John Uttley - Director
John Uttley is the Director of Innovation and Senior Information Risk Owner (SIRO) for NHS Midlands and Lancashire CSU, with responsibility for leading the organisation’s digital innovation agenda and setting the strategic direction for information risk management on behalf of the Board.
While not a member of the Executive Board, John holds a formal board-level portfolio for information risk, advising the Board, shaping organisational risk appetite, and providing authoritative oversight of cyber security, data protection, and information governance across the CSU.
With over 27 years’ experience across primary and secondary care, John brings a rare combination of senior NHS informatics leadership, legal training, and qualifications in information security and cyber risk. This blend enables him to operate confidently across clinical, technical, governance, and regulatory domains.
John has led multiple large-scale, multi-organisation digital transformation programmes, including shared care records, interoperability platforms, and national digital services. As Programme Director for both the Staffordshire & Shropshire and Herefordshire & Worcestershire Shared Care Record programmes, he delivered system-wide integration spanning acute, community, mental health, primary care, and local authority services. These programmes were delivered under heightened scrutiny, including during the COVID-19 pandemic, and required extensive stakeholder engagement, DPIAs, and robust information governance frameworks.
As part of his innovation portfolio, John led the delivery of the world’s first end-to-end National Digital Weight Management Platform commissioned by NHS England. The service operates at national scale, supports multiple referral pathways, and has been cited in peer-reviewed publications and national policy as an exemplar of digitally enabled transformation.
John has a particular focus on AI governance, ethics, and responsible innovation in healthcare. He authored the CSU’s AI Strategy and AI Ethical Framework, aligned to the Alan Turing Institute’s Process-Based Governance model, and chairs a regional AI Governance Group bringing together NHS organisations to establish consistent, practical approaches to assurance, clinical safety, and ethical deployment. Through published articles and advisory roles, he contributes to the evolving conversation on how AI can be safely embedded within NHS practice.
John also provides senior ownership for ISO 27001 and ISO 9001 accreditation, embedding proportionate assurance and regulatory compliance within innovation delivery.
During transition to a new host organisation, John provides continuity of leadership, board-level assurance, and single-point accountability for digital strategy, income sustainability, information risk, and external stakeholder confidence. His role is held at director level due to the national scope, regulatory exposure, financial commitments, and reputational risk associated with the services delivered by the Digital Innovation Unit.