‘Safety first’ is a common mantra. But when it comes to the implementation of healthcare technology, safety may not get as much attention as other, important, factors such as productivity or effectiveness.

To try and safety more prominence, the Health and Social Care Information Centre has developed two sets of standards – ISB 0160 and ISB 0129 – which were approved at the beginning of 2013.

The former provides a set of requirements to promote and ensure the effective application of clinical risk management by healthcare organisations deploying an IT system in the NHS.

The latter is applicable to companies that manufacture and maintain health IT systems. Both documents also require the appointment of a responsible clinical safety officer at the relevant organisation.

Stand by your standards

Maureen Baker, who was clinical director of patient safety at the HSCIC when the standards were developed, told Digital Health News at the time that the idea was to try and learn from other, safety critical industries.

She argued industries such as aviation already had extensive safety management systems in place, and well-understood mechanisms for designing out (or at least mitigating the risk of) human error.

“We need to start thinking more critically about when things go wrong,” she said. “We need to think about stopping things from going wrong in the first place.”

Baker, who is currently chair of the Royal College of General Practitioners, added that when she asked engineers how to design in safety, the first thing they did was to ask for the relevant standards; and the cases in which they would be applied.

When it came to healthcare IT systems, these were effectively missing. Hence ISB 0160 and ISB 0129. However, a clinical safety officer’s workshop organised by Digital Health Networks at EHI Live in Birmingham, suggested they are struggling to gain traction.

What standards?

Cambridge University Hospitals NHS Foundation Trust had one of the most high profile go-lives of an electronic patient record in recent history when it became the first UK site to go live with Epic in 2014.

Meantime, nearby West Suffolk NHS Foundation Trust is counting down the days until it goes live with Cerner Millennium; another single system EPR from a large US supplier.

As part of these large-scale implementations, each trust had to create clinical safety cases based on the HSCIC’s ISB standards. Yet the chief clinical information officers of both organisations said they were surprised by the need to comply with their requirements.

“I’d never heard of it before. None of us had heard of it,” said Dr Afzal Chaudhry, consultant nephrologist and CCIO at Cambridge University Hospitals.

Dermot O'Riordan, consultant surgeon and CCIO at West Suffolk, added that his trust was “quite a way down with implementation before we even realised there was such a thing as a clinical safety case.”

The case for safety

There was also confusion. Chaudhry said that, to this day, he doesn’t understand the initial iterations of the HSCIC’s ISB documents, while O’Riordan described them as “gobbledegook”.

The HSCIC has since come out with more clinician friendly versions, and both West Suffolk and Cambridge University Hospitals have come round to understanding and supporting the clinical safety process.

Chaudhry said his organisation started off with a mindset of “why are we doing this?” But as the process went on he said it helped introduce a “discipline and rigour” to the trust’s approach. O'Riordan added that what the HSCIC is mandating is simply a “good clinical governance process”.

Chaudhry explained that Epic and Cambridge University Hospitals went through “rounds and rounds” of documents before managing to successfully submit the safety case in September 2014; just three weeks before the deployment date.

As for its impact, Chaudhry explained that having a safety case helped the trust deal with a problem with connecting Epic to the NHS data Spine. It turned out that this was down to a bug in HSCIC software that caused problems sending when it came to sending out NHS Numbers in response to notifications about newborn babies.

Humans will find new errors

However, he also outlined a number of issues that arose despite the risk assessment and mitigation process. Chaudhry gave as an example a collective decision by nurses to stop sending district nurse referrals by fax. They hadn’t received any instructions to do this, but believed the process was being handled by Epic.

As another example, Chaudhry said the trust went live in the knowledge that specimen label printers wouldn’t work with Epic. It expected doctors to use the standard process to label blood bottles by hand. However, an analysis discovered that 80% of samples sent to labs by junior doctors were labelled incorrectly.

“We had a beautifully described clinical safety case to say ‘if the label printers don’t work, this is the mitigation’. Everybody knew what do – and it just didn’t happen. To this day I don’t have a good answer to that.”

This experience has benefited West Suffolk, which has worked closely with Cambridge University Hospitals on building its own safety case for Cerner Millennium, led by clinical safety officer Dr Pam Chrispin, the trust’s medical director.

“These systems, they are dealing with the same problems. They are vendor independent. I can’t stress that highly enough,” said O'Riordan.

Leading the way

Even so, Stuart Harrison, head of safety engineering at the HSCIC, said two trusts that he had been involved with recently had seen IT implementations go in like a “greased weasel” because there was commitment to patient safety across the organisation.

 “It has to be a team effort,” said Harrison, suggesting that clinical safety offers are usually CCIOs or medical directors who don’t have the time commitments to cover every detail. Instead, he argued, the project management tasks should be handled by a clinical safety team feeding information to the clinical safety officer.

He also said it is necessary to make sure that all staff understand the clinical risk management process. “If your staff are clued up on what safety standards are, and how they fit to the organisation and the particular system being procured, it works,” he insisted.

Supplier safety

Of course, suppliers have to play their part. Cerner’s head of clinical risk management Clive Tomsett said his company requires all current and new employees in the UK to complete an introduction to clinical risk management, where they are provided with an overview of both ISB 0129 and ISB 0160.

Emis Health’s chief medical officer Shaun O'Hanlon brought home the practical benefits of clinical safety measures in a detailed talk looking at a prescribing problem for Emis Web users.

He explained that GPs sometimes prescribe a short-acting dose of an antipsychotic drug instead of the long-acting dose that’s more appropriate, and this was down to a variety of factors. Those factors include an unintuitive ‘picking list’ to choose the prescription and ineffective safety warnings that can be ignored by GPs.

Emis is now working closely with user experience professionals and clinicians to try and improve patient safety, by bringing evidence (rather than assumption) to bear on the problem.

Despite this, both O’Riordan and Chaudhry said they were working with system suppliers who needed to integrate their products with their trust’s core systems – and finding that they had little understanding of the clinical risk management requirements.

“There are an awful lot of clinical subsystems that are going in with no clinical safety cases up and down country,” said O’Riordan

Harrison said he found this a “shocking” state of affairs. “I wouldn’t open up a company and sell products into an industry if I did not have any sort of commercial awareness of the regulations and the standards I was selling into,” he said.

A lot to learn

Two sets of documents can’t fix everything, and there is a lot to learn from the trusts such as Cambridge University Hospitals and West Suffolk, which are taking safety seriously as part of big bang go-lives.

Both Chaudhry and O’Riordan are keen to share their experience, and the HSCIC wants to provide more education. It has specific e-learning packages to support clinical safety officers and other professionals working in clinical risk management.

Amid all this, O’Riordan said that clinicians should always remember that they are healthcare professionals; and any IT system is there to support their role, not to replace it.

“If you want to be a fool, you can still kill people,” he said. “These systems do not stop you being stupid. You still need to engage your brain.”