Home / Seven Flows / Identity
Flow 01

Identity Flow

Governing patient and practitioner identification across clinical handovers

The Identity Flow governs confident identification of patients and practitioners when clinical information, responsibility, or care moves between organisations.

Without explicit identity governance, errors propagate across system boundaries, accountability dissolves between teams, and audit trails become meaningless. In distributed care models — where multiple organisations contribute to a single patient journey — identity confidence is not optional. It is the foundation on which all other governance flows depend.

Governance responsibilities

The Identity Flow establishes clear governance responsibilities whenever care or clinical information crosses organisational boundaries.

This includes:

  • responsibility for patient identity confidence
  • attribution of actions to named individuals, teams, or services
  • visibility of uncertainty or ambiguity at the point of handover

Identity governance ensures that accountability does not dissolve when care becomes distributed.

Common failure modes

When identity governance is implicit or assumed, predictable failure modes emerge:

  • records split or merged without visibility
  • actions cannot be reliably attributed across teams
  • clinicians act on information they believe applies to the wrong patient
  • post-incident review cannot reconstruct who knew what, when

These failures rarely appear inside a single system. They emerge between systems, at handover points.

Clinical safety implications

Data Coordination Board (DCB) 0129 / 0160 framing

From a clinical safety perspective, the Identity Flow mitigates hazard classes associated with misidentification and misattribution.

In DCB 0129 / 0160 terms, these include:

  • incorrect patient association
  • action taken on the wrong individual
  • inability to establish accountability after harm

By making identity confidence and attribution explicit at runtime, the Identity Flow supports safety arguments that extend across organisational boundaries.

Identity failures often cascade into Consent, Provenance, and Responsibility failures — amplifying risk beyond the initial handover.

Future iterations will add worked examples and assurance artefacts as the framework is applied in practice.