Tito Castillo (FBCS CITP CHCIO), Enterprise Architect & Data Management Consultant, on barcodes, the NHS and digital transformation
The NHS does not lack digital systems. It has electronic patient records, data platforms, artificial intelligence pilots, inventory management tools and integrated care initiatives at various stages of deployment across the country. What it lacks, consistently and consequentially, is the data infrastructure that would make those systems deliver what they promise.
This is the pattern that repeats across decades of NHS digital investment. Programmes are commissioned. Systems are procured and deployed. Technical go-lives are declared successful. And then the expected benefits fail to materialise at the scale or reliability that justified the spending. The systems work. The data does not.
A newly published peer-reviewed study offers an unusually clear diagnosis of this systemic weakness, and it comes from an unexpected source: a barcode scanning programme. The study, led by Valentina Lichtner and colleagues at the University of Manchester and University of Leeds, examined the implementation of Scan4Safety at a large tertiary acute NHS Trust in northern England, published in BMJ Health & Care Informatics in January 2026. What the researchers documented was not a technology deployment story. It was a study of what it actually takes to build and sustain data infrastructure inside a working hospital.
Scan4Safety worked because it treated data as infrastructure rather than as a by-product of systems. That distinction is the central lesson that every NHS Trust board, every Chief Digital Information Officer, and every transformation director should take from this research.
Beyond Barcodes On the surface, Scan4Safety is a programme about scanning barcodes. It uses GS1 standards to uniquely identify four things: patients, products, places and procedures. When a barcode is scanned at the point of care, it creates a data record linking those four elements together. That record enables tracking of items through the supply chain, tracing of implants back to individual patients, automated alerts for expired or recalled products, and a growing body of linked data that can inform operational and clinical decisions.
But the Lichtner study makes clear that Scan4Safety's significance extends well beyond inventory management. The programme builds what the researchers describe as information infrastructure: a connected layer of standardised, linked data that spans internal and external supply chains and reaches into clinical workflows. This is not technology deployment. It is the painstaking construction of a data foundation.
The distinction matters because it applies directly to every major digital programme the NHS is currently pursuing. Whether an organisation is implementing a new electronic patient record, participating in the Federated Data Platform, deploying AI tools for clinical decision-making, or building the data capabilities that population health management demands, the same foundational question applies. Is the data infrastructure in place to make these systems actually work?
The core argument is therefore simple and direct. Digital transformation fails when data governance is implicit. Standards enable possibility but do not guarantee value. Infrastructure thinking must replace system thinking if the NHS is to break the cycle of ambitious deployment followed by disappointed expectations.
Standards Are Necessary but Not Sufficient
One of the most important findings from the study concerns the relationship between data standards and practical value. Scan4Safety is built on GS1 standards, which provide the globally recognised identification framework for products, locations and processes. These standards are well-defined, widely used in other sectors, and increasingly mandated through regulation.
Yet the study shows that the existence of standards did not, on its own, deliver benefits. Value emerged only when those standards were embedded in clinical workflows, when data was captured consistently at the point of care, and when the people doing the capturing understood why it mattered. The researchers found that significant time was invested at the outset to understand how the standards could be used and combined, with participants describing each of the four identification domains as intricate as a "spider web".
This finding has direct implications for every NHS Trust working with FHIR, SNOMED CT, or any other interoperability standard. The standard itself is an enabler, not a solution. Compliance with a standard is not the same thing as transformation. A Trust can adopt FHIR interfaces across its systems and still produce data that is inconsistent, incomplete, and unreliable for the AI tools and population health models that depend on it. The standard creates the possibility of interoperability; the data governance practices determine whether that possibility is realised.
The Gap Between Work-as-Imagined and Work-as-Done Perhaps the most sobering theme in the study is the persistent gap between how digital processes are designed and how they actually operate in clinical settings. The researchers found that clinicians did not always scan barcodes at the point of care. When they did scan, they did not always follow the intended process. Some scanned after use rather than before, which meant safety alerts could be missed. Over time, staff reverted to established habits. One participant noted that complacency returned within months of training. Only around five per cent of products purchased by the Trust were actually scanned, with the other ninety-five per cent remaining invisible to the digital infrastructure.
This is not a story about resistant or negligent clinicians. It is a story about the structural difficulty of integrating data capture into the pressured, complex, time-constrained reality of clinical work. Every additional task imposed on a clinician competes with direct patient care. If the benefit is not immediately apparent to the person holding the scanner, compliance will erode.
The implication extends well beyond supply chain management. Electronic patient record programmes that increase documentation burden without visible clinical benefit will face the same erosion. Structured data entry requirements that do not align with clinical reasoning will be worked around. Real-time operational dashboards will display confident numbers derived from incomplete inputs. AI decision support tools will produce unreliable outputs if the structured data they depend on is inconsistently captured. Data quality erosion in these circumstances is not negligence. It is a structural consequence of workflow misalignment, and it must be addressed as such.
Data Maintenance Is Permanent Work
One of the less visible but most consequential findings concerns the ongoing maintenance of data infrastructure. The researchers found that product identifiers changed unexpectedly when suppliers updated their catalogues. Hospital locations changed without the Scan4Safety team being informed. Most medical devices used in routine patient care were not supplied with GS1 identifiers at all.
These are not one-off implementation challenges. They are permanent operational realities. Data infrastructure, like physical infrastructure, degrades over time unless it is actively maintained. Data infrastructure is not capital expenditure. It is an ongoing operational cost, and it must be funded accordingly.
The NHS has a well-documented history of underinvesting in this kind of work. Initial programme funding typically covers system procurement and deployment. What is rarely funded, or funded only temporarily, is the ongoing data stewardship that determines whether deployed systems continue to work as intended. The Scan4Safety study found that improvement projects stalled after the initial Department of Health and Social Care funding ended. Systems can be procured. Data quality must be sustained. That distinction should be central to every business case for digital investment in the NHS.
This pattern repeats wherever data-dependent systems are deployed without permanent governance structures. Electronic patient records degrade in data quality over time. Clinical coding standards drift. Reference data becomes stale. The result is systems that technically function but progressively lose their ability to support reliable decision-making, whether for individual patient care, operational management, or the population health analytics that integrated care systems increasingly depend upon.
No Trust Is an Island
The study also reveals the extent to which Scan4Safety depends on an ecosystem of external stakeholders. The programme could not function without suppliers adopting GS1 standards and applying barcodes to their products. It required NHS Supply Chain to support standardised procurement processes. It needed regulatory alignment from both European and US frameworks to drive manufacturer compliance.
At the demonstrator site, some suppliers bypassed standard hospital procurement processes, delivering products directly to clinical areas without proper identification. Others were slow to adopt GS1 standards, waiting for evidence that NHS hospitals would actually use them before investing. The Department of Health and Social Care's demonstrator programme provided the reassurance needed to break this impasse, but the underlying dependency remained structural.
This ecosystem dependency has direct parallels with current NHS digital programmes. The Federated Data Platform requires consistent data inputs from multiple Trusts to function effectively. Integrated care data strategies depend on organisations across the system all producing compatible, governed data. AI models trained on one Trust's data may not generalise to another if the underlying data standards and capture practices differ. The productivity gains expected from AI-enabled clinical tools depend entirely on the quality of the data those tools consume.
Date: 8 April