Adults Board and Child Safeguarding Practice Review Panel for published reviews.
- Check the NHS Resolution annual report for the trust's clinical negligence claims profile if the story involves systemic harm.
Tools for NHS investigations
Build NHS FOI requests and track your story’s source and legal risk.
Common mistakes
- Treating never event data as an exhaustive record of harm — most serious patient safety incidents are reported as serious incidents, not never events.
- Identifying patients, directly or indirectly, without explicit consent — the legal and ethical risk is severe.
- Using a single year of mortality data to imply systemic failure — mortality rates fluctuate; multi-year trends are more meaningful.
- Not checking whether a CQC inspection is current — a Good rating from five years ago may be entirely outdated.
- Assuming a private contractor delivering NHS services is subject to FOIA — they generally are not; the commissioning ICB is.
- Failing to request the full serious incident report, not just the summary — the detail is in the appendices.
- Not seeking comment from the trust's communications team with enough time to get a substantive response.
Related guides
Primary sources
- CQC inspection reports and ratings (cqc.org.uk)
- NHS England — never events data
- NHS Digital — mortality indicators (HSMR/SHMI)
- Regulation 28 Prevention of Future Deaths reports database
- Prisons and Probation Ombudsman — published investigation reports
- Child Safeguarding Practice Review Panel — rapid and national reviews
- NHS Resolution — annual report and accounts
Frequently asked questions
What is a never event and where is the data published?
What are CQC inspection reports and how current are they?
Are NHS trusts subject to the Freedom of Information Act?
How do I handle patient confidentiality in NHS investigations?
What happened to Clinical Commissioning Groups and what are ICBs?
Related guides
Primary sources
- NHS England — Publications and Data— NHS England
- Care Quality Commission — Inspection Reports— CQC
- Healthcare Safety Investigation Branch — Reports— HSIB
- NHS Digital — Health Data and Statistics— NHS Digital
- National Audit Office — NHS Value for Money Studies— NAO
- WhatDoTheyKnow — NHS FOI Disclosure Archive— mySociety
- Contracts Finder — NHS Procurement Data— Cabinet Office