MP91-2000 Healthcare Risk Management

8/9/2019 MP91-2000 Healthcare Risk Management

1/167

S t a n d a r d s A u s t r a l i a

Healthcare risk management

April 1999

February 2000

Two I nternational

Healthcare Risk Management

Symposia

Selected pr oceedings f rom

Dynamic approaches to

MP91—2000

A c c e s s e d b

y C l o u g h E n g i n e e r i n g o n 0 7 S e p 2 0 0 1


2/167

Dynamic approachesto healthcare

risk management

Selected proceedings from two symposia sponsored by

Standards Australia International —

Sydney, April 1999 and Perth, February 2000 (in conjunctionwith the Metropolitan Health Service, Western Australia and the National Health

Service, England

A c c e s s e d b



3/167

ISBN 0 7337 3352 2

© Copyright Standards Australia InternationalAll rights are reserved. No part of this work may be reproduced, copied, stored, distributed or

transmitted in any form, or by any means, including photocopying, scanning or other mechanicalor electronic methods without the prior written permission of the publisher.

Published by Standards Australia International, PO Box 1055, Strathfield NSW 2135

Design and typesetting by Write Result, 22 Firwood Trail, Woodvale WA 6026email: [email protected]

A c c e s s e d b



4/167

Dynamic approaches to healthcare risk management

iii

Contents

1 Introduction

Dr Maree Bellamy

3 Governance and risk management in the NationalHealth Service in England

And the application of the Australian Risk Management Standardto risk management in healthcare

Colin Reeves, Neil McKay, Stuart Emslie

17 Personal accountability for clinical care in the BritishNHS

Geoffrey Haynes

21 Assurance for the Board

Geoffrey Haynes

27 The introduction of clinical risk pooling and clinicalrisk management standards within the NationalHealth Service

Steve Walker

31 The Bristol Paediatric Cardiac Surgery Inquiry

Dr Isabel Sanderson

35 Controls assurance

Involving the Board

Tim Crowley

43 Risk management

Kevin Knight

A c c e s s e d b



5/167


iv

69 The need for effective dynamic governance inhealthcare

Promoting accountability for quality

Dr Chris Brook

79 The responsibility of hospital boards for clinicalgovernance

Michael George, Tom Brennan and Dr Heather Wellington

83 Linking claims management with clinical riskmanagement

The NHS experience

E Jane Chapman

89 Early detection of major risk

Adopting a control self assessment methodology to identify riskand opportunity and enhance learning

G Randolph Just

105 Risk management in the healthcare setting

Judith Napier

109 Role of clinical pathways and variance analysis in riskmanagement and quality improvement

Dr Elizabeth Mullins

113 Credentialling of hospital medical staff

Dr Lionel Wilson

121 A framework for managing the quality of healthservices in NSW

Maureen Robinson

127 Iatrogenic injury in Australia

Dr Bill Runciman

133 Understanding clinical risk

Stephen McAndrew

A c c e s s e d b



6/167


v

139 Clinical risk management

Dr Allan Wolff, Jo Bourke, Dr Rob Grenfell

141 Using radar logic to develop standards-basedmanagement systems that work

Michael Paskavitz

147 Integrated risk management within the healthindustry

Sue Williams

A c c e s s e d b



7/167

1

Introduction

Dr Maree Bellamy

1

Healthcare is undergoing enormous change. On one hand, greater medicalknowledge and expertise accompanied by technical improvements are deliveringmore sophisticated therapies to significant populations. On the other, we seeincreased media and public attention to quality issues, with an unfortunate focus onadverse events and unsatisfactory outcomes. This juxtaposition highlights the

potential problems and pitfalls for all stakeholders.

In many countries, a move toward integrated healthcare systems has resulted in achange in emphasis for healthcare managers and providers. There is a greaterawareness of the need to provide care, which is acceptable and beneficial to thebroader community. Accompanying this is the task of coordinating care acrossmultiple entities and the challenge of developing a culture of ‘system thinking’.Integrating medical practitioners within the totality of the scheme requires a changein the approach of clinicians, with new roles for doctors charged with governanceresponsibilities.

As an overarching principle, accountability has taken on a greater significance—

accountability for multiple dimensions of performance—financial, clinical,management integration, quality, risk management, community satisfaction andhealth outcomes.

The public demands improved patient safety. There is a concern that the financialpressures and organizational change in healthcare will decrease doctors' expertise,increase workload and reduce safety. The nature of training and certification ofpractitioners and institutions have also become key issues.

According to James Reason

2

the more safety researchers have looked at the sharp end,the more they have realized that the real story behind accidents depends on the waythat resources, constraints, incentives, and demands produced by the blunt end shapethe environment and influence the behaviour of the people at the sharp end. ‘Changes

in technology, procedures, and organizations, combine with economic pressures tocreate new vulnerabilities and forms of failure at the same time that they create newforms of economic and therapeutic success’.

Managers and clinicians need tools and techniques to improve the quality of servicesand to reduce risks to patients, staff and organizations. The wisdom of adopting anintegrated management approach, at both corporate and clinical levels, to achievecontinuous improvement and clinical effectiveness is receiving increasingrecognition.

In Britain, greater levels of accountability and a push for improved standards of qualityare being driven by a change in governance requirements. There is a similar emphasis

in the quality management framework released by NSW Health. That document

1. Director of Health, Standards Australia International.2. James Reason 1997, Managing the risks of organizational accidents. A

c c e s s e d b



8/167


2

outlines the Department’s wish to see accountability for budget and quality to be viewed as equal performance indicators of health management. It acknowledges thathealth services have a governance responsibility for the quality of care, and identifiesthe need for a substantive change, involving redesign of processes and sub-systems toimprove health outcomes. The need for a comprehensive, healthcare riskmanagement strategy has, therefore, never been greater.

Of particular interest is the recent adoption of the Australian/New Zealand Standard AS/NZS 4360 Risk management

as a central component of the framework for corporateand clinical governance in the National Health Service in England. The Standard willinitially formed the core of the proposed Non-Clinical, Non-Financial Controls

Assurance Standards. It provides a strategy and system for managing such risks asinfection control, medical equipment, information technology, professional andproduct liability, security, waste management, health and safety, emergencypreparedness, environment, contractors, fire, human resources and transport.

The Standard is now being used to address the management of risk related to the

provision of clinical services. Comprehensive clinical risk management strategies havebeen shown to deliver improved quality of care and patient satisfaction, more costeffective use and allocation of resources and increased acceptance of clinicaleffectiveness and evidence based practice. Clinical risk modification processes aredynamic and have evolved in overseas markets, particularly in the USA, over the lastdecade. One of the keys has been the early identification of new and emerging risksthrough systematic collection and analysis of outcomes data, resulting in improvedclinical outcomes.

Corporate and clinical risk management formed the basis of a series of meetings heldin Australia in 1999 and 2000, where representatives from the United Kingdom, theUSA and New Zealand participated in discussions with local colleagues. Issues

addressed included clinical and corporate governance in healthcare and the linksbetween risk management, quality assurance and quality improvement. Theseproceedings flow from those meetings, and from related projects work commissionedover the last twelve months.

Risk management in healthcare is poised for growth and innovative development bothnationally and internationally. It gives Standards Australia International great pleasureand satisfaction to play a pivotal role in improving the safety and standard of healthcareprovision at this time.

A c c e s s e d b



9/167

3

Governance and risk management in theNational Health Service in England

And the application of the Australian Risk Management

Standard to risk management in healthcare

Colin Reeves

1

, Neil McKay

2

, Stuart Emslie

3

Part A—Governance and risk management in the NHS in

England

The NHS in England

The National Health Service (NHS) in England is one of the largest employers in the world with around 1 million staff serving a population of some 50 million at a cost ofalmost £40 billion (A$100 billion) per year. The NHS comprises an Executive HQ

with eight regional offices, 100 local health authorities, around 400 NHS Trusts (eachcomprising one or a number of hospital facilities), and some 500 Primary CareGroups (representing GP and other primary care services).

Development of governance in the NHS in England

The Cadbury Committee reported on the financial aspects of corporate governance in1992.

a

In its report the committee defined corporate governance as ‘the system by which companies are directed and controlled’ and identified three fundamentalrequirements for good corporate governance in organizations:

internal financial controls;

efficient and effective operations; and

compliance with applicable laws and regulations.

Subsequently, the Hampel and Greenbury Committees sought to improve upon the‘Cadbury Code’. The findings of these committees, together with the originalCadbury findings, have been consolidated into one ‘Combined Code of Principles ofGood Governance’ published by the London Stock Exchange. Fundamental to theseprinciples is the requirement that the board should maintain a sound system of internal controlto safeguard shareholders’ investment and the company’s assets

and that the directors should, atleast annually, conduct a review of the effectiveness of the group’s system of internal control and

should.report to the shareholders that they have done so. The review should cover all controls,including financial, operational and compliance controls, and risk management.

The NHS has embraced the principles of good governance through itscomplementary Corporate and Clinical Governance initiatives.

1. Director of Finance and Performance, NHS, UK.2. Executive Director, Trent Region, NHS, UK.3. Reader, University of Strathclyde, Special Advisor to the NHS Executive, UK.

A c c e s s e d b



10/167


4

Corporate governance in the NHS has been a carefully managed three stage process, which is on-going, involving:

development of a framework of corporate accountability;

improvements in the organization and staffing of internal audit; and

development of controls assurance, an innovative NHS Executive-conceivedapproach to governance built on world-wide best practice relating to allnon-clinical internal controls (not just finance) and risk management.

Clinical Governance is the lynchpin of the UK Government’s strategy for ensuringthat quality of care becomes the driving force for the development of health servicesin England. It is defined as ‘a framework through which NHS organizations areaccountable for continuously improving the quality of their services and safeguardinghigh standards of care by creating an environment in which excellence in clinical care

will flourish’.

b

It aims to deliver a new approach to quality through creation of asystematic set of mechanisms, or controls, many of which echo the principles ofcorporate governance. The task of implementing clinical governance is at this stageprimarily developmental and will require a fundamental shift in the culture of manyNHS organizations, a shift that may take several years to effect.

Controls assurance

Controls assurance is a holistic concept based on best governance practice. It is a keycomponent of the NHS Executive’s performance management programme. It is aprocess designed to provide evidence that NHS organizations are doing their‘reasonable best’ to manage, direct and control themselves so as to meet theirobjectives and protect employees, patients, the public and stakeholders against risks ofall kinds. Fundamental to the process is the effective involvement of people and

functions within the organization through application of risk and control self-assessment techniques to ensure objectives are met and risks are properly controlled.

Chief Executives of NHS Trusts and Health Authorities are currently required tosign, on behalf of the Board, a controls assurance statement in respect of the system ofinternal financial control in their Annual Accounts. This requirement is nowextended to ‘organizational’ controls covering inter alia aspects of non-financial,non-clinical risk by the production of a suitable controls assurance statement toaccompany the Annual Report from 1999/2000.

At a time when many other management challenges face NHS organizations, one ofthe key objectives of the NHS Executive’s Controls Assurance Team is to ensure that

the task is made less onerous through the development of a comprehensive andcomprehensible ‘control framework’ comprising key risk management and controlsstandards (see Table 1). This framework will be available by October 1999 and willcomprise detailed standards and assessment criteria supported by guidance, trainingand benchmarking.

The standards and criteria contained in the control framework are being drawn fromexisting statutory and mandatory requirements together with relevant best practiceguidance. The aim to is integrate the many and varied existing requirements within acommon standards framework. NHS organizations that currently meet existingrequirements will have little difficulty in meeting controls assurance demands. Others

who are less advanced will benefit from having the control framework to assist their

efforts in implementing risk management and organizational controls.

A c c e s s e d b



11/167

Governance and risk management in the National Health Service in England

5

Controls assurance and clinical governance

Clinical governance provides a framework within which local organizations can workto improve and assure the quality of clinical services for patients. Implementing andmaintaining effective organizational controls is fundamental to ensuring the success

of clinical governance, providing a solid foundation upon which to build anenvironment in which quality care can be provided and clinical excellence can flourish(Figure 1). ‘Getting the organization right’ will significantly increase the likelihood ofachieving the desired outcomes in relation to meeting the needs of patients.

The development of risk management in the NHS in England

The development of risk management in the NHS in England is a relatively recentphenomenon. Prior to the early 1990s very few hospitals had any form of riskmanagement program or system covering either clinical or non-clinical (includingfinancial) risk contexts. Risk management had not been seen as a priority principallybecause the costs of clinical negligence were low and individual healthcare providersdid not, at the end of the day, fund the costs of poor risk management. These costs

were borne by the NHS at a higher level.

With the introduction of self-governing NHS Trusts as statutory bodies, combined with an increase in litigation associated with clinical negligence, risk management hasin recent years become increasingly important. In 1993 the NHS Executive issueddetailed guidance encouraging NHS organizations to establish effective arrangementsfor all aspects of risk management, clinical and non-clinical.

d

Within the guidance aframework for risk management was given and is described in Figure 2. In 1994dedicated software for health and safety risk management was issued to all NHSTrusts.

e

This software was expanded to cover wider clinical and non-clinical riskmanagement issues in 1997.

The Department of Health also established a risk-pooling scheme called the ClinicalNegligence Scheme for Trusts (CNST) in which NHS providers share responsibility

for funding the costs of clinical negligence. More recently, new risk poolingarrangements covering non-clinical negligence liabilities have been established.

f

Inaddition, the widening of Controls Assurance beyond financial controls to cover riskmanagement and organizational controls, and the parallel developments in clinical

Clinical assurances(Clinical governance report/Annual report)Clinical

governance

Organizationalcontrols

Financial controls

Organizational assurances(Annual report)

Financial assurances(Annual accounts)

Clinical care

The environmentof care

Financialresources

Figure 1

A c c e s s e d b



12/167


6

risk management to meet Clinical Governance requirements, will ultimately ensurethat risk management covering all contexts, clinical, non-clinical and financial, is a keyconcern of the Boards of all NHS organizations.

Risk management in the NHS as part of a wider quality

framework

Quality and risk are ‘two sides of the same coin’. Increasingly, and particularly inresponse to the Government's quality agenda through clinical governance, NHSorganizations are turning to use of high level management models to provide aframework for self-assessment against key quality objectives, and for identifying risks.Perhaps one of the better quality models in use in the UK is the European FoundationQuality Model (EFQM Figure 3). This model is strongly supported by the UKCabinet Office, is widely applied in the public sector, and is increasingly being usedby NHS organizations. Further information can be obtained from the EuropeanFoundation for Quality Management (http://www.efqm.org).

The principal strength of the EFQM is its reliance not just on structural and process

elements, but also outcomes, i.e. results. With reference to Figure 1 it can be seen thatresults, expressed as key performance results (clinical, organizational or financial),staff satisfaction, patient/referrer/health commissioner satisfaction, and additionalimpact on society, are delivered by effective and efficient processes driven by goodhuman and non-human resources management, suitable policies and strategies and,above all, effective clinical and managerial leadership.

Using a model such as EFQM it is a straightforward process to self-assessment andbenchmark healthcare organizations against a range of key assessment criteria. Inaddition, it is a straightforward process to map more technically detailed managementmodels (e.g. AS/NZS 4360:1999 Risk management

—see below) onto the wider EFQMquality model.

Identify

Analyse/evaluate

Control

Accept

FundAssume

Avoid

Transfer

Prevent

M o n i t o r

M o n i t o r

Figure 2: Risk management framework (from Risk management in the NHS, 1993)

A c c e s s e d b



13/167


7

Part B — The application of AS/NZS 4360:1999 to riskmanagement in healthcare

Overview of AS/NZS 4360:1999

The Australian/New Zealand Standard on risk management is a ‘world first’publication providing a generic and non-prescriptive framework for the assessmentand management of risk. Originally published in 1995, sets down a ‘universallanguage’ for risk management which enables any organization to implement a robustrisk management system based on the Standard. In consequence the Standardfacilitates risk management benchmarking within organizations and with otherorganizations nationally and internationally as part of a continuous qualityimprovement process.

The Standard defines risk management

as:

the culture, processes and structures that are directed towards the effective

management of potential opportunities and adverse effects

and defines the risk management process

as:

the systematic application of management policies, procedures and practices tothe tasks of establishing the context, identifying, analysing, evaluating, treating,monitoring and communicating risk.

An overview of the risk management process, as defined in the Standard, is presentedin Figure 4. This framework is similar to that described in Figure 2, but is morecomprehensive.

The Standard contains the following key sections:

1) Scope, application and definitions—outlines the scope and application of the Standardplus definitions for key risk management terminology.

Humanresources

Staff satisfaction

Key performanceresults

(Clinical,organizationaland financial)

Clinical andmanagerialleadership

Policy andstrategy

ProcessesPatient/referrer/Commissioner

satisfaction

Partnershipsand non-human

resources

Additionalimpact on

society

Enablers

Improving the efficiency of health care delivery

Results

Improving effectiveness

Figure 3: European Foundation Quality modelapplied to healthcare

A c c e s s e d b



14/167


8

2) Risk management requirements—sets out key requirements for a risk managementsystem comprising policy, planning and resourcing, implementation program andmanagement review.

3) Risk management overview—provides an overview of the risk management process (Fig-ure 2).

4) Risk management process—gives a detailed account of the key risk management proc-ess elements of establishing the context, risk identification, risk analysis, risk evaluation,risk treatment (avoid/reduce/transfer all or part/accept), monitoring and review, andcommunication and consultation.

5) Documentation—specifies minimum requirements for maintaining documentation forrisk management.

The Standard also contains useful appendices giving illustrative information on theapplications of risk management; steps in developing and implementing a riskmanagement program; identification of potential stakeholders; sample generic sourcesof risk and their areas of impact; examples of risk definition and classification;examples of quantitative risk expressions; identifying options for risk treatment; andrisk management documentation.

Application of AS/NZS 4360:1999 to risk management in the

NHS

In view of its generic, non-prescriptive nature the Standard is ideally suited forapplication in healthcare. In the NHS in England, the NHS Executive's Controls

Assurance team, assisted by a number of key NHS organizations, has embarked on aprocess of mapping existing risk management activities to the generic requirements ofthe Standard. This work is anticipated to be essentially complete by October 1999 and

will result in AS/NZS 4360:1999 forming the ‘bones’ of the risk management

Establish the context

Identify risks

Analyse risks

Assess risks

Evaluate risks

Treat risks

C o m m u n i c a t e

a n d

c o n s u l t

M o n i t o r a n d

r e v i e w

Figure 4: Risk management overview(from AS 4360:1999)

A c c e s s e d b



15/167


9

framework for the NHS in England. The ‘meat’ of the risk management framework will be contained in new guidelines for managing risk in the NHS which will largelyreplace the existing risk management in the NHS publication.

d

The individualelements of the risk management process identified in Figure 4 will now beconsidered, briefly, in turn.

Context

Fundamental to this mapping process is the establishment of context. From a detailedconsideration of the overall context within which most NHS organizations operate,three distinct ‘sub-contexts’ of risk management can be identified:

Risk management system

Financial controls

Organizational controls

Clinical controls

Within each of these sub-contexts, a range of standards and supporting assessmentcriteria are being development. The standards are outlined in Table 1. The financialcontrol standards are existing standards developed for financial controls assurance.The clinical control standards reflect the existing Clinical Negligence Scheme forTrusts (CNST) standards which have been in place since 1996. As part of the mappingexercise both the financial and clinical standards are being expanded, updated andimproved.

Risk identification

A range of techniques are used by healthcare organizations to identify risks, from

informal brainstorming or interviews to more elaborate risk profiling or facilitated‘control and risk self-assessment’ techniques, including self-assessment against thekey standards outlined in Table 1. A review of the various techniques is being written-up for inclusion in the forthcoming guidelines for managing risk in the NHS due forissue by October 1999.

Risk assessment

The analysis and evaluation and ranking of risks is also carded out using a range oftechniques, from simple single attribute rating scales, such as exemplified in AS/ NZS 4360:1999, to more rigorous multi-attribute risk ranking techniques (e.g. seeFigure 5, below). The concept of a ‘risk register’, again as exemplified in the Standard,is promulgated and software has been developed to assist with generating andmaintaining such a register. Further details will be included in the forthcomingguidelines for managing risk in the NHS.

Risk treatment

It is the treatment of risk that typically proves the most challenging aspect of riskmanagement in healthcare. Having carried out a full risk profiling exercise on, say, anaverage acute NHS Trust with an annual income of A$250–300 million, it is notuncommon to identify many hundreds of required risk treatment options with acumulative cost from A$2–30 million depending on the age and condition of thefacility. Given that financial resources are inevitably scarce, it is usually the case thatrobust, defensible investment priorities need to be set across the range of treatments

required. A case study involving the setting of priorities is given below.

A c c e s s e d b



16/167


17/167


11

Monitoring, review, communication and consultation

It is crucially important that NHS organizations establish proper arrangements for themonitoring and review of risks as well as communicating and consulting with relevant‘stakeholders’. Stakeholder will include, where appropriate, patients, employees,

contractors, visitors and other members of the public, the local community, healthpurchasers/commissioners, referring General Practitioners, the NHS Executive andpoliticians.

A practical exemplar of compliance with AS/NZS 4360:1999 –

Assessing and prioritizing risk treatment optionsOne of the many goals facing NHS organizations is demonstrable achievement ofhigh standards of risk management, funded by limited budgets. It is of the utmostimportance that resources are targeted towards the areas of need which are judged tobe key, and are used in a manner which ensures optimum effectiveness and ‘value formoney’. Where choice is exercised in the application of scare resources it is critical that

such choices are made in an informed, objective and methodical manner.The following describes how existing risk management activity within the NHS hasbeen mapped to the requirements of the Standard. The exemplar considers amethodical approach developed by the NHS to help set priorities for investing in risktreatment options.

Clause 4.1.5 states that an organization should: Decide the criteria against which risk is tobe evaluated. Decisions concerning risk acceptability and risk treatment may be based onoperational, technical, financial, legal, social, humanitarian or other criteria.

Clause 4.5.2 states that: [Risk treatment] Options should be assessed on the basis of the extentof risk reduction, and the extent of any additional benefits or opportunities created, taking into

account the criteria developed in Clause 4.1.5. Further, Clause 4.5.3 states that: Where the cumulative cost of implementing all risk treatments exceeds the available budget, the [risktreatment] plan should clearly identify the priority order in which individual risk treatments shouldbe implemented. Priority ordering can be established using various techniques, including riskranking and cost-benefit analysis.

In developing its own risk management methodologies since 1991, the NHS has paidparticular attention to the development of criteria for evaluating risks and benefits, andhas devised a decision methodology and associated computer software to aid thesetting of priorities for implementing risk treatment options based on risk ranking andcost-benefit analysis.f, g, h, i

Numerous methods have been devised to assist with investment decision-making in

risk management (e.g. refer to endnotes j and k). The decision analysis methodemployed in the NHS’s PRIORITY module, forming part of the SAFECODE riskmanagement software, is based on the Simple Multi-Attribute Rating Technique(SMART). Because of the simplicity of the responses required by the decisionmaker(s) and the manner in which these responses are analysed, SMART has been

widely applied.l The analysis involved is transparent and the method usually results inan enhanced understanding of the problem, leading to more robust decision making.

In the context of risk management it is desirable to optimize risk treatment options onthe basis of ‘value for money’ or, expressed another way, ‘cost-benefit’. PRIORITYutilizes a ‘SMART’ model which ‘trades off’ the ‘costs’ and ‘benefits’ of investing incompeting risk ‘investment opportunities’. With reference to Figure 4, costs are

defined in terms of capital and/or revenue expenditure, and principal benefits areexpressed in terms of ‘risk reduction’ and ‘additional benefits’ (e.g. qualityimprovements). In the model, users can define a maximum of six ‘risk’ and six

A c c e s s e d b



18/167


12

‘benefits’ ‘attributes’. Figure 4 shows the ‘default’ attributes relating to use of themodel in a healthcare environment. Each attribute is ‘weighted’ and assigned a ‘valuefunction' (i.e. various options are defined, each with an associated value, or score—seeTable 2) and the performance of the proposed risk treatment is measured (i.e. ‘rated’)against each attribute, by selecting the relevant option, to determine the overall‘benefit rating’. Risk reduction is measured by rating the risk attributes (in terms ofmost likely consequences and likelihood) both before and after making theinvestment. The risk before minus the risk after is a measure of the ‘risk reductionpotential’ offered by the investment. The overall benefit rating is calculated by addingthe risk reduction and additional benefits and is expressed as a number between 0 and100, and the cost per unit benefit (cost/benefit) is calculated by dividing the‘equivalent annual cost’ of the investment by the benefit rating to give a measure ofcost effectiveness.

Figure 6 shows an example of use of PRIORITY for ranking various risk treatmentoptions in a hospital. In this instance ranking is by ‘risk rating’ (RR). Note that the‘cumulative year 1 cost’ column helps identify which investments can be authorizedgiven budgetary constraints. Proposed investments may also be ranked by risk

reduction potential (RRP – either in terms of units of risk reduction, or as a percentagerisk reduction where 100% is equivalent to elimination of the risk), cost per unit riskreduction (CR – a measure of cost effectiveness), or year 1 cost.

Figure 7 shows another example using the same ‘spreadsheet’ but this time ranked on‘cost per unit benefit’ (CB), where ‘benefit’ is expresses as the weighted sum of therisk reduction potential plus all the additional benefits (see Figure 5). Risk treatmentscan also be ranked (prioritized) by benefit rating (BR), net present value (NPV),equivalent annual cost (EAC), and timescale for implementation (TS – expressed inanticipated weeks to implement the risk treatment). The latter ranking option is useful

when approaching an end of year with money to spend!

In UK hospitals, the methodology outlined above is used not just for prioritisinggeneral risk treatments, but for prioritising specific risk areas such as medicalequipment purchase, backlog maintenance plans, audit plans, infection control, etc.

Public/political

perception

Patientrequirements

Staff requirements

Physicalenvironment

Clinicalcare

Contractvolumes/activity

Additional

benefits

Loss of reputation

Operationaldelay

Propertydamage/loss

Enforcementaction

Civil claim/compensation

Personal injury/ill health

Risk

reduction

Benefits

RevenueCapital

Costs

Figure 5: ‘SMART’ model for healthcare risk managementcost-benefit prioritization

A c c e s s e d b



19/167


13

Figure 2: Sample attributes and value functions

Attribute (weight)

Value function

Consequence/outcome/option value

(score)

Injury/Ill health (100) 1) None/not applicable 02) Minor injury/ailment – one person 5

3) Minor injury/ailment – 2 or more people 10

4) Serious injury/ailment – one person 40

5) Serious injury/ailment – 2 or more people 60

6) Major injury/disease – one person 75

7) Major injury/disease – 2 or more people 85

8) Single fatality 95

9) Multiple fatalities 100

Civil claim/compensation (30) 1) None/not applicable 02) Less than £ 1000 17

3) £1000 – £5000 33

4) £5000 – £ 10000 50

5) £10000 – £50000 67

6) £50000 – £100000 837) More than £100000 100

Enforcement action (50) 1) None/not applicable 02) Letter 25

3) Improvement notice 50

4) Prohibition notice 75

5) Legal action 100

Property damage/loss (20) 1) None/not applicable 02) Less than £1000 17

3) £1000 – £5000 33

4) £5000 – £ 10000 50

5) £10000 – £50000 67

6) £50000 – £100000 83

7) More than £100000 100

Operational delay (20) 8) None/not applicable 09) Minor (hours) 25

10) Moderate (days) 50

11) Significant (weeks) 75

12) Lengthy (more than 1 month) 100

Loss of reputation (30) 1) None/not applicable 02) Minor 25

3) Moderate 50

4) Significant 80

5) Major 100

Contract volumes/activity (40) 1) Not applicable 02) Minor improvement 25

3) Moderate improvement 504) Significant improvement 75

5) Major improvement 100

Clinical care (80) 1) Not applicable 02) Minor improvement 25

3) Moderate improvement 50

4) Significant improvement 75

5) Major improvement 100

Staff requirements (50) 6) Not applicable 07) Minor issue 25

8) Moderate issue 50

9) Significant issue 75

10) Major issue 100

Public/political perception (30) 11) Not applicable 012) Minor issue 25

13) Moderate issue 50

14) Significant issue 75

15) ‘Hot potato’ 100 A c c e s s e d b



20/167


14

Figure 6: Example PRIORITY spreadsheet (1)

Figure 7: Example PRIORITY spreadsheet (2) A c c e s s e d b



21/167


22/167

17

Personal accountability for clinical care inthe British NHSGeoffrey Haynes1

IntroductionThe whole question of Governance begs the question of the difference it should make

to basic good management practice. I would suggest that Governance involvesmanagement plus, certainly in the British public services, five other factors. They are

A structured environmentGovernance requires a management agenda that provides for a structured assessmentof performance. This makes ‘seat of the pants’ management less appropriate althoughthere always needs to be a level of intuitive reaction to circumstances that face theservice.

Defined responsibilities With the need to be able to give account, comes the requirement for defined

responsibilities that can be audited. In my view this agenda can only be taken forwardsuccessfully if individual officers are completely clear about what is expected of them.Only then can they give the assurances that governance requires.

Systematic checksThere is the inherent need to provide for a regular scrutiny of the managementenvironment so that assurances are backed up by knowledge of specific performanceat the time the assurance is given.

Public scrutiny Within the British – and most probably Australian – health system, the manager mustassume that any or all of his/her actions will be subjected to public scrutiny. This willtake the form of accountability at public meetings but may often come via mediainterest in a particular issue.

Personal accountabilityLinked to all the above is the personal accountability of the Chief Executive of thehealth body for the overall performance of the organization. As discussed below, thisnow extends to accountability for clinical services, even where the CEO is not aclinician. The British system describes that role as the ‘accountable officer’.

1. Chief Executive, Hastings and Rother NHS Trust, UK. A c c e s s e d b



23/167


24/167

Personal accountability for clinical care in the British NHS

19

NHS Trusts employ all their staff directly, including all doctors. They agreedisciplinary procedures and set up local arrangements to monitor quality in all itsmanifestations; they are responsible to take action when standards slip. They arelegally independent bodies within a national Government healthcare system and theirlegal duty is to do four things:

1) to balance revenue income and expenditure;

2) to live within an External Financing Limit (EFL) for capital expenditure;

3) to make a 6% return on capital assets; and

4) to deliver the clinical quality and governance agendas.

Some dilemmasCarrying these responsibilities introduces dilemmas for the individual. Someexamples would be:

1) Personal accountability is held for objectives that politicians could stophappening. An example would be the need to close a facility to contain costs

which a local politician successfully campaigns to keep open leaving the CEO noother options.

2) A manager attempting to monitor clinical performance can find his freedom toinfluence practice obstructed by the argument that doctors must have the clinicalfreedom to decide how they wish to treat individual patients.

3) Professional bodies exert pressure to adhere to certain standards without offeringany funding route to achieve those standards. Failure to attain to some standardsthus set could result in the removal of recognition for training and hence the

inability to recruit junior doctors.4) Politicians’ priorities may not reflect health priorities, leading to effort and

resources unwisely directed.

5) Seeking ‘someone to hold to account’ can introduce a ‘name and shame’ culture.Good managers need to be careful to resist passing that on within their ownorganizations.

6) Most clinical items for which the CEO is held accountable—all in many cases—are outside the direct personal competence of the individual. Most CEO’s are notdoctors.

Living with personal accountabilityThe position of the CEO is not all one of overwhelming difficulty in this area. Theaccountability adds a very useful mandate to the manager that can even the balancesin discussions with eminent physicians. It does encourage a climate of mutual trustand respect between professionals and it aids the process of setting priorities. Theposition of the CEO within the organization is therefore clarified beyond doubt andthis is of considerable benefit when difficult personal agendas are being confronted.

It also, of course, gives the odd sleepless night!

In conclusionOther than in very high profile cases, the general principle of accountability has yet tobe seriously tested in the UK. Will an otherwise competent CEO be removed fromoffice because of a clinical blunder in a minor specialty that, optimally, should have

A c c e s s e d b



25/167


20

been prevented? What will be held to be reasonable in terms of mitigation? One of thereasons I have taken a close personal interest in the Controls Assurance programme inthe UK is because I believe it offers people in my position a defence against anallegation of incompetence. In any organization problems will occur; the question is

whether that organization can demonstrate that it has dealt responsibly with potentialrisk and has taken pragmatic steps where it can to mitigate that risk. The Controls

Assurance agenda in the UK offers that kind of reassurance.

The question for most of us is not ‘will it happen’ but ‘when will it happen’ and then,how well can I defend what I have done and how I have protected the patients underour care.

That done, we wait and see what accountability will bring.

A c c e s s e d b



26/167

21

Assurance for the BoardGeoffrey Haynes1

IntroductionOne of the key requirements of the modern health service Board is to be reassuredthat systems of control are properly in place so that risk can be seen to be minimized.Not only is this good management practice but in the British healthcare system it is a

statutory requirement, reference to which has to be made in the formal annual reportof the body concerned. This article describes how one NHS Trust has approached thequestion of ‘assuring the Board’.

The key task Over the last decade there have been a number of governance initiatives both withinindustry generally—particularly in the financial sector—and in the public services.They have arisen as a result of dramatic breaches in company systems that have led toserious losses. The names of Polly Peck, Barings and BCCI say it all.

In the UK health service this has led to three specific initiatives, all linked. The first is

the response to the Cadbury report on corporate governance ensuring that health‘business’ is conducted in an open and defensible way. The second is the clinicalgovernance initiative, designed to bring the same principles into the clinical treatmentarea. The third, and the main topic of this chapter, is the Controls Assurance (CA)project which attempts to systematize the process of checking that appropriate actionin all these areas is being taken. It may come as somewhat of a surprise to hear thatclinical governance is part of the CA agenda but my contention is that it must beintegral to the whole control process. More of that later.

A way in to any system

Any process can be challenged in three ways; you can examine and deal with theprinciples that underpin it, you can change the practices within it or you can look atthe verification process to see whether it works. The CA process chooses the latterpath as, with health systems which tend to be complex, this is the most straightforwardroute.

1. Chief Executive, Hastings and Rother NHS Trust, UK.

P r i n c i p l e

s P r a c t i c

e

Verification

ANYSYSTEM

A c c e s s e d b



27/167


22

The ‘verification’ elementCA deals with verification—the checking to see whether a health system candemonstrate that its processes are protecting the organization against undue risk. Nosystem is totally risk free and in a health environment there are inbuilt risks that

cannot be averted. Nevertheless sensible measure can, and should, be taken.

Using CA as the way into risk management has a number of advantages in the UK:

a) The NHS Executive have placed a time limit on its introduction. This takes awaythe shall we, shan’t we issue. We have to do it; and we have to do it by a given date.

b) That element of requirement, with the detail that sits behind it, gives every chiefexecutive a mandate to take action in his or her organization.

c) The other advantage that the CA programme has is that it has an inherent logicto it that is difficult to deny. That always helps!

A little local colour It sometimes helps to know who it is that is describing an initiative. Is theirorganization so straightforward, so different from mine that the lessons are nottransferable? Here therefore is a brief pen picture of Hastings and Rother NHS Trust.

We are an integrated NHS Trust—that is one that provides the whole range of acute,community-based services and mental healthcare in a given area. We spend around

A$190m every year on health provision and we employ around 2600 people, includingover 60 consultant medical staff. We are based on the south coast of England, 60 milessouth of London. We have a new acute hospital and serve just under 200 000 people.

As well as the acute hospital site we have 5 other hospitals, 4 community clinics, 4 day

hospitals and 2 mental health resource centres. We are the major employer in our area,over twice the size of the next largest organization, in a socially mixed area with highunemployment and social deprivation. There is a sharp contrast between poor urbanand rich rural areas.

Maybe you relate to some of that.

What have we done?In 1995 we were asked to consider trialling a commercial product from, then, Coopersand Lybrand (now PriceWaterhouseCoopers) called ‘In-Controls’ (an abbreviation of‘internal controls’). This had been used in the commercial sector with some success

and the Department of Health wanted to see whether it had a health application. Thatpilot ran for a couple of years and it led to us developing our own control methodologyaround a database called CONFHRM. The name is simply an acronym of CONtrolFramework for H astings and Rother Management. We ran the project out across theorganization during 1998, and are now using it to monitor the whole risk environmentof the Trust. Its prime function, unsurprisingly, is to confirm to the Trust Board thatprocesses are in place and working. It has a management utility function also however,that makes it a useful tool for operational people.

A c c e s s e d b



28/167

Assurance for the Board

23

How do we feel about Controls Assurance?Firstly, we take this as a real management opportunity rather than just a necessarychore. It is a very good discipline for managers and should reassure the good ones thattheir competence can be recognized in a systematic way. It helps the less good to

structure their management agenda.

Actually doing it is a stimulating process if it is introduced correctly, although werecognize that the initial work is quite demanding and, in the UK environment, thetimetable was tight.

The steps needed to deal with the potential—as I write!—Millennium Bug are a gooddemonstration of why such a process is needed. Any method that needs to bethoroughly checked needs some sort of structured system to handle that process,otherwise chaos ensues. No one would dream of not having a project plan for the Bug,

yet other risk management issues can be relegated to a much more laissez faireapproach.

To give the project its proper emphasis, we made its implementation one of theorganization’s key corporate objectives for three consecutive years. As theachievement of those objectives touches the pay packet, this was a useful incentive!

Current completed work We carried out a high level assessment, with Coopers’ help, which resulted in anorganizational risk map being drawn. This was done by myself and other Executiveteam members—a feature of our approach. We believe there is much strength inseeking the views of junior staff but that the process must flow from the whole-system

view of senior management.

Each individual manager undertook workshops with their own people in order to takethe risk map and expand it to fit the necessary level of detail required by the database.

The CONFHRM database was written in-house in standard computer format and ithas since gone through a number of revisions and updates to meet operationalrequirements. We envisage that it will keep evolving permanently. If you wish to seeit, visit our web site at www.harnhst.demon.co.uk and download a demonstration

version.

We held three Trust Board seminars to seek from the members a view of what they want to be shown in terms of evidence of compliance. That resulted in CA being astandard agenda item on each of our Board meetings now, with a tenth of the

organization surveyed each month—we do not meet in August and the Decembermeeting tends to concentrate on mince pies (a Christmas delicacy here!).

We carried out an extensive communications exercise to explain to all our people whatit was we were doing and why. That formed part of the normal communicationsprogramme within the Trust and the issue sat alongside updates on performance, staffchanges and finance etc.

Now the system is in use ‘live’ and there is a real buzz around the way it is helping tostructure our work.

‘ We already do that’ A comment often made is that health organizations already have systems to check on

things like audit, health and safety, clinical governance etc., so why is another oneneeded? We too had such systems, and still do. The point of our CONFHRMapproach is that you can integrate existing systems by cross referencing to them in the

A c c e s s e d b



29/167


24

database. So significant duplication—and the sense of implying that perfectly good work has been superseded—is avoided.

The Hastings control framework Our approach is based on a top-down review around three key areas—operational,financial and compliance. The first covers anything that moves (as well as most thingsthat don’t!), the second is obvious and the third pertains to any issue with a regulatoryrequirement attached to it. That can range from the common law to health serviceformal procedures implemented locally or nationally.

I make executive directors personally accountable for an area of the database. Thereason for that will be explained later. The process can cover all risk types—includingclinical governance which, in essence, is about avoiding clinical risk. The wholesystem revolves around the use of a central database to which everyone has access viathe local network.

The thinking behind the system We have chosen to take a very top down approach for a number of pragmatic reasons.Firstly only senior managers have the whole-system view that is essential if thisprocess is to be comprehensive. Those of us in senior management positionssometimes forget how limited in understanding of the organization most otheremployees are—even very senior, distinguished and influential ones. That is not acriticism. If you have spent your career becoming a world expert in oncology orengineering you are not likely to have a broad understanding of how a complex healthsystem like the UK NHS works. You may not even be aware of the workings of yourown hospital outside your own area. And why should you? The people who do knowthose things are those with system responsibility and we chose to use that knowledgeas the basis for our approach.

Senior managers are also ultimately accountable and must therefore control theprocess—they are the only ones who can make sure that the whole agenda does notget out of hand in scope, and they can deliver significant corporate messages to otherstaff. It is also necessary to ensure that the database remains fundamentally as the highlevel tool it was designed to be—albeit useable by those lower in the organization assubsets of the main records.

When the time comes to mandate managers with responsibilities, it is the seniormanager who must make sure that tasks are do-able and acceptable to the individual

concerned. And finally in this section, it is the senior person who must producereports that are meaningful and used by their recipients.

CONFHRMThe database consists of simple fields to capture risk information. It is designed so thatfailure to complete key fields will mean that the record is not accepted socompleteness is ensured. It offers the option of creating sub-risks so that managers candelegate component parts of their own responsibility to subordinates, requiring ofthem the same discipline in completing compliance records. Initially I asked that allentries to the database be made by executive directors who are the accountable officers

for each area. This ensured familiarity with the software and commitment to thesystem. Latterly this has been relaxed although a close watch is kept on entries and theexecutives, as part of the Steering Group, monitor each other at Group meetings whenthe database is projected on to the wall for common critique. The Group also checksfor consistency and in particular vets the priority fields in this regard. The software

A c c e s s e d b



30/167

Assurance for the Board

25

contains an historic change record that ensures users do not attempt to subvert thedatabase if a task is not to their liking! It has the capacity to generate routine or bespokereports, and, most significantly for us, it is accessible on the Trust’s intranet and istherefore available in real time to all users.

Using the databaseTo use it, simply identify a risk area and decide on a level that covers the basic riskprinciple. This means that the database will not contain thousands of individual risks,merely high level principle areas. For example we would have as a risk principle therisk of employing unqualified staff by accident. The action associated with it would beto have in place a system of checking qualifications on appointment. The HR Director

would therefore not need to detail such systems—the Board is not interested in thatlevel of detail—just give me an assurance that such systems exist and are functioning.The relevant fields are then completed and a decision is made on the levels oflikelihood and significance. That is, how likely is it to happen and, if it does, how

serious would that be for the Trust? Those are rated on a simple scale.

Then it is necessary to decide on a control option. The drop down menu offers you4 alternatives:

control—put a procedure in place;

accept—accept that little or nothing can be done;

transfer—move the risk to a third party e.g. a supplier or insurer; and

terminate—stop the activity as it is too risky.

Names are then added—very important. This needs to be an identifiable person’sproblem, not the title of a post.

Then a check frequency and any notes and the system will then add the record to thedatabase. For most risks, you only need to do all this once.

Finally the accountable people allocate subordinates for their own tasks by using thesub-risk option, and the process continues. When the check date arrives, theresponsible person enters the database and completes the compliance field. At thepredetermined intervals a report is prepared to go to the Trust Board, hopefullyassuring them that all is well.

What are we trying to do?

We have two main objectives—one is to reinforce a climate of accountability withoutcreating unnecessary stress on individuals and, secondly, we are trying to help staff tounderstand that to be held to account for actions is a sign of approbation andconfidence, not the reverse.

In summary for us, it has to be done;

it can be very constructive;

it needs Board level commitment;

the process can be straightforward; it should be led by senior management who can control it; and

it will lead to better risk control. A c c e s s e d b



31/167

27

The introduction of clinical risk pooling andclinical risk management standards withinthe National Health ServiceSteve Walker 1

The 1990s was a period of massive change in the management of the National Health

Service and in the way the National Health Service managed its clinical negligenceliabilities.

Prior to 31 December 1989 most claims were dealt with by the Medical DefenceOrganizations, the professional bodies to which individual clinicians belong, fundedby membership subscriptions.

Risk management, as with most defence organizations at that time, was largely on anad hoc basis and claim volumes were relatively low, but rising towards the end of theperiod.

Because of the growth in claim numbers, and the effect of inflation, judicial andotherwise, on claim values, the funds available to the MDOs were under some

pressure, and a deal was struck with the Department of Health, whereby, in exchangefor a one-off payment for £70 million, the Department of Health would provide anindemnity against all outstanding claims and all future claims made against theemployees of the National Health Service.

Interestingly, almost all claims prior to 1 January 1990 had been dealt with by twofirms of solicitors, one each being the practice of choice for the two principal MedicalDefence organizations.

With the introduction of NHS indemnity, delivered through Health Authorities andRegional Health Authorities, the number of legal practices spread so that theLitigation Authority eventually inherited about one hundred in England alone.

On the 1 April 1991, a further major development occurred with the creation of NHSTrusts, bodies created expressly to manage individual hospitals or groups of hospitalsin geographical proximity. This was the creation of the so-called Internal Market.Trusts had a degree of financial independence, which their Boards and management

welcomed, but, in addition, an exposure to financial liabilities, something with whichthey were less comfortable.

They did not inherit Health Authority existing liabilities, even if the liabilities arosefrom events at the same hospital. Those liabilities remained and remain with theHealth Authority.

For the first time in the history of the National Health Service, Trusts were allowed

to purchase commercial insurance policies. They did this as many tradingorganizations do, but there was no market for clinical negligence liability cover.

1. Chief Executive, NHS Litigation Authority, UK. A c c e s s e d b



32/167


28

Directors of Finance recognized the potential risk of exposure, even of insolvency, andsought assistance and guidance from the centre in finding a solution.

Throughout 1993 and 1994 there was considerable debate and consultation under aClinical Negligence Working Group, which heard evidence from many and varied

sources, from within and without the public sector. The almost unanimousconclusion was that a risk pooling arrangement was the optimum solution funded bymember Trusts on a pay-as-you-go basis. This became the Clinical NegligenceScheme for Trusts (CNST), a voluntary membership scheme to which 98% of Trustsbelong at present.

It was at this point that ideas about risk management began to cohere, not least becauseit was at this point that it was first realized that there was an ability to record, manageand analyse a comprehensive claims database for the first time in the history of theNational Health Service.

Almost everyone who had been consulted about the risk pooling scheme consideredthe incorporation of a risk management programme to be an essential component.

Even slowing down the growth in costs, much less reducing it, made risk managementcritical.

Further, when invitations to quote for the management of the proposed pool were putout to tender, all serious contenders came forward with risk managementprogrammes associated with their bids.

The winning bid was a joint effort, incorporating claims management by the MedicalProtection Society, one of the MDOs mentioned earlier and risk management by

Willis Corroon, now Willis, the insurance brokers.

Partly because the concept was so new to the NHS it was generally agreed that riskmanagement should begin with the lowest common denominator, that is to say itshould be process driven in respect of basic ancillary activities, rather than focussingon clinical practice. No doubt there were political influences at play in this decision,too.

It was, however, always perceived that the initial standards would be progressivelydeveloped, expanded in the light of the accumulating claims database and eventuallymove into clinical practice.

The initial standards against which Trusts are assessed by clinically qualifiedpersonnel are:

Standard No. 1

The Board has a written risk management strategy that makes their commitmentto managing clinical risk explicit.

Standard No. 2

An Executive Director of the Board is charged with responsibility for clinical riskmanagement throughout the Trust

Standard No. 3

The responsibility for management and co-ordination of clinical risk is clear.

Standard No. 4

A Clinical Incident Reporting System is operated in all medical specialities and

clinical support departments. Standard No. 5

There is a policy for rapid follow-up of major clinical incidents. A c c e s s e d b



33/167

The introduction of clinical risk pooling and clinical risk management standards within the National Health Service

29

Standard No. 6

An agreed system of managing complaints is in place.

Standard No. 7

Appropriate information is provided to patients on the risks and benefits of theproposed treatment or investigation, and the alternatives available, before a sig-nature on a Consent Form is sought.

Standard No. 8

A comprehensive system for the completion, use, storage and retrieval of medicalrecords is in place. Record-keeping standards are monitored through the clinicalaudit process.

Standard No. 9

There is an induction/orientation programme for all new clinical staff.

Standard No. 10

A clinical risk management system is in place.

Standard No. 11

There is a clear documented system for management and communicationthroughout the key stages of maternity care.

And we are currently completing a trial of three additional standards.

Standard No. 12

Clinical Care: There are clear procedures for the management of general clinicalcare

Standard No. 13Mental Health and Learning Disabilities: Management of care in Trusts provid-ing Mental Health and Learning Disability Services.

Standard No. 14

Ambulance Service: There are clear procedures for the management of clinicalrisk in Trusts providing ambulance services.

Later this year we will be, as it were, getting closer to clinical practice and consultingon standards relating to:

Oncology

Neonates/Paediatrics

Pathology

Incident Reporting

Training

Implementation of CHI and NICE recommendations

Discounts against contributions are allowed as an incentive to compliance at variouslevels.

The final piece of this jigsaw is the incorporation of CNST standards into the

Corporate Governance Programme of the NHS.

A c c e s s e d b



34/167

31

The Bristol Paediatric Cardiac SurgeryInquiryDr Isabel Sanderson1

The purpose of Clinical Risk Management is to identify, analyse and set up systemsto contain the consequences of errors and adverse outcomes in medical practice. Inreality it is not possible to eliminate every unintended consequence of professional

practice, but the aim of an effective clinical risk programme, is to prevent avoidableincidents which may cause harm to patients both physically and emotionally and

which may also result in the payment of damages by the professional provider. Whenmajor errors occur and are publicized by the media, there is an understandable publicand political concern about issues of patient safety and it is instructive to look atspecific examples to see how such disasters may be avoided.

In June 1998, The General Medical Council (the UK’s registration body for medicalpractitioners) completed the longest (eight months) and most expensive(>2.2 million or approx or A$5.5 million) disciplinary enquiry ever undertaken. As aresult of the disciplinary enquiry three doctors, one of whom acted purely in amanagement capacity, were found guilty of serious professional misconduct and two

were suspended from the medical register. The third doctor, although he did not losehis registration, was subsequently dismissed from his consultant post. The case againstthe doctors arose from a series of disquieting observations that the results of PaediatricCardiac Surgery at Bristol Royal Infirmary, a major University centre in the south

west of England, were significantly worse in terms of morbidity and mortality than theresults of other centres. Concerns wee first expressed in 1988 by an anaesthetist who,new to the unit, noticed that operations took longer than in other centres where hehad worked. In that year the DHSS (Department of Health and social Security)undertook an audit that was never published but the conclusion was that ‘Bristolresults were significantly worse than elsewhere’. There was no inquiry following thisaudit but the funding of the unit was increased. The anaesthetist who had made the

original observations remained concerned and between October 1991 and July 1992, with another colleague, undertook a systematic review of outcomes. In 1992 the RoyalCollege of Surgeons of England, after an external investigation, unsuccessfully calledfor the unit to be dedesignated. In 1994 an expert Cardiac surgeon in a report for theDOH (Department of Health, successor to the DHSS) recommended that aparticular operation, the ‘switch’ operation should be stopped and in 1995 a furtherreport identified the senior of the two surgeons involved as ‘a higher risk’ surgeon.This report was rejected by the hospital, which commissioned an internal study. In1996 the internal report confirmed that two particular operations did not compare

well with the results at other hospitals. By June 1996 a number of parents of children who had died or suffered morbidity from cardiac surgery had become aware of thegeneral concerns about the quality of care pro iced to their children and petitioned theGMC demanding an inquiry. The registration body acquiesced and the inquirycommenced in October 1997.

1. Independent Medico Legal Services, London, UK. A c c e s s e d b



35/167


32

The cases against the three doctors were restricted to a consideration of two particularoperations, the repair of atrio-ventricular septal defects, in which 9 out of 15 patientsdied, and ‘switch’ operations for the congenital defect of transposition of the aorta andpulmonary arteries in which 20 patients out of 38 died. In all, out of 53 operations, 29patients died and 4 were brain damaged. The senior surgeon, who was also the medicaldirector of the hospital, was found guilty of serious professional misconduct on thebasis that he continued to perform operations to correct A-V septal defects despiteconcerns expressed by colleagues about his high mortality rate, that he did not seekretraining or advice and that he acted against the best interests of patients bypermitting his more junior colleague to perform the ‘switch operations’, he was struckoff the register. His junior consultant surgical colleague was also found to have failedto analyse his own performance and to have failed to pay sufficient regard to thepatients’ best interests. He was found guilty but his name was not removed from theregister. The third doctor, not a surgeon, who was employed as the chief executive ofthe hospital was found not to have taken action to stop the operations despitecolleagues’ concerns. He too was struck off the register. This is believed to be the first

case of a doctor being disciplined by the GMC whose involvement in patient care waspurely in a management capacity.

The case before the GMC was of great interest and concern to a wide range of opinion,not only the involved witnesses but also the wider public, the profession, the mediaand politicians. The GMC recognized the importance of the case by formally revisingits advice to doctors in its booklet Good medical practice. The most important changes inits advice were to identify the importance of the individual doctor’s need to recognizethe limit of his own professional competence, the need to keep up to date withadvances in medical practice, the importance of working in teams and, in a completeabout turn of the classical advice not to disparage other doctors, to recognize the needto protect the interests of patients by reporting concerns about a colleague’s conduct

or practice to the employing or regulatory body.

The then Secretary of State for Health in a statement to parliament following theresult of the GMC deliberations announced his intention to hold a public inquiry andintimated the government’s plans:

a) to set up an Institute of Clinical Excellence to set national standards of clinicalcare;

b) to require hospital doctors to participate in national external audit; and

c) to enable patients and general practitioners to obtain information on the treat-ment success rates of local hospitals. He expressed the hope that ‘nothing like ithappens again’.

Professor Ian Kennedy, Professor of Health Law, Ethics and Policy in the School ofPublic Policy at University College, London was appointed Chairman of the Inquiry

with a supporting committee of experts and an advisory group of relevant clinicalexperts who have reviewed a proportion of the clinical cases. The remit of the publicinquiry is far wider ranging than the GMC’s. The terms of reference state the purposeto be ‘to inquire into the management of the care of children receiving complexcardiac surgical services between 1984 and 1995 and relevant related issues, to makefindings as to the adequacy of the services provided, to establish what action was takenboth within and outside the hospital, to deal with concerns raised about the surgeryand to identify any failure to take appropriate action promptly, to reach conclusions

about the events and to make recommendations which could help secure high qualitycare across the NHS’.

A c c e s s e d b



36/167

The Bristol Paediatric Cardiac Surgery Inquiry

33

The first phase of the inquiry was completed at the end of 1999 and the preliminaryreport is expected later in the Spring of 2000 with the final report due in the Autumn2000. The inquiry is currently in the second phase of a series of seminars on suchtopics as ‘performance’ and ‘leadership’ with the involvement of a wide range ofdistinguished participants from the private and public sectors.

For a full appraisal of the extensive witness and expert evidence it will be necessary toawait the publication of the full report but already some disquieting information isavailable which extends the concerns about the cases to matters other than theindividual competence of the doctors involved. Although the remit of the GMCdisciplinary committee is to establish the responsibility and culpability of individualdoctors the findings of the expert panel advising the public inquiry, who were askedto undertake a detailed analysis of a selection of the nearly 2000 cases beingconsidered, shows that there were important factors at play other than the individualcompetence of two doctors. The panel’s findings remind us of the importance of a fullroot-cause analysis of major mishaps and the need to avoid the appearance of a witch-

hunt against individuals.The inquiry panel commissioned clinical experts who worked in multi-disciplinaryteams, to review the cases of 80 children covering a total of 100 procedures of cardiacsurgery selected at random from the nearly 2000 cases undertaken between 1984 and1995. The sample was deliberately weighted towards younger children undergoingopen-heart surgery and towards those who died.

Initial analysis showed that 50% of the children in the sample received adequate care. A further 20% received care that was less than adequate but different management would have made no difference to the outcome. In the remaining 24 cases (30% of thetotal) it was concluded that different management might have made or couldreasonably be expected to have made a difference to outcome. In only 9 of the 100

procedures assessed was it considered that different conduct of the surgical proceduremight have or would probably have made a difference to outcome.

While it is important not to ignore the effect of less than optimal competence on thepart of the surgeons it is equally important to recognize the other factors involved

which the experts identified. Aspects of pre-operative care, surgical care and post-operative care were all mentioned as well as problems of communication anddifficulties arising from the way the Bristol service was organize.

All those of us working in the field of risk management would share the Secretary ofState’s wish that such a disaster would not be repeated but a recent statement of intentfrom the President of the United States of America reminds us how difficult it is tomake effective systematic arrangements to ensure the prevention of harm to patients.The USA has had about a twenty-year head start over the UK and Australasia in thedevelopment of Clinical Risk programmes and yet in a recent New York Times reportan Administration official announced the President’s intention shortly to ‘order allhospitals in the Unites States to take steps to reduce medical errors that kill tens ofthousands of people each year and—to urge states to require the reporting of sucherrors’. The announcement follows a report on medical errors by the US National

Academy of Sciences.

Could ‘Bristol’ have been avoided? Probably, if existing systems had worked well. Willit happen again? Sadly, in spite of the best efforts of many well-intentioned people,something similar possibly may occur again but probably not at Bristol where the

details of the distressing events and the complexities and raw emotions of the GMCand public inquiries are likely to linger long in the memories of the professional andmanagement staff.

A c c e s s e d b



37/167


34

ReferencesGeneral Medical Council 1998, Good medical practice, London.

The New York Times, February 22, 2000.

Bristol Inquiry website: www.bristol-inquiry.org.uk.

A c c e s s e d b



38/167

35

Controls assuranceInvolving the BoardTim Crowley 1

BackgroundThe National Health Service is at the forefront of good governance in the publicsector. On the firm foundations of Audit Committees, Codes of Conduct, ModelStanding Orders etc., the principle of Boards making public statements on risk andcontrol has been set in train. Since 1997/98 statements have been made on internalfinancial control; the recently issued HSC(99)123 outlines the wider organizationalcontrol statements that take effect from 1999/2000; and the prospect of convergence

with the clinical governance agenda, resulting in an all controls statement has beensignposted.

The overarching initiative behind this work is the Controls Assurance Project whichcan be defined as follows: With existing resources, used to best effect, what assurancecan be gained? This is supported by the following project principles:

involving people;

integrating functions;

consolidating and rationalizing frameworks.

At its simplest, controls assurance is a process designed to provide evidence that NHSorganizations are doing their ‘reasonable best’ to manage themselves so as to meettheir objectives and protect patients, staff, the public and other stakeholders againstrisks of all kinds. It is a basis for Chief Executives, as accountable officers, to dischargetheir responsibilities. Similarly, it will support Sir Alan Langlands, as AccountingOfficer, in the provision of assurances to Parliament and the public.

Essentially, the Project is founded on the principle that assurance is built upon

systems and cultures that involve people. To that end much of the pilot work andguidance has centred upon techniques to engage wider groups of NHS staff inunderstanding and reporting upon risk within their areas of responsibility. Also, therehas been an emphasis on ensuring that there is top down commitment, which shouldbe initiated through a Board level consideration of key risks.

This chapter sets out one example of that pilot site work. It has been undertaken byMersey Internal Audit Agency and provides a practical insight into securing Boardlevel involvement.

1. Director of Audit Services, Merseyside Internal Audit Agency, NHS, UK. A c c e s s e d b



39/167


40/167

Controls assurance

37

3) Identification of actions and responsibilities

The results of the above establish a sensible and informed point from which toattach action and responsibility to risks that require management attention. Arange of self assessment workshops may well be linked to issues where a multi-

disciplinary approach is needed and the relevant employees operate in a culturethat encourages openness. Not all issues match these circumstances.

4) Monitoring

Unless a framework is in place to monitor the progress and effectiveness ofplanned actions then efforts will have been largely wasted. This reinforces theprinciple of monitoring and corrective action set out earlier in this guidance un-der control elements.

5) Assurance statement

This stepped approach will contribute to a Trust or Authority making an assur-ance statement based on risk management principles that can be described simplyand sensibly to the public. The emphasis is upon reasonable assurance not abso-lute assurance and reflects the spirit of the Controls Assuran

Documents

MP91-2000 Healthcare Risk Management