Law & Governance

Law & Governance 8(2) November -0001 : 0-0

Risk Management and Patient Safety Lessons Learned from the U.K.

Lisa Droppo


Beginning in August 2001, I had the privilege of working and living in South West England for one year. Having worked in healthcare administration in Ontario for 12 years, this seemed a great opportunity to work in a different healthcare system. Given that my areas of expertise were quality, risk management and patient relations, when a contract opportunity arose for a Risk Management Projects Manager at the local acute care Trust (hospital), a natural relationship was established. In this article, I will reflect on my experience in the U.K. and will offer some key learnings and potential applications for risk management in Canada.
Upon joining the Royal Devon and Exeter NHS (National Health Service) Trust (, I was quickly assigned three projects to last my 10-month tenure. They were to:
  • Coordinate the preparation and external review process for the Clinical Negligence Scheme for Trusts and in particular to assist the Trust in achieving a higher level of award recognition
  • Lead the Trust's participation as one of the National Patient Safety Agency's 28 pilot sites
  • Develop a process to select and implement an IT solution for management of clinical governance

Although not part of my initial mandate, I sought to propose and implement a strengthened organizational structure and roles for the ongoing management of clinical governance. As I oriented myself to the Trust and more specifically to the goals and objectives of the assigned projects, the interrelationships became readily apparent.

I was surprised by the many similarities and few differences between the U.K. and Canadian healthcare systems. Both are primarily national healthcare systems where all residents have access to healthcare services. The U.K. has a more substantial private healthcare system used primarily by U.K. residents to decrease waiting times for service. Interestingly, I noted that the same physicians worked in both the public and private healthcare systems. In the U.K., all hospital-based physicians are employed by the NHS. This is different than in Canada where only a limited number of physician groups (e.g. hospitalists, pathologists, etc.) are directly employed by the hospitals and all others are self-employed and undergo a credentialing process to receive privileges to provide service in the hospitals. I expected that this difference in employment arrangement would increase the capacity and desire for NHS physicians to participate in hospital administrative activities, although this was not my experience. On a broader note, I was struck by the fact that NHS organizations were experiencing many of the same challenges faced by Canadian healthcare organizations. Specifically, both are focussed on strategies to decrease waiting times for service, struggle to fill positions in particular healthcare disciplines including nursing, pharmacy and speech-language pathology, and continue to explore different models of healthcare delivery both regionally and within organizations.

In the U.K., risk management falls under an umbrella known as Clinical Governance. Clinical Governance is defined as "a framework through which NHS organisations are accountable for continually improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish." (Scally and Donaldson, 1998; ( This definition applies to all NHS organizations and in fact is part of an overall accountability framework which requires the Chief Executive to annually sign an accountability statement. I believe that this centralized governmental policy development clearly defines expectations of organizations within the public healthcare system and allows organizations to quickly adopt the framework and then invest time in operationalizing core processes.

Clinical Negligence Scheme for Trusts

The Clinical Negligence Scheme for Trusts (CNST) was established in 1994 to fund the cost of clinical negligence litigation in NHS trusts and to encourage and support effective management of claims and risk ( CNST membership and claims issues are administered by the NHS Litigation Authority (NHSLA), a Special Health Authority. Risk management matters are dealt with by the CNST assessment team at Willis Limited, an international risk management and insurance intermediary (, working closely with and overseen by the NHSLA. Individual trust contributions are calculated on an annual basis and can be reduced if the trust meets certain risk management criteria. It is this risk management assessment process in which I was involved.

Derived from claims history, CNST includes seven core and three specialty area risk management standards for organizations to assess themselves against and in turn be assessed by an external assessor (see Table 1). Recently, completely separate standards have been developed for Maternal Care due to its high risk nature. There are three standard levels. Organizations must begin at Level 1 and may then progress through levels two and three assuming they have been successful at the preceding level. Successful recognition at any level results in a premium reduction for up to a period of two years. Increasing levels result in a higher premium reduction. Successful achievement of levels 2 and 3 also contribute to enhanced recognition on other NHS Performance rating systems (

Table 1. CNST Standards
Standard 1: Learning from Experience
Standard 2: Response to Major Clinical Incidents
Standard 3: Advice and Consent
Standard 4: Health Records
Standard 5: Induction, Training and Competence
Standard 6: Implementation of Clinical Risk Management
Standard 7: Clinical Care
Standard 8: The Management of Care in Trusts Providing Mental Health Services
Standard 9: Ambulance Service
Standard 10: Maternity Care

Source: CNST Clinical Risk Management Standards. %20Manual%20August%202003.pdf

The standards are clearly defined and include a description of the evidence that must be provided. Each organization works with their assessor who provides coaching and guidance throughout the process. Organizations submit documentation to their assessor who visits the Trust to validate the processes and outcomes described in the documentation. The assessment visit agenda is developed in advance and involves numerous small meetings to focus on important core processes and high risk areas. These include risk management strategy and structures, patient complaints, health record management, staff and medical staff orientation, blood transfusion, infection control and maternal care.

I was involved in preparing my Trust for a Level 2 reassessment where the Level 2 standards had been modified substantially since the previous assessment. Particularly challenging standards were related to processes to ensure that staff involved in the blood transfusion process (including transportation) were properly trained to fulfill their role. This involved the development of curricula for a variety of audiences and an intensive education plan to transfer knowledge and skills and document same within a few months. A second new standard area was related to the requirement that all staff using diagnostic and therapeutic equipment were properly trained to do so. This required a complete inventory of all diagnostic and therapeutic equipment as per the Medical Devices Agency (now known as the Medicines and Healthcare Products Regulatory Agency, definition and the development of a process to determine which devices would require staff to have specialized training. Using a modified version of a risk matrix, each device was assessed for likelihood of causing harm and the consequence/impact should harm occur. Devices were then sorted into low, medium and high risk severity and the Trust focussed on training programs and delivery for all high risk devices as the first phase. This was an extremely ambitious task which was successfully accomplished over three months. Following a two-day assessment visit, the Trust was awarded Level 2 recognition under the new standards, a tremendous accomplishment.

Incident Reporting Pilot Test

The National Patient Safety Agency (NPSA) is a Special Health Authority established in July 2001 to co-ordinate the efforts of all those involved in healthcare, and more importantly to learn from patient safety incidents occurring in the NHS ( As part of their mandate, the NPSA tries to promote an open and fair culture in the NHS, changing the emphasis from the "who" to the "how." The NPSA arose from a recommendation in an important report called, An Organisation with a Memory (

Beginning in September 2001, as a pilot site organization, the Trust was expected to participate in a pilot test of a centralized incident reporting system. Unidentifiable (anonymous) incident data was to be electronically transferred to a centralized database for national analysis and trending. In order to participate, pilot organizations needed to have an on-line incident reporting system which included risk assessment of every incident. Further, the reporting system vendors had to work with the NPSA to develop an interface to exchange incident data from the trusts, remove any identifying information about those involved in incidents or the Trust. Our Trust was using one of three common reporting systems in the NHS, but not the one selected as the primary partner with the NPSA. As a result, although the interface was eventually developed and implemented, there were challenges in meeting the project dates. Further, our Trust had not been previously assessing incident risk. This required the adoption of a framework provided to pilot Trusts, and risk assessment by a small team to risk assess incidents over the six month pilot. The risk assessment framework allowed for consideration of not only the harm that did result from the incident but also the potential for harm. This process encouraged the reporting and learning from near misses (( docs/npsa%20risk%20assessment%20tool.doc).

The second element of the pilot was to begin using root cause analysis to investigate and learn from incidents, including near misses. Teams from pilot sites were provided with a six-day educational program over a period of eight months which allowed participants to understand accident theory, human factors and a number of models and tools for root cause analysis. Pilot teams applied the learning in their own Trusts and shared experiences with the other pilot sites for additional learning. The Trust was able to quickly incorporate this new approach which was received enthusiastically by staff and physicians.

During the pilot phase, NPSA also introduced important national patient safety projects including enhanced practices for the management of concentrated potassium chloride and more recently the introduction of common emergency codes.

Since my departure from the U.K., the NPSA has launched the National Reporting and Learning System (NRLP), a national reporting system to help the NHS improve patient safety. Further, the experience with root cause analysis has resulted in the development of more formal training programs including e-learning modules.

Integrated Risk Management System

Prior to my arrival at the Trust, a process had been initiated to identify an IT solution to support and integrate a number of clinical governance functions including incident reporting and management, feedback from patients and their families, claims management and a risk register. A number of separate systems, from a variety of vendors, were in place, some of which were quickly becoming redundant and no longer supported by the original vendors. The Trust had developed some specifications and invited a number of vendors to provide demonstrations almost a year earlier. Although there were two preferred products, no further selection was made following this process.

It became evident as a result of the Trust's participation in the NPSA pilot that a decision needed to be made whether to continue with one or more of the current systems or to look for the best integrated solution to meet all of the needs. The two vendors previously identified as potentially meeting the organization's needs were once again contacted. The specifications were reviewed and updated, and a second demonstration process was organized. An evaluation of the two vendors' products was undertaken against the specifications and those attending the demonstrations were asked to complete an evaluation form. Following the demonstrations, a new vendor was selected to meet all the needs. A contracting process and the customization of the database contents to meet the Trust's needs were initiated. Each team overseeing a unique component of clinical and nonclinical governance actively participated in designing their pick-lists. A project manager for the implementation was identified as my tenure came to a close following the contracting and customization processes.

Governance Structures and Roles

Throughout my work on the above three projects, I became increasingly familiar with all of the clinical and non-clinical governance processes in the Trust. Although the processes each had many strengths, the opportunity to maximize the learning and improvement was hampered by a complex structure. Each of the component functions reported to a separate senior manager and although these individuals and performance reports came forward to a centralized Risk Management Committee, the analysis was occurring at a very high level, limiting the likelihood of identifying important trends or opportunities across the organization.

An external scan was conducted of other organizations and an emerging trend of Clinical Governance or Governance teams was identified. It was proposed and accepted that a Governance Manager position be established to oversee the risk management, patient relations, patient advocacy and liaison service, clinical audit and health and safety reporting. An external individual was recruited to this role to lead the organization through this integrating transition.

Reflections and Conclusions

As I reflect on this wonderful professional experience, I believe that there are some useful lessons for Canadian healthcare organizations, government and others:
  • There are some advantages to governmental accountability frameworks that allow organizations to focus on implementation rather than design and perhaps prevent organizations from re-inventing the wheel.
  • External reviews and assessments are useful and I believe can be strengthened in Canada through the addition of a requirement to demonstrate through substantive evidence successful achievement.
  • The development of a national incident reporting system is an ambitious and challenging task. While I believe that there was tremendous value in developing a risk assessment framework, in practice it was challenging to implement and teach to others. Standardizing data entry to ensure that incidents are de-identified (anonymous) is also challenging. The potential advantages of such a national system would certainly be worthy of further investigation in Canada.
  • Root cause analysis is a useful process for investigating and learning from incidents. It actively engages those most closely involved in the incident and takes a systems approach. Many of the tools and techniques are similar to those used for quality improvement and as a result I believe that Canadian organizations may have more experience to incorporate this process.
  • Integrated risk management systems have tremendous capacity to assist in coordinating a number of related risk management activities (e.g. patient feedback, incident reporting and claims management). The development of such integrated systems is beginning in Canada and should be further pursued to support an enterprise risk management approach.
  • I was introduced to the risk register; a tool for capturing identified risks that may not be the result of incidents, assessing their risk and monitoring action plan status. This proactive management of risks often identified through risk assessment processes offers an organization a strategic risk management approach which could easily be adopted in Canada.
  • The U.K. healthcare system has a number of defining structural issues that make it different than the Canadian healthcare system. All those working in Trusts are employees of the Trust and as such are accountable for their participation and performance. In 1995 there was a change to claims management with the introduction of the NHSLA. This new process eliminated the capacity for an individual professional to be sued but rather only the organization. This ability to function under a single risk roof is very supportive to all Trust employees and also seemed to result in timely resolution of claims. There was no doubt that this integrated approach to claims seemed to overcome some of the challenges faced by Canadian healthcare organizations, their staff, and physicians.

I was truly privileged to have the opportunity described in this article. The enormous personal learning and growth from this experience has undoubtedly supported my career endeavours and has allowed me to recognize my transferable knowledge, behaviours and skills.

About the Author(s)

Lisa Droppo, MHSc, CHE has worked in a variety of healthcare administrative roles for 14 years. In this article she refers to her experience as Risk Management Projects Manager at the Royal Devon and Exeter Healthcare NHS Trust in Exeter, England. Lisa is currently Director, Patient Safety at Trillium Health Centre in Mississauga, Ontario.


The opportunity to work in the U.K. arose as a result of an international visiting scientist fellowship awarded to my husband. This fellowship took our family to Exeter, where we all experienced professional and personal opportunities that will be remembered always. Thank you Ian for this gift.

My sincerest thanks to Mrs. Angela Pedder, Chief Executive, Mr. Patrick Beasley, Medical Director, and Ms. Elaine Hobson, Director, Operations and my many colleagues at the Royal Devon and Exeter Healthcare NHS Trust for the wonderful opportunity and experience described in this article.


Scally, G. and L. J. Donaldson. 1998. "Clinical governance and the drive for quality improvement in the new NHS in England" British Medical Journal 317: 61-65


Be the first to comment on this!

Note: Please enter a display name. Your email address will not be publically displayed