Article

Exception reporting reform and live rostering solutions

How the exception reporting reforms should be implemented where live rostering solutions operate.

27 January 2026

There is an unresolved conflict between the updated 2016 terms and conditions (noted below) on how the exception reporting reforms should be implemented and how live rostering solutions operate.

For those organisations using live rostering solutions the confidentiality of exception reporting data relating to additional hours worked cannot be guaranteed. If this information is visible on a live rostering system without the consent of the doctor, then the Guardian of Safe Working Hours may consider if this is an information breach (see annex D paragraph 26-32 of the terms and conditions for restrictions, as noted below).

Despite efforts to agree a period of grace to allow us to explore and secure a solution to rectify this conflict with the BMA ahead of the 04 February 2026 implementation date, we have not been able to do so.

Employers are therefore required to consider their options, and to ensure that live rostering platforms are not updated with any changes in working hours as a result of exception reporting or to accept that information sharing breaches may result in fines being levied.

We recognise that this position will create significant additional administrative problems for employers as they are preparing to implement the exception reporting reforms.

Immediate employer options

Immediate employer options are as follows:

Switch off exception reporting elements of live rostering solutions and put manual processes in place by 4 February 2026, to ensure:

Additional hours worked as a result of exception reporting are still included in the overall rostered hours calculations – this is likely to require a separate spreadsheet to be sent to payroll that details additional hours worked.

Total hours worked calculations are captured for safe staffing and fines purposes.

Reach agreement locally with the LNC to remove the contractual consent requirement, allowing continued visibility of changes in working hours by those involved in the administration of live rostering (this would allow access to data outside the specific pathways listed in the terms and conditions). This could be on a time limited basis to allow for future software solutions.

Retain live rostering and accept that fines will be levied. Proven information breach fines are set at £500 per resident doctor per instance. More information about fines is available in our fines guidance for exception reporting web page.

Where time off in lieu (TOIL) is the stated as the doctor’s preference following the exception reporting of additional hours worked this can remain visible in live rostering views, but only if labelled in a way that does not describe it as TOIL as a result of exception reporting.

These should be treated as short-term solutions, and employers can further explore opportunities with their LNC and software provider to amend live rostering solutions considering the contractual restrictions. We are aware that HealthRota have put in place a solution to ensure shift times on "exception reported shifts" are not adjusted so that Trusts using their live rostering have a compliant solution. This message will be shared with the NHS Employers software networks.

The BMA and NHS Employers have agreed to explore possible design options of live rostering solutions with software providers to mitigate these issues, and progress will be reported in due course. Employers should maintain regular communication with their software provider on this issue so that updates on progress can be provided.

Access to individual doctor’s exception reporting data
26. Identifiable data (specifically identifying the individual) related to number or content of exception reports for additional hours worked may only be shared to or accessed by HR, Guardian of safe working hours, their nominated deputies and payroll. Unless the doctor has given their explicit consent
27. To protect doctors, exception reporting data must be treated as confidential and cannot be accessed, shared or requested to be shared without the doctor’s explicit consent, outside the specific pathways listed in these TCS and in jointly produced guidance.
33. Proven breaches of the confidentiality of exception reporting data will be subject to an information breach fine
Exception reporting information breaches
33. Proven breaches of the confidentiality of exception reporting data will be subject to an information breach fine.
34. A doctor may report suspected information breach to the Guardian of safe working hours for investigation. If proven, the Guardian of safe working hours must levy an information breach fine per instance per doctor. A doctor reporting a suspected breach may be invited to provide additional details on the information breach and may decline.
35. An instance of information breach is described as follows:
a. If multiple doctors are affected in a single unauthorised exception reporting data disclosure, a separate penalty will be applied for each affected doctor.
b. If multiple unauthorised exception reporting data disclosures occur over time related to a single doctor, a separate penalty will be applied for each individual instance.
c. If information related to multiple exception reports from a single doctor is leaked to multiple individuals in a single instance, a single penalty will be applied for that instance.
Breaches incurring a financial penalty
26. Penalties will apply for a proven information breach, as defined in Annex D paragraphs 33 to 36. Penalties of £500 per doctor per instance for a proven information breach and will be applied from 4 February 2026 to 3 August 2026. Both fines will be set at £500 from 4 August 2026