When Medical Care Moves Into The Home, Who Owns the Connection?

Over the past decade, clinical care has increasingly moved out of the hospital and into GP surgeries, community clinics and patients’ homes. The clinical model was carefully designed. The connectivity model was assumed. The question is no longer whether that care can happen at home. It can, and in most respects it should. The question is whether the connection beneath it is owned, monitored and assured as deliberately as the care it provides.

No one would run a hospital on a domestic broadband line, or accept a ward where the patient monitoring depended on whether someone had unplugged the router to plug in a heater, or where the link carrying a deterioration alert could be slowed to a crawl at the evening peak with no one aware it had happened. Inside the hospital, those scenarios are unthinkable, because the network is treated as clinical infrastructure: owned, monitored, segregated, and held to a service level.

Yet a decade of moving clinical care closer to home has produced precisely that arrangement, one living room at a time. The home has become a clinical setting, hosting continuous monitoring, alerting and medication support for NHS patients. It is also, increasingly, where a different kind of service runs: local-authority telecare, the pendant alarms and sensors that summon help and carry a life-safety function of their own.

Two distinct worlds now share the same room, NHS clinical care and council-commissioned social care, governed separately and answering to different people. What clinical care at home has not inherited is the infrastructure thinking that made it safe in the building it came from. We relocated the activity. We did not relocate the connectivity assurance that sat underneath it.

This is not a complaint about ambition. Moving clinical care into the home is, in most respects, the right direction, both for patients and for a system under sustained pressure. The problem is narrower and more specific. In making the move, the NHS has carried clinical activity and risk expectations into the home, but not always the infrastructure assurance that supported them inside managed clinical estates.

The shift was deliberate and substantial. On the NHS side, Hospital at Home and virtual ward programmes have scaled to over 12,000 beds, reported each month by NHS England as management information, with capacity also expressed per hundred thousand population¹, and remote monitoring of long-term conditions has moved from pilot activity into routine use in many pathways. Running in parallel, but commissioned and governed quite separately by local authorities, telecare now supports an estimated 1.8 to two million people², many of them older or living alone, for whom a pendant alarm is the difference between a fall and a response. These are not the same kind of service. One is clinical care, accountable to the NHS; the other is social care, accountable to the council. What they have come to share is a home, and a dependence on connectivity that has to be assured.

At the same time, the ground beneath the oldest of these services has shifted. The analogue telephone network that telecare relied on for decades is being withdrawn, with the switchover due to complete for all providers by the end of January 2027³. The current deadline followed serious incidents, including a small number of deaths during early migrations that, while not formally attributed to device failures, prompted a reset of the timeline. In response, the telecare industry has been moving many alarms onto digital and cellular connections, and the more considered providers are now going further, towards links that do not depend on any single mobile network or any single point in the chain. That direction is the right one, and it makes the underlying point plain. The old analogue line was simple and independent; its digital successor is neither by default. The connection a telecare alarm depends on has become an engineered choice, and someone has to be accountable for how well it is engineered.

The clinical side has had no such forcing function. What did not scale alongside the clinical ambition was any matching thought about the connection the clinical services run on. Connectivity was treated as a domestic given, a utility already present in the home, rather than as a component of the care model that someone had to design, own and stand behind. The monitoring and the pathway were commissioned. The connection beneath both was too often assumed rather than designed.

Here is the question that exposes the gap. When a clinical service runs inside a hospital, there is always a named owner of the network it depends on. The Trust owns it. A chief information officer is accountable for it. Clinical engineering, a cyber function and a service desk stand behind it, with monitoring, change control and a service level that can be pointed to. Where wider connectivity is procured through the Health and Social Care Network, it is bought within a framework of supplier obligations and service expectations. Ask who owns the network, and there is an answer.

Now move a clinical service into a patient’s home, a remote-monitoring feed or a hospital-at-home observation, and ask the same question: who owns the connection it depends on? The answers fragment, and then dissolve.

Telecare is the instructive contrast, because many of its more mature services have treated the alarm path as something to be provided, managed and assured as part of the service. There, the connectivity comes from the supplier, and the sector has built an assurance regime around it through the TSA and its Quality Standards Framework, the only UKAS-accredited scheme of its kind for technology-enabled care. The alarm path has an owner who can be held to a standard. The clinical services now arriving in the same homes have inherited no equivalent settlement.

The NHS commissions the monitoring, but not the connection it travels over. The supplier provides the devices and the platform, but treats the line into the home as someone else’s concern. The internet provider sells a consumer service, with no clinical obligation and no duty to tell anyone when it degrades or fails. The GP practice or PCN carries the clinical responsibility, but is not an engineer of networks. The patient, or a family member, can unplug the router to free a socket behind the television. Five parties touch the connection. None owns it.

In too many arrangements, no one owns the dependency, so no one assures it. It is not mapped, not monitored, not documented as a single point of failure, and not anyone’s to answer for when it fails. The IT and network functions that would normally own a connection of this consequence sit outside the home arrangement altogether. Responsibility has not been refused; it has been diffused, spread so thinly across so many parties that it has effectively disappeared. That is the ownership vacuum, and it sits underneath a large and growing share of the care the NHS now delivers beyond its own walls.

Consider the moment it matters. A patient being monitored at home begins to deteriorate, and the reading that should raise the alarm has to travel over the household’s broadband. That evening the line is down, or the router has been unplugged to free a socket. The alert may never leave the house, no one may be watching that connection, and the people relying on it may have no reliable indication that anything has gone wrong. Ask who is responsible for the integrity of that path, end to end, and in most arrangements the honest answer is that no single party is, because it falls into the gap between the clinical service and the home it now runs in.

The same pattern reaches life-safety in the surgery. Fire and life-safety signalling has long been held to a stricter standard than ordinary IT, with its own assured route to a monitoring centre, and the standards and audit regimes around monitored alarm signalling generally treat that independence as more than a design preference. As connected services have multiplied on a single practice connection, the question of whether that life-safety signalling still has a genuinely independent path, rather than one absorbed into the same shared line, is rarely asked and rarely owned.

The natural response to all this is to ask for a better line: a faster connection, a more reliable provider, perhaps a second consumer broadband service for redundancy. It feels like the proportionate answer. It treats the wrong problem.

A consumer line is not assured as clinical infrastructure. Even where a retail service has support targets, it is not monitored, governed or contracted against the clinical consequence of a failed alarm, monitoring alert or safety-critical workflow. Adding a second consumer connection from the same kind of provider, over the same kind of last mile, often shares the very dependencies it is meant to insure against. Redundancy that is not independent is decoration.

The distinction is plain. A line that usually works is connected. A path that is owned, monitored and answerable for the consequence of its failure is assured. The home has the first. Clinical and life-safety services need the second.

The question was never the quality of the broadband. It is whether the connection a clinical or life-safety service depends on is designed, owned and assured as critical infrastructure, in the way it would be inside a hospital. Resilience is not a feature of a single good line. It is a property of an architecture: separate paths that do not fail together, a route that data can be trusted to travel, a failover that happens without anyone present to trigger it, and evidence that the whole thing works when it is needed. None of that arrives by upgrading the household’s internet.

Outside the hospital, assurance still has to mean something, and the NHS already owns much of the language for it. The Data Security and Protection Toolkit, and the NCSC Cyber Assessment Framework it draws on, already provide the language for local ownership of cyber and information risk, resilience, segregation and single points of failure⁴. The precise obligations vary by organisation type, and not every community or local healthcare arrangement falls within the same toolkit. What has not yet been absorbed is that these obligations follow the clinical service wherever it goes. When the service moves into the home, the obligation moves with it, even though the building, the line and the owner have all changed.

The point is not to invent a new assurance language. Much of it already exists; the gap is applying it once the service leaves the managed estate. The standard is neither exotic nor a product, but a short set of principles that any party asked to carry clinical or life-safety traffic should be expected to meet, wherever that traffic runs:

1. Independent: The resilient path does not share an upstream dependency, or an underlying network core, with the connection it is there to back up. If both fail together, there was never any resilience to begin with.
2. Private routing. Clinical and alarm data travels over a private, encapsulated path rather than the open internet, and it continues to do so during failover, when the temptation to fall back to a public route is greatest and the exposure most acute.
3. Managed failover. The switch from primary to secondary path happens automatically. There is no on-site IT team to intervene, and in a patient’s home there is no technical user at all.
4. Evidence: Resilience is tested and demonstrable rather than assumed, so that it produces the evidence an IT function needs for its own governance and can support the assurance the system already asks for: the Toolkit, CQC⁵, and the commissioner who signs off the service.

These are the same principles that a companion argument set out for the hospital, where the task is to separate paths that currently share one. In primary care and the community the task is harder, because in most settings there is no architecture to separate. It has to be built where none exists.

This does not need to begin as a major programme. It can begin as a sequence, and the first two steps cost almost nothing.

Name it: For one high-consequence service, map what the connection actually depends on and what fails with it. Start somewhere concrete: remote monitoring for a hospital-at-home patient. The path runs from the monitoring equipment in the home, over the household’s broadband, to the clinical team. The failure mode is that broadband going down or being saturated, with nothing to route around it, so the deterioration alert never arrives. A cellular link carries the same exposure if it runs on a single mobile network, or routes through a single core even when it can reach several networks, because one outage then takes the whole connection down. In most settings, that map has never been drawn.

Own it: Decide, explicitly, who is accountable for the integrity of that path from end to end. The value of the question lies in the asking: it forces the vacuum into the open. It also engages a duty providers already carry: CQC’s good-governance standard expects systems that assess, monitor and mitigate risks to people’s safety⁶, and a connection that no one owns or monitors sits outside any such system.

Assure it: Apply the principles above to the connections that carry consequence, and expect them of any party that provides those connections.

Key Questions:

1. Which of our high-consequence services now run on a connection that no single party owns?
2. Who is accountable, end to end, for the connection our home-based clinical services depend on?
3. Can we show that the resilient path is genuinely independent, and not a second line that fails with the first?

The answer is not to make every home an IT estate. It is to treat the one high-consequence path differently from the ordinary connection around it: to give the alarm, the monitoring alert or the life-safety signal its own owned and assured route, and to let the household’s broadband be what it is. That is a smaller, sharper intervention than it first appears, and it is what managed connectivity is for.

CSL builds this kind of connectivity infrastructure and deploys them through our resilient SIM card and router/edge solutions.

For example, for simplicity our DualCore rSIM®, provides an independent, private path that does not depend on the household’s broadband. It accesses all the mobile radio networks available locally, and, if it detects a failure, it can also switch between two independent core profiles on its own, with no one present. Both profiles operate within a secured private routing model. It carries safety-critical data to whoever must act on it, whether an alarm receiving centre or a clinical team, and produces the records to support Toolkit, CQC and commissioner assurance. It can sit alongside the existing local network or replace it, and it can be applied to a single device, to several devices on one site, or scaled across multiple sites.

The connectivity resilience and security argument does not stand or fall on any one provider. It rests on a simpler point:

The home became a clinical setting before anyone consistently decided who owned the connection. Across many home-based and community-based pathways, that decision was often never made, and the question of who owns the dependency was never asked. For every high-consequence service now running beyond NHS walls, asking it, and answering it, is now overdue.

1. Virtual ward capacity, occupancy and capacity per 100,000 population are published by NHS England as monthly management information; the figures are provisional and NHS England advises they be used with caution. NHS England, Virtual Ward statistics: https://www.england.nhs.uk/statistics/statistical-work-areas/virtual-ward/
2. Estimates of UK telecare users range from around 1.8 million, an Openreach figure cited in PSTN migration planning, to two million. Department of Health and Social Care and Department for Science, Innovation and Technology, Telecare National Action Plan (February 2025): https://www.gov.uk/government/publications/telecare-national-action-plan-protecting-telecare-users-throughout-the-digital-phone-switchover
3. The analogue Public Switched Telephone Network is being retired as part of the UK migration to digital landlines, due to complete for all providers by the end of January 2027; the current deadline followed serious incidents, including a small number of fatalities, where telecare devices failed to work properly after switchover. GOV.UK advises that customers with telecare or other connected equipment may need to take additional action. GOV.UK, UK transition from analogue to digital landlines: https://www.gov.uk/guidance/uk-transition-from-analogue-to-digital-landlines
4. The Data Security and Protection Toolkit has moved to alignment with the NCSC Cyber Assessment Framework, which emphasises local ownership of cyber and information risk; the precise obligations vary by organisation type. NHS England Digital, CAF-aligned DSPT guidance: https://digital.nhs.uk/cyber-and-data-security/guidance-and-assurance/caf-aligned-dspt-guidance
5. CQC’s fundamental standard on safe care and treatment (Regulation 12) requires providers to assess and do all that is reasonably practicable to mitigate risks to service users’ safety, which can extend to the reliability of connectivity that safety-critical workflows depend on. Care Quality Commission, Regulation 12: https://www.cqc.org.uk/guidance-regulation/providers/regulations-service-providers-and-managers/health-social-care-act/regulation-12
6. CQC’s fundamental standard on good governance (Regulation 17) requires providers to operate systems and processes that assess, monitor and mitigate risks to the health, safety and welfare of service users. Care Quality Commission, Regulation 17: https://www.cqc.org.uk/guidance-regulation/providers/regulations-service-providers-and-managers/health-social-care-act/regulation-17

• Careium and CSL: resilient connectivity for technology-enabled care. A practical case study showing how rSIM® is being used in digital telecare to provide an additional layer of resilience for vulnerable people who depend on connected alarm and support services. Also see Careium’s own success story: Ensuring uninterrupted telecare connectivity with rSIM®.
• Multiple Networks – One Hospital. A Shared Failure Point. The companion paper for secondary care, on why a hospital runs several operational domains over a single upstream connection, and how to separate them.
• The Future of Healthcare, Telecare and the Internet of Medical Things (IoMT), Part 1. The demographic, policy and clinical context driving the shift to remote and home-based care.
• The Future of Healthcare: How IoMT and AI Are Transforming Care Delivery, Part 2. How IoMT and AI are reshaping virtual wards and remote monitoring, and the connectivity, security and compliance they depend on.
• The Internet of Medical Things (IoMT): Regulatory Pathways and Evidence for NHS Adoption. Practical routes to market and NHS adoption for connected medical devices, covering conformity assessment, cybersecurity and evidence.