NHS England has recently indicated that all eHealth products (with the exception of Medical Devices) need to comply with Safety Standard ISB 0129 and ISB 0160. Suppliers and healthcare organisations are at different stages of maturity in gaining compliance. Proactively managing risk in eHealth technology is the right thing to do – it benefits patients and forges a sense of responsibility in the Health IT industry.
The journey to ISB0129 and ISB0160 compliance can at first seem complex and often the greatest challenge is knowing where to start. Here are five simple principles for taking the first steps.
- Develop an integrated process – Most organisations already undertake a great deal of assurance work and don’t realise that these activities can be used to evidence the arguments set out in their ISB0129/ISB0160 Safety Case. User-centred design sessions, system testing, configuration workshops, training logs, a data migration strategy and operating policy development all represent potential sources of essential evidence.
- Get stakeholder buy in – Without support from management at the highest levels it can be difficult or impossible to develop a proactive safety process. Suppliers, healthcare organisations and users all have a role to play especially where it is necessary to manage hazards that span organisational boundaries.
- Be objective – Robust Clinical Risk Management involves making informed judgements. At times we can all be biased by financial and political drivers but the moment these factors contaminate our clinical risk decision we lose effectiveness and credibility. Business pressures should drive the need for careful analysis but not bias the final outcome.
- See the big picture – All too often in Clinical Risk Management we can find ourselves immersed in unnecessary detail. Remember that the amount of risk reduction effort should be commensurate with the degree of risk. Use top-down analytical techniques such as SWIFT to identify the hazards that need to be managed and focus effort on those.
- Get the right help – Whether it’s BT, other organisations or your peers, complying with ISB 0129 and ISB 0160 is easier and more cost effective to implement when you harness the experience of others. By sharing ideas, processes and methodologies you can avoid expensive pitfalls and unnecessary rework.
Dr Adrian Stavert-Dobson is the Managing Partner of Safehand, independent consultants in clinical risk management, and the author of Health Information System: Managing Clinical Risk.