What is the LSPPT framework for boundary governance?

LSPPT stands for Legal, Safety, People, Process, Technology — the five disciplines required to govern a clinical pathway that crosses organisational boundaries. The order reflects a hierarchy of authority: Legal and Safety are constitutional disciplines that define what the boundary must do, while People, Process, and Technology are operational disciplines that define how the boundary works. The hierarchy prevents the most common failure: building systems that work technically but violate the constitutional requirements they were supposed to serve.

Why doesn't People, Process, Technology work at healthcare boundaries?

People, Process, Technology assumes a single organisational context where one team hands off to another within the same system of authority. Healthcare boundaries are crossings between regulated entities, between constitutional domains, between organisations operating under different law, different professional standards, and different institutional assumptions. PPT cannot account for changes in lawful basis mid-pathway, clinical safety obligations that follow care delivery rather than organisational structure, or responsibility gaps between two competent organisations.

What is choreography in boundary governance?

Choreography replaces conventional process design at healthcare boundaries. While process assumes a single organisation, choreography is bilateral coordination of what must be true on the sending side for the receiving side to accept the handover. It requires bilateral specification (every step has a sending and receiving requirement), state visibility (both organisations see where the handover stands), and failure as a governed condition (obstacles halt, signal, and route to resolution rather than silently degrading).

What are the constitutional disciplines in LSPPT?

Legal and Safety are the constitutional disciplines. Legal requires constitutional domain mapping, lawful basis analysis per crossing, and contractual/statutory obligation mapping. Safety requires boundary-specific hazard identification, cross-organisation hazard log reconciliation, and MVRT (Minimum Viable Responsibility Transfer) treated as a clinical safety event. These disciplines are not negotiable — they exist because statute and clinical duty demand them.

Clinical Pathway Governance: The LSPPT Framework

Key Takeaways

People, Process, Technology does not work at healthcare boundaries — it cannot account for changes in lawful basis, clinical safety obligations, or responsibility gaps between regulated entities
Five disciplines are required: Legal, Safety, People, Process, Technology (LSPPT) — in a hierarchy where constitutional disciplines constrain operational ones
Legal and Safety are constitutional disciplines that define what the boundary must do — they are not negotiable
Process at a boundary is not workflow but choreography: bilateral coordination of what must be true on each side for the handover to complete
Technology is the final discipline because it is instrumental — it makes the other four operational at scale, but does not define what the boundary must do
Most organisations start with Technology. Almost nobody starts with Legal or Safety. LSPPT ensures you start in the right place.

Series: Clinical Governance Between Private Healthcare Providers — This is Article 4 of 4, the final article. Article 1 identified the nine risks. Article 2 described the audit methodology. Article 3 explained the three-stage engagement. This article introduces the practitioner framework: LSPPT. View the full series →

This is the final article in a four-part series on clinical governance between private healthcare organisations. Article 1 identified the nine risks at organisational boundaries. Article 2 described the audit methodology. Article 3 explained the three-stage engagement from diagnosis to governed operation. This article introduces the practitioner framework that underpins every stage: LSPPT.

Figure 4

LSPPT: The Five Disciplines of Boundary Governance

Constitutional disciplines define what the boundary must do. Operational disciplines define how. The hierarchy prevents the most common failure: building systems that work technically but violate the requirements they were supposed to serve.

Constitutional — defines what the boundary must do

Legal

Which law, which jurisdiction, which party

Constitutional domain mapping
Lawful basis analysis per crossing
Contractual & statutory obligation mapping

Safety

What clinical duty demands at the crossing

Boundary-specific hazard identification
Cross-org hazard log reconciliation
MVRT as a clinical safety event

Constitutional constrains operational

Operational — defines how the boundary works

People

Who owns the boundary

Named boundary ownership
Cross-org governance relationships
Dispute resolution authority

Process

Choreography — bilateral coordination

Bilateral specification of handover
Shared state visibility
Failure as a governed condition

Technology

Makes governance operational at scale

Identity resolution across systems
Consent & provenance infrastructure
Bilateral transfer confirmation

↔

Why choreography, not process

Conventional process design assumes a single organisation. Choreography is bilateral: it specifies what must be true on the sending side for the receiving side to accept the handover. A discharge summary is not sent when the hospital generates it — it is sent when the GP practice has received it, verified identity, and confirmed acceptance of clinical responsibility.

Business environments

People · Process · Technology

Single organisation, unregulated crossings

→

Healthcare boundaries

Legal · Safety · People · Process · Technology

Cross-constitutional, regulated crossings

Most organisations start with Technology. Some start with People. Almost nobody starts with Legal or Safety. And yet the constitutional disciplines define whether the boundary is governed or merely active. LSPPT ensures you start in the right place.

Beyond People, Process, Technology

Every consulting framework for the last thirty years has rested on the same triad: People, Process, Technology. It works in business environments where the constraint is organisational change. It does not work at healthcare boundaries.

Healthcare boundaries are not business processes. They are crossings between regulated entities, between constitutional domains, between organisations that operate under different law, different professional standards, and different institutional assumptions about who owns the patient and what duty is owed. People, Process, Technology cannot account for the fact that the lawful basis for processing clinical data may change mid-pathway, that clinical safety obligations follow care delivery rather than organisational structure, or that two perfectly competent organisations can create a lethal gap between them simply by assuming the other side has accepted responsibility.

Governing a clinical pathway that crosses organisational boundaries requires five disciplines. Legal. Safety. People. Process. Technology. The acronym is LSPPT. The order is not alphabetical — it reflects a hierarchy of authority that determines which disciplines constrain the others.

The hierarchy

Legal and Safety are constitutional disciplines. They define what the boundary must do. They are not negotiable, not optional, and not subject to commercial preference. They exist because statute and clinical duty demand them.

People, Process, and Technology are operational disciplines. They define how the boundary works. They are the means by which the constitutional requirements are met.

The hierarchy matters because it prevents the most common failure mode in healthcare technology: building systems that work technically but violate the constitutional requirements they were supposed to serve. A consent management system that functions beautifully but does not account for the change in lawful basis when data crosses from a CQC-regulated provider to an FCA-regulated insurer has failed the Legal discipline regardless of how well the operational disciplines were executed. A responsibility transfer protocol that routes patients efficiently but does not generate the evidence a Clinical Safety Officer needs for their hazard log has failed the Safety discipline regardless of how well the technology performs.

Discipline 1: Legal

Every organisational boundary in healthcare is a legal boundary. The question is not whether law applies at the crossing — it always does — but which law, from which jurisdiction, imposing which obligations on which party.

The Legal discipline requires three capabilities at every material boundary.

Constitutional domain mapping. What legal and regulatory frameworks govern each side of the crossing? An NHS-to-NHS boundary operates within a shared constitutional framework: the NHS Standard Contract, the NHS Constitution, CQC regulation, and a common data processing environment. A private provider-to-NHS boundary introduces dual regulatory jurisdiction. An insurer-to-provider boundary brings at least three constitutional domains into contact: FCA financial services regulation, CQC clinical regulation, and GMC professional regulation. Each crossing point must be mapped to its constitutional domains before any governance can be designed.

Lawful basis analysis. The lawful basis for processing clinical data does not travel automatically across a boundary. When a private hospital shares clinical information with an insurer for pre-authorisation purposes, the purpose of processing changes. The lawful basis must be independently established on the receiving side — not inherited, not assumed. UK GDPR Article 6, the common law duty of confidentiality, the Caldicott Principles, and the Data Use Act 2025 obligations all engage at the crossing. The Legal discipline requires explicit analysis of whether lawful basis has been established at every material boundary.

Contractual and statutory obligation mapping. Data sharing agreements, NHS Standard Contract terms, Provider Selection Regime requirements, Consumer Duty obligations, Health and Care Act 2022 duties — the contractual and statutory landscape at a boundary is dense and multi-layered. The Legal discipline maps these obligations to the specific flows they govern. Which contract clause addresses responsibility transfer? Which statutory duty requires outcome reporting? Which regulatory obligation demands consent re-establishment? Without this mapping, governance controls cannot be traced to their legal authority.

Discipline 2: Safety

Clinical Safety at a boundary is not the same as clinical safety within an organisation. Within an organisation, clinical safety is governed by established frameworks: DCB 0129 for manufacturers, DCB 0160 for deploying organisations, CQC Regulation 12, PSIRF. These frameworks work. But they assume a single organisational context.

At a boundary, clinical safety engages a different problem. Clinical information degrades in transit. Clinical responsibility fragments. Clinical risk goes unassessed in the space between organisations. The Safety discipline requires three capabilities that the existing frameworks do not address.

Boundary-specific hazard identification. The risks that arise at a crossing are not the same as the risks within either organisation. They are the risks of translation, transmission, identity propagation, alert routing, and responsibility transfer that manifest only at the point of crossing. A discharge summary that is clinically adequate within the hospital becomes a safety risk if it arrives at the GP practice without confirmation of receipt, without verified patient identity, and without explicit transfer of clinical responsibility.

Cross-organisation hazard log reconciliation. Both organisations at a boundary should maintain boundary-specific entries in their hazard logs. These entries should cross-reference. Currently, hazard logs are entirely internal documents. The Safety discipline requires them to connect at the boundary — so that a risk identified on one side is visible to the Clinical Safety Officer on the other.

MVRT as a clinical safety requirement. The transfer of clinical responsibility at a boundary must be treated as a clinical safety event. The hazard log should include the risk that responsibility transfer is implicit, assumed, or unconfirmed. In aviation, a sector transfer does not complete until the receiving controller electronically verifies and accepts the handover. The infrastructure makes it structurally impossible for an aircraft to be unowned. The Safety discipline demands the same structural guarantee for patients crossing healthcare boundaries.

How mature is your boundary governance? The Boundary Risk Score gives you a rapid, scored assessment across all seven flows.

Check Your Score

Discipline 3: People

The People discipline is not about organisational change management in the conventional sense. It is about answering a question that most boundary governance initiatives never ask: who owns this boundary?

Within an organisation, accountability is clear. The medical director owns clinical quality. The CSO owns clinical safety. The Caldicott Guardian owns information governance. The DPO owns data protection. At a boundary, none of these roles extend to the crossing itself. The CSO’s statutory responsibility covers their own organisation’s systems. The Caldicott Guardian’s authority ends at their organisation’s data processing. Nobody is appointed to govern the space between.

The People discipline requires three things.

Named boundary ownership. Every material boundary must have an identified owner on each side — a named individual whose role includes responsibility for governance at that crossing. This is not an additional post. It is an explicit extension of an existing role’s scope to include the boundary. The audit identifies who currently exercises informal boundary ownership (it is always someone) and formalises it.

Cross-organisation governance relationships. The boundary owners on each side must have a defined working relationship: a cadence of communication, a mechanism for raising and resolving boundary issues, and a shared understanding of what governed operation looks like at their crossing. Without this, governance reverts to informal channels — phone calls, corridor conversations, personal relationships that do not survive staff turnover.

Dispute resolution authority. Organisations will disagree about clinical thresholds, routing criteria, and responsibility boundaries. The People discipline requires that disputes are governed, not suppressed. Time-bounded resolution. Interim responsibility assignment — someone must own the patient while the dispute is resolved. Defined escalation authority. The People discipline ensures that disagreement at a boundary does not create a patient safety gap.

Discipline 4: Process — Choreography

This is where LSPPT departs from every existing framework.

“Process” in People, Process, Technology means workflow documentation. Map the steps, optimise the sequence, automate where possible. It assumes a single organisational context where one team hands off to another within the same system of authority.

At a boundary, process is not workflow. It is choreography: the bilateral coordination of what must be true on the sending side for the receiving side to accept the handover.

Consider a responsibility transfer between a private hospital and an NHS GP following a procedure. The hospital must produce specific outputs: a discharge summary with structured clinical content, confirmed patient identity, an explicit statement of ongoing clinical responsibility, and a record of what the patient has consented to. The GP practice must be able to receive those outputs in a form it can process, verify, and accept. The choreography is the specification of what the sending side must provide and what the receiving side must confirm — and the sequencing that ensures neither side moves to the next step until the current step is bilaterally complete.

This is MVRT expressed as an operational principle. The choreography ensures that at every stage of a boundary crossing, both sides know what has been sent, what has been received, what has been accepted, and what remains outstanding. It is the discipline that prevents the most dangerous assumption in healthcare: that sending information is the same as transferring responsibility.

Three characteristics distinguish choreography from conventional process design.

Bilateral specification. Every step in the crossing has a sending requirement and a receiving requirement. The process is not complete when one side finishes — it is complete when both sides confirm. A discharge summary is not sent when the hospital generates it. It is sent when the GP practice has received it, verified the patient identity, and confirmed acceptance of clinical responsibility.

State visibility. At every point in the crossing, both organisations must be able to see the current state of the handover. What has been transmitted? What has been received? What has been accepted? What is disputed? What is outstanding? Choreography requires shared state — not shared data, but shared awareness of where the handover stands.

Failure as a governed condition. In conventional process design, failure is an exception. In choreography, failure is a designed-for state. If the receiving side does not accept within a defined timeframe, what happens? If the clinical intent is queried, what is the escalation path? If identity cannot be confirmed, does the crossing halt? The choreography specifies the failure modes and their consequences, so that a boundary crossing that encounters an obstacle does not silently degrade — it stops, signals, and routes to resolution.

Discipline 5: Technology

Technology is the final discipline because it is instrumental, not constitutional. Technology does not define what the boundary must do — Legal and Safety define that. Technology does not define who is responsible — People define that. Technology does not define the bilateral coordination protocol — Choreography defines that.

Technology makes the other four disciplines operational at scale.

Identity resolution across systems that do not share common identifiers. Consent propagation that respects constitutional domain boundaries and re-establishes lawful basis where required. Provenance verification for clinical data in transit. Clinical intent preservation through routing and triage functions. Bilateral responsibility transfer confirmation with time-stamped evidence. Outcome feedback loops that close the circle from referral to result.

Without technology, governed boundaries can exist — but only through manual processes that do not scale beyond a handful of crossings. A single boundary can be governed through documented agreements, named contacts, and disciplined adherence to choreographed handover protocols. An insurer network with dozens of provider boundaries cannot. A PE portfolio with acquisitions creating new internal boundaries every quarter cannot. An IHO with eight to twelve material boundaries within a single neighbourhood health centre cannot.

The Technology discipline translates the constitutional requirements (Legal, Safety) and the operational design (People, Choreography) into infrastructure that enforces governed operation across every material boundary in the network — continuously, evidentially, and at scale.

Why most organisations have one discipline, and it is the wrong one

The typical private healthcare organisation’s approach to boundary governance — to the extent it has one — begins and ends with Technology. A new integration is commissioned. An API is built. Data flows. The assumption is that connectivity equals governance.

It does not. Data flowing across a boundary without Legal authority, without Safety assessment, without People accountability, and without Choreography is not governed data exchange. It is ungoverned data exchange that happens to be digital.

The second most common starting point is People — an informal arrangement between a consultant and a referring GP, between a hospital administrator and an insurer’s clinical team. These relationships work until someone changes role, retires, or goes on leave. They are person-dependent governance, which is Level 1 on the maturity scale: present but not sustainable.

Almost nobody starts with Legal or Safety. Almost nobody starts with Choreography. And yet these are the disciplines that define whether the boundary is governed or merely active.

LSPPT as an assessment tool

The Five Disciplines provide a diagnostic lens for any organisation examining its boundary governance maturity.

At each material boundary, ask five questions. Is the Legal landscape mapped — constitutional domains identified, lawful basis established, contractual obligations traced? Is the Safety framework extended to the boundary — hazards identified, hazard logs connected, MVRT enforced? Are the People in place — boundary owners named, cross-organisation relationships defined, dispute resolution governed? Is the Choreography specified — bilateral requirements documented, state visible, failure modes designed for? Is the Technology present — infrastructure that enforces governed operation continuously and at scale?

If the answer to any of the five is no, the boundary is not governed. And the gap tells you where to start.

The series in summary

Private healthcare operates in an environment where every organisation is governed but the crossings between them are not. Patients move between regulated entities — hospitals, clinics, insurers, GPs, specialists — and at every crossing, the governance infrastructure that protects them within each organisation falls away.

The nine risks are real, evidenced, and growing as regulatory expectations increase. The audit methodology exists to diagnose them — a structured, statutory-traceable assessment of what happens at every material boundary. The three-stage engagement moves from diagnosis to governed operation through co-design and lighthouse deployment.

And LSPPT — Legal, Safety, People, Process, Technology — is the practitioner framework that ensures boundary governance holds. Not because the technology works, though it must. Not because the people are committed, though they must be. But because the constitutional disciplines of Legal and Safety define what the boundary must do, the choreography of Process defines how both sides coordinate, and the operational disciplines of People and Technology make it real.

Every organisation has boundaries. The question is whether they are governed.

Julian Bradder

CEO, Inference Clinical

Inference Clinical’s Seven Flows Boundary Governance Audit applies the LSPPT framework to assess, diagnose, and remediate clinical pathway governance at every material organisational boundary. To understand where your boundaries carry undiagnosed risk, book a scoping call.

The Five Disciplines of Clinical Pathway Governance