Two young people died in Canterbury this month. Fifteen cases of invasive meningococcal disease have now been confirmed. UKHSA issued a public alert on 16 March, directing anyone who had visited a Canterbury nightclub in early March to seek antibiotics. Elective procedures were disrupted. Antibiotic supplies were mobilised. Staff were redeployed.
The public controversy focused on whether the alert came quickly enough. But for NHS trust leaders, a different question is more urgent: who decided, by what criteria, and who is carrying the cost?
Authority without transparency, accountability without a voice
UKHSA holds the authority to declare a public health incident and direct the system’s response. NHS trusts hold the operational and financial consequences of that declaration. Cancelled elective procedures, redeployed staff, emergency procurement, and the downstream harm to patients whose care is deferred — none of this falls on the agency that made the call. It falls on the organisations that had no formal role in making it and no advance visibility into the criteria by which it would be made.
This division of labour is not inherently wrong. A centralised public health authority exists for good reasons. What is not defensible is the opacity of the decision. Trusts cannot plan contingency capacity, pre-position staff, or prepare communications because they do not know — and cannot know — what threshold will trigger the directive that reshapes their operations at short notice. Autonomy without information is not autonomy. It is the transfer of blame to the organisation left holding consequences it could not foresee or plan for.
A structural problem that has grown sharper
This accountability mismatch is not new. What has changed is the financial environment in which trusts must absorb unplanned operational shocks.
NHS England has materially tightened financial oversight of providers in 2024/25 and 2025/26. Its own financial performance update states that stricter cash-borrowing restrictions have been introduced mid-year to strengthen financial discipline across the provider sector. NHS Providers’ analysis confirms that these restrictions are already among the most acutely felt pressures on trust leadership teams. A number of trusts have been placed under enhanced financial oversight for cash management and financial control failures. Nuffield Trust analysis documents the scale of provider deficits that form the backdrop to this tightening.
Against this backdrop, an unplanned outbreak response directive from UKHSA is no longer merely an operational disruption. It is a financial event — one that can tip a trust from a managed deficit position into a cash crisis, triggered by a decision made elsewhere, under criteria that are not published. In governance terms, it is an unfunded mandate: the agency that issues the directive bears none of the costs that follow from it.
The governance gap that makes this worse
The absence of a published reasoning framework for outbreak escalation decisions means that the financial exposure trusts carry is not just unpredictable — it is unexaminable. When UKHSA decides that a cluster of meningococcal cases warrants a broad public alert, trusts cannot ask: what were the criteria? Were they applied consistently with previous decisions? Could we have anticipated this and prepared differently?
This is not a hypothetical concern. The two legitimate requirements that make outbreak escalation genuinely difficult — act too early, and you trigger the harm you are trying to prevent; act too late, and the pathogen spreads through the window spent gathering evidence — are real and in tension. The cry-wolf effect in public health communication is documented: when perceived risk does not match early projections, trust in future alerts declines and compliance with recommendations falls.
UKHSA is right to weigh both risks. But the weighing should be visible. UKHSA already publishes precise thresholds in other programmes: heat-health alerts use defined temperature and duration criteria; National Patient Safety Alerts have a published threshold requiring an issue to be more likely than not to cause at least one potentially avoidable death or disability per year. The same discipline is absent for infectious-disease outbreak escalation. This is a choice, not a technical constraint.
It is understandable why national agencies resist publishing rigid escalation triggers. Rigid rules limit operational flexibility and invite immediate criticism when a complex situation does not fit the matrix cleanly. But the cost of preserving that central flexibility is borne entirely by local organisations — the ones left absorbing consequences they could not anticipate, plan for, or challenge.
What needs to change
The recommendations that follow are directed not at trust operational teams but at board members and NEDs — the people responsible for governance architecture, not crisis response.
Demand visibility into escalation criteria. NHS trust boards should formally request, through their integrated care system and NHS England regional teams, sight of the reasoning framework UKHSA applies to outbreak escalation decisions. Not the operational detail of individual cases — the criteria. What factors are weighed? What would need to be true for a targeted response to become a broad public alert? This is not an unreasonable ask; it is the minimum required to govern the financial and operational exposure competently.
Build unplanned-directive scenarios into financial planning. The financial risk of an externally-triggered outbreak response is currently treated as unforeseeable and therefore unplannable. It is neither. Trusts can model the cost of a major outbreak response directive and hold contingency against it. In an environment of tighter cash-borrowing restrictions, the absence of such a scenario in financial planning is a governance gap in its own right.
Make the accountability mismatch visible at the system level. The structural problem — authority held centrally, consequences borne locally — is unlikely to be resolved at the trust level alone. But trust boards and NEDs are well placed to name it explicitly in system forums, integrated care board governance, and in representations to NHS England. The Kent outbreak will be reviewed. That review should address not only whether UKHSA’s decision was timely, but whether the system architecture that determines who decides and who pays is fit for purpose.
Demand formal risk-sharing for unfunded directives. If UKHSA issues an outbreak directive that generates unplanned operational costs — and does so without published criteria against which the decision can be examined — those costs should not count against a trust’s financial discipline rating with NHS England. A trust that absorbs a directive-driven cash shock is not exhibiting poor financial control; it is absorbing the consequences of a governance design failure that sits above it. Boards and NEDs should press for this distinction to be formalised in NHS England’s financial oversight framework before the next outbreak makes the argument for them.
The fourth change requires the most political will because it asks NHS England to accept that some trust cash positions are shaped by decisions it does not control. But it is the logical consequence of the accountability mismatch that the system has tolerated for too long.
The question Canterbury leaves open
UKHSA issued its alert. The operational response, once triggered, was substantial. The controversy did not abate — because the controversy was never really about whether UKHSA acted, but about when, and against what standard.
That question cannot be answered clearly because the standard has not been published. And in a financial environment where NHS England is tightening oversight of trust cash positions, the inability to answer it is no longer just a transparency problem. It is a governance risk that trust boards are carrying without the information they would need to manage it.
Author
Vsevolod Shabad
Vsevolod is a Fellow of the BCS and a researcher affiliated with the University of Liverpool. He specialises in the behavioural dynamics of security governance and decision-making under uncertainty in safety-critical sectors. The views expressed are those of the author in a personal capacity. Advisory enquiries via vshabad@vshabad.com.
Declaration of Interests
The author declares no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Declaration of AI Use
During the preparation of this work, the author used Claude (Anthropic) to improve readability and language quality as a non-native English speaker. After using this tool, the author reviewed and edited the content as needed and takes full responsibility for the content of the publication.