Sheffield City Council
Local Authority / Fire Service
Action Taken
Sheffield City Council has amended the automated response to safeguarding reports to include a notification that, if the person making the report is not contacted within 2 working days, they should contact the Adult Access team to check that the report has been received. They have implemented an email Journal facility which will provide an on-going audit log of all emails received and sent for the relevant mailbox used by Adult Access. They have requested a forensic report and audit log to trace the email and have logged this as a Serious Incident. (AI summary)
View full response
Response to Regulation 28 Report to Prevent Future Deaths
From: , Head of Adult Safeguarding, Sheffield City Council,
Moorfoot, Sheffield, S1 4PL To: Mr David Urpeth, Assistant Coroner for the Coroner area of South Yorkshire
West
1. In the report of 12th December 2016, the Coroner stated that, during the course of the inquest into the death of Carol Leesley, evidence showed that the GP made a safeguarding report on 04/03/2016 but for reasons unknown,, despite there being an automated acknowledgement, the referral was not acted upon. The Coroner stated that it was unclear whether this was a case of unanimous error or IT error.
2. In the Coroner’s opinion, action should be taken to prevent future deaths and Sheffield City Council had 56 days to respond to the Coroner’s report with details of actions taken or proposed to be taken, setting out a timetable for action with regards to the issues which have arisen.
3. Summary of actions taken to date
3.1 Immediate contingency measure put in place
3.1.1 On 9th December 2016, the final day of the inquest,
Advanced Practitioner in the Community Access Prevention Team, amended the wording of the automated response generated when a safeguarding report is received by the Adult Access Team. The amended text included a notification that, if the person making a safeguarding report was not contacted by the Adult Access team within 2 working days, then they should contact the Adult Access team by telephoning 0114 273 4908 to check that the report had been received and that a referral was being progressed.
3.1.2 It was recognised that in itself this action, whilst reducing the risk of a report being received and not actioned, was in itself not sufficient to address the underlying concern about system reliability. The Adult Access Team have had no further instances of referrals having been reported as sent not having been received by the Adult Access Team. Whilst the Local Authority recognises this, in itself, does not prove that all referrals are being received, it is a strong indication that the circumstances leading to the non-actioning of the safeguarding referral in the case of Carol Leesley occurred as an isolated incident
3.1.3 Since the wording on the automated response generated through Adult
Access was changed on 9th December 2016 by , we
have not been contacted as requested in the text of the automated
response about a Safeguarding referral not having been followed up. The revised wording is as follows
Please note that your email has not yet been seen by anyone in the
Adult Access team.
We aim to reply to your email with a written response within 1 working
day. If you do not receive a written response to your email within 2
working days of this acknowledgment then please call Adult Access as
a matter of urgency on 0114 2734908, to confirm that we have
received your email and are dealing with your request.
3.1.4 The IT systems operating in the Adult Access Team are designed to
prevent emails, including those that contain safeguarding referrals,
from being accidentally deleted. To completely delete an email, it would
have to be deleted from the inbox folder and then separately deleted
from the deleted folder; two distinct actions. The Local Authority is
putting in place a Journal function integrated into the IT system that will
make it easier to retrieve and track deleted emails. Journal function
enables the Local Authority to track every action in a specified
mailbox, In this case the Mailbox for the Adult Access Team.
3.2 Investigation into possibility of human error
3.2.1 Having put an interim contingency measure in place by way of an
amended automated response on the Adult Access Inbox, Sheffield
City Council took steps to establish the reason why the safeguarding
report in question was not acted upon and why the email sent into the
SCC inbox for which acknowledgement was received cannot be traced. In doing so, the Local Authority had to consider, as indicated by the
Coroner, whether or not the possible cause was human error or an IT
system error. , Advanced Practitioner in the Community Access
Prevention Team, with the Adult Access Team Leader
and the Adult Access Team Manager conducted
an extensive search of the Adult Access email Inbox to establish
whether or not the safeguarding referral email was in fact received but
not acted upon on due to human error.
3.2.2 The in-depth search of deleted, archived, sent and inbox files took
place on 8th December 2016 and looked at the relevant date of 4th
March 2016.
This produced no trace of the email. Emails were then searched
by name of the subject of the safeguarding referral and by the name of
the GP medical practice.
The referral completed by the Phlebotomist Team, reported on at the
Inquest, was evidenced as having been received and been transferred
to a Contact Assessment on 14th March and had been sent to the
Community Access and Prevention Team for action as described in my
statement to the Coroner.
3.2.3 The Adult Access inbox is programmed to send an automatic response when an email is received into the inbox.
3.2.4 Procedures for receipt of email in Adult Access mean that the system used by Adult Access prompts the Advice Worker to send a courtesy email to the safeguarding referrer explaining they have received the email and will give information on what team this has been sent to and also the allocated team’s telephone number. No courtesy email was found in sent items from adultaccess@sheffield,gcsx.gov.uk
There is no available evidence to suggest that non-action was the result of human error either by action or omission on this occasion.
3.2.5 However, to further reduce the risk of a report not being actioned, all staff working within Adult Access team have been reminded of the existing procedures and process for handling emails to further reduce the risk of emails being deleted or not actioned correctly.
3.2.6 I am sufficiently assured that the risk of a report which has been
received into the Adult Access Mailbox not being actioned due to
human error has been adequately addressed and minimised. I and the Head of Service for the Access Prevention and Re-ablement team who has overall responsibility for the Community Access Prevention Team, are keeping this under review.
4. IT systems audit
4.1 In parallel with the in depth search of the email boxes, , the Local
Authority Head of Information Management, commenced an IT systems audit.
The purpose of this audit was to establish if the email with the Safeguarding
Referral had been received but not acted upon either due to a fault or as the
result of a failure in the IT systems supporting the work of the Adult Access
Team.
The Adult Access Team is the designated receiving point for safeguarding
referrals. A chronology of the actions taken to track the safeguarding
report through an analysis of IT systems is set out below at 4.1.1 -4.1.10
4.1.1 Following the court hearing, Sheffield City Council undertook an investigation into why this email from the GP medical practice had not been received by the secure email adultaccess@sheffield.gcsx.gov.uk
4.1.2 This was also logged as a security incident, and a team was established to review and investigate what had happened and what actions needed to be undertaken.
4.1.3 Unfortunately, it was confirmed by the Sheffield City Councils ICT provider Capita that as the email was sent by the GP medical practice in March 2016, no audit logs or emails would have been retained. The retention period was confirmed as 30 days.
4.1.4 It was also confirmed that a copy of the email from the GP medical practice could not be found within the mailbox adultaccess@sheffield.gcsx.gov.uk where the email should have been received.
4.1.5 Nor did Customer Services who manage the mailbox have any record of the email been received from the GP medical practice. (Customer services record emails received to this mailbox onto an excel tracker).
4.1.6 As such, the Head of Information Management, , contacted the GP medical practice to request a forensic report from their email provider Accenture. Accenture are the ICT provider for NHS mail.
4.1.7 Following a number of conversations with Accenture, they confirmed that they would be able to provide a forensic report going back to March 2016.
4.1.8 This would detail if the email servers used by the GP Medical practice had successfully sent the email to adultaccess@sheffield.gcsx.gov.uk. We are awaiting this report.
4.1.9 In addition to this the Head of Information Management instructed capita that more auditing tools are deployed to ensure that going forward we have audit evidence for a longer period of time. Technically this is called journaling and should be in place by March
2017.
4.1.10 This journaling tool will provide much more detailed audit information which would provide evidence of emails sent and received from this and other appropriate mailboxes used by Sheffield City Council. 5 Summary of Actions
5.1 The current position is that , the Head of information Management for the Local Authority, is putting in place an email Journal facility which will provide an on-going audit log of all emails received and sent for the relevant mailbox used by Adult Access. This will enable the Local Authority us to track all actions taken with a specific emails
5.2 has requested a forensic report and audit log via the Accentuate the agency responsible for the IT System at the GP surgery used to send the email.
This should enable us to trace directly from the originating source of the Safeguarding referral, the GPs surgery, the email that included the safeguarding referral.
The GPs surgery have to make this request themselves. The request was made by the GP surgery on 20th February 2017.
5.3 In accordance with our Information Management procedures Sheffield City Council has logged this as a Serious Incident. Whilst there is no prescribed time limit for concluding a Serious Incident investigation I anticipate that this will be concluded in the next 6 weeks.
This investigation cannot be completed until a response has been received from Accenture who are compiling the forensic report requested by
Once the investigation is completed a report will be produced which will then be considered initially by Care and Support Leadership Team to determine what, if any, further actions are required final incident security report will be completed once the actions above are completed.
6 Proposed actions
6.1 Although the work is continuing to establish why the report was not acted
upon and the email sent by the GP practice cannot be traced, on balance my
assessment at this time is that it is an IT system issue.
6.2 Given that the Journal facility is still to be activated the NHS forensic audit log request is in process the Sheffield City Council Serious Incident process is yet to conclude
I propose to provide the Coroner with a further update by 20th April 2016
: Head of Adult Safeguarding Sheffield City Council
From: , Head of Adult Safeguarding, Sheffield City Council,
Moorfoot, Sheffield, S1 4PL To: Mr David Urpeth, Assistant Coroner for the Coroner area of South Yorkshire
West
1. In the report of 12th December 2016, the Coroner stated that, during the course of the inquest into the death of Carol Leesley, evidence showed that the GP made a safeguarding report on 04/03/2016 but for reasons unknown,, despite there being an automated acknowledgement, the referral was not acted upon. The Coroner stated that it was unclear whether this was a case of unanimous error or IT error.
2. In the Coroner’s opinion, action should be taken to prevent future deaths and Sheffield City Council had 56 days to respond to the Coroner’s report with details of actions taken or proposed to be taken, setting out a timetable for action with regards to the issues which have arisen.
3. Summary of actions taken to date
3.1 Immediate contingency measure put in place
3.1.1 On 9th December 2016, the final day of the inquest,
Advanced Practitioner in the Community Access Prevention Team, amended the wording of the automated response generated when a safeguarding report is received by the Adult Access Team. The amended text included a notification that, if the person making a safeguarding report was not contacted by the Adult Access team within 2 working days, then they should contact the Adult Access team by telephoning 0114 273 4908 to check that the report had been received and that a referral was being progressed.
3.1.2 It was recognised that in itself this action, whilst reducing the risk of a report being received and not actioned, was in itself not sufficient to address the underlying concern about system reliability. The Adult Access Team have had no further instances of referrals having been reported as sent not having been received by the Adult Access Team. Whilst the Local Authority recognises this, in itself, does not prove that all referrals are being received, it is a strong indication that the circumstances leading to the non-actioning of the safeguarding referral in the case of Carol Leesley occurred as an isolated incident
3.1.3 Since the wording on the automated response generated through Adult
Access was changed on 9th December 2016 by , we
have not been contacted as requested in the text of the automated
response about a Safeguarding referral not having been followed up. The revised wording is as follows
Please note that your email has not yet been seen by anyone in the
Adult Access team.
We aim to reply to your email with a written response within 1 working
day. If you do not receive a written response to your email within 2
working days of this acknowledgment then please call Adult Access as
a matter of urgency on 0114 2734908, to confirm that we have
received your email and are dealing with your request.
3.1.4 The IT systems operating in the Adult Access Team are designed to
prevent emails, including those that contain safeguarding referrals,
from being accidentally deleted. To completely delete an email, it would
have to be deleted from the inbox folder and then separately deleted
from the deleted folder; two distinct actions. The Local Authority is
putting in place a Journal function integrated into the IT system that will
make it easier to retrieve and track deleted emails. Journal function
enables the Local Authority to track every action in a specified
mailbox, In this case the Mailbox for the Adult Access Team.
3.2 Investigation into possibility of human error
3.2.1 Having put an interim contingency measure in place by way of an
amended automated response on the Adult Access Inbox, Sheffield
City Council took steps to establish the reason why the safeguarding
report in question was not acted upon and why the email sent into the
SCC inbox for which acknowledgement was received cannot be traced. In doing so, the Local Authority had to consider, as indicated by the
Coroner, whether or not the possible cause was human error or an IT
system error. , Advanced Practitioner in the Community Access
Prevention Team, with the Adult Access Team Leader
and the Adult Access Team Manager conducted
an extensive search of the Adult Access email Inbox to establish
whether or not the safeguarding referral email was in fact received but
not acted upon on due to human error.
3.2.2 The in-depth search of deleted, archived, sent and inbox files took
place on 8th December 2016 and looked at the relevant date of 4th
March 2016.
This produced no trace of the email. Emails were then searched
by name of the subject of the safeguarding referral and by the name of
the GP medical practice.
The referral completed by the Phlebotomist Team, reported on at the
Inquest, was evidenced as having been received and been transferred
to a Contact Assessment on 14th March and had been sent to the
Community Access and Prevention Team for action as described in my
statement to the Coroner.
3.2.3 The Adult Access inbox is programmed to send an automatic response when an email is received into the inbox.
3.2.4 Procedures for receipt of email in Adult Access mean that the system used by Adult Access prompts the Advice Worker to send a courtesy email to the safeguarding referrer explaining they have received the email and will give information on what team this has been sent to and also the allocated team’s telephone number. No courtesy email was found in sent items from adultaccess@sheffield,gcsx.gov.uk
There is no available evidence to suggest that non-action was the result of human error either by action or omission on this occasion.
3.2.5 However, to further reduce the risk of a report not being actioned, all staff working within Adult Access team have been reminded of the existing procedures and process for handling emails to further reduce the risk of emails being deleted or not actioned correctly.
3.2.6 I am sufficiently assured that the risk of a report which has been
received into the Adult Access Mailbox not being actioned due to
human error has been adequately addressed and minimised. I and the Head of Service for the Access Prevention and Re-ablement team who has overall responsibility for the Community Access Prevention Team, are keeping this under review.
4. IT systems audit
4.1 In parallel with the in depth search of the email boxes, , the Local
Authority Head of Information Management, commenced an IT systems audit.
The purpose of this audit was to establish if the email with the Safeguarding
Referral had been received but not acted upon either due to a fault or as the
result of a failure in the IT systems supporting the work of the Adult Access
Team.
The Adult Access Team is the designated receiving point for safeguarding
referrals. A chronology of the actions taken to track the safeguarding
report through an analysis of IT systems is set out below at 4.1.1 -4.1.10
4.1.1 Following the court hearing, Sheffield City Council undertook an investigation into why this email from the GP medical practice had not been received by the secure email adultaccess@sheffield.gcsx.gov.uk
4.1.2 This was also logged as a security incident, and a team was established to review and investigate what had happened and what actions needed to be undertaken.
4.1.3 Unfortunately, it was confirmed by the Sheffield City Councils ICT provider Capita that as the email was sent by the GP medical practice in March 2016, no audit logs or emails would have been retained. The retention period was confirmed as 30 days.
4.1.4 It was also confirmed that a copy of the email from the GP medical practice could not be found within the mailbox adultaccess@sheffield.gcsx.gov.uk where the email should have been received.
4.1.5 Nor did Customer Services who manage the mailbox have any record of the email been received from the GP medical practice. (Customer services record emails received to this mailbox onto an excel tracker).
4.1.6 As such, the Head of Information Management, , contacted the GP medical practice to request a forensic report from their email provider Accenture. Accenture are the ICT provider for NHS mail.
4.1.7 Following a number of conversations with Accenture, they confirmed that they would be able to provide a forensic report going back to March 2016.
4.1.8 This would detail if the email servers used by the GP Medical practice had successfully sent the email to adultaccess@sheffield.gcsx.gov.uk. We are awaiting this report.
4.1.9 In addition to this the Head of Information Management instructed capita that more auditing tools are deployed to ensure that going forward we have audit evidence for a longer period of time. Technically this is called journaling and should be in place by March
2017.
4.1.10 This journaling tool will provide much more detailed audit information which would provide evidence of emails sent and received from this and other appropriate mailboxes used by Sheffield City Council. 5 Summary of Actions
5.1 The current position is that , the Head of information Management for the Local Authority, is putting in place an email Journal facility which will provide an on-going audit log of all emails received and sent for the relevant mailbox used by Adult Access. This will enable the Local Authority us to track all actions taken with a specific emails
5.2 has requested a forensic report and audit log via the Accentuate the agency responsible for the IT System at the GP surgery used to send the email.
This should enable us to trace directly from the originating source of the Safeguarding referral, the GPs surgery, the email that included the safeguarding referral.
The GPs surgery have to make this request themselves. The request was made by the GP surgery on 20th February 2017.
5.3 In accordance with our Information Management procedures Sheffield City Council has logged this as a Serious Incident. Whilst there is no prescribed time limit for concluding a Serious Incident investigation I anticipate that this will be concluded in the next 6 weeks.
This investigation cannot be completed until a response has been received from Accenture who are compiling the forensic report requested by
Once the investigation is completed a report will be produced which will then be considered initially by Care and Support Leadership Team to determine what, if any, further actions are required final incident security report will be completed once the actions above are completed.
6 Proposed actions
6.1 Although the work is continuing to establish why the report was not acted
upon and the email sent by the GP practice cannot be traced, on balance my
assessment at this time is that it is an IT system issue.
6.2 Given that the Journal facility is still to be activated the NHS forensic audit log request is in process the Sheffield City Council Serious Incident process is yet to conclude
I propose to provide the Coroner with a further update by 20th April 2016
: Head of Adult Safeguarding Sheffield City Council