What are the Seven Flows in clinical handover governance?

The Seven Flows are governance invariants that must hold at every clinical handover: Identity (patient and practitioner identification), Consent (permission for sharing), Provenance (information lineage), Clinical Intent (purpose of access), Alert and Responsibility (ownership assignment), Service Routing (clinical routing decisions), and Outcome (episode closure). Each flow exists because a specific category of handover failure occurs without it.

Why do clinical handovers fail between NHS organisations?

Clinical handover failures occur when governance conditions are implicit rather than explicit. Common failure modes include identity mismatches, consent not checked at the point of sharing, unclear provenance of clinical information, ambiguous responsibility assignment, and missing outcome closure. The Seven Flows framework makes these conditions explicit at each handover point.

How do the Seven Flows support DCB 0129 and DCB 0160 compliance?

The Seven Flows generate clinical safety evidence as a byproduct of governed operations. Rather than documenting safety retrospectively, the framework makes safety conditions explicit at runtime. Hazard identification, risk controls, and audit trails emerge from normal handover operations, supporting continuous compliance rather than periodic assessment.

The Seven Flows of Clinical Handover Governance

What are the Seven Flows in healthcare?

The Seven Flows are a healthcare-specific governance framework for clinical handovers, interoperability, and distributed care delivery.

They define the minimum governance required to keep patients safe when care, data, alerts, or clinical responsibility move between:

general practice
community services
acute trusts
mental health services
remote monitoring and virtual wards

The Seven Flows address questions that interoperability alone does not answer:

Who is responsible right now?
Is this sharing permitted for this purpose?
Can this information be trusted?
Did the handover complete safely?

In short: Fast Healthcare Interoperability Resources (FHIR) enables data to move. The Seven Flows enable care to move safely.

Clarification

How the Seven Flows differ from traditional clinical governance

Traditional clinical governance frameworks — such as the widely used Seven Pillars of Clinical Governance — focus on organisational quality, accountability, and continuous improvement within a care provider.

The Seven Flows address a different problem.

They describe the safety-critical information flows that must be governed when care moves between systems, teams, and organisations — particularly in interoperable, distributed, and digitally mediated healthcare.

Where traditional governance asks "Is this organisation delivering safe and effective care?" the Seven Flows ask "Can this patient safely move from here to there without loss of identity, consent, context, or accountability?"

The Seven Flows are therefore an infrastructure-level governance model, rather than an organisational quality framework.

The Problem

Why handovers fail — even when systems work

Digital systems are very good at managing activity within organisations. They are far less effective at governing what happens between them.

When care crosses organisational boundaries:

Responsibility blurs
Consent assumptions leak
Provenance is lost
Alerts fragment
Outcomes fail to close

These failures are not visible inside any single system. They emerge between systems — which is why they are so difficult to see, measure, or govern.

Interoperability answers one question: Can data move?

The Seven Flows answer the harder ones: Should it? Who owns it? And what happened as a result?

The Model

The minimum governance required for safe care

The Seven Flows are governance invariants.

They define the minimum conditions that must hold whenever care, data, alerts, or clinical responsibility move across organisational boundaries — regardless of:

care setting
employer
system vendor
pathway design

If any Flow is missing, risk accumulates silently.

The Seven Flows

Governance that travels with care

The Seven Flows are governance invariants. Each Flow defines a condition that must hold when care moves across organisational boundaries.

01

Identity

Who is this about — and who acted?

Ensures confident patient and practitioner identification across organisational boundaries.

Confident patient identification across systems and settings
Clear attribution of actions to individuals, teams, and organisations
Matching confidence and identity provenance are explicit

Without Identity

Errors propagate
Accountability dissolves
Audit becomes meaningless

Explore identity governance →

02

Consent

Is this permitted — right now, for this purpose?

Ensures patient permission is explicit, portable, and enforceable across organisational boundaries.

Consent is contextual, granular, and time-bound
Lawful basis and patient preferences are explicit at the moment of exchange
Sharing is governed when it happens — not assumed from prior encounters

Without Consent

Data may flow legally but unsafely
Clinicians hesitate or over-share
Organisations absorb compliance risk unknowingly

Explore consent governance →

03

Provenance

Where did this come from — and can I trust it?

Ensures information lineage, confidence, and currency are visible at the point of clinical decision.

Source systems, transformations, and inferences are traceable
Confidence, currency, and derivation are visible
AI outputs carry lineage, not mystique

Without Provenance

Decisions rest on unexamined assumptions
Safety reviews collapse into blame
Learning becomes impossible

Explore provenance governance →

04

Clinical Intent

Why is this happening?

Ensures the purpose of access, sharing, or action is explicit and appropriate to care needs.

Purpose of access, alert, referral, or request is explicit
Data minimisation becomes enforceable
Governance distinguishes care from curiosity or convenience

Without Clinical Intent

Systems optimise throughput, not appropriateness
Alerts become noise
Data use drifts beyond its original purpose

Explore clinical intent governance →

05

Alert & Responsibility

Who owns the next action?

Ensures escalations are explicitly assigned and acknowledged across organisational boundaries.

Escalations are explicitly assigned
Ownership is acknowledged — not inferred
Responsibility transitions are visible and auditable

Without Alert & Responsibility

Alerts fire into voids
Responsibility fragments
Harm emerges quietly

Explore alert & responsibility governance →

06

Service Routing

Where should this go — and why?

Ensures referrals and escalations reach the right service with appropriate context.

Requests and escalations route based on clinical need, capability, and context
Routing decisions are explainable and reviewable
Context travels with the referral

Without Service Routing

Patients bounce
Context is lost
Capacity problems masquerade as clinical failures

Explore service routing governance →

07

Outcome

What actually happened — and did the episode close?

Ensures care episodes close deliberately and feed learning across organisational boundaries.

Actions complete with explicit closure
Outcomes feed learning, not just reporting
Episodes end deliberately — not by attrition

Without Outcome

Safety loops never close
Improvement stalls
Harm repeats invisibly

Explore outcome governance →

Clarification

What the Seven Flows are — and are not

The Seven Flows are not

another data standard
a replacement for Electronic Patient Records (EPRs) or core clinical systems
a workflow engine
a centralised control system

They are

a governance substrate that existing systems can rely on when care crosses boundaries

They sit beneath integration — making handovers safe without dictating how care is delivered.

Internal Coherence

How the Seven Flows interact

The Seven Flows do not operate independently. They function as a set of reinforcing governance invariants that must hold together at each handover point.

Identity anchors who the handover concerns. Consent and Clinical Intent determine whether and why it should occur. Provenance establishes what can be trusted. Alert & Responsibility and Service Routing govern who acts next and where care moves. Outcome closes the loop, ensuring that actions complete and learning feeds back into the system.

When all seven hold, handovers are safe, auditable, and intelligible. When one fails, pressure shifts to the others — and risk accumulates silently between systems.

Boundary

Why interoperability alone is insufficient

Interoperability focuses on movement. Governance focuses on appropriateness, responsibility, and closure.

Standards such as FHIR answer a necessary — but incomplete — question:

Can data move between systems?

They do not answer:

whether sharing is appropriate for this purpose, at this moment
who becomes responsible when information is received or acted upon
how escalation is acknowledged, owned, and closed
whether an episode or decision completed safely

As a result, data can flow perfectly while care becomes unsafe.

This is not a failure of interoperability. It is a gap in governance.

The boundary the Seven Flows address

The Seven Flows sit alongside interoperability — not above it, and not instead of it.

Interoperability enables exchange
The Seven Flows govern what that exchange means

They ensure that when data, alerts, or decisions cross organisational boundaries:

responsibility is explicit
consent and lawful basis are evaluated in context
provenance and confidence are visible
escalation does not dissipate
outcomes close deliberately

In short: Interoperability enables data to move. The Seven Flows ensure care can move safely.

This is the boundary where neighbourhood health succeeds or fails — and where governance must travel with care.

Clinical Safety

A Data Coordination Board (DCB) 0129 / DCB 0160 framing

From a clinical safety perspective, the Seven Flows address systemic hazard classes, not isolated incidents.

They target risks that arise between organisations, systems, and teams — where traditional safety controls are weakest and responsibility is most diffuse.

Specifically, the Seven Flows mitigate hazards including:

Misidentification and misattribution (Identity)
Inappropriate disclosure, restriction, or misuse of information (Consent, Clinical Intent)
Use of unreliable, outdated, or misunderstood information (Provenance)
Unowned alerts and missed escalations (Alert & Responsibility)
Incorrect routing or loss of clinical context at transition points (Service Routing)
Failure to close safety-critical loops (Outcome)

These hazards are rarely visible within any single system. They emerge at handover boundaries, often without triggering conventional incident reporting until harm has already occurred.

Safety by design, not retrospective assurance

Rather than generating safety evidence after the fact, the Seven Flows make safe handover conditions explicit at runtime:

responsibility is declared, not inferred
consent and lawful basis are checked at the point of use
provenance and confidence are visible at decision time
alerts are owned, acknowledged, and closed

Auditability and assurance emerge as a byproduct of care delivery, not as a parallel governance burden.

A practical safety mapping

The relationship between the Seven Flows and clinical safety hazards can be expressed simply:

Flow	Hazard class addressed	Typical NHS scenario
Alert & Responsibility	Missed or unowned escalation	Remote monitoring alert breaches threshold but no team is explicitly accountable to act

This pattern repeats across all Seven Flows. Each Flow controls a known hazard class that manifests during real-world handovers — not theoretical failures.

(A full mapping can be expanded where needed for safety cases, DCB submissions, or local assurance.)

What this enables

This approach supports a DCB 0129 / DCB 0160-aligned safety posture across:

distributed care models
multi-organisation pathways
remote monitoring and virtual wards
AI-supported clinical decision processes

— without requiring system centralisation, workflow replacement, or wholesale platform change.

In short: the Seven Flows operationalise clinical safety at the point where risk actually arises — the handover.

Application

When to apply the Seven Flows

The Seven Flows are applied at handover points — not to whole pathways or systems.

They should be made explicit whenever any of the following occur:

Apply the Seven Flows when:

Care moves between organisations e.g. GP → community service, community → acute, monitoring hub → neighbourhood team
Clinical responsibility changes or becomes shared e.g. step-down care, virtual wards, multidisciplinary oversight
Alerts or signals require action beyond the originating team e.g. remote monitoring thresholds, abnormal results, safeguarding flags
Information is reused outside its original context e.g. summaries, shared assessments, AI-supported decision inputs
Escalation is possible but not guaranteed e.g. advisory alerts, trend-based monitoring, ambiguous thresholds
Episodes are expected to close across boundaries e.g. discharge, referral completion, community follow-up

When not to apply them

The Seven Flows are not required for:

purely internal workflows within a single team
operational scheduling or capacity management
data movement with no clinical decision or responsibility attached

They are invoked when governance matters, not when activity alone occurs.

A simple rule of thumb

If something can go wrong between teams, the Seven Flows should be explicit.

In Practice

What changes when the Seven Flows are present

When governance travels with care, the difference is structural — not procedural.

Responsibility is visible before incidents occur, not reconstructed afterwards

Consent questions disappear at the point of care, because permission is explicit and contextual

Escalations land with named owners, not shared inboxes

Discharges complete cleanly, with responsibility handed back deliberately

Monitoring signals close, rather than lingering as unresolved risk

This is not optimisation. It is basic clinical safety made dependable.

How It Works

Infrastructure, not a new system

The Seven Flows are implemented as governance infrastructure that sits beneath existing tools — not as another system to log into.

Works beneath existing EPRs, referral systems, and monitoring platforms
Introduced one Flow at a time
Often starts non-clinically
Scales with confidence and evidence
Supports phased regulatory posture

Summary

The Seven Flows — at a glance

Flow	What it governs	Risk it prevents	Typical NHS moment
Identity	Who the patient is, who acted	Misidentification, misattribution	Cross-org referral, record matching
Consent	Whether sharing is permitted now	Unsafe disclosure or restriction	Community ↔ GP information exchange
Provenance	Source, lineage, confidence	Decisions on untrusted data	Shared test results, AI outputs
Clinical Intent	Why access or action occurred	Alerts without purpose, data drift	Monitoring thresholds, reviews
Alert & Responsibility	Who owns the next action	Unowned alerts, missed escalation	Virtual ward alerts, abnormal obs
Service Routing	Where care should go — and why	Patients bouncing, lost context	Referrals, escalation routing
Outcome	Whether the episode closed	Safety loops left open	Discharge, monitoring completion

FHIR lets data move. The Seven Flows make sure care moves safely.