How yesterday’s systems are causing today’s clinical safety issues
- 28 August 2025
Complex challenges associated with legacy digital systems demand a collaborative response from clinical safety officers (CSOs), write Kimberley Dawson, Ben Jeeves and Sascha Mullen
Legacy systems, while often essential to current clinical operations, pose increasing risks due to obsolescence, lack of vendor support, data integrity issues, and inadequate clinical safety assurance.
These systems are frequently overlooked in strategic digital planning. The true scale and complexity of the problem is significantly underestimated at both local and national levels.
A session at Digital Health Summer School 2025 highlighted both the urgency of the issue and the energy within the CSO community to take action, surfacing real-world insights from the frontline.
Many organisations lack even a basic inventory of legacy clinical systems, and there is little clarity around their operational relevance, data dependencies, or integration with newer platforms.
This lack of visibility creates a blind spot for risk, where outdated systems continue to support clinical decisions without formal assurance or governance oversight.
The fragmented nature of system ownership and support arrangements makes it difficult to assess the cumulative risk posed by legacy technologies, particularly where decommissioning processes are ad hoc or entirely absent.
Patient safety risks
There is deep and widespread concern among CSOs about the lack of clinical safety assurance surrounding legacy systems.
Many of these systems were implemented long before the introduction of current clinical safety standards, such as DCB0129 and DCB0160, and have never undergone formal safety assessments or hazard logging.
As a result, they operate without the structured governance, risk controls, or documentation that underpin safe clinical digital practice today.
This absence of assurance leaves organisations exposed, not only to patient safety risks but also to regulatory, legal, and reputational consequences.
Legacy systems continue to be used for decision-making, data retrieval, or clinical documentation without any visibility of the underlying risk.
Their continued use increases the likelihood of avoidable harm, undermines trust in digital systems, and places significant operational and legal strain on provider organisations.
They can also hinder progress by diverting resources away from innovation and transformation efforts.
In many cases, the knowledge of system function and limitations rests with a single individual or small group, introducing critical points of failure.
The lack of traceability, system audit trails, or formal support arrangements further compounds the risk.
Collectively, these issues create an unstable digital environment in which clinicians are left to operate without confidence in the tools they are expected to rely on.
How can we tackle clinical safety risks?
The risks associated with legacy systems cannot be tackled in isolation.
Effective management of legacy digital debt demands coordinated, multi-tiered action across all levels of the healthcare system, national, regional, and local.
The current approach is often fragmented, with responsibility for managing legacy systems unclear or inconsistently applied.
Without a coherent and unified framework, trusts are left to navigate complex safety, compliance, and operational challenges with limited guidance or support.
We need national leadership to establish clear standards, mandate supplier accountability (even for unsupported or outdated products), and embed clinical safety considerations into both regulatory and procurement frameworks.
At a regional level, there is a growing appetite for collaboration, sharing of tools, training, capacity, and good practice, to help organisations with fewer resources meet baseline expectations.
Locally, within trusts, there is a need for greater investment in CSO capacity, structured governance mechanisms to identify and assess legacy risks, and formal recognition of the CSO role as a critical safety function.
Without this alignment, the systemic nature of legacy risk will continue to outpace the capacity of individual organisations to manage it effectively.
Clinical safety leadership
The clinical safety community needs to lead from within. While national policy and local investment are critical, meaningful progress on legacy digital risk also depends on collective, grassroots effort.
CSOs must support one another across organisational boundaries by pooling expertise, sharing tools and templates, and building a culture of transparency around clinical safety challenges.
Tangible community-led initiatives could include the creation of peer support networks, cross-trust forums for shared incident learning, and repositories of light-touch safety documentation tailored for legacy environments.
These approaches are essential to bridging the gap between policy and practice – especially for trusts with limited capacity or maturity in digital safety.
By working collaboratively, the CSO community could accelerate progress, drive standardisation from the ground up, and ultimately influence wider system-level change in how legacy risks are identified, assessed, and addressed.
As the NHS and wider health sector continue to accelerate digital transformation driven by the ambition to deliver safer, more effective, and more personalised care, the scale of legacy digital debt is becoming increasingly unsustainable.
Without deliberate action, the gap between assured and unassured systems will widen, amplifying risk and complexity.
Managing this challenge requires more than technical upgrades; it demands a system-wide commitment to proactive clinical safety governance, informed decision-making, and shared accountability.
The Digital Health Networks CSO Council, which launched in July 2024, is uniquely positioned to lead the charge.
By setting clear expectations, championing the case for investment in safety and decommissioning capacity, and driving alignment across national, regional, and local levels, it can play a central role in reshaping how the system responds to legacy risk.
The time to act is now.
By equipping organisations with the tools, frameworks, and peer support they need, we can collectively future-proof our clinical systems, strengthen public and professional confidence in digital care, and, most importantly, safeguard the wellbeing of the patients and staff who rely on them every day.
Sascha Mullen, chief nursing information officer and clinical safety officer, Frimley Health NHS Foundation Trust; Kimberley Dawson, senior clinical safety officer, Bedfordshire Hospitals NHS Foundation Trust; Ben Jeeves, chief clinical information officer, T-Pro
This article reflects the key themes captured at an interactive breakout session at Digital Health’s Summer Schools 2025.
