Key Takeaways
- Medical necessity uses clinical language but operates as a contractual standard — a commercial definition in the policy wording, not a clinical guideline.
- When a consultant recommends treatment and the insurer declines, no governance framework defines who holds clinical responsibility for the consequence of the alternative.
- The insurer’s clinical team occupies a governance anomaly: making functionally clinical decisions under financial services regulation, with no DCB 0129 clinical safety assessment of the process.
- Pre-authorisation delays, treatment substitutions, and network constraints all constitute foreseeable harm under the FCA Consumer Duty — making the clinical-commercial boundary a compliance boundary.
- Three-tier routing (self-pay, named consultant, guided pathway) means the clinical-commercial boundary is most acute in managed pathways where the insurer shapes the care pathway itself.
This is the third article in a series examining boundary governance in private healthcare. The first article established the structural governance gap at every private sector organisational boundary. The second article mapped the insured patient pathway and showed that financial flows are governed at every crossing while clinical flows are governed at none. This article examines the boundary that makes private healthcare structurally unique: the crossing where clinical decision-making meets commercial decision-making, and where neither the clinical regulator nor the financial regulator governs what happens in between.
Every organisational boundary in healthcare carries governance risk. But most boundaries in the NHS, however poorly governed in practice, are at least boundaries between clinical organisations operating under the same regulatory framework. When a GP refers to a hospital, both parties are governed by the CQC, both operate under NHS contractual frameworks, both are subject to the same clinical safety standards.
Private healthcare has a boundary the NHS does not: the point at which a clinical decision intersects with a commercial one. The consultant recommends a treatment. The insurer decides whether to authorise it. Between the recommendation and the authorisation sits a governance domain that is neither purely clinical nor purely commercial — and that no existing framework governs as a crossing.
Medical necessity: clinical language, commercial definition
The concept that controls this boundary is "medical necessity." It is the criterion the insurer applies when deciding whether to authorise a treatment. It sounds clinical. It uses clinical language. In many cases, it is assessed by clinicians employed by or contracted to the insurer. But medical necessity, as it operates in private health insurance, is not a clinical standard. It is a contractual one.
The insurer's definition of medical necessity is set out in the policy wording, not in clinical guidelines. It typically requires that a treatment be "clinically appropriate" for the diagnosed condition, that it be an "established" treatment rather than experimental, and that it represent an appropriate use of resources — which is to say, that cheaper alternatives have been considered. These are reasonable commercial criteria. They are also clinical decisions dressed in commercial clothing.
When a consultant recommends an MRI and the insurer's clinical team suggests an X-ray would be sufficient, that is not simply a cost-containment decision. It is a clinical judgement about diagnostic adequacy, made by a clinician who has not examined the patient, within a governance framework designed to manage financial risk rather than clinical risk. The consultant's recommendation arises from a clinical assessment governed by their professional obligations under GMC Good Medical Practice. The insurer's decision arises from a commercial assessment governed by the policy terms and the FCA's regulatory framework. Both involve clinical reasoning. Neither framework governs the crossing between them.
This is not a criticism of insurers employing clinical expertise. It would be worse if pre-authorisation decisions were made without clinical input. The problem is structural: the clinical reasoning on each side of the boundary operates under different governance, different accountability, and different incentives. The consultant is accountable to the patient, the GMC, and the CQC for their clinical recommendation. The insurer's clinical team is accountable to the insurer, the FCA, and the policy terms for the authorisation decision. When these two forms of clinical reasoning produce different answers — and they sometimes do — no governance framework determines how the disagreement is resolved as a clinical matter. It is resolved as a contractual matter, through the policy terms, the insurer's internal appeals process, and ultimately the Financial Ombudsman Service.
The Financial Ombudsman can determine whether the insurer applied its policy terms fairly. It cannot determine whether the clinical consequence of the insurer's decision was safe. That question has no regulatory home.
Pre-authorisation as clinical-commercial crossing
Article 2 examined pre-authorisation as a primitive crossing choreography — a one-sided, commercially defined checkpoint that governs the payer's risk but not the patient's. Here, the focus is on what happens to clinical information as it crosses from the clinical domain into the commercial one.
When a consultant's secretary calls the insurer to pre-authorise a procedure, clinical information crosses an organisational boundary. The diagnosis, the proposed treatment, the clinical reasoning supporting the recommendation — this information leaves the consultant's clinical governance framework and enters the insurer's commercial governance framework. The insurer's clinical team reviews it, not under CQC governance or DCB 0129 clinical safety requirements, but under the insurer's internal clinical governance processes, which are designed to support underwriting and claims decisions.
Map the Seven Flows at this crossing and the gaps become visible.
Identity. The patient has been verified by the consultant. The insurer verifies the policyholder. These are not the same verification. The consultant confirms clinical identity. The insurer confirms contractual identity. Whether these are reconciled — whether the clinical record and the insurance record refer to the same person with the same clinical history — depends on manual matching by the consultant's secretary or the patient themselves.
Consent. The patient consented to treatment by the consultant. Did the patient consent to their clinical information being shared with the insurer's clinical team for commercial decision-making? In most policies, this consent is buried in the terms and conditions accepted at the point of sale, often years before the clinical episode. It is not informed consent to the specific sharing of specific clinical information for a specific commercial purpose. It is blanket contractual consent. Under UK GDPR, the lawful basis for the insurer processing clinical data for pre-authorisation may be contractual necessity — but the governance question is not about lawfulness. It is about whether the patient understands that their consultant's clinical reasoning is being evaluated by a different clinician, under different incentives, for a different purpose.
Clinical intent. The consultant's clinical intent — the reasoning behind the treatment recommendation — may or may not survive the crossing. Pre-authorisation forms typically capture the diagnosis and the proposed procedure. They do not always capture the clinical reasoning that connects the two. When the insurer's clinical team assesses medical necessity, they may be working from a diagnosis code and a procedure code, without the nuanced clinical context that informed the consultant's recommendation. Clinical intent degrades at the crossing, not because anyone intends it to, but because the information architecture of pre-authorisation is designed for claims processing, not clinical governance.
Responsibility. This is the most significant gap. The consultant holds clinical responsibility for the recommendation. The insurer holds commercial responsibility for the authorisation decision. When the insurer declines to authorise the recommended treatment and proposes an alternative, who holds clinical responsibility for the clinical consequence of the alternative? The consultant did not recommend it. The insurer's clinical team recommended it but does not hold a clinical relationship with the patient. The patient is caught between two governance frameworks, each of which points to the other.
The insurer's clinical team: a governance anomaly
Every major UK insurer employs clinical staff — doctors, nurses, clinical pharmacists — who review pre-authorisation requests, assess medical necessity, and in some cases participate in utilisation review during ongoing treatment. These clinicians bring genuine expertise and, in many cases, improve outcomes by identifying unnecessary procedures, suggesting evidence-based alternatives, and ensuring treatment aligns with clinical guidelines.
They also occupy a governance position that has no precedent in the NHS and no regulatory framework designed for it.
An NHS clinician making clinical decisions is governed by their professional body (GMC, NMC), regulated by the CQC through the organisation they work for, and operates within a clinical governance framework that includes clinical audit, incident reporting, and clinical safety assessment under DCB 0129. The clinical safety of their decisions is systematically assessed.
An insurer's clinical team member making what are functionally clinical decisions — this scan rather than that scan, this treatment pathway rather than that one, this consultant rather than another — operates under the insurer's internal governance, regulated by the FCA, and accountable to the insurer's board and shareholders. They are personally registered with their professional body and bound by its standards. But the organisational governance framework within which they work is designed for financial services regulation, not clinical safety.
No clinical safety assessment — no DCB 0129 equivalent — is required to cover the clinical risks arising from the insurer's clinical decision-making. No clinical safety case document describes the hazards that arise when a commercial entity's clinical team overrides, modifies, or delays a treating consultant's recommendation. No Hazard Log tracks the risks. No Clinical Safety Officer signs off the clinical safety of the pre-authorisation process.
The insurer's clinical team is not making reckless or incompetent decisions. The governance gap is not about the quality of their clinical reasoning. It is about the absence of a framework that governs the crossing — the point at which the treating consultant's clinical recommendation meets the insurer's clinical-commercial assessment and a decision emerges that is neither purely clinical nor purely commercial.
Is your pre-authorisation process creating foreseeable harm? Inference Clinical's Boundary Risk Score assesses the clinical safety of your commercial workflows — from medical necessity adjudication to insurer clinical team governance.
Check Your Boundary Risk ScoreThree tiers and a boundary
The CMA's Private Healthcare Market Investigation in 2014 examined the competitive dynamics of the private healthcare market, including the relationship between insurers and consultants. The investigation led to the Private Healthcare Market Investigation Order 2014, which addressed clinician incentive schemes, required fee transparency through PHIN, and imposed measures to improve information availability for patients.
What the CMA investigation exposed, viewed through a boundary governance lens, was the emergence of what consultants have described as a three-tier system in UK private healthcare. Self-pay patients see the consultant of their choice with no constraints on treatment. Traditionally insured patients see a named consultant but may face benefit limits. Patients on guided or managed pathways — Open Referral, Consultant Select, Fast Track, Expert Select — have their consultant selected by the insurer and their treatment governed by pre-authorisation.
Each tier creates a different clinical-commercial boundary. In the first tier, there is no insurer boundary — the patient and consultant interact directly. In the second, the insurer boundary exists but is primarily financial — will the insurer cover the cost? In the third, the insurer boundary is both financial and clinical — the insurer selects the consultant, the insurer defines the pathway, and the insurer's clinical team assesses medical necessity at each stage.
The third tier is where the clinical-commercial boundary is most acute. The insurer is not simply paying for care chosen by the patient and consultant. The insurer is shaping the care pathway: selecting the consultant through algorithmic ranking, defining the conditions under which treatment proceeds through pre-authorisation, and in some cases directing the treatment approach through utilisation review. These are clinical decisions made within a commercial governance framework. The boundary between clinical and commercial has not been crossed. It has been dissolved.
From a governance perspective, the dissolution of the boundary is more dangerous than a clearly crossed one. A clear boundary can be governed: define what information must cross, confirm responsibility transfer, preserve clinical intent. When the boundary dissolves — when the same decision is simultaneously clinical and commercial, made by a clinical team employed by a commercial entity, under criteria that blend clinical guidelines with policy terms — there is nothing to govern at the boundary, because the boundary has been absorbed into the insurer's operational process.
The consultant's position
The treating consultant sits on one side of this boundary and is increasingly constrained by it.
The BMA's guidance on private practice notes that consultants seeking recognition with Bupa or AXA must agree to charge at the insurer's fee schedule rates. De-recognition — removal from the insurer's approved list — is the consequence of non-compliance. For consultants whose private practice depends on insured patients (and for many, it does), the insurer's terms are not optional. They are the terms of market access.
Fee control is the most visible constraint. Less visible is the clinical constraint. When a consultant recommends a treatment and the insurer declines to authorise it, the consultant faces a choice: accept the insurer's alternative, appeal the decision (which takes time the patient may not have), or advise the patient to self-fund. Each option shifts clinical responsibility in a different direction, and none of them is governed by a framework designed for clinical-commercial boundary decisions.
The FIPO (Federation of Independent Practitioner Organisations) has consistently argued that insurer strategies are constraining clinical independence — controlling fees, diverting patients to preferred consultants, and imposing managed pathways that reduce the consultant's clinical autonomy. Whether one agrees with FIPO's position or not, the structural observation stands: the boundary between the consultant's clinical recommendation and the insurer's authorisation decision is a governance crossing with clinical consequences, and no framework governs it as such.
The Consumer Duty reckoning
The FCA Consumer Duty requires insurers to deliver good outcomes for customers and to avoid foreseeable harm. This creates a regulatory obligation that, for the first time, makes the clinical-commercial boundary directly relevant to financial services compliance.
Consider three scenarios.
Authorisation delay. A consultant recommends urgent investigation. The insurer's pre-authorisation process takes several days. The patient's condition worsens during the delay. The Financial Ombudsman has noted that delayed authorisation can cause health deterioration, and may warrant compensation for distress and inconvenience. Under the Consumer Duty, the insurer must now demonstrate that its pre-authorisation process is designed to avoid foreseeable harm. A process that introduces clinically significant delay is a process that foreseeably causes harm.
Treatment substitution. The consultant recommends treatment A. The insurer's clinical team assesses that treatment B is equally effective and authorises only treatment B. If treatment B produces a worse clinical outcome, the insurer's clinical-commercial decision has caused the harm. Under the Consumer Duty, was the outcome good? Under the policy terms, was the decision contractually correct? These are different questions with potentially different answers. No framework reconciles them.
Network constraint. The insurer's guided pathway directs the patient to one of three consultants selected by algorithm. The patient's condition requires a specialist not on the panel. The consultant cannot refer within the insured pathway to the clinician the patient clinically needs. Under the Consumer Duty, the product must deliver good outcomes. If the network design prevents the patient from accessing the clinically optimal specialist, the product has failed to deliver a good outcome — not because of a claims decision, but because of the network architecture itself.
| Commercial Action | Clinical Consequence | Regulatory Breach |
|---|---|---|
| Pre-auth delay (days) | Condition worsens during wait | Consumer Duty: foreseeable harm |
| Treatment substitution | Worse outcome from alternative | Consumer Duty: poor outcome |
| Network constraint | Cannot access optimal specialist | Consumer Duty: product fails to deliver |
| Medical necessity denial | Recommended treatment not provided | Cross-Cutting Rule: foreseeable harm |
The FCA has used Dear CEO letters to warn insurance sectors about claims handling failures. Recent letters have emphasised that delays in claims processing, inadequate communication, and failure to consider customer vulnerability are Consumer Duty breaches. In health insurance, these same failures have clinical consequences — making the regulatory risk both financial and clinical.
The FCA's H1 2026 consultation on distribution chains will examine how the Consumer Duty applies across the relationships between product manufacturers, distributors, and consumers. In health insurance, the distribution chain extends into clinical territory: the insurer designs the network, selects the consultants, defines the authorisation criteria, and shapes the treatment pathway. Each of these decisions has clinical consequences. If the Consumer Duty follows those consequences to their source — and the logic of the regulation suggests it must — then the clinical-commercial boundary becomes a compliance boundary.
What governance at this boundary requires
The clinical-commercial boundary in private healthcare is not going to disappear. Insurers will continue to employ clinical teams, assess medical necessity, operate pre-authorisation, and design managed pathways. These functions serve legitimate purposes: cost containment, quality assurance, fraud prevention, evidence-based treatment. The question is not whether the boundary should exist, but whether it should be governed.
Governing this boundary requires five things.
First, transparency at the crossing. When clinical information crosses from the consultant to the insurer, both the patient and the consultant must understand what information is being shared, with whom, under what criteria it will be assessed, and by whom. This is not simply a GDPR requirement. It is a clinical governance requirement: the patient must understand that their consultant's recommendation may be modified by a clinician they have never met, working under criteria they have never seen.
Second, a clinical safety assessment of the pre-authorisation process. If the insurer's clinical team is making decisions with clinical consequences — and it is — then the process through which those decisions are made must be subject to a clinical safety assessment equivalent to DCB 0129 (see why traditional safety cases fail at boundary crossings). The hazards arising from authorisation delay, treatment substitution, and network constraint must be identified, assessed, and mitigated. A Hazard Log must exist. A Clinical Safety Officer must sign it off.
Third, defined responsibility at the crossing. When the insurer's decision modifies the consultant's recommendation, the governance framework must define who holds clinical responsibility for the clinical consequence of the modification. This cannot remain ambiguous. The patient is owed clarity: if the treatment recommended by your consultant is not the treatment authorised by your insurer, who is clinically responsible for the outcome of the treatment you actually receive?
Fourth, an escalation pathway that preserves clinical primacy. When the consultant and the insurer's clinical team disagree, there must be a defined escalation pathway that is resolved on clinical grounds, not contractual grounds. The current pathway — internal appeal, then the Financial Ombudsman — resolves the dispute as a contractual matter. It does not resolve the clinical question. A governed boundary requires a mechanism that preserves the treating consultant's clinical authority while allowing legitimate commercial challenge.
Fifth, outcome tracking across the boundary. Does the insurer track what happens clinically after its authorisation decisions? If a treatment substitution is authorised, does the insurer know whether the patient's outcome was equivalent to the outcome the consultant's original recommendation would have produced? If an authorisation delay occurs, does the insurer measure whether the patient's condition changed during the delay? Without outcome tracking across the clinical-commercial boundary, neither the insurer nor the regulator can know whether the boundary is producing good outcomes or harm.
The boundary nobody designed
The clinical-commercial boundary in private healthcare was not designed. It emerged from the intersection of two systems — clinical governance and financial services regulation — each of which governs its own domain and neither of which governs the crossing between them. The consultant is governed. The insurer is governed. The boundary between them is not.
This is the same structural pattern that Article 1 identified at the practising privileges interface, that Article 2 mapped across the provider network, and that the neighbourhood health series has explored in detail across NHS organisational boundaries. Well-governed nodes connected by ungoverned edges. The clinical-commercial boundary is simply the most acute example — because at this boundary, the two governance frameworks are not just different organisations. They are different regulatory regimes, different accountability structures, different definitions of what "good" looks like.
The Consumer Duty may force the reckoning. An insurer that must demonstrate good outcomes across the product lifecycle must be able to demonstrate good outcomes at the clinical-commercial boundary — and to do that, it must first acknowledge the boundary exists, then govern it.
Series conclusion. This concludes the initial series on boundary governance in private healthcare. The structural problem is consistent across all three boundaries examined: practising privileges, provider networks, and the clinical-commercial interface. In each case, individual organisations are well-governed while the crossings between them remain unaudited. Inference Clinical's Seven Flows methodology and Constitutional Crossings framework provide the architecture for governing these boundaries — making every handover explicit, auditable, and enforceable.
Private Healthcare Governance Series
- #1 Practising Privileges, Provider Networks, and the Governance Gap Nobody Is Measuring
- #2 The Provider Network as Ungoverned Constellation
- #3 The Clinical-Commercial Boundary (this article)
- #4 The NHS-Private Interface
- #5 The Digital Front Door
- #6 Clinical Safety at Boundaries
- #7 The Seven Flows Applied to Insured Pathways
- #8 The Regulatory Convergence
Related: Architecting Neighbourhood Health
The same boundary governance methodology applied to NHS multi-organisation networks — Boundary Readiness, MVRT, Constitutional Crossings — with direct parallels to the private sector boundaries examined here.
