28 February 2026 · 12 min read · Arviteni
After delivering 23 technology projects for care organisations, clear patterns emerge. The same problems recur, the same approaches fail, and the same principles succeed. Here is what we have learned about what actually works.
After delivering 23 technology projects for care organisations, you start to see things differently. One project is a security transformation, another is a network overhaul, another is rescuing a system that nobody uses. But the patterns underneath are remarkably consistent.
The same problems appear. The same approaches fail. And the same principles, applied patiently and with genuine understanding of how care operates, succeed. This is what we have learned, and what we wish every care provider knew before starting their next technology project.
Every care organisation we have worked with has accumulated technology over the years. A security tool here, a communication platform there, an email archive from the previous IT provider. Each decision made sense at the time. Nobody stepped back to look at the full picture.
The result is a licensing estate that has grown tool by tool, with nobody assessing whether the capabilities overlap. We have seen organisations paying five separate vendors for network threat detection, data classification, email security, endpoint protection, and experience monitoring, when their existing Microsoft licence included all of those capabilities natively.
In one project, a national care group was spending £873,000 a year across seven separate licensing agreements. Five of the seven tools could be replaced by features already included in their Microsoft 365 licence tier. The annual saving after consolidation was £481,000. For a care provider, that is the difference between funding a new service and not.
The lesson is not that Microsoft is always the answer. It is that care organisations rarely audit what they already pay for. Licensing decisions made three years ago by someone who has since left continue to renew automatically. A structured licensing review is one of the highest-value exercises any care organisation can undertake. It is not exciting, but it routinely saves tens of thousands of pounds.
This is the pattern we see most often. A care organisation invests in a good platform. The licensing is in place, the vendor support exists. But the implementation is rushed, the configuration does not reflect how the organisation actually works, and within six months the system is abandoned.
We inherited one project where a care provider had invested in BambooHR for HR management. The system could handle everything they needed. But it had been configured without understanding how care-sector HR actually operates. The workflows did not reflect the realities of high turnover, DBS renewal cycles, or the compliance demands of employing people who work with vulnerable adults.
The HR team found it did not fit their processes and reverted to spreadsheets. When we came in, the task was not replacing BambooHR but reviving it: rebuilding workflows around how the team actually worked, cleaning the data, and retraining the team. The platform was never the problem. The implementation was.
This story repeats across our portfolio. SharePoint redesigned repeatedly because the information architecture was wrong. Device management licensed but never configured. Security features included in the licence tier but never switched on.
The care sector has a particular vulnerability here. Technology vendors rarely understand care. They configure systems for generic business use, which does not account for shift patterns, CQC requirements, safeguarding workflows, or the fact that most of your workforce spends their day with vulnerable people, not at desks. If the implementation does not account for how care works, adoption will fail.
When we took over IT management for one care group, we ran a full audit of their Microsoft 365 environment. The Microsoft Secure Score sat at 16%. That means 84% of the available security features were not configured or not enabled. Staff phones and tablets used in the community had no device management, no security policies, and no remote wipe capability. The previous IT provider had assured the organisation that everything was compliant. It was not.
Across our projects, we consistently find care organisations where security was never part of the original design. It was something to address later. Except later never comes, or it comes in the form of a breach, a failed certification, or a regulatory question nobody can answer.
The organisations that get security right treat it as a foundation, not a feature. Zero trust architecture is not a product you bolt on. It is a way of thinking about every access request, every device, every sign-in. Cyber Essentials certification is not a checkbox exercise. It is a baseline that says you take the protection of sensitive data seriously.
For care providers, security is not an IT concern. It is a care quality concern. The data you hold describes some of the most vulnerable people in society: their medical conditions, their mental capacity, their safeguarding history. A breach in care is not an inconvenience. It is a safeguarding incident. Protecting that data is protecting the people it describes.
The pattern is clear. Organisations that build security in from the start spend less, experience fewer incidents, and find compliance straightforward. Organisations that treat security as something to address later spend more, face greater risk, and find every compliance framework an uphill struggle.
The narrative that care workers resist technology is wrong. What care workers resist is badly implemented technology that makes their day harder, launched without adequate support, by people who do not understand what their day looks like.
Across our projects, the single most effective intervention for adoption has been peer support through software champions. Not more training materials or mandatory e-learning. A real person, in their region, who understands both the technology and the pressures of care work, available to help when something does not make sense. Champions are selected from existing staff: the care coordinator who already helps colleagues with the rota system, the registered manager who figured out the reporting tools. When a care worker encounters a problem on day one, there is someone nearby who can help immediately.
The other factor that consistently predicts adoption is giving people the right tools for their role. Standardising hardware by role sounds mundane, but it is one of the most impactful things a care organisation can do. A domiciliary care worker needs a device that is lightweight, durable, and lasts a full shift. A registered manager needs a setup that works in their office and travels to CQC inspections. When every device across 12 regions is managed consistently through Intune, with security policies applied automatically and new devices configured on first boot, the experience is the same everywhere. The technology becomes invisible, which is exactly what it should be when the priority is the person in front of you.
Every care organisation we work with has data. Occupancy rates, staff turnover, agency usage, training compliance, incident reports, safeguarding referrals, financial performance. The problem is that it lives in separate systems, maintained by separate teams, and is never brought together.
The typical picture: monthly board reports compiled manually by regional managers who export data from one system, cross-reference it with another, add financial figures from a third, and present the result in a slide deck. By the time the board sees the numbers, they describe the organisation as it was four to six weeks ago. If falls are increasing in a particular home, or agency spend is climbing in a region, nobody notices until the next report cycle.
For a care provider, this lag is a care quality risk. An increase in medication errors, a spike in staff turnover, a trend in resident complaints: these are early warning signs. If the data reaches decision-makers weeks after the fact, the window for early intervention has closed.
Connecting data sources into a business intelligence platform changed this for one care group. Power BI dashboards replaced manual reports, with data from care management, HR, finance, and compliance systems refreshing automatically. Cross-system analysis revealed correlations that were previously invisible: high agency usage in specific homes correlated with elevated incident rates, leading to targeted interventions rather than expensive organisation-wide initiatives.
The same principle applies at a smaller scale. Introducing ticketing systems for departments like Payroll, Recruitment, and Compliance created visibility where none existed. Data that was previously trapped in email inboxes became operational insight. Understanding where data flows across the organisation is the starting point for both compliance and improvement.
After 23 projects, five themes have crystallised into principles we apply to every engagement. They are not revolutionary. They are practical, tested, and consistently effective.
Most care organisations are paying for more technology than they use. Before buying anything new, audit what you already have. Your Microsoft 365 licence almost certainly includes security, device management, and collaboration features sitting unconfigured. The highest return on investment in care technology is often switching on what you are already paying for.
Big-bang rollouts fail in care. You cannot take an entire care workforce offline for training. Care delivery does not stop for IT projects. And the feedback from the first 50 users would have changed how you deployed to the next 500.
Every successful project we have delivered has been phased. Start with one site, one region, or one team. Learn from reality. Adjust. Then expand. The organisations that resist the pressure to "just roll it out everywhere at once" are the ones whose systems are still being used a year later.
If a technology change makes a care worker's day harder, it will not stick. It does not matter how good the system is, how much it cost, or how enthusiastic the board is.
Every technology decision in care should start with one question: what does this mean for the person delivering care? If the answer is "one more thing to do," you have a problem. If the answer is "something that saves them time," you have a chance.
When a care organisation protects its data, it is protecting the people that data describes. Security in care is not an IT overhead. It is a direct expression of the duty of care. The data you hold contains the intimate details of vulnerable people's lives. Protecting it to the highest standard is as much a care responsibility as administering medication correctly or reporting a safeguarding concern.
It is tempting to measure what is easy to count: tickets resolved, devices deployed, training sessions delivered. But the measures that matter are different. Has the system reduced the time care workers spend on administration? Has it improved visibility of care quality indicators? Has it freed up time that can be redirected to care delivery?
The most valuable measurement is also the simplest. Ask the care workers. If they tell you the technology helps them do their job, you have succeeded. If they tell you it gets in the way, no dashboard metric will change that.
The care sector's relationship with technology is maturing. Five years ago, the conversation was about whether to digitise. Now it is about how to digitise well.
But the patterns across these 23 projects suggest the sector still has ground to cover. Too many providers are locked into contracts with IT suppliers who do not understand care. Too many technology decisions are made on price alone, without considering the total cost of poor implementation and failed adoption.
The next phase is not about buying more tools. It is about making better use of what already exists, connecting systems so that data flows to where it is needed, building security into the foundation, and supporting the workforce to use technology confidently. AI will play a role, but only if it is grounded in practical reality rather than hype.
The organisations that will thrive are the ones that get the foundations right: reliable infrastructure, well-implemented systems, supported staff, built-in security, and data that is visible and actionable. These are not exciting ambitions. But they are the ambitions that make a genuine difference to care delivery.
Technology in care is not about being cutting edge. It is about being reliable, safe, and there when it matters. The best technology in a care setting is the technology nobody talks about because it simply works. The Wi-Fi that does not drop. The care record system that loads when a care worker needs it. The security that protects sensitive data without adding friction to someone's shift.
After 23 projects, the real test of technology in care is a quiet one. Does the care worker's day run more smoothly? Is the resident's data safer? Can the registered manager see what they need to see, when they need to see it?
If the answer is yes, the technology is doing what technology in care should always do: getting out of the way so people can focus on what actually matters.