Speed Kills: Startups Scaling Too Early are the Wrong Thing for the NHS and its Patients

Move Fast and Break Things

Many entrepreneurs live by Facebook founder, Mark Zuckerberg’s moto of “Move fast and break things.” (1) It aptly captures how entrepreneurs regard disruption: more is always better. There is a race to put products into consumers’ hands as fast as possible, without regard for the merit of — and rationale for — offline systems of governance. This is increasingly untenable especially when it comes to the NHS and its patients.

“The best products don’t win. The ones everyone use win,” wrote Andrew Bosworth, a Facebook executive, in a 2016 post on the company’s internal network that was leaked to and published by BuzzFeed (2).

This post from Bosworth acknowledged that adding more users and getting them to spend even more time on Facebook was a business imperative above all.

What Happens When We Move Fast and Break Things in Healthcare

In healthcare, it is easy to see how this sort of attitude starts to open major risks in clinical safety and the governance needed to make sure there that the technologies being opened up for looking after the citizens have a certain level of robustness. This has recently been reflected in concerns raised by clinicians over Babylon’s chatbot (3). Ali Parsa, their CEO, suggested that the peer review process was outdated, which conversely opened up Babylon’s paper to more peer scrutiny (4), when they, rather bravely, did publish their data. Being a fellow entrepreneur I feel his pain, but being a doctor, patient safety should never be compromised.

Across the pond, a blood-testing company that was once the toast of Silicon Valley, which, at its peak reached a massive $ 9 billion dollar valuation (5), shut down in 2018 (6). The company was going to revolutionise blood testing by bringing its proprietary point of care testing to the market. Their proprietary machines would at times produce results which would expose some patients to a risk of internal bleeding or stroke, however. Once these concerns were brought to light Theranos very quickly liquidated.

Lyfebin allows doctors and nurses to store medical images in a compliant environment in the USA. But the files were found stored in an unprotected Amazon Web Services (AWS) storage bucket, without a password, allowing anyone who knew the easy-to-guess web address access to the data (6). 93,000 patient images had been exposed.

Cambridge’s deployment of Epic’s electronic patient record (EPR) was the first implementation of the US supplier’s EPR this side of the pond. Part of the trust’s £200 million eHospital programme, Epic went live on 26 October 2014.

Difficulties quickly followed. A major incident was declared (7) a week after go-live, due to instability with the EPR. In the longer term, the eHospital project contributed to major financial difficulties at the trust, which in turn led to a highly critical CQC report, and the imposition of special measures (8). One of the biggest challenges most overlooked in this implementation was the change management required and also the hardware/infrastructure challenges.

The healthcare system is a complex place. Its primary goal is help patients live. Tech companies approach to that is akin to Facebook’s approach to democracy — it’s a data opportunity.

This is visible in the UK with messaging/task management solutions suggesting that they comply with regulations and advising doctors and nurses to use their solution in their hospitals/practice to share patient identifiable data, for free (9).

Gary McAllister, CTO at Guys and St Thomas’ raises such a critical point here about Forward Health, who claim to be in use in 140 Trusts (approximately 70% of Trusts) (10). We know the old adage that nothing is free. Facebook has shown us that. We pay with either our data (in this case the staff of the NHS) or worse still here, patient data. Many questions arise in this model as seen by the twitter conversation which ensues.

However, on the converse, innovators struggle to sell to the NHS due to many challenges such as procurement (11). To aid with this certain accelerators have been initiated such as Digital Health London (12) and NHS Innovation Accelerator (13).

Move Slow and Build Things

So then what is the right speed? There is no fixed time of course. But, implementing digital transformation into the NHS, I suggest a few things it is imperative to get right before thinking of scaling. This takes time sadly. I will take you through some of the key learnings we have had whilst transforming communication away from non emergency pagers at West Suffolk NHS Trust, which is a GDE. Pagers were replaced by Medic Bleep, an instant communication solution which sits of either staff’s own devices, Trust owned devices or a mixture.

It was imperative to us, prior to scaling, we got the key issues and challenges right. That we understood how to mitigate the inherent risk which comes with replacing or indeed adding to communication channels which exist in healthcare, with 70% of all errors in healthcare down to poor communication (16).

Governance and Clinical Safety

Making sure that we protected patient data with the correct security but also processes was a critical part of this.

In order to do this we, with our partner, WSH, made sure that our Information Governance processes were robust. This meant getting an ISO 27001 during this process. A formal data processing agreement needs to be in place with each authority before clinicians are legally protected to share patient data via such a solution as the Authority is the data controller (17).

It also helped us understand that staff can not share data outside of their Trust/CCG unless there are data sharing agreements in place with other organisations. For example, a clinician at West Suffolk NHS Trust can share data with another doctor if needed at ESNEFT, however, they can not do so to Leeds NHS Trust, as there is no data sharing agreement in place between WSH and Leeds NHS Trust (18)

These are clearly not the processes being followed by certain communication companies who encourage doctors and nurses to download wherever they are and start sharing patient data (19). This is exposing an extremely large number of patient data points inappropriately and putting NHS Trusts at major risk of ICO breaches.

Digitisation of data naturally attracts added clinical risk. We worked with the Trust to ensure that any added clinical risk was mitigated through a careful and dynamic risk assessment mandated by the Health & Social Care Act called DCB0160 and DCB0129 (20). This remains a dynamic and collaborative process making sure that Medic Bleep is safe and that any clinical risk is mitigated to prevent patient harm.

Some of the key questions which came out of this in conjunction with healthcare professionals in the Trust:

  • Can we introduce a communication system such as Medic Bleep in conjunction/alongside pagers? The answer to this was a resounding ‘no’. This is because it would further fragment the communication methods in use and put further clinical risks in place with a staff member unclear how to contact another individual. Quite the opposite of what such a solution would actually be aiming to achieve.
  • Can we release such a system to certain departments? Again this fragments communication methods and introduces risks.
  • Can we release such a solution without the correct infrastructure in place such as a robust WiFi and fall back options in place? Absolutely not. The solution is only as good as the infrastructure it is built on. So a large part of what we did was work in conjunction with infrastructure partners like Wifi Spark to get these processes right.

But before this was all in order, the solution could not be deployed. As you can imagine, this takes time.

Communicating the Change

Naturally there was a degree of caution towards change, particularly regarding changes to working practice. Historically staff have not been allowed to use smartphones in a clinical setting and there were some concerns that patients would not like this.

The trust and our team delivered thorough staff training and drop-in sessions to help build confidence in using Medic Bleep and counter change fear. It was also important to communicate the change with patients, to explain why healthcare professionals are using smartphone at the bedside, to help mitigate the risk of negative experience for patients.

During this process we interviewed over 60 patients and relatives to help understand what their fears and worries would be and to involve them in that change. It helped build up a picture of how we should be communicating this massive change to the patients and relatives so that they did not feel staff were being rude by using their own phones.

Bring Your Own Device (BYOD)

The trust adopted a BYOD strategy with a robust policy that permits staff to use their own smartphones and also provided a small number of managed devices for staff that didn’t own a smartphone or did not want to use their own device. We worked closely with Samsung on this to make sure this solution would work.

The BYOD was not a policy which was in place prior to us being deployed. We worked closely with the Trust to make sure the policy was robust and proactively engaged with unions such as the BMA to make sure they would not have any contentions with the policy.

Despite some staff stating concerns before Go-Live, the vast majority of staff have opted to use their own device and patient surveys have not revealed any issues with perception about their use around patients.

For those individuals whom were mostly desktop based, it was imperative that Medic Bleep also has a browser (web) interface, so staff have the full flexibility of using a smartphone or desktop as they go about their work. Understanding the differences in use from clinical team members on desktops and more operational staff was critical, especially from a governance perspective. For example, in clinical areas, where computers were public facing and also being hotdesked, what was the appropriate length of time to time out their Medic Bleep session. How would that same time out work for mainly oeprational desk based staff? Would it? It would not. We made sure we could solve these potential major hurdles.

Changing Processes

A technology is just a technology till processes are changed around the solution which improves the working lives of staff and impacts positively on patient care. At this point it becomes a solution.

We mapped out key communication pathways and processes in conjunction with healthcare staff to identify areas where efficiencies can be made, but also to ensure that a bespoke solution was created, specific to West Suffolk NHS Foundation Trust.

Part of this was also changing and creating new standard operating procedures such as managing how escalation of care is communicated and managed. Business continuity processes were completely re written around Medic Bleep. Other processes which were re written were IT support.


There are two modes of evidence which we gather, quantitative and qualitative. Being a clinician, I would not prescribe a drug to a patient without robust peer reviewed evidence. So, likewise, I expect the same from us, as a technology provider.

We produced a time and motion study which was published in a peer review journal showing our technology and redesign of processes, saved each nurse and each junior doctor 21 minutes and 48 minutes respectively (21).

In other evidence we showed that using Medic Bleep and our specifically redesigned processes saved an average of 20 minutes per task.

We also had independent health economists involved to help understand how much efficiency we can help release in the system. For a 400 bed acute hospital we can help release the time of 18 full time equivalent nurses and junior doctors each over a year.

They also helped us understand how much efficiency we could release in financial terms; £2.5 million per year for a 400 bed acute hospital.

Had we not have taken this, appropriately ‘slow’ approach, we would not know most of the issues which could arise, how to mitigate them and hence put patient safety and data at risk. This, to us, was and is never an option. It has also allowed us to robustly understand the value we deliver to the healthcare system, the tax payers and the staff that work in it.

Final Thoughts

If you are an innovator: find the right team. Find the right investors to back you. Do not take on too much capital initially else you will have to focus too much on growth before you have genuinely solved the entire problem and got to the solution. But then, when you have solved it all, you are truly ready to scale and you will win over the market.

NHSX — there are some major issues here which need to be addressed right here right now with regards to patient data, clinical safety and governance.

If you are are an NHS Executive; the tech is 10–15% of the actual solution usually. The more challenging things are people, people, people and process. You should ask extremely challenging questions of your suppliers and make sure they have a true ability to understand, empathise and hence deliver the full solution, or is it just tech?

If you are an investor, be patient. Help the companies make the right moves and to make an effective solution prior to premature growth. For premature growth ends in failure as we have seen multiple times.

In short, the “move fast and break things” era is over. “Minimum viable products” must be replaced by “minimum virtuous products” — new offerings that test for the effect on stakeholders and build in guards against potential harms.

About the Author

A GP trainee by background with a masters in Paediatrics.

I am passionate about remodelling health and social care; not just in the NHS, but globally. I believe that health/med tech will help enable and underpin this.

Our work has been mentioned in Parliamentary Bill to #PurgeThePager put forward by Matt Hancock and our study to show each nurse and each junior doctor save 21 minutes and 48 minutes with Medic Bleep of which I am the Founder.

I am also an Innovation Mentor for GP trainees and GPs at the Royal College for GPs alongside Faculty at Harvard Medical School for Postgraduate Teaching for Surgical Leadership and Innovation.

I am also a Member of the Faculty of Clinical Informatics and Faculty of Medical Leadership and Management.

I am also experienced in running of nursing and care homes, especially looking at mergers and acquisitions along with transformation projects.

Find me on LinkedIn: https://www.linkedin.com/in/drsandeepbansal/


(1) https://mashable.com/2014/04/30/facebooks-new-mantra-move-fast-with-stability/?europe=true

(2) https://www.buzzfeed.com/ryanmac/growth-at-any-cost-top-facebook-executive-defended-data

(3) https://inews.co.uk/news/babylon-health-doctor-app-nhs-does-it-work-505040

(4) https://www.stamfordadvocate.com/technology/businessinsider/article/An-AI-startup-that-claimed-it-can-beat-doctors-in-13227338.php

(5) https://www.forbes.com/sites/roomykhan/2017/02/17/theranos-9-billion-evaporatedstanford-expert-whose-questions-ignited-the-unicorn-trouble/#13379f26be85

(6) https://techcrunch.com/2019/12/20/lyfebin-medical-imagees-exposed/

(7) https://www.digitalhealth.net/2014/11/testing-times-for-epic-at-cambridge/

(8) https://www.digitalhealth.net/2015/09/cambridge-put-in-special-measures/

(9) https://sifted.eu/articles/messaging-apps-for-doctors-siilo-and-forward-health-want-to-become-slack-for-healthcare/

(10) http://www.thehtn.co.uk/2019/06/27/htn-100-news-brief/

(11) https://www.wired.co.uk/article/nhs-matt-hancock-technology-innovation


(13) https://www.ft.com/content/ef014a68-4eba-11e8-ac41-759eee1efb74

(14) https://digitalhealth.london

(15) https://nhsaccelerator.com

(16) https://www.ncbi.nlm.nih.gov/books/NBK43663/

(17) https://www.bpe.co.uk/services/need/data-protection-the-gdpr/brilliantly-simple-guide-to-the-gdpr/what-are-data-processing-agreements/

(18) https://www.thewaltoncentre.nhs.uk/uploadedfiles/FOI/Data%20Sharing%20Agreement%20Policy%20FOI.pdf

(19) https://techcrunch.com/2018/10/05/forward-health/

(20) https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb0129-clinical-risk-management-its-application-in-the-manufacture-of-health-it-systems

Top 5 Asians in UK Health Tech. Innovation mentor @RCGP & faculty @HarvardMed. Revolutionising Communications Within Health & Care Organisations; NHS & Beyond.