Read Standard 4: clinical safety and risk management

Clinical Governance Standards
National

Standard statement

Clinical services effectively manage healthcare-related risks, safety concerns, adverse events and near misses. 

Rationale

Identifying and managing risk is a central part of delivering high-quality health and social care services. The primary goal of risk management within clinical governance is to minimise risks to patients and prevent harm by ensuring there are appropriate controls in place.15  

Risks in this context relate to clinical risks. Adopting a risk-based approach to clinical care, including proactive management, ensures that both opportunities and potential threats are considered as part of the decision making process. This approach is supported by structured risk management policies, protocols and processes, to ensure that clinical risks are identified, assessed, managed or mitigated and escalated at the appropriate level within the organisation.37, 38 These processes also help identify connections, patterns or related factors that may signal increasing risk or systematic failure.  

National statutory inquiries into patient harm, clinical safety issues or poor performance in healthcare settings consistently highlight lack of ‘safety culture.’39-43 Learning from adverse eventsnear misses and inquiries highlights that organisations should listen to people’s experience, respond to early warning signs, address staff concerns and prioritise clinical safety. Ongoing monitoring and review of clinical services enables improvements for the safety of everyone using and providing healthcare.44 This requires a robust system analysis and embedding a learning culture. A learning culture includes the adoption of systems to listen to staff and make changes to systems and processes. 

When a clinical risk becomes an issue, adverse event or near miss, robust governance processes are followed.44 Organisations have a Duty of Candour to be open and transparent when something with the care or services they provide goes wrong and causes harm. Openness and honesty are central to every relationship between those providing and those experiencing treatment and clinical care.45 Staff also have professional Duty of Candour, which should be followed alongside their respective professional guidance.46-48  

Adverse events and complaints are a key source of intelligence about the safety and quality of a service. Reviewing and acting on adverse events, near misses, complaints and identifying positive feedback or good practice can help organisations identify risks and prevent or reduce harm.37, 44, 49-52   

Where there is a concern about unsafe, unethical, or unlawful clinical practice, organisations should ensure these concerns can be raised in a confidential and psychologically safe way. National standards for whistleblowing and supporting processes are in place to ensure that staff are adequately protected and supported.48, 53  

Feedback from people who experience services is covered in Standard 6. 

References

Criteria

4.1

Organisations have a robust governance and reporting structure to support effective oversight and assurance of clinical safety and risk management. 

4.2

Organisations have a framework for managing clinical risks that: 

  • is aligned to organisational objectives and integrated into decision making arrangements 
  • clearly defines clinical leadership roles and responsibilities  
  • proactively identifies and manages clinical risks that could impact on their ability to deliver or maintain services and functions 
  • proactively identify, evaluate and manage clinical risks associated with service redesign 
  • review the risks, including control measures, at regular intervals 
4.3

Organisations take active steps to create a safety culture that enables staff to: 

  • talk openly about errors and raise concerns safely 
  • act promptly if they think that patient safety is, or may be, seriously compromised, in line with professional guidance 
  • share and act on learning. 
4.4

Organisations publish annual reports covering Duty of Candour legislation requirements. 

4.5

Organisations have systems and processes for adverse event reporting (including near misses and complaints) in line with national frameworks, notification processes and recommended timelines, which:37, 44, 49-52   

  • outline standardised and consistent approaches to reporting and responding, while meeting the needs of individuals 
  • include documented escalation policies for response, investigation and review 
  • outline clear lines of accountability for local review and response. 
4.6

Organisations have robust processes for the reporting and review of clinical risk and patient safety data, including adverse events and complaints investigations, which include: 

  • identification of emerging or recurring themes  
  • detailed actions and learning to reduce the likelihood or impact of reoccurrence 
  • reporting progress against actions and improvement plans  
  • sharing anonymised, thematic learning with partner multidisciplinary and multiagency teams and governance structures as appropriate 
  • demonstrating a commitment to openness and transparent decision making. 
4.7

Organisations have systems and processes to ensure national learning is reviewed, where applicable, from: 

  • quality of care reviews and local care assurance processes 
  • recommendations from national inquiries. 
4.8

Organisations are transparent and provide a timely and appropriate response for adverse events (including near misses) and complaints:   

  • to staff, volunteers and people who experience services 
  • in line with national guidance and nationally agreed timeframes 
  • which includes learning or improvement plans that have been developed as a result. 
4.9

Organisations have effective feedback processes following adverse events, investigations or complaints, where appropriate, which: 

  • are easy to access, understand and complete 
  • are accessible in a range of different formats and languages or can be made more accessible by using online translation services 
  • include information for further support, information and advocacy, where appropriate. 

 

4.10

Organisations have systems and processes in line with national whistleblowing standards, which: 

  • outline appropriate reporting and accountability structures, such as an independent officer at board level or equivalent 
  • maintain a confidential record of all staff concerns and the action taken in response to those concerns. 

 

What does this standard mean for...

What does the standard mean for people?

  • You can be confident that clinical services are regularly reviewed to check their quality.  
  • You will be able to give feedback, raise concerns or make complaints, and these will be addressed in a timely and fair manner.  
  • The organisation has effective systems to identify and respond to clinical risks. This helps reduce harm and improves the quality of clinical care. 
  • If something goes wrong, the service will find out why it happened and make changes to improve. The organisation will listen to feedback from everyone involved. 

What does the standard mean for staff?

Staff, in line with roles, responsibilities and workplace setting:  

  • understand their role to anticipate, identify, assess and manage clinical risk 
  • feel confident that concerns they raise will be listened to and acted on 
  • feel psychologically safe to proactively raise concerns and address clinical safety and quality issues in their service or area of work 
  • follow established escalation pathways for adverse events, whistleblowing and complaints 
  • follow professional Duty of Candour and their respective professional guidance 
  • demonstrate transparency and integrity 
  • are supported to put learning into action with access to the appropriate time and resources.  

What does the standard mean for the organisation?

Organisations, in line with their respective governance and delivery structures: 

  • proactively identify, assess and manage clinical risk 
  • ensure patient safety and commit to a culture of openness, transparency and learning 
  • collect, record and act on concerns, intelligence and early warnings 
  • support staff and people who raise concerns or issues  
  • have clear escalation pathways, governance and oversight to manage risk, adverse events and whistleblowing 
  • conduct timely investigations into adverse events, whistleblowing and complaints 
  • provide resources, including time, for staff to identify, take part in and implement learning from risk  
  • provide assurance and oversight for patient safety in all services they plan, commission and deliver. 

Benchmarking and measuring performance: Examples of what meeting this standard might look like [linked criteria]

Examples may vary according to the size and scale of the service, NHS board, organisation. 

  • Governance papers and minutes demonstrating discussion and scrutiny of clinical safety and risk management at board level or equivalent. [4.1, 4.6] 
  • Evidence of implementation of national and local clinical risk management strategies, policies and frameworks as appropriate. [4.2] 
  • Patient safety huddles54 or multidisciplinary safety reviews. [4.3] 
  • Reporting against identified clinical risk key performance or risk indicators. [4.6] 
  • Reporting and review of clinical risks and patient safety concerns to the appropriate level within the organisation. [4.6] 
  • Evidence of processes to identify emerging or recurring clinical risk or patient safety themes for improvement and learning. [4.6] 
  • Evidence of mitigation plans and action plans. [4.6] 
  • Evidence of compliance with registration and regulatory guidance in regard to Duty of Candour. [4.4] 
  • Evidence of review and learning from adverse events and implementation of the national adverse events framework. [4.5] 
  • Monitoring the number of adverse events reviews concluded within nationally recommended timeframes. [4.5] 
  • Use of technology-enabled translation services or other appropriate adaptations for complaints and feedback processes, such as translation tools. [4.9]