We are NHS Digital’s Clinical Safety team and I’d like to tell you more about who we are, what we do and why we do it.
We are a team of 14 people, split between Leeds, London and Exeter. We are a mixture of clinicians and engineers with varying backgrounds and experiences.
It’s our job to make sure that the risk of harm to patients as a result of health IT is the lowest it can possibly be. We are responsible for the production of two standards, designed to support and guide both the manufacturers of health IT and those organisations who deploy it. By ensuring these standards are in place and supporting people to comply with them, we can keep the risk of patient harm to a minimum.
Of the two standards, one (DCB 0129) is relevant to those responsible for the manufacture of health IT and the other (DCB 0160) is related to the organisations that will be deploying and using the IT. Both standards are mandatory under the Health and Social Care Act 2012.
When a health IT manufacturer designs a system, they must cdo so with clinical safety at heart. Any system that needs to connect to SPINE must go through an assurance process to make sure it is as safe as it can be to be deployed. Part of this assurance process is clinical safety. The clinical safety stage of assurance involves the assessment of the system for compliance to DCB 0129. DCB 0129 guides the manufacturer in their clinical risk management provision. It outlines their clinical safety responsibilities, such as:
- They must nominate a person responsible for clinical safety.
- This person must be a suitably qualified and registered clinician.
- They must produce a log of all the potential hazards associated with the system that could impact the patient.
- They must produce a safety case that will detail the risk analysis of each hazard and specify what controls and mitigations have been put in place to ensure as far as possible that these hazards will not occur.
The same kind of responsibilities are outlined in DCB 0160 with regards to those taking on and deploying the health IT. They must be sure they have understood all the hazards identified by the system manufacturer and have made their own provisions to reduce the risk as far as possible. This should also be detailed in the same format and standard of documentation that is expected from the manufacturers under DCB 0129.
We work closely with both the manufacturers and the organisations to support them with their compliance to these standards. Before a system can be deployed for the first time, it must receive a Certificate of Authority To Release (CATR) from NHS Digital that evidences their compliance to the standard. The approval for this certificate to be given is granted by the Clinical Safety team within our weekly Clinical Safety Group (CSG) meetings once we are happy with the evidence presented.
Once the CATR has been granted, the manufacturer is free to deploy the system at the intended organisation within the defined scope of the CATR. In most cases, if they wish to deploy further, or add any additional functionality, they would have to come back to CSG to get the CATR upgraded.
Having this process in place ensures that clinical safety is given a respectable amount of thought and consideration. This provides us with a confidence that the risk of harm to patients is kept at a minimum.
We are also involved in live service incidents. If something happens with the IT once it has been deployed, we make sure the incident has been properly assessed with regards to risk of harm to the patient.