Electronic prescribing and medicines administration: procurement and safety learning in acute hospitals (HSSIB, 28 May 2026)

Summary

This Health Services Safety Investigation Body (HSSIB) report examines patient safety in relation to electronic prescribing and medicines administration (ePMA). ePMA is software used to prescribe medication and create a record of the medication: that has been given, or due and not given to a patient. Most people admitted to hospital will receive medication, and most acute hospital trusts in England have ePMA functionality in at least part of their organisations.

This report focuses on the procurement process used by acute hospital trusts to purchase new ePMA functionality and/or upgrade their existing ePMA functionality and how patient safety learning about ePMA is identified and shared across the healthcare system. It considers how legal, regulatory, standards and assurance functions apply in relation to ePMA safety.

ePMA functionality has been shown to reduce some medication errors. However, the current national mechanisms (legislation, regulation, standards and assurance) for ensuring patient safety in relation to ePMA functionality may not adequately provide staff and healthcare organisations with the assurance that risk and hazard identification process are robust and/or share learning associated with the use of ePMA in an acute hospital setting.

Content

Findings

• There are no core national patient safety standards that inform either the design or procurement of ePMA. This can lead to unwarranted variation in functionality across and between ePMA, other electronic systems, and acute hospital trusts, which may pose challenges for staff when prescribing and administering medication.
• Current assurance mechanisms do not provide national oversight or enforcement of either manufacturer or healthcare provider compliance with legally mandated standards relating to digital clinical safety and interoperability of digital health technology.
• The safety risks associated with software such as ePMA are complex and may change rapidly. Legislation, regulation and standards may not keep up with the speed of technological change.
• Manufacturers must self-assess and report whether their ePMA is compliant with relevant standards for their products to be included on an NHS procurement framework.
• There is variation in the core safety standards identified by acute hospital trusts when procuring and contracting for ePMA functionality. This leads to trusts identifying safety requirements individually, with limited consistency in the approach taken across trusts.
• Reliance is placed on acute hospital trusts to determine whether ePMA manufacturers have interpreted the medical device regulations appropriately, and to assure themselves that the trust complies with relevant standards. Some trusts do not have the resources, skills and expertise to do this effectively.
• Digital safety and patient safety teams at local and national level may work in silos, with limited ability to share information or collaborate on ePMA-related decisions that impact on patient safety.
• There are challenges with identifying national safety learning relating to ePMA as this is not reliably captured, shared or identified through formal reporting routes. There is ongoing work to improve the NHS reporting system to capture digital-related patient safety incidents.
• There is a reliance on informal networks for sharing ePMA safety issues which means safety concerns may not always be shared with those who need to be aware.
• Some ePMA manufacturers, whose ePMA functionality is not registered as a medical device choose to apply equivalent governance and assurance measures as if it is a medical device. This is in addition to complying with the digital clinical safety standard (DCB0129).
• Acute hospital trusts face challenges prioritising and resourcing procurement decisions for ePMA functionality. This leads to challenges and patient safety issues when ePMA is implemented.
• Clinical safety officers (CSOs) may not be adequately resourced, meaning they have limited capacity to support in managing clinical risks associated with ePMA.
• There is variation in how the CSO responsibilities set out in the digital clinical standards are interpreted and implemented by trusts. NHS England is working on plans for a formal curriculum and potential accreditation to improve CSO skills and capabilities.

HSSIB makes the following safety recommendations

Safety recommendation R/2026/086:

HSSIB recommends that the Medicines and Healthcare products Regulatory Agency ensures that:

• routes for manufacturers and healthcare organisations to engage with them are clear and accessible
• it reviews and provides further guidance and clarification on when electronic prescribing and medicines administration (ePMA) software should be considered a medical device.

This will support how ePMA software can be appropriately classified and regulated to improve patient safety.

Safety recommendation R/2026/087:

HSSIB recommends that NHS England/Department of Health and Social Care establishes a national framework for core electronic prescribing and medicines administration (ePMA) safety. This will provide a clear set of minimum patient safety requirements, helping to reduce unwarranted variation in the safety of ePMA functionality.

Safety recommendation R/2026/088:

HSSIB recommends that NHS England/Department of Health and Social Care develops an external assurance framework for information standards notices relating to electronic prescribing and medicines administration (ePMA). This is to reduce unwarranted variation and improve patient safety through expert-led assurance processes.

Safety recommendation R/2026/089:

HSSIB recommends that NHS England/Department of Health and Social Care provides additional support to acute hospital trusts, in relation to:

• supporting healthcare providers to access digital clinical safety knowledge, capacity and capability
• integrating digital clinical safety and patient safety, including the associated terminology
• supporting robust assurance of whether electronic prescribing and medicines administration (ePMA) manufacturers comply with relevant standards in order to be considered for inclusion on an NHS procurement framework.

This will support effective decision making and oversight by acute hospital trusts and reduce unwarranted variation in the understanding of, and approach to, adopting ePMA.

Safety recommendation R/2026/090:

HSSIB recommends that the Care Quality Commission reviews the sector-level assessment frameworks it is developing to include assurance of ongoing compliance with the digital clinical safety standard (DCB0160) for electronic prescribing and medicines administration (ePMA) software. This will help to ensure oversight of ePMA functionality to improve patient safety.

HSSIB makes the following safety observations

Safety observation O/2026/086:

Commercial manufacturers can improve patient safety by applying the standards and expectations for a medical device when developing electronic prescribing and medicines administration (ePMA) functionality, to help provide further assurance to acute hospital trusts procuring or updating ePMA functionality.

Safety observation O/2026/087:

Commercial manufacturers and NHS organisations can improve patient safety by ensuring the sharing of safety learning about electronic prescribing and medicines administration (ePMA) functionality nationally via incident reporting systems and relevant safety forums.

Safety observation O/2026/088:

Commercial manufacturers and NHS organisations can improve patient safety by contributing to and engaging with ePRaSE (ePrescribing Risk and Safety Evaluation) processes to support ongoing improvement and optimisation of electronic prescribing and medicines administration (ePMA) functionality across the NHS.