NHS trusts lack support to manage ePMA safety risks, HSSIB says

A new report from the Health Services Safety Investigations Body (HSSIB) has warned that NHS trusts are being left to manage complex digital safety risks linked to electronic prescribing and medicines administration (ePMA) systems, amid significant variation in how the technology is designed, procured and regulated across acute hospitals.

The investigation found that inconsistent approaches to ePMA software could increase the risk of medication-related harm to patients if national action is not taken to strengthen oversight and safety assurance.

Published on 28 May 2026, the report comes as the government accelerates plans for digital transformation across the NHS, including ambitions for a single patient record under the NHS 10 year health plan for England.

ePMA systems are widely used in hospitals to prescribe medicines and record medication administration during inpatient care.

While the technology can reduce some forms of prescribing error, HSSIB found there are currently no national patient safety standards defining how ePMA systems should be designed or procured.

This has resulted in “unwarranted variation” between systems and organisations, the report states, creating challenges for clinicians working across different hospitals and increasing the complexity of safe medication management.

Clare Crowley, senior safety investigator at HSSIB, said: “ePMA is a core component of modern healthcare, but its safety depends on how it is designed, implemented and overseen.

“Our patient safety investigation highlights the need for greater clarity, consistency and national coordination so that ePMA software reliably supports safe care for patients.

“In the absence of this, NHS hospital trusts are being asked to carry the responsibility of assuring themselves that the ePMA software they choose to use is safe. This is a complex and resource-intensive task. Not all trusts have the capacity, capability or support they need to do it robustly.

“As the NHS continues its rapid shift towards digital care and a single patient record, it is essential that patient safety is built in from the outset, rather than relying on individual organisations to identify and manage the risks.”

The report noted that although legally mandated NHS standards exist for digital clinical safety and interoperability, compliance varies considerably between trusts. HSSIB also found there is limited national oversight to ensure standards are implemented consistently.

Investigators highlighted confusion around the responsibilities of national bodies, including the Care Quality Commission (CQC) and the Medicines and Healthcare products Regulatory Agency (MHRA), in regulating and assuring the safety of ePMA systems.

According to the report, this lack of clarity contributes to gaps in accountability and creates uncertainty for NHS organisations seeking assurance that systems are safe to use.

HSSIB also found that learning from digital safety incidents involving ePMA systems is not routinely shared across the NHS. Instead, trusts often rely on informal professional networks to exchange information about risks and workarounds, meaning lessons may not be widely adopted.

HSSIB has made a series of recommendations to national bodies, including calls for the development of a national framework for core ePMA safety, clearer regulation around when ePMA systems should be classified as medical devices, and the introduction of national assurance mechanisms for digital clinical safety and interoperability standards.

The organisation also urged additional support for NHS trusts to improve access to digital clinical safety expertise and recommended greater integration of digital safety and patient safety work across the healthcare system.

The findings build on previous HSSIB concerns around digital safety. In December, a thematic review by the HSSIB found that electronic patient record (EPR) training is often not sufficient to equip staff with the knowledge needed to use systems effectively.