OneAdvanced announced this month that their AI agents could save the NHS £75 million annually and free up the equivalent of 150,000 additional appointments per week. The Clinical Coding Agent and Clinical Summarisation Agent automate paperwork in GP surgeries—suggesting SNOMED codes and extracting key information from clinical documents so GPs can spend less time on admin.

Which sounds brilliant. Genuinely useful, even. Automating the tedious parts of clinical documentation so doctors can see patients is exactly the kind of thing AI should be doing.

Except OneAdvanced is the company that was fined £3.07 million in March 2025 for security failings after hackers accessed their systems in 2022 via a customer account that didn’t have multi-factor authentication enabled. That breach compromised personal information for 79,404 people, including how to gain entry into the homes of 890 people receiving care at home. It disrupted NHS 111 services. It was a disaster.

And now they’re back, selling AI automation tools that will process clinical documents at scale across GP practices.

To be fair to OneAdvanced, they’re building on their existing Docman system, which is already used in over 2,500 GP practices and presumably has better security now. And 143 early-adopter practices are using these agents, with 95% reporting improved workflows. That’s not nothing.
So what’s actually happening here?

SNOMED CT (Systematised Nomenclature of Medicine – Clinical Terms) is the standardised clinical terminology used across the NHS. It’s essentially a massive structured vocabulary for recording clinical information—everything from symptoms and diagnoses to procedures and medications gets a specific SNOMED code. Your asthma isn’t just “asthma,” it’s code 195967001. A prescription for salbutamol inhaler is 320143001.
These codes matter because they’re how the NHS makes patient records searchable, sharable, and analysable across different systems. They enable everything from clinical decision support to population health analysis to commissioning decisions. If your GP records that you have “breathing problems” in free text rather than coding it properly as asthma, that information becomes much harder for other clinicians to find, and it doesn’t show up in data about asthma prevalence in your area.

The problem is that clinical coding is tedious, time-consuming, and often happens after the patient interaction. A GP might see a patient, make notes, and then need to go back through those notes and all the incoming correspondence—hospital discharge letters, test results, specialist reports—and manually assign the correct SNOMED codes. It’s the kind of admin work that eats into appointment time and is frankly nobody’s favorite part of the job.

This is where OneAdvanced’s AI agents come in. The Clinical Coding Agent reads through clinical documents and suggests appropriate SNOMED codes automatically. The Clinical Summarisation Agent pulls out the key clinical information so GPs can quickly review what’s important without reading entire multi-page letters.
In theory, this means GPs spend less time on coding admin and more time seeing patients. The suggested codes should improve the quality and completeness of patient records, since currently not everything gets coded properly—either because there’s no time or because the GP can’t immediately recall the exact code for a less common condition.

Why this matters now

Proper clinical coding isn’t just about admin efficiency—it’s fundamental to interoperability. When different NHS systems can actually talk to each other using standardised codes, patient information flows more smoothly between GPs, hospitals, specialists, and third-party providers. A properly coded asthma diagnosis in your GP record can be automatically picked up by the hospital system when you’re admitted, rather than requiring someone to manually transcribe your medical history.

This becomes especially relevant given the Cyber Security and Resilience Bill that just landed in Parliament. That legislation is bringing around 1,000 IT suppliers and managed service providers into scope for new security requirements—including the very companies that provide clinical document management systems like OneAdvanced’s Docman.

When you’re tightening security across NHS supply chains and requiring suppliers to meet minimum standards, you need the data flowing between all these systems to be properly structured and coded. Interoperability and security aren’t separate problems. If patient information is going to move securely between regulated suppliers, it needs to be in a format that systems can reliably interpret without human intervention introducing errors or delays.

The real value here is probably less about creating 150,000 additional appointments (that number still smells like optimistic modelling) and more about reducing the cognitive burden of administrative tasks that clinicians find exhausting, while simultaneously improving the quality of coded data that underpins interoperability across the NHS.

If these tools work as advertised, they’re handling the boring, repetitive parts of documentation while leaving clinical judgment to humans. The question is whether they’re accurate enough, and whether OneAdvanced’s security is solid this time around—because automated tools that process clinical documents at scale across thousands of practices are exactly the kind of supply chain risk the new legislation is trying to address.