All health and care technologies introduce a level of risk, and like any other system, process, or tool, this risk must be continually assessed and reduced to as low as reasonably acceptable. However, unlike most other systems or tools, health technology misuse or poor maintenance is not always obvious, requiring a more active continuous assessment process. The NHS has set out how to manage clinical risk effectively in the clinical risk management standard, DCB0160.
This blog, written by our CQC Lead and Clinical Safety Officer, Nick Pavard, will outline:
- What is DCB0160
- Why all healthcare providers must undertake clinical safety assessments
- The benefits of committing to the DCB0160 process
What is DCB0160?
DCB0160 is a clinical safety standard established by NHS England and is legally mandated through Section 250 of the Health and Social Care Act 2012. It forms one half of a pair of standards to manage clinical risk in the manufacture and implementation of healthcare technology or health IT systems. DCB0160 sets out the requirements for effective clinical risk management in health organisations responsible for deploying, using, maintaining, and decommissioning Health IT Systems. The overarching aim of clinical safety standards is to ensure patient safety by managing risks associated with digital health systems. The DCB0160 application guidance makes it clear that it applies to all health and social care organisations that deploy and use Health IT Systems in the UK. This standard reflects NHS England’s recognition that while digital systems can improve healthcare, they also have the potential to cause harm if not properly managed throughout their lifecycle. The DCB0160 provides a standardised structured methodology for assessing and mitigating risks from digital systems in healthcare settings. It requires a multidisciplinary team to undertake the following activities for each health IT system:- Undertake risk management activities stipulated in a Risk Management Plan
- Document the hazards and patient harm that can be caused in a Hazard Log
- Summarise the safety of the system for Top Management to approve in a Clinical Safety Case Report
- Monitor clinical incidents or near misses and record them in an incident.
- Ensure the Hazard Log and Clinical Safety Case Report are up to date.
Why is DCB0160 important?
Risk assessments in any form provide four key things:- A process to assess and reduce risk.
- A reference point for what has and hasn’t been risk-assessed.
- The ability for internal organisational scrutiny of the level of risk involved. This should be monitored and approved by top management.
- An audit trail that activities are as safe as practicable.
DCB0160 and the Care Quality Commission (CQC)
Although not explicitly mentioned in the new Single Assessment Framework, DCB0160 is highlighted within the best practice references of literature that the CQC has published, co-produced or referenced, including:- NHS England’s What Good Looks Like Success measure 3
- CQC’s Sandboxing on Digital Triage Solutions
- CQC’s Machine Learning in Diagnostic and Screening Services
- The CQC’s involvement in creating the AI and Digital Regulations Service.
Benefits of using DCB0160
A well-carried-out DCB0160 should minimise the teething problems of health technology introduction and ensure that the use of the technology is continually assessed and improved—from all stakeholder points of view. This, in turn, will increase the chance of continued user buy-in. DCB0160 naturally dovetails with the manufacturer’s DCB0129 to provide a comprehensive assessment of hazards. When clinical risk management activities form part of the business as usual activities of the manufacturer and deploying organisation, it enables both the continued improvement of health technologies and the ability to mitigate clinical risk. The structured approach of the DCB0160 delivers a consistent and recognised approach to clinical risk management. This is achieved by ensuring a multidisciplinary team assesses the health IT system. This team should include but not be limited to:- Top Management
- A Clinical Safety Officer or multiple Clinical Safety Officers, depending on the risk profile and complexity of the healthcare technology
- Representation from relevant stakeholders, including IT, Training and Information Governance
How to implement DCB0160 for Healthcare Providers
For health organisations needing to undertake the DCB0160 assessments of health technologies, the following are key steps to establishing the process:- Establish which technologies need assessing. NHS England has published applicability guidance, which should be used to analyse all technologies a healthcare organisation uses.
- Prioritise technologies needing assessment. The NHS applicability guidance suggests that many technologies will need assessing, which can appear overwhelming when starting from scratch. Systems that must have an assessment should be prioritised, and it would be advisable to prioritise the systems with the greatest impact if they fail and the potential patient safety impacts if left unchecked. This can be done through a hazard identification workshop involving all members of a multidisciplinary clinical safety team.
- Establish a Clinical Risk Management System. This overarching process should apply to all health IT systems within the organisation and align with its broader risk management activities. It should also confirm the organisation’s commitment to the DCB0160 process in the NHS’s implementation guidance.
- Establish who is the system owner for each technology. This should not be the CSO’s responsibility, as the CSO is likely to be involved in a myriad of technologies.
- Appoint a Clinical Safety Officer. This must be a registered healthcare professional with appropriate clinical safety training and experience in risk management in a healthcare setting.
- Establish a Risk Management plan. This should demonstrate how the risk management system will be applied to each technology. Each technology needs its own plan.
- Establish a Risk Management team. The team must include a representative from Top Management and a . For the team to achieve its intended purpose of holistically assessing and controlling the system’s risk, it is important that it includes risk owners from other areas of the organisation, such as information governance, IT infrastructure and systems, quality assurance, and end-user representation.
- Request manufacturer’s DCB0129 assessments. The DCB0129 will detail what hazards have been assessed and how they are controlled by the manufacturer. Most importantly, this should include what hazards the deploying organisation is responsible for mitigating against in their own risk assessment.
- Commence the risk management plan. This should include conducting hazard identification workshops to document hazards on a hazard log, monitoring incidents, and recording incidents on an incident log. The CSO should maintain these as part of their role in the clinical safety team.
- Compile a Clinical Safety Case Report. The CSO must compile a Clinical Safety Case Report. The report should comprehensively summarise how the system will be deployed, including reliant integrations, and the controls put in place for any hazards that may occur. It should act as the primary reference document with the hazard log available for further evidence and justification of controls.
Summary
Like any other tool or system, health technologies have an inherited risk level that the manufacturer must capture within a comprehensive DCB0129. It is essential to analyse clinical risk to mitigate its impact on patients and implement controls. The DCB0160 information standard published by NHS England is the legally mandated process that health organisations must undertake. It acknowledges the hazards transferred to the deploying organisation and details how these have been controlled. It also identifies local hazards from the deployment and use of the technology which the manufacturer may not have considered and documents the controls. An effective DB0160 assessment improves the deployment and use of the technology and provides a robust audit trail justifying its use in a clinical setting. The Clinical Safety Officer is key to the integrity of the DCB0160 process and helping clinical informatics to implement digital transformation initiatives safely.Find out more – book your free, no-obligation discovery call with us.
Let’s see how we can help you navigate DCB0160 or any other aspect of clinical safety or clinical risk management.