Practising Privileges, Provider Networks, and the Governance Gap Nobody Is Measuring

This is the first article in a series examining boundary governance in private healthcare. While much of the conversation about clinical governance at organisational boundaries has focused on NHS reform, the same structural problem — arguably in a more acute form — exists wherever private healthcare is delivered. This series brings the same rigorous analysis to the boundaries between private hospitals, consultants, insurers, and the NHS.

In February 2020, the Independent Inquiry into the Issues Raised by Paterson described "a healthcare system which proved itself dysfunctional at almost every level." Ian Paterson, a breast surgeon who worked across both the NHS and independent sector, was convicted of wounding with intent after performing unnecessary operations on thousands of patients. He was jailed for twenty years.

The inquiry's findings were harrowing. But its structural diagnosis was more important than its catalogue of individual failings. At the core of the Paterson case was a boundary problem: a consultant operating across organisational boundaries — between NHS trust and private hospital, between one private hospital and another, between hospital and insurer — with no effective governance at any of those crossings. Information that should have flowed between organisations did not flow. Concerns raised in one setting were not communicated to another. Restrictions imposed by one hospital were circumvented by moving practice to a different site. Clinical responsibility was assumed by everyone and owned by nobody.

The inquiry found that private hospitals operated under what it described as a perception of "renting a room" to consultants. The hospital provided the facility; the consultant provided the clinical judgement. Between the two — at the boundary where the hospital's governance responsibility met the consultant's clinical independence — sat a gap. And in that gap, patients were harmed.

Five years later, as of February 2025, several of the inquiry's fifteen recommendations remain unimplemented. The gap in legal liability for consultants operating under practising privileges is unresolved. No single database of consultant practising privileges exists. The government has stated it is "working urgently to implement the remaining Paterson recommendations." A former patient of Paterson's observed that implementing the recommendations is only half the battle — making sure there is governance in place so the recommendations are effective is another.

That observation is precisely right. And it points to a problem that extends far beyond the practising privileges interface.

The boundary problem is structural, not individual

The Paterson case was extreme. The governance failure it exposed is ordinary. Every time a patient's care crosses from one organisation to another in private healthcare — from GP to insurer, from insurer to specialist, from specialist to diagnostic provider, from hospital to consultant, from provider to provider within a network — seven governance questions arise. Who is this patient, confirmed by both sides? Has the patient consented to their information crossing to a different organisation? Does the clinical information carry sufficient context for the receiving party to act safely? What is the clinical intent of this crossing — what is the referring party asking for, and what does the receiving party understand it to do? Who holds clinical responsibility for the patient during the transition, and has the receiving party explicitly confirmed acceptance? Has the patient been routed to a service that has the authority and capability to act? Will the outcome of the crossing be communicated back so the referring party can close the clinical loop?

These are not theoretical questions. They are the operational reality of every cross-organisational clinical interaction. In the NHS, these questions are beginning to be recognised — the neighbourhood health programme has made the boundary problem visible by co-locating five or more independent organisations in a single building. But the NHS at least has shared infrastructure: the Data Security and Protection Toolkit, standardised data sharing agreement templates, the Caldicott Guardian mandate, FHIR-based interoperability standards, and clinical safety standards (DCB 0129 and DCB 0160) mandated under the Health and Social Care Act 2012.

Private healthcare has none of these. No equivalent of the DSPT across the independent sector. No standardised data sharing agreement framework between insurers and providers. No Caldicott Guardian mandate for private hospitals or insurers. No clinical safety standard that applies to the boundary between an insurer's platform and a provider's clinical system. No interoperability requirement governing how clinical information flows between the multiple independent organisations a single insured patient may encounter in a single episode of care.

The NHS has the boundary problem and is beginning to name it. Private healthcare has the same problem and has not yet recognised it as structural.

Practising privileges: the first boundary

The practising privileges model is the foundational boundary in independent healthcare. A consultant is not employed by the private hospital. They are granted permission to practise there — permission that is reviewed, typically annually or biennially, and that can be withdrawn. The consultant remains an independent contractor, responsible for their own clinical decisions, their own indemnity, and their own regulatory compliance. When a handover fails at this boundary, the question of whose indemnity responds — the hospital's or the consultant's — is not always clear. The gap in cover between institutional liability and individual professional indemnity is one of the least examined risks in private healthcare governance.

The Medical Practitioners Assurance Framework (MPAF), developed by the Independent Healthcare Providers Network (IHPN) under the leadership of Sir Bruce Keogh, was designed to strengthen governance at this boundary. Refreshed in 2024, the MPAF sets out expected practice for clinical governance leads at executive and board level, standard approaches to practising privileges applications, whole practice appraisal, and data sharing between the independent sector and the NHS. But whole practice appraisal requires whole practice visibility — and a hospital cannot appraise a consultant's whole practice if it cannot see the data from their other boundaries: their NHS work, their sessions at other private facilities, their outcomes across every site where they hold privileges. This is precisely the data visibility problem that Inference Clinical's Seven Flows is designed to solve. The CQC now uses the MPAF's principles in assessing how well-led an independent service is. It is a requirement of the NHS Standard Contract for independent providers delivering NHS-funded care.

The MPAF represents genuine progress. It also reveals, by what it covers, what it does not cover. The MPAF governs the relationship between the hospital and the consultant — the practising privileges interface. It does not govern the relationship between the hospital and the insurer. It does not govern the relationship between the consultant and the insurer. It does not govern the boundaries between providers within an insurer's network. It does not address what happens when clinical information about a patient crosses from the insurer's pre-authorisation platform to the consultant's clinical record, or from one consultant's private practice to another's, or from the private hospital back to the patient's NHS GP.

The Medical Advisory Committee (MAC) — the governance body responsible for clinical oversight within a private hospital — faces the same limitation. The MAC reviews practising privileges applications, monitors consultant performance, and advises the hospital board on clinical governance. But the MAC cannot assure safety if it only sees internal data. It needs visibility of the boundary crossings: what information arrived with the consultant's referral, what left with the discharge, what was communicated back to the referring clinician. A MAC conducting whole practice appraisal without data from the consultant's other sites of practice — their NHS work, their sessions at other private facilities — is appraising a fraction of the whole practice. Without boundary reports, the MAC governs a fragment of the picture.

The MPAF strengthens one node. The governance gap is in the edges — in the crossings between nodes that the framework does not reach.

The insurer boundary: accountability without authority

An insurer directing a patient through a network of independent providers is creating a chain of organisational boundaries. Consider a routine insured pathway: the patient's GP refers to the insurer's triage function. The insurer pre-authorises treatment and directs the patient to an approved specialist from its Approved Specialist List. The specialist orders diagnostics at an approved diagnostic facility. The specialist refers to a second specialist for a procedure. The second specialist reports back to the insurer. The insurer communicates to the patient's GP.

That is five boundary crossings, five independent data controllers, five separate clinical governance frameworks. Each crossing carries the same seven governance questions. None of them are systematically governed as crossings.

The insurer sits at the centre of this constellation but has no clinical governance authority over the providers in it. The insurer can define network inclusion criteria — qualifications, GMC registration, CQC ratings, fee agreements. It can require pre-authorisation before treatment proceeds. It can review utilisation after the fact. What it cannot do is define the governance architecture of the crossings between the providers in its network, because each provider is constitutionally independent, clinically autonomous, and regulated by its own professional body and the CQC.

This is structurally identical to the problem the NHS neighbourhood health programme faces with the Single Neighbourhood Provider contract: accountability for outcomes across a network of organisations that the accountable body does not employ, does not regulate, and does not govern. The insurer can accredit providers. It cannot govern the boundaries between them.

Pre-authorisation — the insurer's most visible governance mechanism — illustrates the gap. Pre-authorisation is, structurally, a crossing choreography: a set of pre-conditions that must be satisfied before the boundary crossing (referral to specialist) can proceed. But the pre-conditions are commercially defined, not clinically defined. Pre-authorisation checks whether the treatment is covered by the policy, whether the provider is on the approved list, and whether the clinical indication meets the insurer's definition of medical necessity. It does not check whether the clinical information accompanying the referral is sufficient for the specialist to make a safe clinical decision. It does not check whether the patient understands that their clinical information is being shared with a commercial entity for commercial purposes. It does not confirm that clinical responsibility has been explicitly transferred from the referring clinician to the receiving specialist.

Pre-authorisation governs the financial flow. It does not govern the clinical flow. And when the financial gate and the clinical gate are assumed to be the same thing, governance failures at the clinical boundary become invisible — because the only boundary being systematically monitored is the commercial one.

The CQC assesses nodes, not edges

The Care Quality Commission regulates private hospitals and clinics. Since 2015 — after the period in which Paterson was practising — the CQC has inspected independent healthcare providers under the same framework it applies to NHS providers, including the Well-Led domain that assesses governance arrangements. CQC Regulation 17 (Good Governance) requires providers to assess, monitor and improve the quality and safety of services and to maintain accurate, complete and contemporaneous records. The MPAF is now used as evidence of good governance in CQC inspections.

But the CQC, like every healthcare regulator, inspects organisations. It assesses whether a hospital has effective clinical governance. It assesses whether a clinic has a functioning Medical Advisory Committee. It does not assess the governance of the crossing between the hospital and the insurer who directed the patient there. It does not assess whether clinical information flowing from the private hospital to the patient's GP carries sufficient context for safe continuity of care. It does not assess whether the insurer's pre-authorisation process creates clinical risk by introducing delay, information loss, or misalignment between commercial and clinical decision-making.

The CQC assesses nodes. The governance gap is in the edges.

This is not a criticism of the CQC. Its regulatory remit is defined by statute. But the implication for private healthcare is significant: a network of CQC-rated "Good" providers connected by ungoverned boundaries is not a well-governed network. It is a collection of well-governed organisations with no governance of the interactions between them. The patient experiences the pathway. The regulator assesses the providers. Nobody assesses the pathway.

The FCA adds a second regulatory dimension

Private healthcare has a regulatory complexity the NHS does not: the insurer is regulated by the Financial Conduct Authority, not by the CQC. The FCA's Consumer Duty, fully in force since July 2024, requires firms to act to deliver good outcomes for retail customers and to avoid foreseeable harm. It operates through four outcomes: products and services, price and value, consumer understanding, and consumer support.

The Consumer Duty is the most significant change to financial services regulation in recent years — and it has direct implications for the clinical-commercial boundary in insured healthcare. When a pre-authorisation delay contributes to clinical deterioration, that is both a clinical governance failure and, potentially, a Consumer Duty breach. When an insurer's network design directs patients to fee-assured consultants rather than the clinically optimal consultant, the routing decision has clinical consequences that the FCA now expects the insurer to account for. When a patient does not understand that their clinical information is being processed by a commercial entity under commercial criteria that may override their consultant's clinical recommendation, consumer understanding has not been achieved.

The FCA is consulting in H1 2026 on how the Consumer Duty applies across distribution chains. In insurance, the distribution chain runs from manufacturer (insurer) through distributor (broker) to consumer (patient). In healthcare, the chain extends further: from insurer through provider network to consultant to patient. The governance of each link in that chain — each organisational boundary — is directly relevant to whether the Consumer Duty is being met.

Private healthcare thus sits at the intersection of two regulatory regimes: CQC (assessing providers) and FCA (assessing insurers). Neither regime governs the boundary between provider and insurer. Neither assesses the clinical governance of the crossings within the insurer's provider network. The patient's pathway crosses both regulatory domains. No single regulator follows them across.

What a governance framework for private healthcare boundaries requires

The structural problem in private healthcare is the same structural problem that the NHS neighbourhood health programme faces: patient care crosses organisational boundaries, and no existing framework governs what happens at those boundaries. The vocabulary differs — practising privileges rather than constitutional domains, approved specialist lists rather than service routing, medical necessity rather than clinical intent — but the governance questions are identical.

A framework for private healthcare boundary governance must address every organisational boundary a patient's care crosses:

The practising privileges interface — the boundary between the hospital and the independent consultant. The MPAF addresses this within individual providers. What it does not address is the clinical governance of the interaction itself: what information must flow between hospital and consultant to ensure safe care, what clinical safety assessment covers the risks arising at this interface (see Clinical Safety at Boundaries for why traditional safety cases fail at crossings), and what happens when the consultant practises across multiple sites with no single organisation maintaining oversight of their whole practice.

The insurer-provider boundary — the crossing where clinical data enters a commercial governance domain. Pre-authorisation, utilisation review, claims processing — each involves clinical information crossing from a clinical context to a commercial one. The governance of these crossings must address consent (does the patient understand what clinical data the insurer processes, and for what purposes?), provenance (is clinical context preserved when information is extracted for commercial decision-making?), and responsibility (when the insurer's commercial decision overrides or delays the consultant's clinical recommendation, who holds responsibility for the clinical consequence?).

The provider-to-provider boundary — the crossings between independent organisations within the insurer's network. Specialist-to-specialist referral, provider-to-diagnostic-facility, hospital-to-rehabilitation — each crossing carries the same governance requirements as any NHS cross-organisational referral. But without standardised data sharing agreements, without shared clinical safety frameworks, without interoperability standards, each crossing is governed by whatever bilateral arrangement the two providers have — or, frequently, by no arrangement at all.

The private-to-NHS boundary — the crossing when a patient moves between private and NHS care, or when clinical information from a private episode must reach the patient's NHS GP. This is often the most poorly governed boundary of all. Discharge summaries from private hospitals reaching GP practices via letter, fax, or PDF attachment to email. No FHIR-based transfer of care. No structured clinical content. No mechanism for the GP to confirm receipt, acknowledge responsibility, or signal that the information was insufficient. This is the infrastructure gap that governance-preserving interoperability is designed to close.

The opportunity

The Paterson Inquiry found that "a failure of the entire healthcare system" allowed harm to occur. Five years on, the system has responded with the MPAF, with CQC inspection of independent providers, with increased transparency through PHIN. These are meaningful improvements. They are also improvements to individual organisations — to nodes.

The edges remain ungoverned. The crossings between hospital and consultant, between insurer and provider, between provider and provider, between private and NHS — the places where clinical information must flow, where responsibility must transfer, where consent must be informed and clinical intent must be preserved — these boundaries have no governance framework, no clinical safety assessment, no systematic audit.

The FCA Consumer Duty creates a new regulatory pressure. Insurers must demonstrate good outcomes for customers across the entire product lifecycle — which, in health insurance, means across the entire patient pathway, including every organisational boundary that pathway crosses. An insurer that can demonstrate governed boundaries — defined crossing choreography, auditable consent, preserved clinical intent, confirmed responsibility transfer, closed outcome loops — has a regulatory advantage over one that cannot.

Private healthcare does not need to wait for the NHS to solve its boundary problem. It needs to recognise that it has the same problem, in a different vocabulary, under different regulatory pressure — and that the methodology for addressing it already exists.

Julian Bradder

CEO, Inference Clinical

Julian leads Inference Clinical's work on governance infrastructure for clinical handover. His background spans NHS digital transformation, clinical safety, and healthcare data architecture. Connect on LinkedIn