The risk management of HAI: A Methodology for NHSscotland

2. Introduction

Since the introduction of the first ministerial action plan in 2002 considerable progress has been made across NHSScotland organisations to establish co-ordinated risk management structures and processes as recommended by the Carey Group Report ⁹. This is evidenced by NHS Boards having a Board approved risk management strategy, key people responsible for the co-ordination of risk and have monitored their progress against NHSScotland risk management standards to identify how well these controls are working. The increasing focus on patient safety as a priority area, supported by the implementation of the Scottish Patient Safety Programme ¹⁸, for clinical and corporate governance reinforces the need to assess and control risks to health as an integrated part of everyday working for staff at all levels within the organisation.

NHSScotland organisations are dynamic and operate in dynamic environments: therefore the identification, treatment and monitoring of risk must be a continuous and developing process that runs throughout the organisation's strategy and the implementation of that strategy. The organisation's Risk Register provides a framework in which identified risks can be recorded and actions detailed and instigated to reduce the probability and the impact of that particular risk. Different levels within an organisation need different information from the risk management process and good governance requires each organisation to adopt a methodological approach that ensures appropriate internal and external reporting with a clear audit trail of decision-making and escalation/de-escalation processes.

The required compliance with the Statement of Internal Control ensures that, as risk management frameworks develop, they enable organisations to apply a whole systems approach to corporate, clinical and staff governance, demonstrating that risk management is an integral component of everyday activity. The management of HAI must be viewed within the context of a whole systems approach.

2.1 Risk Management and HAI

Effective action to control HAI involves systems, culture and management. It is a problem for which there is no quick or easy solution. Systems include structures and processes, policies and procedures, education and training, audit and surveillance. Much of this is already addressed through compliance with NHS Quality Improvement Scotland ( NHSQIS) Standards 'Healthcare Associated Infection: Infection Control' ⁴ which focuses on compliance, patient focus and public involvement, prevention and control of infection, environment and equipment and education. The key role of structural elements within the organisation was further developed in a Health Department Letter "Management and accountability structures" ¹⁰ in 2005 which laid out the importance of clearly delineated relationships and communications between the Chief Executive and theï€ Infection Control Manager, theï€ Infection Control Committee, theï€ Risk Management Committee or structure, and theï€ Clinical Governance Committee or structure.

Effective action to reduce HAI requires improving the quality of individual behaviour, clinical care, the clinical environment and equipment, underpinned by risk management and prioritisation. Risk assessment in the context of HAI entails identifying, evaluating, prioritising and treating risks, with ongoing monitoring and review. Extensive and clear communication and consultation when carrying out this process of risk assessment is essential. Values must include openness, partnership, learning and development, within a 'just' culture. Successful identification of risks can result in the prevention of adverse events.

Further development in risk management systems for infection prevention and control must be consistent with those already in use for risk management and incident reporting in NHSScotland. In response to work undertaken with NHSScotland risk managers, NHS Quality Improvement Scotland purchased the licence for the Australian/New Zealand ( AS/ NZS) 4360: 2004 Risk Management Standard ¹¹ in January 2005. This provides NHS Boards with a tool to drive forward this need for consistency in terminology and methodology. Implementation of risk management structures, processes and outcomes are also supported by the NHSQIS Clinical Governance and Risk Management Standards ⁴.

If risk management terms are to be adopted for infection prevention and control, they must be in a format that is consistent with methods in use by staff that are actively assessing risk and operating the organisational adverse incident management system.

"Learning from Experience": How to improve safety for patients in Scotland ¹² (2003) endorsed the principles and recommendations of the Department of Health (England) reports An Organisation with a Memory ¹³ (2000) and Building a Safer NHS for Patients ¹⁴ (2001). This established the NHSScotland commitment to applying AS/ NZS 4360:1999 Risk Management ¹¹. This standard provides a generic framework for establishing the context, identification, analysis, evaluation, treatment, monitoring and communication of risk. The emphasis however, must be on local systems and application, as organisations' risk management will be influenced by varying needs, objectives, products, services, processes and specific practices employed. Effective establishment of proactive organisational risk management systems, evidenced by reporting and learning systems that collect and analyse information on adverse events and near misses is key to success.

2.2 The Human Factor

Success in reducing the risk of HAI depends upon the commitment given to hygiene and the prevention and control of infection by staff in healthcare settings and the general public. Key to this are the attitudes and culture, local management responsibilities and sharing and learning from good and bad experiences.

The term "human factors" refers to the role played by human beings in "complex socio-technical systems" (Davies J et al ¹⁵, 2003), a set of circumstances in which people and machines interact with each other. NHSScotland is a complex socio-technical system. Human error is said to occur in situations that arise where a particular human action has, or could have, an unwanted consequence; and where the action in question is deemed with hindsight to have been incorrect. The term is frequently used incorrectly to describe a mistake made by a front-line operator. However, human error can occur at any point in a complex socio-technical system, from the front-line workers through middle-management and supervisory staff, and ultimately to senior management.

In recent times systems have been devised which look at human error at three distinct levels. These are:

• proximal level where the errors made are defined by the jobs that front-line staff are required to do 'at the coal face' ( e.g. staff member refuses or forgets to wash hands)
• intermediate level which encompasses issues such as staff training, supervision and local procedures ( e.g. poor estates planning - lack of hand basins in clinical areas)
• distal level which includes the kinds of errors that management may make concerning decisions such as resource allocation, staffing levels, recruitment of contract labour etc.

There is evidence to suggest that proximal errors are relatively more common, more likely to be self-detecting ( i.e. at this level, the fact that an error has been made is usually obvious) and less likely to have catastrophic consequences for the organisation than errors at the distal level. By contrast, errors at the distal level are more likely to remain dormant for long periods of time, more likely not to reveal their presence until too late, and more likely to be involved as root causes in major incidents/catastrophes. It is also the case that errors at the front line can sometimes occur because decisions made higher up in the organisation have inadvertently created the conditions under which certain types of front-line error are more likely to occur.

2.3 Training and Education

Enabling staff within NHSScotland to understand risk management and how it applies to their everyday practice is crucial to the success of any organisational risk management system. The requirement for a nationally co-ordinated approach that also enables local delivery of education according to each NHS Board training needs analysis has been acknowledged in previous work ⁸ and reinforced by the consultation and pilot processes for this document.

NHSQIS and NHS Education for Scotland ( NES) have collaborated to commission accredited education in Clinical Governance and Risk Management and develop an on-line knowledge resource. In September 2006 Glasgow Caledonian University commenced delivery of the suite of three modules and the on-line resource (www.clinicalgovernance.scot.nhs.uk) went live in March 2007.