Boundary Governance
Boundary governance is the discipline of governing clinical pathways, data flows, and responsibility chains where they cross organisational boundaries. It addresses a structural problem that internal governance frameworks are not designed to solve: the coordination of autonomous organisations with different systems, cultures, legal obligations, and risk appetites.
Within a single organisation, governance assumes a unified authority structure. Policies can be mandated, compliance can be enforced, and accountability follows clear lines. At an organisational boundary, these assumptions break down. No single organisation has authority over the entire pathway. Each party governs its own domain, but the patient journey spans both domains, and the gaps between them are where risk concentrates.
Boundary governance provides the analytical framework for identifying where these gaps exist, assessing their severity, and building shared infrastructure to close them. The Seven Flows framework defines the governance invariants that must hold at every boundary crossing. LSPPT provides the discipline structure for ensuring completeness across legal, safety, people, process, and technology dimensions. Together, they give organisations a shared language for reasoning about cross-boundary risk and a methodology for addressing it systematically rather than reactively.
Primary reference: Governance InfrastructureSeven Flows
The Seven Flows are governance invariants that define the conditions under which clinical data and responsibility may move safely across organisational boundaries. The seven flows are: Identity, Consent, Provenance, Clinical Intent, Alert & Responsibility, Service Routing, and Outcome.
These are not workflows in the process-mapping sense. They are properties that must hold true at every boundary crossing for that crossing to be governable. If a patient's identity cannot be reliably established across systems, no downstream governance can compensate. If consent is not reconciled at the boundary, data may flow where it should not. If clinical intent is lost in translation, the receiving organisation acts on incomplete information.
The flows are ordered by dependency. Upstream flows constrain downstream flows. Identity must be established before consent can be meaningful. Consent must be reconciled before provenance can be trusted. This dependency chain explains why failures in early flows cascade through the entire governance structure. A weakness in identity assurance does not just create an identity problem; it undermines every subsequent flow that depends on knowing who the patient is. The Seven Flows framework gives governance teams a structured way to assess boundary crossings and identify which flows are robust, which are fragile, and which are absent entirely.
Primary reference: The Seven FlowsLSPPT
LSPPT stands for Legal, Safety, People, Process, Technology. It is a framework for assessing governance completeness across the five disciplines required to govern any clinical pathway that crosses an organisational boundary.
The framework distinguishes between constitutional disciplines and operational disciplines. Legal and Safety are constitutional: they define the boundaries within which all operational activity must occur. Statutory obligations cannot be overridden by operational convenience. Clinical safety standards are not negotiable regardless of efficiency pressures. These constitutional disciplines constrain the remaining three.
People, Process, and Technology are operational disciplines. People addresses the human factors: training, role clarity, competency frameworks, and the cultural conditions that support safe boundary crossing. Process addresses the workflows, handover protocols, escalation procedures, and coordination mechanisms that govern how organisations interact. Technology addresses the systems, integrations, data standards, and technical infrastructure that enable or constrain what is operationally possible.
LSPPT provides a completeness check. Organisations frequently invest heavily in technology while underinvesting in people and process. Or they establish legal agreements without addressing the safety implications of the arrangements those agreements describe. LSPPT ensures that governance assessment covers all five disciplines, and that constitutional constraints are respected before operational solutions are designed.
Primary reference: LSPPT FrameworkMVRT (Minimum Viable Responsibility Transfer)
Minimum Viable Responsibility Transfer defines the minimum set of governance conditions that must be satisfied for clinical responsibility to transfer safely across an organisational boundary. It is the threshold below which a care transition introduces unacceptable risk to patient safety, care quality, or governance completeness.
MVRT addresses a specific problem: organisations frequently transfer responsibility without confirming that the receiving organisation has the information, capacity, and governance infrastructure to accept it safely. A hospital discharges a patient into community care with the expectation that monitoring will continue at a certain frequency. If the community provider lacks capacity, capability, or awareness of that expectation, the transfer has fallen below the minimum viable threshold. The patient's care pathway has crossed a boundary, and the governance conditions changed without anyone explicitly acknowledging the change.
MVRT provides a structured way to define what "enough" looks like for each boundary crossing. It is not always obvious when a responsibility transfer is inadequate. Gaps can be masked by documentation that describes intended arrangements rather than actual ones, or obscured by assumptions that both organisations share the same understanding of roles and responsibilities. MVRT makes the minimum requirements explicit, so that governance teams can assess whether each transfer meets the threshold before harm occurs rather than after an adverse event reveals the gap.
Primary reference: MVRT SeriesChoreography
Choreography describes coordinated clinical activity across autonomous organisations. It is distinguished from two other coordination models: orchestration, which assumes a central controller directing all participants, and process, which assumes a single authority defining the workflow end to end.
In healthcare, most cross-boundary clinical activity is choreographic. No single organisation controls the entire patient pathway from primary care through secondary care, community services, social care, and specialist providers. Each organisation maintains sovereignty over its own operations. Each makes decisions based on its own clinical judgement, its own governance framework, and its own resource constraints. Yet the patient experiences a single journey that spans all of these autonomous domains.
Boundary governance is inherently choreographic because it must work without assuming central control. The governance infrastructure cannot mandate how each organisation operates internally. Instead, it defines the conditions that must hold at the boundaries between organisations, the evidence that must be exchanged, and the signals that indicate when governance alignment has broken down. Choreography requires more sophisticated governance than orchestration precisely because there is no central authority to enforce compliance. Each organisation must choose to participate, and the governance framework must make participation valuable rather than burdensome.
Primary reference: LSPPT FrameworkConstitutional Domain
The constitutional domain refers to the Legal and Safety disciplines within the LSPPT framework. These disciplines are termed constitutional because they constrain all operational activity in the same way that a constitution constrains the laws a government may pass. Constitutional requirements cannot be overridden by operational convenience, efficiency pressures, or resource constraints.
Legal obligations are constitutional because they are externally imposed and non-negotiable. Data protection legislation, duty of care, statutory reporting requirements, and contractual obligations define the legal boundaries within which organisations must operate. No amount of operational efficiency justifies breaching a legal requirement. Safety standards are constitutional for the same reason: clinical safety requirements exist to protect patients, and they cannot be relaxed because a process would be easier without them.
The constitutional domain matters for boundary governance because it establishes the non-negotiable constraints that operational disciplines must respect. When organisations design cross-boundary processes, they must first confirm that the proposed arrangements satisfy constitutional requirements. Only then can they optimise for efficiency, usability, or cost. This ordering is not arbitrary. It reflects the principle that patient safety and legal compliance are preconditions for operational activity, not trade-offs against it. Organisations that design operations first and assess constitutional compliance afterward frequently discover that their operational designs violate constraints they cannot change.
Primary reference: LSPPT FrameworkMaterial Boundary: The Governance of Care Transitions
A material boundary is the point in a care transition where clinical responsibility, data, or governance obligations transfer between legally distinct entities. While internal handovers occur within a single trust, a care transition across a material boundary creates a structural risk that must be explicitly managed.
The distinction matters because organisations cross many boundaries in the course of clinical operations. Departments within a hospital interact across departmental boundaries. Teams within a service hand over between shifts. These are boundaries, but they typically operate within a unified governance structure with shared policies, shared systems, and shared accountability. A material boundary is different: the organisations on each side have different legal identities, different governance frameworks, different systems, and potentially different standards of care.
Identifying material boundaries is the first step in boundary governance assessment. The Boundary Risk Assessment methodology asks organisations to map their clinical pathways and identify where material boundaries exist. For each material boundary, the assessment examines which of the Seven Flows are present, how LSPPT disciplines are addressed, and whether material variance in responsibility transfer exists. Not every boundary requires the same level of governance investment. Material boundaries are those where the governance consequences of the crossing are significant enough to warrant explicit attention and structured assurance.
Primary reference: Boundary Risk AssessmentCascading Failure
Cascading failure is a failure mode where a governance gap at one boundary propagates through downstream boundaries, amplifying risk at each crossing. In boundary governance, cascading failure explains why certain governance failures are disproportionately damaging: they do not stay contained at the point of origin.
The Seven Flows framework makes cascading failure structurally visible. The flows are ordered by dependency: Identity, Consent, Provenance, Clinical Intent, Alert & Responsibility, Service Routing, and Outcome. A failure in Identity does not just mean the patient cannot be identified at one boundary. It means that consent cannot be reliably attributed, provenance cannot be verified, clinical intent may be misrouted, and alerts may reach the wrong recipient. The failure cascades through every downstream flow because each flow depends on the integrity of those above it.
Cascading failure also occurs across boundaries. A governance gap at the first boundary in a patient pathway creates uncertainty that accumulates at each subsequent boundary. If the first handover did not reconcile consent, the second handover inherits that gap and adds its own. By the third boundary crossing, the cumulative governance uncertainty may be substantial even though each individual boundary appeared to function adequately in isolation. This is why boundary governance must be assessed as a system rather than as a collection of individual boundary crossings.
Primary reference: The Seven FlowsEvidence Reconciliation
Evidence reconciliation is the process of confirming that governance evidence from one organisation aligns with the governance expectations of the receiving organisation at a boundary crossing. Without reconciliation, each organisation maintains its own evidence in isolation, and gaps between them remain invisible until an adverse event exposes them.
In practice, evidence reconciliation addresses a specific failure mode: the assumption of alignment. Organisation A believes it has transferred clinical responsibility with adequate documentation. Organisation B believes it has received an adequate handover. Both organisations have evidence that their own processes were followed. But neither has confirmed that the evidence produced by one matches the expectations of the other. The sending organisation documented what it sent; the receiving organisation documented what it received. Whether those two accounts are consistent is unknown.
Evidence reconciliation makes this comparison explicit. It asks: does the governance evidence produced at the sending boundary satisfy the governance requirements at the receiving boundary? Are the consent records compatible? Do the clinical summaries contain what the receiving clinician needs? Are the responsibility transfers documented in terms that both organisations recognise? This reconciliation is not automatic and it is not trivial. It requires shared definitions, compatible evidence formats, and a mechanism for identifying and resolving discrepancies. Without it, governance evidence accumulates on both sides of a boundary without ever being tested for consistency.
Primary reference: Boundary Risk AssessmentLighthouse Project
A lighthouse project is a controlled, bounded implementation of boundary governance designed to demonstrate value before wider adoption. The term reflects the purpose: to illuminate what works in a specific context, generating evidence and confidence that governance infrastructure delivers measurable benefit.
Lighthouse projects are deliberately constrained in scope. They focus on a single clinical pathway, a specific boundary crossing, or a defined set of organisations. This constraint reduces risk: the governance infrastructure is tested in a bounded environment where failures can be contained, learned from, and corrected before wider deployment. The constraint also reduces cost: organisations invest in proving the approach works before committing to system-wide implementation.
The evidence generated by a lighthouse project serves multiple purposes. It demonstrates to leadership that governance infrastructure produces tangible improvements in safety, efficiency, or assurance quality. It provides operational teams with practical experience of working within the governance framework. It surfaces implementation challenges that theory alone cannot predict. And it creates a reference case that other parts of the system can learn from. A well-designed lighthouse project does not just prove that governance infrastructure works in the abstract. It proves that it works here, with these organisations, on this pathway, under these constraints. That specificity is what makes the evidence credible and the case for wider adoption compelling.
Primary reference: DiscoveryExplore the Framework
These concepts underpin our governance infrastructure. Start with the Seven Flows or assess your current boundaries.
The Seven Flows Check Your Score