ECRI Institute, one of the leading patient safety and medical technology research organizations, places health technology cybersecurity at the top of its just-released 2019 Top 10 Health Technology Hazards.
Clinical IT due diligence must not become a tick-box exercise
Dr Alex Graham explores the challenges of heightened clinical risks during the deployment of new IT systems
The NHS has been digitising for decades, but the focus is now turning to the area of acute care to match the progress made in primary care. However, as the pace of digitisation quickens, the deployment of new IT systems will require clinical risk management to match the standards set in other areas of the NHS. A recent IT deployment highlights some of the lessons being learned across the health service.
With clinical risk, one starts with an assumption that if you change clinical practice by introducing a new IT system, you can also introduce risks to patients that would otherwise not exist. NHS Digital, the arbiter for information in the NHS, is clear on this, and has, since 2009, been publishing two standards (SCCI0129 and SCCI0160) on clinical risk that IT vendors and healthcare institutions have to abide by. Since 2005, over 1,000 clinical safety incidents have been reported nationally but more can be done to prevent clinical risk.
Although the standards are mandatory, there is no financial penalty for non-compliance, either for vendors or healthcare providers. As a result, despite their increasing presence in the technology procurement process, the actual deployment of these standards has remained limited, with technical and operational requirements taking precedent.
The requirements for clinical risk management are in fact fairly straightforward. Both the IT vendor and the institution deploying the technology must have a clinical risk management process in place, led by a Clinical Safety Officer (CSO) - a registered clinician with clinical risk experience. From here, the processes described by NHS Digital must be followed throughout the lifecycle of the product.
A model of co-operation
A large NHS teaching hospital in England began the deployment of its Enterprise Content Management (ECM) system from Hyland Software in September 2017. As the trust covers 1.3 million patients and employs 10,000 staff across multiple sites, the potential for new risks emerging from the technology implementation was significant. It was imperative therefore that risk management processes were followed as closely as possible.
Hyland has complied with these standards for some time, culminating with the employment of a CSO at the company in February 2016. As a result, it was in a position to create processes for the deployment that would see it work closely with the hospital to mitigate clinical risk during the installation and early phases of the ECM system.
The most critical phase of clinical risk management occurs before any installation even begins. From a vendor standpoint, this involves the appraisal of the current technology and how this can impact on risk. Before even beginning the technology implementation programme at the teaching hospital, Hyland ran several workshops internally, led by the CSO. These sessions had buy-in from all team members, from technical to sales and strategic. This all-inclusive approach was time-intensive but helped instil an organisational culture where risk management is at the forefront of people’s minds when a technical or strategic change is made.
By analysing the technology from an end-user viewpoint, otherwise unknown clinical risks were identified. By including all team members, over 50 clinical safety risks were identified, with over 100 causes in total. Each of these was assessed to see if they were safe and, if not, action was taken to amend this.
For example, the technology allows clinicians to take clinical photographs through a mobile app which uploads into the patient’s record; a significant workflow benefit. However, with medical photographs, the consent process is essential and can be missed if a clinician is taking photos on a phone and uploading. The risk here is that photos are uploaded to the clinical record, without consent, which can then be seen by others.
Because of this, it was agreed that a form would pop up before the camera app could open, where the patient could initial for consent. Only then could the camera be accessed to take a photo and uploaded to the record. The combination of clinical and technical experience, allowed for the risk in this situation to be reduced, essentially down to zero.
Another risk regarded the creation of electronic forms which can be used for investigations and correspondence. In creating the e-form, demographics were auto-populated from the appropriate patient but could then be altered manually subsequently, potentially allowing for the wrong patient to receive the investigation or correspondence. Clearly inappropriate, it had gone unnoticed until the specific risk analysis process had been completed. A simple solution, such as locking the form when auto-populated, solved this small but potentially serious problem.
Tracking risks in real-time
Of course, the vendor performing risk analysis alone is meaningless if there is no collaboration with the institution deploying the technology. No two installations are ever the same, due to differing legacy systems, different clinical workflows and differing ways in which end-users use technologies.
The next phase was therefore for the vendor and hospital to come together to compare the safety logs created. This involved technical and clinical safety representatives from both sides with a final meeting to signing off the technology as safe to deploy. However, just because both sides are happy before the 'go-live', this doesn’t mean that risk has been removed. The capacity for unexpected risks to occur during installation is significant and an ongoing audit process must be in place.
During the Hyland ECM installation, a Safety Incident Management Log was used to provide a real-time tracker of risk during the deployment. As soon as an issue was highlighted by one of the hospital’s deployment team, the clinical risk was assessed by Hyland’s CSO. Along with the technical team, solutions were then found to the issues in question.
Thanks to this process, the time spent in a risky scenario was reduced significantly. This ensured optimally safe working environments during 'go-live' phase.
Ensure risk buy-in from the off
A critical step in starting the risk analysis was prioritisation before any technical implementation. Clinical safety was treated with high importance on both sides and included within the project management directives from day one. Both sides made concerted efforts months before the go-live point, which paid dividends in the first weeks of implementation.
It would have been easy for the safety report to have been signed off and then left in a drawer. But true clinical safety comes when all stakeholders are involved. All IT, project management and administrative teams on both sides were aware of the safety report and contributed to its development and maintenance. The culture within the hospital as a result is one of proactivity rather than waiting for risks to happen.
The capacity for clinical risks to occur in an IT system is a constant one. New staff will arrive, different systems will be introduced and clinical working patterns will change. A well-planned re-audit between vendor and institution is the key to ongoing safety of a system.
The inclusion of risk management in more granular detail in hospitals' pre-procurement documentation (such as Output Based Specifications) could be a sensible starting point. This would help separate vendors who see risk management as a box-ticking exercise from those that truly understand the nature and the dangers of clinical risk, and have invested in the processes and the people required to comprehensively address these issues.
Dr Alex Graham is a Clinical Safety Officer at Hyland.