Department of Health and Social Care
Central Government
Noted
The DHSC acknowledges concerns raised and outlines the roles of the CQC, NHS England, and NHS Digital in ensuring patient safety and appropriate training and supervision of healthcare staff, particularly Health Care Assistants, and refers to guidance on clinical risk management for health IT systems. (AI summary)
View full response
Dear Mr Morris,
Thank you for your letter of 25 November 2021 to the then Secretary of State for Health and Social Care, Sajid Javid, about the death of Dr Malcolm Dixon. I am replying as Minister with responsibility for Primary Care and Patient Safety, and thank you for the additional time allowed.
Firstly, I would like to say how saddened I was to read of the circumstances of Dr Dixon’s death and I offer my sincere condolences to his family and loved ones. The circumstances your report describes are very concerning and I am grateful to you for bringing these matters to my attention.
In preparing this response, Departmental officials have made enquiries with NHS England, NHS Digital and the Care Quality Commission (CQC).
You may wish to know that CQC has a key responsibility in the overall assurance of safety and quality of health and adult social care services. Under the Health and Social Care Act 20081 all providers of regulated activities, including NHS and independent providers, must register with CQC and follow a set of fundamental standards of safety and quality below which care should never fall. All providers of CQC-regulated activity have a duty to ensure that their staff have the skills, knowledge and experience for the work undertaken.
Health Care Assistants (HCAs) and Assistant Practitioners (APs) have a duty of care and a legal responsibility to the patients they see and care for. HCAs are not registered with a professional body, However, they are accountable to their employer to follow their contract of employment. Accordingly, employers have a responsibility to train, supervise and have oversight of their HCAs. It is vital that employers make sure employees only work within the limits of their competence. Employers also accept vicarious liability for their employees and are accountable for the actions and omissions of the employee.
If a registered nurse is responsible for delegating tasks to an HCA or AP, the registered nurse is responsible under the Nursing and Midwifery Council (NMC) Code of Conduct2 for the safe delegation of that task. The NMC code states that registered nurses must:
• only delegate tasks and duties that are within the other person's competence;
• make sure that everyone they delegate tasks to is adequately supervised and supported; and
• confirm that the outcome of any task they have delegated to someone else meets the required standard.
I have been made aware that since its registration with the CQC, Priory Hospital Altrincham has been inspected five times and all wards have received routine visits from Mental Health
1 https://www.legislation.gov.uk/ukpga/2008/14/contents 2 https://www.nmc.org.uk/globalassets/sitedocuments/nmc-publications/nmc-code.pdf
Act Reviewers. The hospital has a permanent registered manager who has been in post for four years. Regular engagement meetings take place with the registered manager, with the most recent meeting taking place in November 2021. I have been informed that at this meeting, CQC had noted positive plans. Furthermore, Priory Hospital Group had changed ownership in 2021, and is currently owned by a large European healthcare provider. They have committed to invest in the hospital sites, including replacing the current computerised record keeping system.
More generally, NHS Digital’s jurisdiction is limited to operating nationally specified requirements, with deployment of systems that meet such requirements supported by national assurance. This may take the form of independent assurance or through a framework of self- declaration against mandated requirements. NHS Digital does, for example, operate the Digital Care Services catalogue supporting eligible users to buy assured digital tools and systems through approved frameworks. However, the use of these is not mandatory and providers remain responsible for: i) assessing whether the functionality is fit for their purposes; ii) training and ensuring staff use such systems as intended; and iii) ensuring the clinical safety of their patients.
NHS Digital’s remit does not include the specification of IT systems used within Mental Health Settings. However, from a clinical perspective it is agreed that electronic patient record systems should allow users to edit automatically-generated time stamps to accurately reflect when an observation actually took place as often it will not be contemporaneous, and that an associated audit trail should show the time the record entry was made and subsequent changes to it.
Pursuant to section 250 of the Health and Social Care Act 20123, NHS Digital publishes information standards, including DCB0129: Clinical Risk Management: its Application in the Manufacture of Health IT System4 and DCB0160: Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems5, which establish a clinical risk management framework to support the safe development and use of health IT systems for health and adult social care purposes in England. These should be complied with by both the supplier of the system (DCB0129) in question and the care provider (the Priory) using it (DCB0160). Organisations must consider how failure or misuse of the systems could impact the management or delivery of care to the patient/service-user, estimate the risk and where necessary control it to an acceptable/accepted level. Evidence of this work having been done must be recorded in a Clinical Safety Case Report.
I hope this response is helpful, and I thank you for bringing these issues to my attention.
Thank you for your letter of 25 November 2021 to the then Secretary of State for Health and Social Care, Sajid Javid, about the death of Dr Malcolm Dixon. I am replying as Minister with responsibility for Primary Care and Patient Safety, and thank you for the additional time allowed.
Firstly, I would like to say how saddened I was to read of the circumstances of Dr Dixon’s death and I offer my sincere condolences to his family and loved ones. The circumstances your report describes are very concerning and I am grateful to you for bringing these matters to my attention.
In preparing this response, Departmental officials have made enquiries with NHS England, NHS Digital and the Care Quality Commission (CQC).
You may wish to know that CQC has a key responsibility in the overall assurance of safety and quality of health and adult social care services. Under the Health and Social Care Act 20081 all providers of regulated activities, including NHS and independent providers, must register with CQC and follow a set of fundamental standards of safety and quality below which care should never fall. All providers of CQC-regulated activity have a duty to ensure that their staff have the skills, knowledge and experience for the work undertaken.
Health Care Assistants (HCAs) and Assistant Practitioners (APs) have a duty of care and a legal responsibility to the patients they see and care for. HCAs are not registered with a professional body, However, they are accountable to their employer to follow their contract of employment. Accordingly, employers have a responsibility to train, supervise and have oversight of their HCAs. It is vital that employers make sure employees only work within the limits of their competence. Employers also accept vicarious liability for their employees and are accountable for the actions and omissions of the employee.
If a registered nurse is responsible for delegating tasks to an HCA or AP, the registered nurse is responsible under the Nursing and Midwifery Council (NMC) Code of Conduct2 for the safe delegation of that task. The NMC code states that registered nurses must:
• only delegate tasks and duties that are within the other person's competence;
• make sure that everyone they delegate tasks to is adequately supervised and supported; and
• confirm that the outcome of any task they have delegated to someone else meets the required standard.
I have been made aware that since its registration with the CQC, Priory Hospital Altrincham has been inspected five times and all wards have received routine visits from Mental Health
1 https://www.legislation.gov.uk/ukpga/2008/14/contents 2 https://www.nmc.org.uk/globalassets/sitedocuments/nmc-publications/nmc-code.pdf
Act Reviewers. The hospital has a permanent registered manager who has been in post for four years. Regular engagement meetings take place with the registered manager, with the most recent meeting taking place in November 2021. I have been informed that at this meeting, CQC had noted positive plans. Furthermore, Priory Hospital Group had changed ownership in 2021, and is currently owned by a large European healthcare provider. They have committed to invest in the hospital sites, including replacing the current computerised record keeping system.
More generally, NHS Digital’s jurisdiction is limited to operating nationally specified requirements, with deployment of systems that meet such requirements supported by national assurance. This may take the form of independent assurance or through a framework of self- declaration against mandated requirements. NHS Digital does, for example, operate the Digital Care Services catalogue supporting eligible users to buy assured digital tools and systems through approved frameworks. However, the use of these is not mandatory and providers remain responsible for: i) assessing whether the functionality is fit for their purposes; ii) training and ensuring staff use such systems as intended; and iii) ensuring the clinical safety of their patients.
NHS Digital’s remit does not include the specification of IT systems used within Mental Health Settings. However, from a clinical perspective it is agreed that electronic patient record systems should allow users to edit automatically-generated time stamps to accurately reflect when an observation actually took place as often it will not be contemporaneous, and that an associated audit trail should show the time the record entry was made and subsequent changes to it.
Pursuant to section 250 of the Health and Social Care Act 20123, NHS Digital publishes information standards, including DCB0129: Clinical Risk Management: its Application in the Manufacture of Health IT System4 and DCB0160: Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems5, which establish a clinical risk management framework to support the safe development and use of health IT systems for health and adult social care purposes in England. These should be complied with by both the supplier of the system (DCB0129) in question and the care provider (the Priory) using it (DCB0160). Organisations must consider how failure or misuse of the systems could impact the management or delivery of care to the patient/service-user, estimate the risk and where necessary control it to an acceptable/accepted level. Evidence of this work having been done must be recorded in a Clinical Safety Case Report.
I hope this response is helpful, and I thank you for bringing these issues to my attention.