Maintaining the Golden Thread is ‘fundamental’

The Building Safety Act 2022 marks a seismic shift in accountability, born from Grenfell’s tragedy, demanding full lifecycle transparency for Higher-Risk Buildings — including hospitals. For the NHS, this isn’t just an estates issue — it’s a legal, moral, and patient safety imperative. The ‘golden thread’ of accurate, accessible building data must be maintained from concept through occupation. Senior leaders can no longer afford to overlook their personal and corporate responsibility for safe, compliant infrastructure.

The Building Safety Act 2022 (BSA22) was born from tragedy — an attempt to ensure that the systemic failures exposed by the Grenfell Tower fire in 2017 are never repeated. Central to this new regime is the concept of the ‘golden thread’ of information: a continuous, structured, and digital record that captures key decisions, changes, safety-critical features, and compliance evidence across the lifecycle of a Higher-Risk Building (HRB).

A critical challenge and an urgent call for action

For the NHS, responsible for managing some of the most complex, sensitive facilities in the UK, the arrival of the BSA22 presents both a critical challenge and an urgent call to action. Now, more than ever, healthcare organisations must place robust data management and safety compliance at the heart of both their maintenance and building programmes — not as an afterthought, but as a foundation of quality patient care, governance, and risk assurance.

While this may appear to be a specialist estates issue, it is critical that greater awareness of this requirement reaches its target audience — namely, the accountable officers and Board members responsible for organisational risk, safety, and compliance. While a director of Estates may develop the forward maintenance register and capital delivery plan, they typically lack executive authority when it comes to budget-setting, and are required to deliver within a fixed budget. More and more this budget is failing to provide the necessary funds to address the risks faced by an ageing estate. The intention behind the Building Safety Act is precisely to hold senior accountable persons, i.e. those making investment decisions, approving designs, or delaying safety works, accountable for their decisions, actions, and possible inactions.

There is a commonly held belief that the BSA22 only relates to High Rise Residential Buildings. The Act itself indicates that HRBs need to have two or more residential units, as well as meeting a minimum height threshold to be deemed ‘at higher risk’. This belief was perpetuated by a piece of secondary legislation, which indicated that hospitals were excluded from being described as an HRB. This is — sadly — a product of complex legislation not being clearly set out. The exclusion only refers to the hospital not coming under the powers of the Building Safety Regulator when in occupation.

In the same piece of legislation, it clearly identifies hospitals (and care homes) as HRB. Referring to the explanatory notes for the legislation clears up the issue. It states that although hospitals are not residential buildings in the traditional sense, they fall squarely within the scope of BSA22 because they house highly vulnerable occupants, including patients who may not be able to evacuate unaided during an emergency.

Exceeding the qualifying height criteria

Across the NHS, many hospital buildings readily exceed the qualifying height criteria of 18 metres set out in the Act, thus qualifying them as HRBs. Yet there remains a widespread lack of awareness from Estates departments across the NHS of their duties and obligations. New-build hospitals, or those being significantly refurbished that fit the category of an HRB, will need to go through the Building Safety Regulator (BSR) to gain Building Control approval. This ensures that a greater focus is placed on checking that due consideration has been given to fire safety by competent individuals.

Within the New Hospital Programme (NHP), most schemes, and especially those in Wave 1, are expected to exceed 18 metres in height. Many are, however, unaware that compliance obligations under BSA22 start early — from the commencement of RIBA Stage 2 (Concept Design). Going through the BSR will extend the timelines for Building Control approval. Delays in action, lack of preparation, or unfamiliarity with the legal framework, could lead to serious consequences, not only in terms of regulatory breaches, but, far more importantly, in terms of future patient safety and public trust.

An enduring set of duties

Another misconception is that a hospital higher than 18 metres is no longer deemed to be at ‘high risk’ once it is in occupation. This is not true. It will always remain a Higher Risk Building, and this places an enduring set of duties on an NHS Trust in terms of ‘maintaining the Golden Thread’ — this being a complete, accurate, and accessible digital record of information about a building, from its design and construction, to its ongoing maintenance and use. This comprehensive record ensures that those responsible for building safety have the necessary information to manage risks, comply with regulations, and demonstrate that the building is being safely managed. This could have significant consequences for how Trusts address safety-related backlog maintenance.

Although NHS hospitals are exempt from direct control by the Building Safety Regulator, they are answerable to the Care Quality Commission (CQC) for compliance with premises and equipment standards. In particular, CQC inspections against Regulation 15 will be informed by how well building safety risks are being managed and documented.

Further underlining this, in response to the 2022 Murray Review on Capital Allocation methodology, NHS England increased the targeted proportion of capital expenditure to be spent on backlog maintenance from 6 to 13%. This was formalised within NHS England’s Operational Capital Guidance 2022—2025, reinforcing that capital spend must be prioritised towards ensuring building safety and regulatory compliance. The current data provided through the ERIC process indicates that many Trusts are not addressing their Critical Infrastructure Risks, and the numbers keep growing.

Thus, compliance with the Building Safety Act, maintaining an accurate Golden Thread, and investing in estate condition, are not discretionary activities; rather they are matters of patient safety, legal obligation, and executive accountability.

The Golden Thread: more than a filing system

The ‘Golden Thread’ is not just a document archive, or a digital library of building plans. As outlined by Dame Judith Hackitt in her post-Grenfell review, and reinforced by guidance from the Construction Leadership Council (CLC), the Golden Thread represents a fundamental cultural shift in how buildings are designed, constructed, and maintained.

At its core, the golden thread ensures that those responsible — clients, designers, contractors, and accountable persons, can demonstrate compliance with building regulations, understand structural and fire risks, and proactively manage them throughout a building’s life. The Golden Thread must be accurate, easily understandable, up-to-date, and accessible to those who need it.

Executive decision-making must also be captured within the Golden Thread. For example, when a Trust CEO or CFO makes a decision about the level of investment allocated to address building safety risks, that decision, and the rationale behind it, must be formally recorded. Transparency in these decisions is critical. In the context of Grenfell, the Golden Thread would have demonstrated who proposed the change of cladding, who approved it, and their understanding (or lack thereof) of the associated risks.

From real-world NHS experience, it is rarely engineers or project teams who make final calls on financial envelopes, costs, and ‘value engineering’ choices; it is typically SROs, CEOs, or Boards. They must have a clear understanding of their role, and their personal and corporate accountability, in decisions affecting building safety.

The importance of this cannot be overstated. To put the broader risk into perspective: back in 2012, the Department of Health initiated a review of Critical Infrastructure Risk. This refers to the potential harm or disruption to essential services that could lead to significant loss of life, economic impact, or even national security threats. The review found that £1.2 bn of investment was needed to address backlog maintenance across the NHS estate to ensure that commitments under the NHS Constitution, specifically, providing ‘services from a clean and safe environment that is fit for purpose based on national best practice’ — were being met.

Failure to address backlog maintenance also placed Trusts at risk of breaching their obligations under the Health and Social Care Act 2008 (Regulated Activities) Regulations, and particularly Regulation 15(e), which requires service-providers to ensure that premises and equipment are properly maintained to protect service-users from harm.

Additional legal duties for the Accountable Person

With the advent of the Building Safety Act, all hospital buildings over 18 metres are now classified as Higher-Risk Buildings. This places additional legal duties on the ‘Accountable Person’ to identify, manage, and document, how building safety risks are being addressed and mitigated.

To meet these complex demands, Trusts must establish robust information management systems, centred around Common Data Environments (CDEs). A CDE is a centralised digital platform that acts as a single source of truth for all building-related and operational data. Features typically include:

• A Centralised Repository: housing all project information, including contracts, drawings, models, and communications.
• Single Source of Truth: reducing errors and ensuring consistency across stakeholders.
• Enhanced Collaboration: enabling secure, real-time sharing of information between parties undertaking maintenance and construction work.
• Efficiency gains: reducing project delays, duplication, and cost overruns.

CDEs support Building Information Modelling (BIM) processes, feeding into an Asset Information Model (AIM) that supports the ongoing management of the building across its lifecycle. Critically, CDEs help maintain the Golden Thread by ensuring that all decisions, changes, approvals, and risk assessments, are captured, version-controlled, and readily accessible.

CDE ownership ‘delegated’

Most NHS Trusts only use CDEs during a construction project, and ownership is delegated to one of the delivery partners (designers or contractors). On completion of the project, the underlying funding for the CDE ceases, and it is closed down, without much of the critical information being transferred to the client. Some of the lessons being implemented through the NHP, and the paradigm shift to the intelligent hospital concept, are around the use of a number of data key principles, which should be applied to all hospitals designated as HRBs. These are:

• Data ownership — data must be separated from applications, owned by the Trust/NHS, and accessible free of charge to legitimate users.
• Available — must provide ‘live’ services and accurate data for the right users and the right time.
• Reliable — must meet high standards for quality and accuracy to ensure consistency and performance.
• Findable — can be easily discovered and accessed by authorised users.
• Secure — Must be secure by design (cyber and physical), and protect from unauthorised access and tampering.

A narrow window of opportunity

The Building Safety Act is now in force. Regulatory obligations are legally enforceable. Failure to maintain an accurate, accessible, and up-to-date Golden Thread is no longer merely poor practice — it represents serious corporate risk.

Boards must understand that non-compliance could lead not just to regulatory censure, but potentially criminal liability for senior leaders who knowingly take, approve, or ignore, unsafe decisions. The NHS has a narrow but critical window to modernise its estate information management practices. By acting now, investing in digital capability, demanding compliance from supply chains, and embedding Golden Thread principles from the outset, Trusts can:

• Protect patients, staff, and visitors.
• Shield the organisation from reputational and financial harm.
• Demonstrate good governance and corporate responsibility.
• Honour the hard lessons learned from past tragedies.

Keeping the Golden Thread alive is not just a technical requirement. It is a fundamental duty of leadership.