Lead Executive A University Teaching Trust Click here to enter text. Incident and Serious Incidents Requiring Investigation (SIRI) – Procedure and Practice Guidance including Data Incidents Version Number: Version 4 Name of originator/author: Head of Patient Safety – 0161 882 1071 Name of responsible committee: Integrated Risk and Clinical Governance Committee Name of executive lead: Chief Nurse Date V1 issued: 2010 Last Reviewed: February 2015 Next Review date: February 2017 Scope: Trust Wide Policy Code Number: CL-06 Where People Matter Most A University Teaching Trust Document Control Sheet Type of Procedural Document Document Purpose Standard Operating Procedure Specific Category / Corporate Directorate The overall purpose of this procedure / guidance document is to provide a framework to assist Directors, Care Groups, Departments and individual staff to understand their responsibility and accountability when incidents occur, how these are reported, investigated and managed within the Trust. Consultation Integrated Risk and Clinical Committee, OMT, Senior Managers Approving Committee Integrated Risk and Clinical Governance Committee Trust Management Board Ratification and Date Procedural Documents to be read in conjunction with this document: Training Needs Analysis Impact Approval Date November 2012 Date of Ratification: Jan 2013 Policy on Procedural Documents/ An Organisation wide Policy for the Management of Incidents – including the Management of Serious Incidents requiring Investigation (SIRI)/Being Open Policy Financial There are no Financial resource impacts Resource Impact There are Training requirements for this procedural document There is ongoing training for staff documented within this procedure/guidance Document Change History Changes to this document in different versions must be detailed below. Rationale for the change should also be given Version Number Type of Date Details of Change and approving group or Executive Lead (if done / Name of Change i.e. outside of the formal revision process) procedural Review / document this Legislation / supersedes Claim / Complaint V3 Reviewed March 2015 Minimal changes to update job titles and responsibilities. Additional guidance on HLIP Process Additional guidance on Part A and Part B report. Changes to report template Please ensure that any external references used in the creation of this document are entered as the final section of this procedural document. External References have been included in the body of the Procedural Document YES Privacy Impact Assessment submitted? Please ensure this is completed this at each consultation stage: Fraud Proofing submitted? Please ensure this is completed this at each consultation stage: NO Any issues? None Any issues? None NO X N/A Date: NO Date: Policy authors are asked to consider each of the nine protected characteristics under the Equality Act 2010. We expect you to demonstrate that throughout the policy process you have had regard to the aims of the Equality Duty: 1. 2. 3. Eliminate unlawful discrimination, harassment and victimisation and any other conduct prohibited by the Act; Advance equality of opportunity between people who share a protected characteristic and people who do not share it; and Foster good relations between people who share a protected characteristic and people who do not share it. Please provide a brief account of how you have done this, further work to be completed and any support you have had in considering the aims and working in compliance with the Equality Duty. If you are unclear on how to do this or would like further advice and support then you may contact [email protected]. It is the responsibility of the approving Committee/group/meetings to ensure this statement reflects the Trusts objectives and position with compliance as set out within the NHS Equality Delivery System Please confirm that the statement below is correct. If not please indicate why? YES This procedural document is broad and the scope is Trustwide so complies with the Trust’s Equality Delivery Service Equality Impact Assessed at review– November 2012 In line with the Trust values can this Procedural Document be published on the Trust’s External Website. YES X NO It is the Authors responsibility to ensure all procedural documents comply with the Trust values If you are unclear on any of the requirements in the document control sheet then please email [email protected] before proceeding Monitoring and Compliance Requirements Sheet (This section MUST be completed by the Author without exception). This section demonstrates the Trust’s commitment to Continuous Improvement and Lessons Learned from Incidents, Reports from the Coroner or other External Agencies and will be submitted as evidence as required. Minimum Requirement/Standard/Indicator to be monitored and Section of Document it appears Process for monitoring Responsible Individual Frequency of Monitoring 1 Please state how different aspects (standards) of the effectiveness of this Procedural Document will be monitored. If more than one standard, please enter the details in the rows below (as appropriate) Please enter the title of the person(s) who will be undertaking this task. 2 1.2.2a – Duties Audit or review or reports to committees or meetings Review Please enter how often e.g. monthly or 6 monthly or annually Yearly 3 1.2.2b – How all incidents and near misses involving staff, patients and others are reported Report by Lead 4 1.2.2c – How the organisation reports incidents to external agencies Report by Lead Datix and Incident Co-ordinator Yearly 5 1.2.2d – How staff can raise concerns, for example, whistle blowing, open discussion etc., Report by Lead Head of Patient Safety Yearly 6 1.2.2e – how the organisation monitors compliance with all of the above Review Head of Patient Safety/Risk Manager Yearly 7 1.2.2 –How all incidents and near misses involving staff, patients and others are reported - how the organisation reports to external agencies Level 3.2.2 How all incidents and near misses involving staff, patients and others are reported How the organisation reports to external agencies Report by Lead Head of Patient Safety/Risk Manager Yearly Report by Lead Head of Patient Safety/Risk Manager Yearly 8 Head of Patient Safety/Risk Committee Risk Manager/ Integrated Risk and Clinical Governance Committee Yearly Responsible Committee/Group/meeting for review of results / action plan approval / implementation This will normally be the Integrated Risk Management and Clinical Governance Committee. If it is different specify. Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Integrated Risk and Clinical Governance Committee Comments Section 4 All roles described Section 4.1 Section 5.4 Section 5.2 Section 8 Section 8 Section 8 NB: If you have selected audit you should complete the required audit registration form and standards document and submit these with your expected timescales for completing the audit to [email protected] as soon as possible and no later than 4 weeks prior to the audit commencing. The Group / Committee should also ensure the monitoring work is added to their yearly schedule of monitoring and action logs as appropriate. Page 4 of 72 Table of Contents Section Description Page Number 1 Introduction 8 2 Purpose of the Procedures/Guidance 8 3 Definitions 9 3.1 Incidents 9 3.2 Serious Incident Requiring Investigations 9 3.3 Data Incidents 9 3.4 Near Miss 10 3.5 Never Event 10 4 Roles and Responsibilities 10 4.1 Roles and Responsibilities of all staff 10 4.2 Role of the Line Manager 10 4.3 Role of the Senior Manager 12 4.4 Head of Care Group/Directorate 13 4.5 Role of the DATIX and Incident Co-ordinator 13 4.6 Role of the Risk Manager 14 4.7 Role of the Head of Patient Safety 15 4.8 Role of Nominated Directors (including On Call Senior Managers 4.9 Role of the Investigation/Review Panel 5 15 16 4.10 Role of the Action Plan Manager 16 4.11 Role of the High Level Investigation Panel 16 4.12 Role of the Chief Executive 17 4.13 Designated Board Member 17 4.14 Role of Quality Board 17 4.15 Role of the Committee with the overarching responsibility for Risk Management 17 4.16 Role of Senior Information Risk Officer (SIRO) 17 4.17 Role of the Information Governance Manager 18 4.18 Role of the Caldicott Guardian 18 Communication and Notification 19 5.1 19 Patient/Relative/Visitor/Contractor Communications and Support Page 5 of 72 6 7 5.2 Process by which to raise concerns 19 5.3 Internal Communication 19 5.4 External Stakeholder Notification 19 5.5 Media Involvement 20 5.6 Hotline Arrangements 21 5.7 Management responsibility for Hotline Arrangements 21 5.8 Data losses 21 Serious Incident Requiring Investigation (SIRI) Investigation 22 6.1 Incident grading and Appropriate levels of investigations 23 6.2 24/48 Hour Report 24 6.3 Responsibility for Investigation 24 6.4 Root Cause Analysis 26 6.5 Final Report 26 6.6 Coroners Enquiries 26 6.7 Recommendations and Action Planning 26 6.8 Monitoring of Action Plans 26 6.9 Involvement of relevant stakeholders 27 6.10 Sharing of lessons learnt 27 Incident and Casual Factor Analysis 29 7.1 29 Responsibility for incident analysis 8 Process for monitoring the effectiveness of the organisation wide procedure for the management of incidents including the management of Serious Incident Requiring Investigations (SIRI) 29 9 Dissemination, Implementation and Access to this Document 30 10 References 30 11 Serious Incident Requiring Investigation (SIRI) Process Diagram 31 Appendix Appx A 24/48 Hour Report 32 Appx B Briefing notes for completion of 24 and 48 hour Reviews 34 Appx C Template for Serious Incident Requiring Investigation (SIRI) Reports 37 Appx D Guidance for Completing Serious Incident Requiring Investigation (SIRI) reports 44 Appx E Standard Action Plan Template and Guidance 48 Appx F Roles and Responsibilities of the Action Plan Manager 52 Appx G Risk/Incidents/Complaints Grading Matrix 54 Appx H List of internal and external stakeholders 56 Page 6 of 72 Appx I List of Associated Policies 57 Appx J Guidance on how to write a statement 58 Appx K Protocol for discussing and reporting incident to Relatives/Carers of Patients and Involving Relatives/Carers in Serious Incident Requiring Investigation (SIRI) reviews 59 Appx L Assessing the level of severity of IG Incidents and Notification of Breaches to the SHA, The Department of Health and Information Commissioner’s Office 61 Appx M Publishing details of Information Governance (SIRI) in annual reports and statements of Internal Control 65 Appx N Never Events 68 We strongly recommend the use of flowcharts as a simplified step for staff to follow in the implementation of this Procedural Document Page 7 of 72 Incident and Serious Incident Requiring Investigations requiring Investigation (SIRI) – Procedure and Practice Guidance including Data incidents 1 Introduction Incident Management underpins the Risk Management and Board Assurance and Escalation Framework for Manchester Mental Health and Social Care Trust. It is a fundamental tool of risk management, the aim of which is to collect information about adverse incidents, including near misses. The Trust wishes to ensure that when a serious event or incident occurs; There are systematic measures in place for safeguarding service users, carers, staff, the public, property, NHS resources and reputation. That the organisation learns from adverse incidents and in doing so prevents further harm. The following procedure and additional guidance outlines the requirements for staff and managers in relation to the management of incidents and Serious Incidents including data loss and other Information Governance and Information Security Incidents. Incidents in relation to Safeguarding, Whistle Blowing and Fraud should be managed in accordance with the Trust’s specific policies for these areas. The principle of `fair blame` will apply, that is, individual responsibility for individual actions in relation to the investigative process. Disciplinary action in relation to incidents, Serious Incident Requiring Investigations may be considered if one or more of the following apply; There is a breach of criminal law Professional misconduct has been identified There are repeated unsafe occurrences in relation to the same individual In the view of the Trust or professional body the action causing the incident was not acceptable practice There is evidence that attempts were made to conceal the incident or tamper with any evidence. 2 Purpose of the Procedures/Guidance The overall purpose of this procedure / guidance document is to provide a framework to assist Directors, Divisions, Departments and individual staff to understand their responsibility and accountability when incidents occur, how these are reported, investigated and managed within the Trust. This will ensure that: We meet our statutory obligation in protecting the health and safety of individuals (patients, carers, public and staff). Page 8 of 72 Where incidents occur action is taken to prevent reoccurrence. Incidents that result in significant harm to either an individual and or the Trust are managed appropriately to reduce further risk of harm and provide assurance that such incidents are fully investigated and lessons are learnt. 3 Definitions 3.1 Incidents An incident is defined as an event or circumstance which could have resulted, or did result in, unnecessary damage, loss or harm to a service user, member of staff, visitor or member of the public under our care / on our premises. Incidents are included if they; 3.2 occur on Trust premises. occur off Trust premises but involve persons employed by the Trust whilst on Trust business. involve any patient receiving care from the Trust – including joint mental health services with local authorities. involve any patient who has been open to one or more Manchester Mental Health and Social Care services within the last 12 months Serious Incident Requiring Investigations (SIRI) A Serious Incident Requiring Investigation (SIRI) is defined as an incident that occurred resulting in; The unexpected or avoidable death of one or more patients, staff, visitors or members of the public under our care / on our premises. Permanent harm to a service user, staff, visitor or member of the public where the outcome required life saving intervention An event that prevents or threatens to prevent Trust ability to deliver health care services Adverse media coverage or public concern about the organisation. 3.3 Data Incidents Person identifiable data incidents are incidents that involve the actual or potential loss of personal information that could lead to identity fraud or have other significant impact on individuals. The reporting of Serious Incident Requiring Investigations (SIRI) relating to breaches of confidentiality involving person identifiable data and data losses will be assigned a level of seriousness in line with the Department of Health Gateway letter 9571 dated 29 February 2008. Any incident level 3 or above will be reported to the Strategic Health Authority (SHA) and Information Commissioner as per the Department of Health guidance (Appendix K) Further to this all Serious Incident Requiring Investigations (SIRI) involving data losses and breaches in confidentiality will be published in the Annual Governance Statement. Page 9 of 72 3.4 Near miss Any unintended or unexpected incident that was prevented by some form of intervention and so resulted in no harm but without the intervention may have resulted in harm to one or more patients receiving NHS funded healthcare (NPSA). 3.5 Never Event “Never events” are defined as ‘serious, largely preventable patient safety incidents that should not occur if the available preventative measures have been implemented by healthcare providers’. Their occurrence is an indication that an organisation may have not put in place the right systems and processes to prevent the incidents from happening and thereby prevent harmful outcomes. It is also an indicator of how safe the organisation is and the patient safety culture within that setting. The fundamental and unarguable motivation behind the “never events” policy is to ensure as far as possible that these events never happen. See Appendix M. 4 Roles and Responsibilities The following details the individual and departmental roles and levels of responsibility for incident and Serious Incident Requiring Investigation (SI) management within the organisation including: the Trust Board, Trust committees / groups, managers and all staff. 4.1 Role and responsibilities of all staff Incidents All staff have a responsibility for risk management and for reporting all incidents and near misses. All incidents will be reported via the DATIX electronic incident reporting system. This is a web based system and can be accessed from all desktop computers within the Trust. Incidents should be reported within 24 hours of the incident occurring or the identification that an incident has occurred. Serious Incident Requiring Investigations / Data Incidents Serious Incident Requiring Investigations / data incidents require further attention in respect of the process applied. Where an individual member of staff is reporting a Serious Incident Requiring Investigation (SIRI) they must inform their Line Manager immediately of the incident occurrence (in hours) or the On-Call Senior Manager (out of hours). They must also report the incident via the DATIX electronic incident reporting system as detailed above. 4.2 Role of the Line Manager Incidents Managers will be alerted to an incident report via the electronic DATIX reporting system. The system has been established so that the line managers responsible for a specific service area will receive an email notification that an incident has been reported. It is the responsibility of the line manager to view that incident, make any local arrangements to review the incident, take any remedial action necessary and to sign the incident report off on the DATIX system. This should be done as soon as is possible after the incident occurrence, and as a minimum within four weeks of the incident occurrence. Page 10 of 72 For all incidents managers should ensure that they take account of the following: If anyone is injured, or at immediate risk, this takes priority and should be dealt with straight away. Manage any further risks to anyone (for example, a further attempt at harming self or others, other patients reacting badly to the incident, equipment or drugs left in the area) Line Managers should ensure that all staff receive local induction training that includes completing a DATIX incident via the electronic incident system available on the local desktop computer. Line Managers should attend the local Divisional Governance Group to review incident themes and ensure dissemination of lessons learnt. Line Managers should report any perceived problems with the DATIX system noted or reported to them with the DATIX and Incident Coordinator. Serious Incident Requiring Investigation (SIRIs) / Data Incidents In the event of a Serious Incident Requiring Investigation (SI) / data incident the Line Manager must take appropriate steps to illicit all the known facts of the case and brief the senior manager responsible for the Divisons / Directorate (in hours). For data losses, Information Governance or Information Security incidents the Senior Risk Information Officer and Information Governance Manager must be informed. On notifying the senior manager about the incident the line manager will, in conjunction with the senior manager, decide on any further action to ensure safety and will record what has happened. The Line Manager will ensure that a DATIX report has been completed by the incident reporter. Depending on the circumstances of the Serious Incident Requiring Investigation (SI) / data incident, the Line Manager in consultation with the Senior Manager should decide the most appropriate person to inform the patient, relatives and carers about the incident if this has not been done already by others such as the police (see section on informing others). It is very important that the Senior Manager responsible for managing the Serious Incident Requiring Investigation (SIRI) is clear about who will be informing relatives and that this is agreed with the police before any contact is made. For data loss incidents the Senior Risk Information Officer, Caldicott Guardian and Information Governance Manager should be consulted as to whether patients are to be informed and how. The Line Manager when managing a Serious Incident Requiring Investigation (SIRI) (with support from senior managers, the Chief Operating Officer and the Governance Department) is responsible for: Ensuring safety Taking early action/counter measures to prevent recurrence Identifying and managing consequent risks of the incident Arranging for the security of records, as they will be required to be reviewed as part of the investigation and panel review process. Be Page 11 of 72 4.3 mindful that medical records may need to be copied if they are required for ongoing treatment.(Staff should refer to the Record Management Policy for the procedure to be adopted when securing records in relation to a Serious Incident Requiring Investigation) Taking witness statements from all those involved in the incident Arranging for staff support and counselling if needed Arranging support for others involved including relatives, carers, and other patients Gathering information and completing the 24/48 Hour report. On completion of the 24/48 Hour report this should be sent electronically to the DATIX and Incidents Coordinator. Liaising with the SIRO, Caldicott Guardian or Information Governance Manager in relation to data losses, Information Governance of Information Security incidents as to whether the incident is reportable to the Information Commissioner. Role of the Senior Manager Incidents Senior Managers will ensure that all incidents reported through DATIX are reviewed, actioned and closed as soon as is viable. Senior Managers will ensure that any incident trends / themes and lessons learnt are proactively shared across the team / Care Group / Trust. The nominated Divisional / Directorate Senior Manager (or nominated deputy) will attend the Integrated Risk and Clinical Governance Committee and actively participate in the monthly incident review / report process to enable the identification of Divisional / Directorate / incident themes, lessons learnt and any additional action required to ensure on-going prevention of incident occurrence. Serious Incident Requiring Investigation (SIRIs) / Data Incidents The Senior Manager of the area where the incident occurred should be made aware of all Serious Incident Requiring Investigations (SIRI`s) in a timely way by the incident reporter (within 24 hrs of the incident occurring). The Senior Manager will ensure that the line manager has taken all appropriate actions and then liaise with the Chief Operating Officer (COO), Medical Director (MD) Chief Nurse or other appropriate stakeholder as necessary. The Senior Manager will provide support to the Investigation / Review Panel. On completion of an Investigation the Senior Manager will formulate an Action Plan , monitor progress and ensure learning both within the Divisions / Directorate or across the Trust as appropriate. In conjunction with the Associate Directors/ General Managers/ Directorate the Senior Manager will identify any on-going risks and escalate these appropriately through the Service Governance structure / Risk Register process. Page 12 of 72 4.4 Head of Care Group / Directorate Incidents The Associate Directors/ General Managers / Directorate will ensure that all incidents reported through DATIX are reviewed, actioned and closed as soon as is viable by their Senior Managers. The Associate Directors/ General Managers / Directorate will ensure that the nominated / Directorate Senior Manager attends the Integrated Risk and Clinical Governance Committee and actively participates in the monthly incident review / report process to enable the identification of Directorate incident themes, lessons learnt and any additional action required to ensure on-going prevention of incident occurrence. Serious Incident Requiring Investigation (SIRIs) / Data Incidents The Associate Directors/ General Managers / Directorate (or their nominated Deputy) will monitor and track all Serious Incident Requiring Investigations (SIRIs) Action Plans within their areas and provide feedback in the form of a Quarterly Report to the Risk Committee. The report will give clear evidence of action plan performance and make recommendations for action plan closure when appropriate. In conjunction with their Senior Managers the /irectorate will identify any on-going risks and escalate these appropriately through the Service Governance structure / Risk Register process. 4.5 Role of the DATIX & Incident Coordinator DATIX System and Incidents The DATIX and Incident Coordinator will administer the system and ensure that all staff have access to the system, and that the functionality of the system meets the requirements of the Trust. The DATIX and Incident Coordinator will maintain a database of appropriately trained senior staff from across the Trust who are available to participate as panel members / Chairs for the Investigation / Review Panels. The DATIX and Incident Coordinator will provide information to the National Patient Safety Agency (NPSA) by ensuring all patient safety incidents are reported through the National Reporting and Learning System (NRLS). The DATIX and Incident Coordinator will provide a quarterly report to the Integrated Risk and Clinical Governance Committee identifying incidents, themes and severity. The DATIX and Incident Coordinator will arrange meeting dates for the High Level Investigation Panel meeting following each Serious Incident Requiring Investigation /Review. Serious Incident Requiring Investigation (SIRIs) / Data Incidents The DATIX and Incident Coordinator is alerted by email of all Serious Incident Requiring Investigations (SIRI`s) reported on the DATIX system. They will ensure that a feedback message is sent to remind the manager responsible of the area where the incident occurred that a 24/48 hour report is required. Page 13 of 72 The DATIX & Incident Coordinator will complete a Grade 0 STEIS report to the Commissioners and (within two working days1 of notification of the incident occurrence). This will contain all the information known at the time of reporting and will be updated as more information is established. An investigation level Grade 1 or 2 will be indicated by the Commissioners to the Trust within two days of the STEIS report2 and agreed with our Head of Patient Safety or Chief Nurse This agreed level will determine the investigation and monitoring requirements. If following the initial investigation the incident is found not to have been serious it can be downgraded and managed internally. See Appendix B for more information on grading. If a Serious Incident Requiring Investigation (SIRI) is subsequently downgraded then this will also be entered onto the STEIS system. For data losses and Information Governance incidents the information required to be reported is as Appendix K. As further information becomes available STEIS will be updated. The DATIX & Incident Coordinator will provide the Chief Operating Officer (COO), Medical Director (MD) , Chief Nurse and the Head of Patient Safety (HoPS) with a copy of the 24hr and 48 hr review. The DATIX & Incident Coordinator will send the Serious Incident Requiring Investigation (SIRI) Panel chair a copy of the incident, the 24/48 Hour report, the Serious Incident Requiring Investigation (SIRI) review template and guidance notes with details of the timescales for completion of the review. The DATIX & Incident Coordinator will track / monitor progress against the reporting schedule and send reminders to the Panel Chair to ensure that the 45 day deadline is met. This will include providing information as requested by the commissioners to enable their monitoring requirements. 4.6 Role of the Risk Manager Incidents / Serious Incident Requiring Investigation (SIRIs) / Data Incidents The Risk Manager will provide education, training and information for all staff so that they are aware of the incident reporting procedure and the mechanism of grading incidents. The Risk Manager will monitor the DATIX risk reporting system and ensures that regular reports are sent to the National Patient Safety Agency (NPSA) by the DATIX and Incident Coordinator and where they have a concern that the quality of the data falls below the mandatory requirement that they raise these concerns with the Head of Patient Safety. The Risk Manager in conjunction with the DATIX and Incident Coordinator will produce quarterly Incident Reports for the Integrated Risk and Clinical Governance Committee highlighting themes and is responsible for ensuring that the systems for dissemination of information in relation to lessons learned from incidents are efficient and effective and support the principles of a learning organisation. 1 Working day - Days that exclude weekends and bank holidays (Run from 23:59 on the day the incident is raised to 23:59 on the day the incident is reported) 2 National framework for reporting and learning from serious incidents requiring investigation. Ref: 0974. March 2010; Page 16 Page 14 of 72 The Risk Manager will ensure that incident reports, including Serious Incident Requiring Investigation (SIRI) reports, are circulated to appropriate staff and through the Trust Assurance Framework to ensure the relevant committees are informed and can take appropriate action where necessary. 4.7 Role of the Head of Patient Safety The Head of Patient Safety will ensure that the Trust’s processes and systems effectively meet mandatory requirements / expectations of the Care Quality Commission, NHS Litigation Authority, NRLS and the needs of the Trust. The Head of Patient Safety will provide expert advice to the Chief Executive, the Executive Team and Trust staff as necessary. Once final approval has been given by the Chief Nurse , Chief Operating Officer and Medical Director the Head of Patient Safety will notify the DATIX & Incident Coordinator to submit the report and action plan (within 45 days of the incident occurring) . The Head of Patient Safety will present Serious Incident Requiring Investigation (SIRI) Investigation / Review Reports, Executive Summary Reports for learning and their resultant action plans to the Integrated Risk and Clinical Governance Committee on a regular basis. The Head of Patient Safety will participate in the High Level Investigation Panel following the receipt of the final report from the Serious Incident Requiring Investigation / Review Panel. The Head of Patient Safety will provide a Serious Incident Requiring Investigation (SIRI) Investigation / Review Report to the Quality Board on a regular basis. Where incidents have been downgraded following 24/48 hr reports the Head of Patient Safety will formally feedback the reason for this to the incident reporter. 4.8 Role of Nominated Director(s) (including On-Call Senior Managers) Any Director who is made aware of a Serious Incident Requiring Investigation (SIRI), or the Director on call, will inform the Chief Executive of a Serious Incident Requiring Investigation (SIRI) as appropriate. The Chief Executive should be informed of all Serious Incident Requiring Investigations (SIRIs) which result in serious harm, death or are likely to affect public confidence in the Trust. The Chief Operating Officer (COO), Medical Director (MD), Chief Nurse and the Head of Patient Safety (HoPS) are informed of all Serious Incident Requiring Investigations (SIRI`s) through the DATIX electronic notification system and will receive copies of all 24/48 hour report from the DATIX and Incident Coordinator. They will consider the incident and make a declaration of a Serious Incident Requiring Investigation (SIRI) and request an Investigation / Review Panel to be established. Panel chairs will be identified from the database maintained by the DATIX & Incident Coordinator, by the COO, MD and Chief Nurse who will also identify appropriate panel members to support the review. The Panel will be supported by a nominated Action Plan Manager from the Division in which the incident occurred who will then Page 15 of 72 have responsibility for formulating the resultant action plan and sharing lessons learnt. The COO, MD and Chief Nurse will receive all completed Serious Incident Requiring Investigation (SIRI) Investigation Review reports to ensure accuracy, presentation of information and appropriateness of recommendations. The COO, MD and Chief Nurse will also participate in the High Level Investigation Panel where recommendations and reports will receive final approval to the commissioners. 4.9 Role of the Investigation / Review Panel The Investigation / Review Panel will fully investigate / review the circumstances surrounding the Serious Incident Requiring Investigation (SIRI) and provide a report to the COO, MD and the Chief Nurse regarding the incident making recommendations to ensure future safety and prevent reoccurrence for submission to the commissioners within 45 days of the incident. The panel members will usually comprise of a Consultant Psychiatrist and Senior Nurse but additional panel members with specific expertise may be used dependent upon the nature of the Serious Incident Requiring Investigation. The Panel will be supported by a nominated Senior Manager from the Division in which the incident occurred. . The Investigation / Review Panel will identify any areas of poor and good practice, risk and lessons learnt. The Investigation / Review Panel will formally present their findings to the High Level Incident Panel convened specifically for each Serious Incident Requiring Investigation. 4.10 Role of the Action Plan Manager An Action Plan Manager will be appointed by the relevant Division when an SIRI is declared. The role of the Action Plan Manager is to link with the panel to ensure that emerging recommendations are relevant and achievable. Once recommendations are agreed the Action plan Manager will translate the recommendations into an action plan and will take responsibility for ensuring that those tasked with actions are clear about their responsibilities. The Action Plan Manager will also retain oversight of the action plan until its completion. This includes ensuring that all evidence of progress is populated in the agreed plan on the SharePoint system. Detailed guidance on the role is appended to these procedures. 4.11 Role of the High Level Investigation Panel The High Level Investigation Panel (HLIP) will provide further scrutiny to the incident investigation and assurance that the relevant personnel have been involved, the key issues have been addressed and that lessons have been learned are disseminated. The HLIP will; Page 16 of 72 Meet with the Serious Incident Requiring Investigation Investigation / Review Panel on completion of their investigation to scrutinise the report findings. Require the attendance of key staff (clinical and managerial) to ensure accountability for actions is understood. Request any amendments to the report are made and are submitted to the commissioners appropriately and within contractual requirements. Approve the report and action plan for dissemination / action. Ensure an integrated governance approach by ensuring that any related complaints, claims, or coroners cases are duly completed. The panel members will comprise of the; Non-Executive Director (Chair). Chief Operating Officer, Medical Director and Chief Nurse Head of Patient Safety. Head of Legal Services and mental Health Act Services (if subject to a claim or inquest). Relevant Head of Profession (Nursing, Social Work or OT). Relevant General Manager/Clinical Manager Action Plan Manager 4.12 Role of Chief Executive The Chief Executive has overall responsibility for patient safety and risk management within the Trust. 4.13 Designated Board Member The Chief Nurse is the designated Trust Board member responsible for compliance with the Incident and Serious Incident Requiring Investigation (SIRI) procedure. 4.14 Role of Quality Board The Quality Board will receive regular reports of all incidents within the Trust including Serious Incident Requiring Investigations (SIRI) and ensures that all incidents have been investigated appropriately and thoroughly. The Quality Board also ensures that lessons learnt have been shared appropriately across the Trust. 4.15 Role of the Committee with the overarching responsibility for risk management The purpose of the Integrated Risk and Clinical Governance Committee is to have overall responsibility for establishing a strategic approach to risk management across the organisation, ensuring that the approach is pro-active. The Committee is also responsible for the overall co-ordination of risk management activity. It ensures that the necessary processes are in place to achieve compliance with statutory requirements and to protect the Trusts' patients, staff and assets. Risk management is an integral part of the Trusts' strategic and operational objectives. As part of the Trust Assurance Framework the integrated Risk and Clinical Committee reports to the Quality Board which is a subcommittee of the Trust Board. 4.16 Role of Senior Information Risk Officer (SIRO) Department of Health guidance states that “the SIRO should be an executive or senior manager on the Trust Board who is familiar with information risks and the organisation’s response to risk and has the knowledge and skills necessary to provide Page 17 of 72 the required input and support to the Board and to the Accountable Officer. The SIRO may also be the Chief Information Officer if the latter is on the Board.” The SIRO for the Trust is the Director of Strategy and Business Development. The SIRO is responsible for identifying and managing the Trust information risks and having oversight of the Information Security and Information Governance incident reporting procedures and response arrangements The SIRO, through the DATIX incident reporting system, will be informed of all Serious Incident Requiring Investigations (SIRI`s) relating to data losses, information governance and information security and will receive copies of all relevant 24/72 hour reports. The SIRO will be supported by the Information Governance Manager and Caldicott Guardian and have oversight of all completed Information Governance and Information Security Serious Incident Requiring Investigation (SIRI) reviews for accuracy and determining the most appropriate way to action the recommendations. The SIRO along with the Information Governance Manager will inform the Information Commissioner of data losses as appropriate. 4.17 Role of the Information Governance Manager The Information Governance Manager is responsible for assessing all Information Governance and Information Security incidents and assigning the appropriate risk level as per the Department of Health guidance. They will follow up incidents to ensure appropriate actions have been taken by line managers. The Information Manager along with the Risk Manager is responsible for ensuring that the systems for dissemination of information in relation to lessons learned from Information Governance and Information Security Incidents are efficient and effective and support the principles of a learning organisation. The Information Governance Manager will assist with or undertake incident reviews as appropriate in relation to Information Governance and Information Security Incidents. The Information Governance Manager will provide advice to assist panels investigating Information Governance and Information Security Incidents in determining the most appropriate way to action the recommendations. The Information Governance Manager will prepare the summary of Information Governance incidents for inclusion in the annual report and will provide regular reports for the Trust Information Governance Group and Risk Management Committee. The Information Governance Manager will advise on forensic preservation of evidence relating to data losses, Information Governance and Information Security incidents. 4.18 Role of the Caldicott Guardian The Trust Caldicott Guardian is the Medical Director and is responsible for ensuring the protection and use of patient identifiable information, ensuring it is only shared with those who have a justified need and that it is shared through safeguarded routes. Page 18 of 72 The Caldicott Guardian will provide support to the SIRO as appropriate in relation to safeguarding patient information and oversight of all completed Information Governance and Information Security Serious Incident Requiring Investigation (SIRI) reviews for accuracy and determining the most appropriate way to action the recommendations The Caldicott Guardian will provide advice as appropriate to assist panels investigating Information Governance and Information Security Incidents involving patient identifiable data and in determining the most appropriate way to action the recommendations. 5 Communication and Notification 5.1 Patient/relative/visitor/contractor communication & support Communication with patients their relatives, carers, visitors or contractors who may need to be involved in both pre and post incident reviews is extremely important. Please refer to the Trust Being Open and Duty of Candour Policy for information. See Appendix I in terms of informing relatives and involving relatives in this process. Where person identifiable information has been lost or inappropriately placed in the public domain then consideration will be given by the SIRO and Caldicott Guardian as to whether to inform those affected. Where there is any risk of identity theft this will be affected. 5.2 Process by which to raise concerns All staff are encouraged to report incidents and near misses. If staff have a specific concern they wish to raise but feel unable to use the incident reporting mechanism they may raise concerns as part of the Public Disclosure At Work Policy. Communication with staff may need to be both pre and post investigation. Staff involved in the incident and other staff within the organisation may need to be included in discussions Staff involved in the review of an incident will be kept up to date by the panel chair. 5.3 Internal communication It is extremely important that those staff involved in the review of incidents receive appropriate feedback. Review panel chairs should ensure that the final report submitted is checked for accuracy by all members of the panel. Once completed the Panel Chair and the nominated Senior Manager must ensure that all staff involved in the process receive the appropriate feedback. In addition the Associate Director /General Manager or their nominated Senior Manager must ensure that the resultant Investigation Report and action plan is monitored through the Division Governance Group and that any lessons learnt are shared through the Divisions Governance structures. 5.4 External stakeholder notification Procedure for notifying incidents to the Commissioners Manchester Mental Health and Social Care Trust (MMHSCT) are required to report all Serious Incident Requiring Investigations (SIRIs) as part of the STEIS (Strategic Executive Information System) reporting arrangements. Page 19 of 72 Where there is uncertainty about how to classify an incident, a report should be made. The National Framework for Reporting and Learning from Serious Incident Requiring Investigations requires the PCT to be involved in and agree grading with MMHSCT. Systems are in place to ensure this is supported by MMHSCT through STEIS and regular meetings with the PCT. The Care Quality Commission (CQC) The Mental Health Act Lead Officer o will inform the CQC administrator as soon as possible of a Serious Incident Requiring Investigation (SIRI) concerning a patient that is formally detained under the Mental Health Act. Other agencies The line manager, in consultation with the Senior Manager or Chief Operating Officer should inform other agencies having continuing involvement with the service user/client as soon as it is practical. Though this list is not exhaustive, thought must be given to the necessity to also inform any of the following depending on the incident. Commissioners Other NHS Trusts as required NHS Litigation Authority Trust Legal Advisors (this should be done via the Head of Legal and Mental Health Act Services) The Information Commissioner (please refer to Appendix J regarding how/when to inform the Commissioner) Police Coroner Children Families and Social Care Services Manchester Safeguarding Adults Board Manchester Safeguarding Children Board Health and Safety Executive National Patient Safety Agency Medical Devices Agency Public Health Department ICAS (Independent Complaints Advisory Service) Advice on informing others can be sought from the Governance Team. Please see Appendix E. List of External and Internal Stakeholders. 5.5 Media Involvement It is particularly important in all circumstances to ensure that informing the appropriate people, specifically the patients and relatives, of a Serious Incident Requiring Investigation (SIRI) or a major incident should happen before the media. Page 20 of 72 5.6 Hotline Arrangements If the incident is likely to attract a large number of calls from members of the public, a help- line will be established in an identified operations room. 5.7 IM&T will be informed regarding telephone and network line requirements including extra phone lines Head of Information Systems or IS Manager will be informed for development of a database for logging of calls/ information and postal arrangements A paper back-up system is an essential requirement to ensure documentation maintained Management responsibility for Hotline arrangements The decision to establish such a help line would normally be taken by the Chief Executive or an Executive Director. Out of hours the Director on call would make such a decision. The Chief Executive or Executive Director will nominate the most appropriate senior manager to have overall responsibility for the management of the help line. 5.8 On occasions when many patients have been involved in an incident or where an incident has come to light some months later, it is acknowledged that it may not always be possible to inform the patient in advance of the media even though every effort will be made to do so. Communications has responsibility for media relations and all enquiries from the media should be referred to them. Communications also has responsibility for issuing press statements and any other necessary information. If necessary an Operations Room with Hot Line and Help Line facilities will be established. In the first instance this is likely to be at Trust Headquarters however depending on the incident it may need to be at the site of the incident. The Hot line will be reserved for high-level calls in and out of the Trust. Specific numbers will be assigned for specific functions. A Help Line will be a number or numbers assigned to receive calls from staff and the public about their queries and concerns. Several lines may be required for each purpose. (Section 8 outlines requirements for establishing Help / Hot lines) During office hours the identified operations room will be located in Chorlton House. Should the need arise for an immediate operations room to be identified out of office hours it should be located at one of the three acute hospital sites, whichever is nearest to the locality of the major incident. Data losses The reporting of Serious Incident Requiring Investigations (SIRI) relating to breaches of confidentiality involving person identifiable data and data losses will be assigned a level of seriousness in line with the Department of Health Gateway letter 9571 dated 29 February 2008. Any incident level 3 or above will be reported to the Strategic Health Authority and Information Commissioner as per the Department of Health guidance Appendix K. Further to this all Serious Incident Requiring Investigations (SIRIs) involving data losses and breaches in confidentiality will be published in the annual report and Trust Statement of Internal Control in accordance with the Department of Health Gateway letter 9912 dated 20 May 2008 Appendix K. Page 21 of 72 Examples of breaches of security are: Loss of computer equipment due to crime or an individual’s carelessness Loss of removable storage devices e.g. Data sticks, CD’s, floppy disks due to an individual’s carelessness Accessing any part of a database using someone else’s authorisation either fraudulently or by accident Trying to access a secure part of the organisation using someone else’s PIN number or COTAG (electronic access card) Finding the doors and/or windows have been broken and forced entry gained to a secure room/building Examples of breaches of confidentiality are: 6 Finding a computer printout with header and personal information on it at a location outside the Trust premises/buildings Finding any paper records about a patient/member of staff or business information in any locations outside the Trust premises/buildings Being able to view patients’ records in the back or front of an employees’ car e.g. Medical staff A fax being received by the incorrect recipient Giving information to people who are not entitled to know wither verbally, written or electronically. Serious Incident Requiring Investigation (SIRI) Investigation All reported Serious Incident Requiring Investigations (SIRI`S) will be subject to a 24/48 hour report (See Appendix A). Managers investigating incidents need to be mindful of the following when gathering initial information which may form part of the review process. Managers should where necessary: Gather relevant documents, e.g. case notes, CPA care plan, information regarding data losses and identity theft, risk assessments (it should be noted that the line manager at the point of notifying a Serious Incident Requiring Investigation (SIRI) should secure all case records (see records management policy on the procedure). Identify stakeholders. Develop and implement a communications plan including the plan to inform service users and carers. Take witness statements from all those involved in the incident if not already done. The statements should be dated, timed, signed and legible. See Appendix G. Preserve any evidence. Institute formal documentation and version control. Page 22 of 72 6.1 Keep detailed records of dates, times and actions. Begin to establish a chronology of events that forms part of the review process. The Investigating Manager will co-ordinate the review process but may delegate some of the administrative functions, e.g. co-ordination of diaries, booking of venue, refreshments etc. Managers should ensure that investigations are timely ,e.g. o If necessary records are secured immediately. o Witness statements are taken as soon as possible so that events and details are remembered. Managers should keep contemporaneous record of the investigations and should plan the process as appropriate to the investigation. Managers should seek expert, specialist advice as appropriate but particularly when looking at best practice issues. Provide update reports as necessary to the Chief Executive and the Litigation Advisor, where appropriate. Managers should be mindful of the need to involve external agencies as necessary in the internal investigation process, where such involvement is appropriate, e.g. police, probation service, Primary Care Trusts. Managers involved in incident investigation will attend the Trust Root Cause Analysis training. For Serious Incident Requiring Investigations (SIRIs) Root Cause Analysis techniques will be used and a full time line completed. Reports will be completed using the agreed Serious Incident Requiring Investigation (SIRI) template - See Appendix H. Monitoring of action plans will be through the Operations Directorate and Risk Committee in terms of any risk identified. Incident review action plans will be monitored through the relevant care Group meetings. Incident grading and appropriate levels of investigations A Serious Incident Requiring Investigation (SIRI) can be recognised initially because it: could threaten the physical or psychological safety of any person might result in more than minor injuries and is seen by those involved as serious, or to have the potential to be serious including data losses and identity theft has potential consequence which are major or catastrophic The first decision is made by the staff involved and their Line Manager. Despite the above definitions, determining whether an untoward incident constitutes a Serious Incident Requiring Investigation (SIRI) is still difficult, so a degree of judgment is required in decision-making. Additionally, a Serious Incident Requiring Investigation (SIRI) may not become immediately apparent but may emerge over time as a Serious Incident Requiring Investigation (SIRI). It could be that a number of isolated "untoward incident" report forms provide the Trust with an information "trigger" to alert us that something more serious is taking place than was initially thought. Incident grading for data losses is contained in Appendix K. Page 23 of 72 6.2 24/48 Hour Report The purpose of the 24/48 hour report is to identify the facts of the incident at an early stage to determine the necessity for a full Serious Incident Requiring Investigation (SIRI) Investigation. This process will be managed locally by the senior manager. The details of the fact finding process including a recent timeline will be logged using the 24/48 hour report form. See Appendix I. This form, once completed, will be emailed to the DATIX and Incident Coordinator who will ensure that it is forwarded to the Chief Nurse, Chief Operating Officer and Medical Director. The Chief Nurse will confirm the incident as an SIRI based on the information in the 24/48 hour report. On receipt of the 24/48 hour report it may become apparent that the incident is not a Serious Incident Requiring Investigation (SIRI). In these circumstances the Chief Operating Officer, Medical Director and Chief Nurse will make a decision to downgrade the Serious Incident Requiring Investigation (SIRI). In these cases the 24/48 hour report may act as a final report or it may be identified that there is further learning to be gained from local investigations. In instances where an incident has been downgraded feedback on the reasons for this will be provided by the Head of Patient Safety to the incident reporter. 6.3 Responsibility for investigation Local Team reviews Those incidents which may be classified as having moderate or minor outcomes or near misses should also be reviewed. (These incidents may be graded as Green or Yellow). However a less formal procedure will be sufficient to gain understanding of the events and to learn lessons from it. It is the responsibility of the Ward Manager (in hospital settings) or Community Team manager or other first line managers to lead the review process. These reviews should happen at local level and may happen within the team that the incident occurred. The team review should still include a record of the review The report from the review should include: The minimum account includes a description of what happened, who was involved, what actions were taken then and any actions still needed. If any procedures are thought to need urgent revision after the team review, the Chief Operating Officer should be told. Comprehensive 24/48 hour reviews may be a sufficient record of the local review. However if a local review is requested this should be submitted to the Chief Operating Officer, Medical Director and Chief Nurse once completed. Serious Incident Requiring Investigation (SIRI) Reviews The Chief Nurse (or their Deputy) will appoint panel members utilising the list of trained staff available from the DATIX and Incident Coordinator. Once appointed the Chair of the Investigation / Review Panel will be required to complete the Serious Incident Requiring Investigation (SIRI) report. In line with monitoring requirements by Page 24 of 72 commissioners reports are expected to be completed within 45 days of the incident occurring this is performance managed and can lead to a contract breach where we do not comply. Contract breaches carry financial penalties for the Trust although there are systems to request extensions and discussions should take place with the Head of Patient Safety if panel chairs have any concerns about compliance. All panel chairs will be members of staff from within the organisation and will have completed the Trust Root Cause Analysis Training. The purpose of the review is to identify the root causes of the incident and correct any weaknesses in operational procedures. Where court proceedings in relation to an incident are thought likely, legal advice should be sought with a view to ensuring that the investigation does not prejudice those proceedings. The review will state any further action or changes in procedure recommended. The report should be completed as part of the Trust Serious Incident Requiring Investigation (SIRI) Review Template. Attached Appendix C. Part A Reviews All SIRI`s will commence with a Part A review and will consider the following A history of service user’s treatment and care should be included. A chronological account of what is known to have happened – this should ‘tell the story’ of the unfolding of events relating to the matters under review. The report should carefully document the following: (a) Is there a care plan in place and is the CPA up to date and timely (b) Is there an up to date risk assessment and is this sufficiently robust (c) Whether the care given to the patient was effective and optima The investigation team should be able to determine at this stage if there are any areas for learning that may be applied or need to be part of a reflective practice session with the team or specific staff. These learning points are issues that may arise that could have been delivered better but were not significant failings in care. If the investigation team determine that the standard of care delivered was good then the report is completed at this stage. Part B Reviews Part B reviews will be completed only when there are significant lapses in the care provided and with the intention of providing more detailed analysis of the causes of this using a range of RCA tools. Page 25 of 72 6.4 Root Cause Analysis for Part B All Serious Incident Requiring Investigation (SIRI) Reviews are subject to a Root Cause Analysis (RCA) investigation. A range of staff within the organisation have been fully trained in this process. The chair of the panel in association with the nominated senior manager and panel will determine the best tool to use within the process. All reviews will use a comprehensive timeline and reports will be submitted on the agreed template. See Appendix H. Throughout the investigation attention will be paid to the practice of individual practitioners to ensure compliance with codes of conduct and policy and procedure. Where there is evidence to suggest this may be in question a further investigation may be undertaken in line with the Trust’s disciplinary processes. 6.5 Final Reports All reports will undergo scrutiny through the High Level Investigation Panel as detailed in 4.11. 6.6 Coroners Enquiries The Coroner may commission an inquest into the death of a person. Where this is the case staff are often requested to provide statements or to appear in court. Authors of Serious Incident Requiring Investigation (SIRI) reviews must be mindful that the coroner may request a copy of this report. Coroner’s requests for statements are made through the Head of Legal and Mental Health Act services who will assist staff in terms of advice on submissions of statements or appearance at the court. The Coroner may also request the panel chair to attend the inquest. 6.7 Recommendations and Action Planning Recommendations should be made as part of the RCA process and a record of the recommendations contained within the agreed report template. Resultant action plans will be formulated, monitored, shared and closed as described in the roles and responsibilities section for the Action Plan Manager. The action plans for SIRI’s are part of the Trust’s wider assurance framework. 6.8 Monitoring of Action Plans From the recommendations of the Serious Incident Requiring Investigation (SIRI) Investigation / Review an action plan should be agreed by the Associate Director or Genarl Manager of the Division / Directorate. The action plan should be structured as Appendix H and be specific with an identified individual who is responsible for delivering the action. The nominated Action Plan Manager for delivering the action will ensure that appropriate recommendations are also implemented, in conjunction with the Governance Department, in all care groups unless it is very specific to the service e.g. review of standard operating procedures for a particular team. All action plans will be maintained on SharePoint and the nominated Action Plan Manager will be required to load evidence against each of the actions to demonstrate implementation of the recommendation. Ongoing monitoring of action plans will take place in divisional governance meetings and responsibility for ensuring this takes place lies with the Associate Director/ General Manager of the Division. Page 26 of 72 .Evidence of this process will be maintained within the Care Group / Directorate Governance Group minutes, action log and agenda (by embedding the action plans into the agenda document and showing clear tracking or the review process). Action plans and evidence against action plan performance will be reviewed and determined complete by the Head of Patient Safety in consultation with the Chief Nurse/Medical Director. 6.9 Involvement of relevant stakeholders Where appropriate it may be beneficial to involve external agencies such as the Health and Safety Executive (HSE), the Medicines and Healthcare products Regulatory Agency (MHRA), the Police or Environmental Health Agency (EHA) etc. They may be needed to help investigate certain incidents which may be outside the expertise of those within the organisation. The Serious Incident Requiring Investigation (SIRI) Review Chair will have responsibility for deciding on the need to secure the involvement of any external organisation and will make the appropriate arrangements. If an incident occurs across a number of organisational boundaries, it may be appropriate to work together in a joint investigation. For NHS Trusts contact should be made with the Trust Risk Manager in the first instance to discuss the arrangements. Consideration also needs to be given whether or not a Serious Incident Requiring Investigation (SIRI) may meet the criteria necessary for a Serious Case Review as defined by the Manchester Safeguarding Adults Board. 6.10 Sharing of lessons learnt The sharing of the lessons learnt post investigation is a serious part of incident management. Inline with the National Framework the Trust believes learning from Patient Safety incidents to be a collaborative, decentralized and reflective process that allows us to draw on experience, knowledge and evidence from a wide variety of sources. Learning following an incident is defined as safety-related policy, practice and process issues that have contributed to the incident from which others can learn. The Trust has a range of mechanisms to ensure that lessons have been learned as a result of an incident and that they are disseminated across the organisation. All Serious Incident Requiring Investigation (SIRI) reviews are fed back to the multi disciplinary team(s) involved and as appropriate across the Trust by the Investigation / Review Panel Chair and the Senior Manager. Where necessary lessons learned from the review, or required changes in individual practice, are discussed in supervision with individual practitioners. The completion of the Executive Summary and the action plan are key to the lessons learnt processes. These documents assist Trust Committees and Senior Managers in the identification of themes. The Trust has a standard list of themes which are linked to the Care Quality Commission Registration and allow the Trust to identify recurrent issues and the appropriate lead and sharing methods. To ensure standardisation the themes identified in the action plans must be taken from the CQC Registration Outcomes below: Page 27 of 72 Key Lines of Enquiry (KLOEs) To ensure standardisation the themes identified in the action plans must be taken from the CQC’s Key Lines of Enquiry below: Are Services safe? This KLOE looks at how people are protected from abuse and avoidable harm. Abuse can be physical, sexual, mental or psychological, financial, neglect, institutional or discriminatory abuse. The CQC will look at incidents, safety and risks amongst other things. Are Services effective? This means the CQC look at people’s care, treatment and support to see if it achieves good outcomes and promotes a good quality of life They also look at whether care and treatment is based on the best available evidence and whether staff have all the necessary training and information to provide the best care for people. Are Services caring? This means that staff involve and treat people with compassion, kindness, dignity and respect. It also includes looking at how people and their relatives are involved in their care and explores patient feedback. Are Services responsive? This is where the CQC will look at how services are organised to ensure that they meet people’s needs, especially those who are vulnerable and how accessible services are. Are Services well led? This section looks at the leadership, management and governance of the organisation to assure the delivery of high quality person-centred care. It also looks at the support for learning and innovation, and how the organisation promotes an open and fair culture. The use of standard themes allows the Trust to triangulate the information we collect across all governance areas. The Trust can then identify preventative measures and also look at the appropriate communication through a combination of; Training Events – Effectiveness days, mandatory training updates, specific work based training sessions Communication – Leadership Forum , Trust Mid day email, Staff newsletters Case Studies – vignettes, case summaries through the professional leads Page 28 of 72 Audits/Result dissemination Committees or meeting agenda’s for discussion System or policy changes to allow earlier detection and prevention Quality Account – Information sharing The Executive Summary completed by the Panel Chair following investigations offers a key starting point for learning. This summary should be anonymised and allow the document to be widely shared. Action plans and recommendations are monitored through local governance meetings. All action plans for SIRIs will be presented to the Integrated Risk and Clinical Governance Committee with the associated review report. Action plans are recalled for review by the Risk Committee on a six monthly basis to review the evidence that demonstrates full implementation of the recommendations before they are finally signed off by the committee as having been delivered. All SIRIs are subject to a High Level Incident Panel to ensure all issues have been identified and the approach to lessons learned will ensure they are firmly embedded within the organisation. 7 Incident & Causal Factor Analysis 7.1 Responsibility for incident analysis The Governance Team will produce a quarterly incident report for the Integrated Risk and Clinical Governance Committee. All SIRI`s will be reported to Board through the reportable issues log on a monthly basis. A trend analysis will be provided on a range of incidents corporately. Incident reports will be reported through the relevant Governance Committees as part of the Trust Assurance Framework. 8 Process for monitoring the effectiveness of the organisational wide procedure for the management of incidents including the management of Serious Incident Requiring Investigations (SIRIs) Random samples of all reported incidents and near misses are scrutinised by the DATIX and Incidents Coordinator to ensure compliance to the policy. The Integrated Risk and Clinical Governance Committee monitors all Serious Incident Requiring Investigation (SIRI) Investigations. The Trust will monitor the effectiveness of the organisation wide procedure for the Management of Incidents, Including the Management of Serious Incident Requiring Investigations (Serious Untoward Incidents) by establishing a program of key indicators. These will include: The number of incidents reported quarterly. Reported as part of the quarterly DATIX report. Timescales for completed Serious Incident Requiring Investigation (SIRI) reviews. Collated by the DATIX and Incident Coordinator and monitored through the Performance and Quality Board meeting with commissioners. Page 29 of 72 9. The involvement of relatives/carers in Serious Incident Requiring Investigation (SIRI) reviews is monitored as part of the Being Open and Duty of Candour Policy and the production of quarterly reports. Audit that demonstrates that lessons have been learnt and that the recommendations arising from any SIRI report are implemented and sustained. Dissemination, Implementation and Access to this Document This procedure and guidance document is available on the Trust intranet site. The policy also forms part of the training that is available for all staff on incident management and grading and underpins the training on Root Cause Analysis. All staff receive training in Risk Management as part of the Trust induction process. Ongoing training is valuable for all staff on completing the incident form and grading processes. 10. References National Patient Safety Agency (NPSA) Seven Steps to Patient Safety. The full reference guide. Available at www.npsa.nhs.uk/sevensteps April 2004 Health and Safety Executive (HSE) The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR), HSE Books. NHS North West Serious Untoward Incident protocol March 2008 Department of Health – Checklist for Reporting, Managing and Investigation Information Governance Incidents – Jan 2010 National framework for reporting and learning from serious incidents requiring investigation. Ref: 0974. March 2010 Page 30 of 72 11. Serious Incident Requiring Investigation (SIRI) Process Diagram SIRI Management process SIRI Identified and reported via DATIX electronic reporting system. (DAY 1) Manager on duty takes any immediate action required 24/48 Hour report is requested and completed by relevant manager 24/48 Hour report is received (Within 24/48 hours) SIRI is declared by Executive Director or SIRI is downgraded with agreement from commissioners SIRI Investigator allocated from approved List and 24/48 Report sent (Day 3-5). Panel members agreed. DEVELOPMENT OF TRUST WIDE PROCEDURAL DOCUMENTS Review Instigated with requirement to complete report within 45 day timescale. Draft reports to be submitted to Chief Nurse at day 35 Completed report sent for discussion amendments and sign off at High level Incident Panel for all incidents progressing to full SIRI. SIRI Report sent to commissioners within 45 day deadline Received by relevant Committee Action plan agreed and monitored until actions achieved. Page 31 of 72 Appendix A 24/48 Hour Report Date of Incident: Datix No: Incident Details: Give as many facts regarding the incident as possible Lead Reviewer Location: Job Title Contact Number & Email Other Reviewers: Contacts: Background Details of Service User including brief summary of previous clinical history: Name of Person: Home Address: Ethnicity: Consultant: Prescribed Medication Last CPA Date Main parts of Care Plan Name / Contact for Carer Date of Last Risk Assessment Names of any witnesses Date Statement Taken Date of Birth: GP Name and Address: Diagnosis (if known) Mental Health Act Status: Care Coordinator Where are the file/noted located? Police involved? Details if Yes Coroner Notified? Details if Relatives contacted Yes date and by: Brief Timeline to include contacts with service user over 3 months Page 32 of 72 Recent/detailed timeline relevant to incident 4 weeks up to incident Initial findings / actions from immediate review: Recommendations/learning from immediate review: 24 hr review completed: Electronic signature or email 48 hr review completed: To be completed by Datix & Incident Coordinator Report received: Submitted to Directors: Grading agreed: Response: Directors SIRI – Allocated to/Date: Date incident STEIS’d: To be completed by Chief Nurse and Director of Quality Assurance Local Review Yes / If Yes, scope of Local Required: No Review (e.g. reasons for decision / other comments): Full SIRI Review: Yes / No If Yes, scope of SIRI Review (e.g. reasons for decision / other comments): Page 33 of 72 Appendix B Briefing Notes for completion of 24 and 48 Hour Reviews Introduction These notes are to assist managers in reviewing incidents that have been initially reported as Critical Incidents (SUI`s) The 24 and 48 hour review should establish the necessary facts and information in relation to the incident, to enable the reviewer to consider their findings and to determine whether a further more detailed SUI is required. If it becomes apparent through this immediate review process that the incident is not an SUI it will be downgraded. The immediate review report may therefore act as a final report in response to the incident if this appears appropriate. This report must be started immediately after a SUI is reported. In the first 24 hours as much information as possible should be recorded and the full immediate review completed within 48 hours of the reported incident and returned electronically to the Datix & Incident Coordinator. Critical Incidents (SUIs) definition In Line with the new arrangements for immediate reviews of reported SUIs please see the definition below. This is from the National Patient Safety Agency definition (NPSA): A Serious Untoward Incident requiring investigation is defined as an incident that occurred resulting in • The unexpected or avoidable death of one or more patients, staff, visitors or members of the public • Permanent harm to patient, staff, visitor or member of the public where the outcome required life saving intervention The loss of data (data loss) and/or identity theft • An event that prevents or threatens to prevent the Trust ability to deliver health care services • Adverse media coverage or public concern about the organisation. • A ` never event` as defined by the NPSA which for mental health services would be an inpatient suicide using non collapsible rails. 1. Reviewer Details Complete Box one with all relevant details. 2. Background Provide details of the service user including a brief summary of the clinical history. Page 34 of 72 3. Personal Details Complete the personal details of the service user including medication, mental health status, CPA, care plan and risk assessments 4. Notifying Others State any witnesses to the incident if applicable. If witnesses were present please assure yourself that witness statements have been taken or are planned. Ensure that if the police are involved there is contact information. Consider if the coroner needs to be notified. State when relatives have been contacted about the incident, and who made the contact. 5. Time Line This is a brief timeline that requires details of contact dates made over the previous three months if applicable 6. Detailed Time line This time line should be more in depth detailing interventions as well as contact in the weeks preceding the incident The detail should be in terms of the events leading up to an incident. Obviously if a detailed time line of a month is not relevant it does not need to be included. The detailed time line in some cases may be a week or in hours depending on the event. 7. Initial Findings/Immediate Action From reviewing the history/case notes/contacts the reviewer should be able to establish initial findings of the case. It is expected that reviewers would consider the standards of care and treatment received by the user, whether CPA, care plans and risk assessments were up to date, comprehensive and complete. Reviewers must take account of the detail of the incident and consider if there are key areas that remain unknown or unanswered and where possible lessons or improvements in practice need to be identified and made to ensure service safety. Please note any immediate action taken in relation to the incident and specifically any urgent action that must be taken to ensure immediate safety. 8. Recommendations Reviewers should make any recommendations in terms of practice and learning if relevant. This can be in the context of local services or wider organisational learning. 9. Local Review Required or Critical Incident (SUI) Required Based on the immediate 48 hour review the reviewer should determine whether it is necessary for a local review or full Serious Untoward Incident Review to commence and explain the decisions for this. Completed reports should then be sent electronically to the Datix & Incident Coordinator for discussion at the weekly Complaints, Claims and Incident Meeting. The decisions of the reviewer will be agreed or not by an Executive Director. Where a critical incident (SUI) has been agreed the chair of the panel will be appointed immediately and a Page 35 of 72 copy of the immediate local review report will be forwarded to the panel chair with all additional paperwork. Where it is agreed that the Immediate Review has determined that a full critical incident (SUI) is not required the incident will be downgraded. The immediate review report may therefore act as a preliminary to a detailed local review or act as a final report in response to the incident if this appears appropriate and will be shared as part of the local Governance Meetings across the Trust. Page 36 of 72 Appendix C A University Teaching Trust Serious Incident Requiring Investigation FINAL REPORT SUBJECT: DOB: DATIX: D STEIS: (to be populated by DATIX and Incidents Coordinator) Names of Investigation Team Date of Panel Page 37 of 72 Table of Contents Number Subject 1.0 Executive Summary for Learning Introduction 2.0 Background incident details 3.0 Review team and terms of reference 4.0 Process (methodology) 5.0 PART A ; HEALTH CHECK Page Background to care and treatment of service user. Good practice 6.0 PART B :Significant Lapse in care Facts Established Associated relevant factors Analysis/conclusions Recommendations Appendix One Comprehensive Timeline Page 38 of 72 Serious Incident Requiring Investigation Executive Summary for Learning Brief Incident Description Incident Date: Incident Type: Healthcare Specialty: Actual Effect on patient and/or service: Actual severity of the incident: Level of investigation conducted: Part A : Health Check Part B : Learning from significant lapses in care. Involvement and support of the patients and/or relatives: Detection of incident: Care and service delivery problems: Contributory factors: Root causes: Lessons learned: Part A and Part B reviews Themes: Recommendations: Part B reviews only. Page 39 of 72 1. Introduction Reason for the Report This serious incident requiring investigation of Manchester Mental Health and Social Care Trust is in accordance with MHSC Trust Incident Policy and applies the principles of Root Cause Analysis. It aims to understand the context and processes that led to the serious incident and to learn lessons from it so that practice, process or policies can be changed or reviewed to improve services. This report has been prepared following a review of the care given to ……..................... 2. Background to Incident: What Happened? What actions were taken immediately? Were Staff debriefed? How have relatives/Carers been involved in the review process? 3. Review team and terms of reference The Trust appointed the following panel to review this incident: The terms of reference for the review are as follows: To review the care and treatment of To identify any process/procedural failures or causal factors which may have impacted on the incident To establish if the care provided was of good quality and identify any issues that fell below agreed standards. To make appropriate recommendations for any part of the organisational system 4. Process (methodology) The Panel looked at the following documents, policies and procedures as part of this review process: Page 40 of 72 The Panel examined the following clinical records/information as part of this review process: The Panel had access to statements from. The Panel interviewed the following people as part of this process 5. PART A Health Check: Review the information contained within the 24/48 hour report. Background details of service user including length of time known to service and details of care and treatment 5.1 Date of CPA – Was it timely. 5.2 Date of Last Risk assessment – Was this reasonable and thorough? 5.3 Was a reasonable standard of care and treatment delivered? 5.4 Are there any areas of good practice? 5.5 Are there any specific learning points that should be included in reflective practice? Were there any significant lapses in care? Yes /No Where significant lapses in care are identified proceed to Part B Page 41 of 72 6. PART B; Analysis and learning from significant lapses in care. 6.1. Facts established 6.2. Associated Relevant Factors 6.3. Analysis/Conclusions 7. Recommendations 1. 2. 3. 4. These recommendations will be translated into an action plan with agreed tasks, named managers and agreed timescales. This action plan will be completed with the review and monitored through the local divisional structures. Page 42 of 72 Appendix One Comprehensive Time line The following is a timeline, detailing contact with mental health services from : Date Event Comment Page 43 of 72 Appendix D Guidance for Completing Serious Incident Requiring Investigation (SIRI) Reports Title Serious Incident Requiring Investigation – STEIS /DATIX reference number. This will be completed centrally by the Incident Coordinator. Contents Page A contents page is included to assist with the structure of the report. Authors may wish to add additional information. Authors should ensure that the report is paginated. Introduction The introduction is included in the template. Background The author should include here a brief description of the matters and circumstances that have prompted the review that relate to the incident. There are four key questions that then need to be completed which set the immediate context of the report. What happened? What actions were taken immediately? What level of support staff received? How relatives and carers have been engaged in the review process. In line with Duty of Candour requirements contact with cares and relatives must be made for part A and part B reviews. A copy of the final report must always be given unless it has been declined or there is a specific reason that contact has not been made or is impossible. Investigation Team Details of the investigation team will be completed centrally by the Incident Coordinator and included on the front page of the report. Terms of reference The following standard terms of reference are included in the template. There may be some additional terms of reference that may be determined by the panel and should therefore be added as appropriate. To review the care and treatment of (enter subject of review) To identify any process/procedural failures or causal factors which may have impacted on the incident To establish if the care provided was of good quality and identify any issues which fell below agreed standards. To make appropriate recommendations for any part of the organisational system Page 44 of 72 Process (methodology) The report should clearly state the methodology and/or the process adopted to undertake the review. The report template contains information on the following: (a) List of documents and policies examined by the panel (b) Whether patient records were examined; (c) List of persons interviewed with dates and times. (d) Any statements that the panel had access to (e) Any anomalies in the process e.g. key witnesses being unavailable should be mentioned here. Part A: Health Check: A history of service user’s treatment and care should be included. A chronological account of what is known to have happened – this should ‘tell the story’ of the unfolding of events relating to the matters under review. The report should carefully document the following: (a) (b) (c) Is there a care plan in place and is the CPA up to date and timely Is there an up to date risk assessment and is this sufficiently robust Whether the care given to the patient was effective and optimal Are there any areas of good practice? The investigation team should be able to determine at this stage if there are any areas for learning that may be applied or need to be part of a reflective practice session with the team or specific staff. These learning points are issues that may arise that could have been delivered better but were not significant failings in care. If the investigation team determine that the standard of care delivered was good then the report is completed at this stage. Part B: To be completed only when there are significant lapses in the care provided and with the intention of providing more detailed analysis of the causes of this using a range of RCA tools. Facts established; It is helpful to set out the facts established and specifically to detail where the significant lapses have occurred. Associated relevant factors The report should include an examination of possible human error causal factors; Attention should be paid to; Staffing levels and skill mix at the time of the incident Fatigue or fitness of staff Communication difficulties between staff or with the patient Perceived ability of staff to raise concerns (culture of organisation or team) Whether anyone raised a concern & if so how was it dealt with Whether minimum operating standards were complied with (e.g. equipment unavailable or faulty, mandatory training standards) Any confusion or misunderstandings about procedures or practices Clarity about each person’s role in any procedures or practices Page 45 of 72 This list is not exhaustive and panel chairs should include here anything else that is relevant. If the review team consider there are performance issues, then this should be raised with the staff member’s line manager and should be managed through alternative processes. It may however be appropriate to include a recommendation that staff members involved in the case should undertake some reflective practice to improve their understanding, learning and future practice in relation to specific areas of work. The above account should make explicit reference to any relevant existing policies (including clinical risk management and clinical governance policies), procedures, and protocols. The report should also allude to the extent of dissemination/staff knowledge of these policies, procedures and protocols. The report should also make a reference to the extent to which the policies, procedures and protocols were adhered to in the management of the case under consideration (in relation to both the management of the care and treatment and the management of the incident).This section should highlight any areas of conflict or ambiguity in the gathered evidence e.g. where people interviewed disagreed about significant matters, or where there are important gaps in the evidence. The report should clearly state the criteria used to resolve conflict /inconsistencies in the evidence. The way in which the gap(s) in the evidence was/were handled should also be stated. Analysis/Conclusions The report should analyse and comment on any mismatch between what is believed to have happened in practice and what should have happened (given policy/procedures/protocols and/or professional judgement of review team or expert witnesses). The investigation team should comment on the cause/s of any such mismatch. The investigation team should support their views by the facts contained in the report and other evidence based on guidance and best practice. Recommendations The purpose of the recommendations is twofold: to minimize the impact of the present incident and to reduce the likelihood of the incident occurring again. The recommendations should be precise and targeted at the appropriate level/s of the organisation and should reflect the ‘improvement philosophy’ behind the undertaking of the review. The recommendations should address any factor that is judged to have contributed to less than satisfactory service delivery, or which may enhance already satisfactory service delivery (if latter is the case this should be made explicit). The recommendations made should be clearly listed in the order they were considered as part of the report. The recommendations will then be agreed by the Executive Directors at the internal High Level Investigation Panel Meeting and an action plan drawn up and agreed with the appropriate managers. Page 46 of 72 Comprehensive Timeline; Appendix One A timeline must be included. A template for the time line is included. This can be extended as necessary. Report writers may wish to include a rational in relation to when the timeline commences. This will vary from incident to incident. Page 47 of 72 Standard Action Plan Template Guidance All Action Plans must be SMART compliant and demonstrate the Trust Values: Appendix E Truthfulness Respect Understanding Standards Togetherness Action plans should aim to triangulate work streams and avoid duplication. Action plans will be measured against the QIPP agenda and ensure direct links between concerns highlighted, quality initiatives and the ability of Trust Board to act proactively in avoiding reoccurrence of issues, understand themes and continuously improve services. Areas of the action plans are explained below and have been coloured to reflect which value is being adhered to in action plan process Consultation - To ensure leads are aware of their involvement, increase linkage to other action plans and reduce the likelihood of duplication you must list all those consulted in the development and implementation of action plans. Key Lines of Enquiry (KLOEs) Action – The SMART criteria must be applied here. Leads should consider what is realistically achievable and avoid setting targets that are not in line with the Trusts business plans. Although these should also reflect the best practice models and seek to improve services through quality improvement and innovation. Are Services safe? This KLOE looks at how people are protected from abuse and avoidable harm. Abuse can be physical, sexual, mental or psychological, financial, neglect, institutional or discriminatory abuse. The CQC will look at incidents, safety and risks amongst other things. Issue – This column should provide information about why the action is necessary. The delivery of action plans may monitored by Committees without the accompanying report and this rationale will assist those receiving the action plans to improve their understanding and offer support to leads. Outcome & Benefits –All actions must result in improvement to our service. Details should be provided of which outcomes will be provided by completion of this action. Measurement – To ensure the action is monitored and reported this column must detail how and where the action will be monitored and reviewed. This should be linked directly to the expected outcome and benefits. Target Dates – to be SMART compliant target dates must be agreed by the lead manager and the receiving committee or group. These must allow sufficient time for the work to be completed but must also ensure actions that could result in immediate improvements are completed as a matter of urgency. By limiting the action plans to financial year this ensures we do not have an ever increasing number being monitored at any one time and all action plans remain relevant. Evidence – This should include minutes, memos, policies, training etc that has been completed to evidence the action has taken place. This may be required by external agencies and provides the lead with a storage location for the action plan if it is requested. Lead Managers Role – Lead Managers are responsible for ensuring the action plans are developed, implemented, consulted and seeking further advice where necessary. They retain overall responsibility for action plans even where several leads may be identified on the actions. They are also responsible for escalating issues in delivery of the action plans to the lead care group or committee and requesting changes if necessary. To ensure standardisation the themes identified in the action plans must be taken from the CQC’s Key Lines of Enquiry below: Are Services effective? This means the CQC look at people’s care, treatment and support to see if it achieves good outcomes and promotes a good quality of life They also look at whether care and treatment is based on the best available evidence and whether staff have all the necessary training and information to provide the best care for people. Are Services caring? This means that staff involve and treat people with compassion, kindness, dignity and respect. It also includes looking at how people and their relatives are involved in their care and explores patient feedback. Are Services responsive? This is where the CQC will look at how services are organised to ensure that they meet people’s needs, especially those who are vulnerable and how accessible services are. Approval Process Originating document is completed Lead identified to complete action plan Consultation with other leads / involved takes place Submit to appropriate group or committee for approval Once approved ensure monitoring/measuring is actioned and dates are added to calendar Actions and evidence to be added to action plan by lead Review to be completed at end of financial year if action still outstanding Are Services well led? This section looks at the leadership, management and governance of the organisation to assure the delivery of high quality person-centred care. It also looks at the support for learning and innovation, and how the organisation promotes an open and fair culture. Care Group / Committee Role - The Care Group / Committees will approve action plans following consideration of the impact, duplication, adherence to Trust business plan and associated risks. They should also offer support and guidance to the lead managers and ensure regular reviews and monitoring is undertaken as set out in the action plan. They are also responsible for sign off of any changes, amendment to target times and links to Risk Registers. Page 48 of 72 Date Action Plan Developed: Ref Number: Action Plans only valid until the end of the financial year. Actions beyond this should be considered for business plans or will need to be submitted for inclusion in the following years Group or Committee action plan Care Group/Area: Purpose: AMH/WB/LL/P/Psy/SC SUI/Rule 43/ SCR/ Visit/ Complaint/ Audit/ Survey / Other (specify) Ward/Team Name of Manager (Band 7>): Completing action plan and responsible for delivery and distribution Consultation with: Specify any individuals or groups the issues identified in this plan and possible actions have been discussed with. This must include anyone identified in lead column. This should include the date you consulted / tried to consult Action Plan 14/15 Issue Theme (SIRI Recommendation) (align with KLOE) This must be specific and reference the section or page number of the accompanying document. This must include any other sources where the issue has been identified such as complaints, datix reports Specify a theme this action relates to (e.g. Safe, Effective, Caring, Responsive, Well led) Themes to be taken from CQC Key Lines of Enquiry to improve standardisation across service areas and compliance checks Action Outcome and Benefits Method of Measurement Lead / Involved Target Date Evidence This must be specific and realistic. Actions identified here will need to be monitored and evidenced. Actions requiring a change in operational approach or Trust policy must be checked with a specialist lead in that area. Learning should be demonstrated through the solution offered and should include the wider impact of the issue and related action. All actions must result in improvement to our service. Details should be provided of which outcomes will be provided by completion of this action. This should include specific measurements and how this will be completed. The Trust aims to improve services in line with QIPP. The location of measurement should also be included i.e. reportsplus data, audit (where this is a 'new audit' this should include a check that it cannot be linked to an audit already on the The action must be assigned to a senior manager, care group, Trust Committee or Executive Director only. Others may be included as ‘involved’ to reflect them completing delegated work. Action plans will only remain valid until the end of the financial year. Actions expected beyond this should be reflected as information/ data being passed to project leads i.e. CIP’s or 3D project leads or will need to be submitted for This area should include links to documents that provide assurance that the action has been completed. This may be minutes, training presentations or a detailed description of the actions taken Page 49 of 72 Clinical Audit Programme for the year) inclusion in the following years Group or Committee action plan All actions should be completed in the shortest possible timescale but must be realistic in their aims. Page 50 of 72 Division / Committee Approval Date: CCG Feedback [SIRI ONLY]: Review Dates (lead manager responsibility to complete) (specify which Division/C) Reasons if not Approved: Page 51 of 72 Appendix F Manchester Mental Health and Social Care Trust Serious Untoward Incident Procedures Supplementary Guidance Roles and Responsibilities of the Action Plan Manager When a SIRI is declared a SIRI panel is appointed to undertake the review. The review and action plan as part of the Trusts` contractual arrangements must be completed within 45 days of the SIRI being declared. All completed SIRI and action plans are stored on the central SharePoint SIRI page. This acts as a repository. Evidence of completed actions can be uploaded onto the system. To ensure that the action plans are completed within the required timescales and subsequently progressed and evidenced as complete, the following guidance sets out the expectations and responsibilities of the Action Plan Manager. 1. Action Plan Managers are appointed by the relevant care group as soon as a panel has been established. 2. Action Plan Managers are usually those managers located within the care group/areas where an incident has occurred. 3. Action plan Managers should ensure that they make contact with the SIRI panel chair so that they are aware of early emergent recommendations that will require action/changes. 4. The Action Plan Manager should be able to advise panel chairs if proposed recommendations are realistic and achievable. 5. Action plan Managers should be aware of any recommendations that are likely to impact on corporate services e.g Estates, Workforce &OD, Governance and where this is the case should validate proposed recommendations with the appropriate Executive Director so they can provide an assessment as to the relevance and deliverability of the recommendation/s for consideration by the HLIP panel. 6. Action Plan Manager will be given the date of the HLIP (High Level Incident Panel) when appointed and they will be required to attend. The HLIP will agree the review report and the recommendations, it is therefore an essential part of the process . 7. Action Plan Manager will translate the approved recommendations into an action plan. 8. The action plan will be on the agreed Trust action plan template Page 52 of 72 9. The Action Plan Manager is responsible for liaising and allocating actions to the most appropriate manager/clinician for completion.. 10. The Action Plan Manager is responsible for consulting with anyone named on the plan so that they are aware of their specific tasks and have agreed the timescale for achievement of the task. 11. The Action Plan Manager is responsible for the oversight of the delivery of the plan, progress chasing tasks and keeping named individual on track with timescales, within their service area. 12. The Action Plan Manager should agree the best process for monitoring progress within the relevant care group setting. 13. The Action Plan Manager will be responsible for ensuring that the evidence of completed actions are uploaded on the SharePoint repository. 14. The Action Plan Manager will advise the Head of Patient Safety when an action plan is complete and will be presented to the Integrated Risk and Clinical Governance Committee. 15. Specific care must be taken by Action Plan Managers where recommendations are made in relation to any of the corporate functions, e.g. Estates, Learning and Development PALS services. Early liaison and consultation is essential as per point 5, 8 and 9 and the relevant Executive Director should also be informed. If difficulties arise in relation to the delivery or timescales in relation to any corporate services action these should be escalated to the relevant Executive Director. Pauline John Head of Patient Safety January 2015 Page 53 of 72 Appendix G Risk/Incidents/Complaints Grading Matrix Table 1 Consequence scores Choose the most appropriate domain for the identified risk from the left hand side of the table Then work along the columns in same row to assess the severity of the risk on the scale of 1 to 5 to determine the consequence score, which is the number given at the top of the column. Consequence score (severity levels) and examples of descriptors Domains Impact on the safety of patients, staff or public (physical/psychological harm) Quality/complaints/audi t 1 2 3 4 5 Negligible Minor Moderate Major Catastrophic Minimal injury requiring no/minimal intervention or treatment. Minor injury or illness, requiring minor intervention Moderate injury requiring professional intervention Major injury leading to long-term incapacity/disability Incident leading to death Requiring time off work for >3 days Requiring time off work for 414 days Requiring time off work for >14 days Increase in length of hospital stay by 1-3 days Increase in length of hospital stay by 4-15 days Increase in length of hospital stay by >15 days RIDDOR/agency reportable incident Mismanagement of patient care with long-term effects An event which impacts on a small number of patients Treatment or service has significantly reduced effectiveness Non-compliance with national standards with significant risk to patients if unresolved Local resolution Formal complaint (stage 2) complaint Multiple complaints/ independent review Single failure to meet internal standards Local resolution (with potential to go to independent review) Low performance rating No time off work Peripheral element of treatment or service suboptimal Overall treatment or service suboptimal Formal complaint (stage 1) Informal complaint/inquiry Multiple permanent injuries or irreversible health effects An event which impacts on a large number of patients Totally unacceptable level or quality of treatment/service Gross failure of patient safety if findings not acted on Inquest/ombudsman inquiry Human resources/ organisational development/staffing/ competence Short-term low staffing level that temporarily reduces service quality (< 1 day) Minor implications for patient safety if unresolved Repeated failure to meet internal standards Reduced performance rating if unresolved Major patient safety implications if findings are not acted on Late delivery of key objective/ service due to lack of staff Low staffing level that reduces the service quality Unsafe staffing level or competence (>1 day) Critical report Gross failure to meet national standards Uncertain delivery of key objective/service due to lack of staff Non-delivery of key objective/service due to lack of staff Unsafe staffing level or competence (>5 days) Ongoing unsafe staffing levels or competence Low staff morale Statutory duty/ inspections No or minimal impact or breech of guidance/ statutory duty Breech of statutory legislation Reduced performance rating if unresolved Loss of key staff Loss of several key staff Poor staff attendance for mandatory/key training Very low staff morale No staff attending mandatory training /key training on an ongoing basis Single breech in statutory duty No staff attending mandatory/ key training Enforcement action Challenging external recommendations/ improvement notice Multiple breeches in statutory duty Improvement notices Multiple breeches in statutory duty Prosecution Complete systems change required Low performance rating Zero performance rating Critical report Adverse publicity/ reputation Rumours Potential for public concern Local media coverage – short-term reduction in public confidence Local media coverage – long-term reduction in public confidence National media coverage with <3 days service well below reasonable public expectation Elements of public expectation not being met Severely critical report National media coverage with >3 days service well below reasonable public expectation. MP concerned (questions in the House) Total loss of public confidence Business objectives/ projects Insignificant cost increase/ schedule slippage <5 per cent over project budget 5–10 per cent over project budget Schedule slippage Schedule slippage Non-compliance with national 10–25 per cent over project budget Incident leading >25 per cent over project budget Schedule slippage Schedule slippage Key objectives not met Key objectives not met Page 54 of 72 Small loss Risk of claim remote Finance including claims Loss of 0.1–0.25 per cent of budget Loss of 0.25–0.5 per cent of budget Claim less than £10,000 Claim(s) between £10,000 and £100,000 Uncertain delivery of key objective/Loss of 0.5–1.0 per cent of budget Claim(s) between £100,000 and £1 million Non-delivery of key objective/ Loss of >1 per cent of budget Failure to meet specification/ slippage Purchasers failing to pay on time Loss of contract / payment by results Service/business interruption Environmental impact Loss/interruption of >1 hour Loss/interruption of >8 hours Minimal or no impact on the environment Minor impact on environment Loss/interruption of >1 day Loss/interruption of >1 week Moderate impact on environment Major impact on environment Claim(s) >£1 million Permanent loss of service or facility Catastrophic impact on environment Table 2 Likelihood score (L) What is the likelihood of the consequence occurring? The frequency-based score is appropriate in most circumstances and is easier to identify. It should be used whenever it is possible to identify a frequency. Likelihood score 1 2 3 4 5 Descriptor Rare Unlikely Possible Likely Almost certain Frequency How often might it/does it happen This will probably never happen/recur Will probably happen/recur but it is not a persisting issue Will undoubtedly happen/recur,possibly frequently Do not expect it to happen/recur but it is possible it may do so Might happen or recur occasionally Note: the above table can be tailored to meet the needs of the individual organisation. Some organisations may want to use probability for scoring likelihood, especially for specific areas of risk which are time limited. For a detailed discussion about frequency and probability see the guidance notes. Table 3 Risk scoring = consequence x likelihood ( C x L ) Likelihood Likelihood score 1 2 3 4 5 Rare Unlikely Possible Likely Almost certain 5 Catastrophic 5 10 15 20 25 4 Major 4 8 12 16 20 3 Moderate 3 6 9 12 15 2 Minor 2 4 6 8 10 1 Negligible 1 2 3 4 5 Note: the above table can to be adapted to meet the needs of the individual trust. For grading risk, the scores obtained from the risk matrix are assigned grades as follows 1-3 Low Risk 4-6 Moderate Risk 8-12 High Risk 15-25 Extreme Risk 1 2 3 4 5 When rating a risk we grade the “worst case scenario” and multiply the impact by the likelihood to get the rating Instructions for use Define the risk(s) explicitly in terms of the adverse consequence(s) that might arise from the risk. Use table 1 (page 13) to determine the consequence score(s) (C) for the potential adverse outcome(s) relevant to the risk being evaluated. Use table 2 (above) to determine the likelihood score(s) (L) for those adverse outcomes. If possible, score the likelihood by assigning a predicted frequency of occurrence of the adverse outcome. If this is not possible, assign a probability to the adverse outcome occurring within a given time frame, such as the lifetime of a project or a patient care episode. If it is not possible to determine a numerical probability then use the probability descriptions to determine the most appropriate score. Calculate the risk score the risk multiplying the consequence by the likelihood: C (consequence) x L (likelihood) = R (risk score) Identify the level at which the risk will be managed in the organisation, assign priorities for remedial action, and determine whether risks are to be accepted on the basis of the colour bandings and risk ratings, and the organisation’s risk management system. Include the risk in the organisation risk register at the appropriate level. Based on NPSA Model Matrix http://www.nrls.npsa.nhs.uk/resources/?entryid45=75355 Page 55 of 72 Appendix H List of internal and external stakeholders Internal Stakeholders This list is not exhaustive; Chief Executive Chief Operating Officer Medical Director Director of Nursing Locality Directors/Senior Managers Risk Manager Associate Director Governance Complaints and Incident Co-ordinator Corporate Services Manager External Stakeholders All Serious Incident Requiring Investigations/Serious Untoward Incidents are reported to: The Joint Commissioning Team through the STEIS process The Information Commissioner’s Office The following external bodies may also need to be informed of / involved in the actual investigation of the incident. This list is not exhaustive, but may include: Other NHS Organisations e.g. Acute Trusts, PCT`s Strategic Health Authorities NHS Litigation Authority The Police HM Coroner Adult Social Care Services Medicines and Healthcare Products Regulatory Agency (MHRA) Health and Safety Executive (HSE) Manchester Safeguarding Children Board Manchester Safeguarding Adults Board Health Protection Agencies Environmental Health Legal Advisors National Patient Safety Agency Medical Defence Organisations Care Quality Commission Page 56 of 72 Appendix I List of associated policies This list is not exhaustive: Public Disclosure At Work Policy Policy and procedure for the management of claims Policy and procedure for the management of complaints Health and safety Policy Infection control Policy Risk Management Policy Safeguarding Children Policy Safeguarding Adults Policy Being open Policy IT Security Policy Information Governance Strategy Email Use Policy Internet Use Policy Information Sharing Policy Home Working Policy Portable Computing Policy Removable Media Policy Safe Haven Policy Page 57 of 72 Appendix J Guidance on how to write a statement These notes have been prepared to assist staff in writing a statement. It is important to note that statements will form part of a claims file and will be made available to the NHS Litigation Authority, Legal representatives and the Court. 1. You must assume that the reader of your statement knows nothing of the facts of the case, including the user’s medical history or hospital routines. The statement will need to tell a layperson the circumstances of an incident as you remember them. 2. If you cannot remember much about the particular user or situation, say so. It may help to refresh your memory by referring to the user’s records before writing the statement. 3. If possible have your statement typed, if not, write legibly in black pen as the statement may be photocopied. 4. Begin your statement by stating your name, post held and base. 5. Be clear about the times you were on/off duty on the days in question and about what you saw and heard. Put events in the order in which they happened giving precise dates and times. It is important that you differentiate between day and night by using the 24-hour clock. If the incident occurred during a night shift, ensure you refer to the correct date. 6. When describing service procedures explain what they are. Avoid general statements such as “routine observations were made”. If normal procedures were not followed explain first what is normal and then why there was a departure from the usual procedure. 7. Avoid abbreviations. If you have used abbreviations in the user’s records, explain what it means in your statement. Always refer to the user by their full name, e.g. Mrs Clarke. 8. When referring to other people be precise and give their full names, grades and job titles. The title of “SHO” is not sufficient; you must put the doctor’s name. 9. Always stick to facts and avoid expressing opinions. Do not “repeat rumours”, only give firsthand accounts. Do not use derogatory or detrimental comments. 10. Write your statement in simple terms and avoid jargon or officious language; be as brief as possible whilst covering essential points. 11. Double-check your statement before signing it. Make sure you keep a copy as you might be required to give additional information. 12. You should advise your line manager that you have been requested to give a statement and they will be able to give you support and advice. 13. Always sign your statement and give your full name and job title below your signature, together with the date on which it was signed. Page 58 of 72 Appendix K Protocol for discussing and reporting Incidents to Relatives/Carers of Patients and Involving Relatives/carers in Serious Incident Requiring Investigation (SIRI) reviews Principles All incidents, accidents, changes in the health status of patients and data losses and/or identity theft must be communicated to the Relatives/Carers/Advocates at the earliest opportunity. All information given should be clear and factual at that given time. If complete information is not available at the time, for example following a serious incident whereby an investigation is required the relatives must be given an initial briefing. They should then be advised that all the facts will be made available during a more formal feedback meeting following a Serious Incident Requiring Investigation (SIRI) review meeting. There may be times that the relatives would not wish to be contacted, such as very late hours of the night for relatively minor accidents/incidents. However, this has to be discussed and agreed on an individual basis with the next of kin. Procedure 1. Named Nurse or Care Co-ordinator must inform next of kin/relative as soon as possible following any accident/incident. Please refer to Section 4 in respect of Serious Incident Requiring Investigations (SIRIs). Notifying families of deaths In the event of a death where the police are involved it is usual that the police would contact and inform the family of this. It is vital at the earliest stage possible to confirm with the police that they will be taking this action. Where the police are not involved , for example an expected death then the manager responsible should ensure that the family is notified by the most appropriate person 2. There are two types of possible scenarios: Incidents that are witnessed All information given must be clear and factual, stating what actually happened and if any injuries were sustained and any treatment required, has a doctor been informed and if their medical opinion has been sought. Incidents that are not witnessed All information given must be clear and factual, stating what was found, for example, "your husband was found on the floor" and if any injuries were sustained and any treatment required, has a doctor been informed and if their medical opinion has been sought. 3. If an inpatient when the doctor has assessed the patient, the Named Nurse or allocated trained nurse on shift to shift basis must inform next of kin/relative of the findings or the outcome of the assessment as soon as possible following the assessment, for example, that the patient will be going for an X-ray. 4. Categories of incidents Page 59 of 72 a) Incidents At the time of the incident or when the relatives are informed, it may not be clear whether or not the incident is classified as an SIRI. In situations of non-SIRIs, relatives will be informed as in section 2 above. b) Serious Incident Requiring Investigations/SIRIs In situations where a Serious Incident Requiring Investigation (SIRI) is anticipated an initial briefing should be given to the relatives as in item 1 above. Following this, a meeting should be held between the key staff to verify the facts. The line manager should then be responsible for communicating this information to the relatives. Once accurate information is established the relatives will be invited for a further meeting. They will be informed that an incident review will be carried out and they will be invited to contribute to that either by giving additional information or by asking specific questions that they would like the review to answer. Relatives/Carers should be informed of the outcome, verbally at the earliest opportunity and then followed up in writing, where appropriate the recommendations from the panel should be shared. 5. Details of this communication must be documented on the accident/incident form and documented in the patient’s evaluation sheet in the individual nursing record file. 6. All accidents and incidents are reported via the incident report form which should be passed on to the Ward Manager as soon as after the incident, even if this means that the incident form is not completed. The Ward Manager will decide in conjunction with the Clinical Services Manager the category and the level of the incident and whether it constitutes a serious incident. The incident form should then be faxed to the Governance Team at Chorlton House as outlined on the form. Serious Incident Requiring Investigations (SIRI`s) There is a template letter available which panel chairs can adapt to send to relatives/carers as part of the Serious Incident Requiring Investigation (SIRI) process. It is always good practice to let relatives know that there will be a Serious Incident Requiring Investigation (SIRI) panel and give them an opportunity to contribute to that process. Some relatives may not wish to take up this offer, but for those that do panel chairs should make a convenient time to visit relatives as part of the overall information gathering in the Serious Incident Requiring Investigation (SIRI) process. Panel chairs must be sensitive to the feelings and wishes of relatives and carers especially those who may be bereaved as a result of the Serious Incident Requiring Investigation. It is a good idea when visiting to take either another panel member with you, a senior manager who had responsibility for the area of care, so that initial questions can be answered , or a senior managers from one of the Governance team Relatives should be kept informed and updated regarding the review process and then should have the opportunity to meet and discuss the outcome of the review and where appropriate receive a copy of the review recommendations. For additional advice or support on how best to work with relatives./carers as part of the SIRI process please contact the Head of Patient Safety on 882 1071. Page 60 of 72 Appendix L ASSESSING THE LEVEL OF SEVERITY OF IG INCIDENTS AND NOTIFICATION OF BREACHES TO THE SHA, THE DEPARTMENT OF HEALTH AND INFORMATION COMMISSIONER’S OFFICE Assessing the Severity of the Incident The immediate response to the incident and the escalation process for reporting and investigating this will vary according to the severity of the incident. Risk assessment methods commonly categorise incidents according to the likely consequences, with the most serious being categorised as a 5, e.g. an incident should be categorised at the highest level that applies when considering the characteristics and risks of the incident. 0 0 No significant reflection on any individual or body Media interest very unlikely Minor breach of confidentiality . Only a single individual affected 1 Damage to an individual’s reputation. Possible media interest, e.g. celebrity involved Potentially serious breach. Less than 5 people affected or risk assessed as low, e.g. files were encrypted 2 Damage to a team’s reputation. Some local media interest that may not go public 3 Damage to a services reputation/ Low key local media coverage. 4 Damage to an organisation’ s reputation/ Local media coverage. 5 Damage to NHS reputation/ National media coverage. Serious potential breach & risk assessed high e.g. unencrypted clinical records lost. Up to 20 people affected Serious breach of confidentiality e.g. up to 100 people affected Serious breach with either particular sensitivity e.g. sexual health details, or up to 1000 people affected Serious breach with potential for ID theft or over 1000 people affected Assessing the incident level Although the primary factors for assessing the severity level are the numbers of individual data subjects affected, the potential for media interest, and the potential for reputational damage, other factors may indicate that a higher rating is warranted, for example the potential for litigation or significant distress or damage to the data subject(s). As more information becomes available, the Serious Incident Requiring Investigation (SIRI) level should be re-assessed. Where the numbers of individuals that are potentially impacted by an incident are unknown, a sensible view of the likely worst case should inform the assessment of the Serious Incident Requiring Investigation (SIRI) level. When more accurate information is determined the level should be revised as quickly as possible and all key bodies notified. Where the level of likely media interest is initially assessed as minor but this assessment changes due to circumstances (e.g. a relevant FOI request or specific journalistic interest) Page 61 of 72 the Serious Incident Requiring Investigation (SIRI) level should be revised as quickly as possible and all key bodies notified. Note that informing data subjects is likely to put an incident into the public/media domain. Notifying the Strategic Health Authority (SHA) The Trust should report all incidents rated as 1 – 5, through the usual Serious Incident Requiring Investigation (SIRI) process. All incidents of category 3 or above should be reported to the SHA Reporting to the SHA should be undertaken as soon as practically possible (and no later than 24 hours of the incident during the working week). If there is any doubt as to whether or not an incident meets the Serious Incident Requiring Investigation (SIRI) reporting criteria, the Trusts’ Risk Manager, Information Governance Manager or the SHA should be contacted by telephone for advice. Early information, no matter how brief, is better than full information that is too late. The Trust should keep the SHA informed of any significant developments in internal/external investigations, as appropriate. The SHA will continue to keep a watching brief on developments including following up further details/outcomes of the incident. The Trust’s communications team should contact the SHA's Communications team immediately if there is the possibility of adverse media coverage in order to agree a media handling strategy. Where necessary, the SHA Communications team will brief the Department of Health Media Centre. Notifying the Department of Health The SHA will be responsible for notifying the DoH of any category 3-5 incidents reported. Once an incident has been reported to DH any subsequent details that emerge relating to the investigation and resolution of the incident should also be supplied. The DH will review the incident and determine the need to brief Ministers and/or take other action at a national level. Notifying the Information Commissioner All data controllers have a responsibility under the Data Protection Act 1998 to ensure appropriate and proportionate security of the personal data they hold (DPA 1998 7th Principle). Although there is no legal obligation on data controllers to report breaches of security which result in loss, release or corruption of personal data, the Information Commissioner believes serious breaches should be brought to the attention of his Office. The nature of the breach or loss can then be considered together with whether the data controller is properly meeting his responsibilities under the DPA. “Serious breaches” are not defined. However guidance from the DoH is that all incidents of a category 3 or above should be notified to the Information Commissioners office. Additional Guidance The following additional information should assist in considering the level of severity of any breaches and if it should be reported Page 62 of 72 The potential harm to data subjects: The potential harm to individuals is the overriding consideration in deciding whether a breach of data security should be reported to the Information Commissioner’s Office. Ways in which harm can occur include: Exposure to identity theft through the release of non-public identifiers e.g. passport number. Information about the private aspects of a person’s life becoming known to others e.g. financial circumstances. The extent of harm, which can include distress, is dependent on both the volume of personal data involved and the sensitivity of the data. Where there is significant actual or potential harm as a result of the breach, whether because of the volume of data, its sensitivity or a combination of the two, there should be a presumption to report. Where there is little risk that individuals would suffer significant harm, for example because a stolen laptop is properly encrypted, or the information that is the subject of the breach is publicly available information, there is no need to report. The volume of personal data lost / released / corrupted: There should be a presumption to report to the ICO where a large volume of personal data is concerned and there is a real risk of individuals suffering some harm. It is difficult to be precise what constitutes a large volume of personal data. Every case must be considered on its own merits but a reasonable rule of thumb is any collection containing information about 1000 or more individuals. An example we would expect to be reported would be the theft / loss of an unencrypted laptop computer or other unencrypted portable electronic / digital media holding names and addresses, dates of birth and National Insurance Numbers of 1000 individuals. An example we would not expect to be reported would be the theft / loss of a marketing list of 500 names and addresses or other contact details where there is no particular sensitivity of the product being marketed. However it may be appropriate to report much lower volumes in some circumstances where the risk is particularly high perhaps because of the circumstances of the loss or the extent of information about each individual. If the data controller is unsure whether to report or not, then the presumption should be to report. The sensitivity of the data lost / released / unlawfully corrupted: There should be a presumption to report to the ICO where smaller amounts of personal data are involved, the release of which could cause a significant risk of individuals suffering substantial harm. This is most likely to be the case where that data is sensitive personal data as defined in section 2 of the DPA. As few as 10 records could be the trigger if the information is particularly sensitive. An example we would expect to be reported would be a manual paper based filing system (or unencrypted digital media) holding the personal data relating to 50 named individuals and their financial records. An example we would not expect to be reported would be a similar system holding the trade union subscription records of the same number of individuals where there were no special circumstances surrounding the loss. Page 63 of 72 Reporting When reporting a breach to the SHA or Information Commissioner the following information should be provided. Unique SIRI Reference: Initial assessment of level of SIRI (1-5): SHA Responsible: Local Organisation(s) involved: Required Information 01 Date, time and location of the incident 02 Confirmation that DH guidelines for incident management are being followed and that disciplinary action will be invoked if appropriate 03 Description of what happened: Theft, accidental loss, inappropriate disclosure, procedural failure etc. 04 The number of patients/ staff (individual data subjects) data involved and/or the number of records 05 The type of record or data involved and sensitivity 06 The media (paper, electronic, tape) of the records 07 If electronic media, whether encrypted or not 08 Whether the SIRI is in the public domain and whether the media (press etc.) are involved or there is a potential for media interest 09 Whether the reputation of an individual, team, an organisation or the NHS as a whole is at risk and whether there are legal implications 10 Whether the Information Commissioner has been or will be notified and if not why not 11 Whether the data subjects have been or will be notified and if not why not 12 Whether the police have been involved 13 Immediate action taken, including whether any staff have been suspended pending the results of the investigation 14 Whether there are any consequent risks of the incident (e.g. patient safety, continuity of treatment etc.) and how these will be managed 15 What steps have been or will be taken to recover records/data (if applicable) 16 What lessons have been learned from the incident and how will recurrence be prevented 17 Whether, and to what degree, any member of staff has been disciplined – if not appropriate why? 18 Closure of SIRI – only when all aspects, including any disciplinary action taken against staff, are settled. Notes: Check Page 64 of 72 Appendix M Publishing details of Information Governance SIRIs in annual reports and Statements of Internal Control Principles The reporting of personal data related incidents in the Trust Annual Report should observe the principles listed below. The principles support consistency in reporting standards across Organisations while allowing for existing commitments in individual cases. a) You must ensure that information provided on personal data related incidents is complete, reliable and accurate. b) You should review all public statements you have made, particularly in response to requests under the Freedom of Information Act 2000, to ensure that coverage of personal data related incidents in your report is consistent with any assurances given. c) You should consider whether the exemptions in the Freedom of Information Act 2000 or any other UK information legislation apply to any details of a reported incident or whether the incident is unsuitable for inclusion in the report for any other reason (for example, the incident is sub judice and therefore cannot be reported publicly pending the outcome of legal proceedings). d) Please note that the loss or theft of removable media (including laptops, removable discs, CDs, USB memory sticks, PDAs and media card formats) upon which data has been encrypted to the approved standard, is not a Serious Untoward Incident unless you have reason to believe that the protections have been broken or were improperly applied. Content to be included in Annual Reports Incidents classified at a severity rating of 3-5 (Appendix J) are those that should be captured as Serious Untoward Incidents and should be reported to SHAs and to the Information Commissioner. These incidents need to be detailed individually in the annual report in the format provided as Table 1 example below. All reported incidents relating to the period in question should be reported, not just those that have been closed. Table 1 example SUMMARY OF SERIOUS UNTOWARD INCIDENTS INVOLVING PERSONAL DATA AS REPORTED TO THE INFORMATION COMMISSIONER’S OFFICE IN year Date of Nature of incident Nature of Number of Notification incident data involved people steps (month) potentially affected Jan Loss of inadequately Name; 1,500 Individuals protected electronic address; NHS notified by storage device No post Further The [organisation] will continue to monitor and assess its information risks, in action on light of the events noted above, in order to identify and address any information weaknesses and ensure continuous improvement of its systems. risk The member of staff responsible for this incident has been dismissed. Page 65 of 72 Notes to producing Table 1 Nature of the incident Select one of : a) Loss of (insert from category list below) from secured NHS premises b) Theft of (insert from category list below) from secured NHS premises c) Loss of (insert from category list below) from outside secured NHS premises (including, for example, post, courier, loss by a contractor or third party supplier) d) Theft of (insert from category list below) from outside secured NHS premises ( including, for example, theft from employee home or car e) Insecure disposal of (insert from category list below) (including, for example, sale of computers with unwiped hard drives, disposal of unshredded paper documents) f) Unauthorised disclosure (including, for example, criminal, negligent or inappropriate use of an information system or information asset by a staff member, contractor or third party supplier, resulting in disclosure; disclosure as a result of software or systems failure) g) Other Category List i) inadequately protected PC(s), laptop(s) and remote device(s) (including, for example, PDAs, mobile telephones, Blackberry’s) ii. inadequately protected electronic storage device(s) (including, for example, USB devices, discs, CD ROM, microfilm) iii. inadequately protected electronic back-up device(s) (including, for example, tapes) iv. paper document(s) Nature of data involved A list of data elements (e.g. name, address, NHS number). Number of people potentially affected An estimate should be provided if no precise figure can be given. Notification steps Individuals notified by post* / email* / telephone* (*delete as appropriate) Police* / law enforcement agencies* notified (*delete as appropriate) Media release Further action on information risk A summary of any disciplinary action taken as a result of the incidents should also be included. Page 66 of 72 Incidents classified at lower severity ratings Incidents classified at a severity rating of 1-2 should be aggregated and reported in the annual report in the format provided as Table 2 below. Incidents rated at a severity rating of 0 need not be reflected in annual reports. Table 2 SUMMARY OF OTHER PERSONAL DATA RELATED INCIDENTS IN year Category Nature of incident Total Loss/theft of inadequately protected electronic equipment, devices or I paper documents from secured NHS premises Loss/theft of inadequately protected electronic equipment, devices or II paper documents from outside secured NHS premises Insecure disposal of inadequately protected electronic equipment, III devices or paper documents Unauthorised disclosure IV Other V SIC Guidance It is important to remember that an organisation’s assets include information as well as more tangible parts of the estate. Information may have limited financial value on the balance sheet but it must be managed appropriately and securely. All information used for operational purposes and financial reporting purposes needs to be encompassed and evidence maintained of effective information governance processes and procedures with risk based and proportionate safeguards. Personal and other sensitive information clearly require particularly strong safeguards. The Accountable Officer and the board need comprehensive and reliable assurance from managers, internal audit and other assurance providers that appropriate controls are in place and that risks, including information and reporting risks, are being managed effectively. The SIC should, in the description of the risk and control framework, explicitly include how risks to information are being managed and controlled as part of this process. This can be done for example by referencing specific work undertaken by your organisation and by reference to your organisation’s use of the Information Governance Toolkit. The SIC will then be reflected formally in your Annual report. Any incidence of a Serious Untoward Incident should be reported in the SIC as a significant control issue. For the avoidance of doubt these are those incidents with a severity rating of 3, 4 or 5. Page 67 of 72 Appendix N Never Events Never Events Threshold Method of Measurement Never Event Consequence (per occurrence) Wrong site surgery >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Wrong implant/prosthesis >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Retained foreign object post-operation >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Wrongly prepared high-risk injectable medication >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Maladministration of potassium-containing solutions >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Wrong route administration of >0 Review of reports submitted to National In accordance with applicable Guidance, Page 68 of 72 Never Events Threshold chemotherapy Method of Measurement Never Event Consequence (per occurrence) Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Wrong route administration of oral/enteral treatment >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Intravenous administration of epidural medication >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Maladministration of Insulin >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Overdose of midazolam during conscious sedation >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Opioid overdose of an opioid-naïve Patient >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Page 69 of 72 Never Events Threshold Method of Measurement Never Event Consequence (per occurrence) Inappropriate administration of daily oral methotrexate >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Suicide using noncollapsible rails >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Escape of a transferred prisoner >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Falls from unrestricted windows >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Entrapment in bedrails >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Transfusion of ABOincompatible blood components >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner Page 70 of 72 Never Events Threshold Method of Measurement Never Event Consequence (per occurrence) reports and monthly Service Quality Performance Report for any corrective procedure or care Transplantation of ABO incompatible organs as a result of error >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Misplaced naso- or oro-gastric tubes >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Wrong gas administered >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Failure to monitor and respond to oxygen saturation >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Air embolism >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Misidentification of Patients >0 Review of reports submitted to National In accordance with applicable Guidance, Page 71 of 72 Never Events Threshold Method of Measurement Never Event Consequence (per occurrence) Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Severe scalding of Patients >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Maternal death due to post partum haemorrhage after elective caesarean section >0 Review of reports submitted to National Patient Safety Agency (or successor body)/Serious Incidents reports and monthly Service Quality Performance Report In accordance with applicable Guidance, recovery of the cost of the procedure and no charge to Commissioner for any corrective procedure or care Page 72 of 72
© Copyright 2024 Paperzz