Incident Reporting Procedure

Transcription

1 Incident Reporting Procedure Version: 9.6 Bodies consulted: Approved by: SIRO PASC Date Approved: Lead Manager: Responsible Director: Date issued: Jun 16 Review date: May 18 Health and Safety Manager; Governance Manager Director of Quality Is this policy current? Check the intranet to find the latest version! Incident Reporting Procedure, v9.6, Jun 16 Page 1 of 33

2 Contents 1 Introduction Purpose Scope Definitions Duties and responsibilities Procedures Training Requirements Process for monitoring compliance with this Procedure References Associated Documents Appendix A: Serious Incidents Appendix B: Risk Matrix Appendix C: Incident Report Form and Guidelines Appendix D: RIDDOR Reportable Incidents Appendix E : Diversion to SIRI process Appendix F : Equality Impact Assessment Appendix G: Incident reporting process flowchart Incident Reporting Procedure, v9.6, Jun 16 Page 2 of 33

3 Incident Reporting Procedure 1 Introduction 1.1 The Tavistock and Portman Foundation NHS Trust (the Trust) accepts that in the course of providing its services, adverse incidents can occur, some of which do, or could have serious consequences for patients, students, staff and the public. In such situations the immediate response will always be to care for the person affected and make the situation safe. Thereafter, the Trust has a responsibility to make every effort to reduce the likelihood of a re-occurrence by investigating incidents, understanding how they occur, and by taking appropriate preventive action. 1.2 The Trust recognises that most incidents occur because of problems with systems rather than with individuals. The Trust will ensure that timely and fair action is taken to manage incidents when they occur, to help prevent such incidents occurring in the future, by ensuring appropriate reporting, and by making subsequent improvements where indicated. 1.3 The Trust is committed to minimizing unexpected adverse outcomes for patients, staff, students and visitors through the process of risk management. This incident reporting procedure aims to increase and maintain awareness of the need to identify and report incidents, near misses and serious untoward incidents. 1.4 Because of the nature of cyber incidents, an immediate response is often necessary in order to prevent escalation of the problem, please refer to the Cyber Security Incident Response Standard Operating Procedure and follow the directions therein as a priority over incident reporting. 2 Purpose 2.1 Requirement for Incident Reporting This procedure is designed to ensure that the Trust has a consistent and effective method of incident reporting across its service, in accordance with national guidance and legislation. It sets out the steps that staff should follow to identify, record, and grade incidents, and sets out the system of escalation and investigation that is followed dependent on the risk score of the incident. This procedure should be read in conjunction with the Trust s Risk Management Strategy and the Serious Incident Reporting Procedure. Incident Reporting Procedure, v9.6, Jun 16 Page 3 of 33

4 2.2 Fair Blame Statements The Trust aims to take an integrated approach to learning from incidents of all types in order to improve and improve its services The Trust recognises that such learning can only take place in a nonthreatening environment and that fear of disciplinary action may deter staff from reporting an incident. The Chief Executive has confirmed that no disciplinary action will result from reported incidents or mistakes, subject to certain exceptions: Incident that warrant police prosecution of individual members of staff Incidents that reveal that actions of an individual are judged to be far removed from acceptable practice Repeated failure by a member of staff to report incidents Malicious use of the reporting system 2.3 Raising Concerns Staff should refer to the Raising Concerns and Whistleblowing and Procedure if they feel the need to raise issue of patient safety, or other incidents, where they are concerned that the Trust is not acting. Staff are also reminded that they have a duty to report incidents and staff should have the expectation that the Trust will act appropriately in line with this procedure and the Serious Incident Management Procedure. 3 Scope This procedure applies to the reporting of accidents, incidents and near misses that affect the Trust s property or anyone affected in the course of its activities. When an accident or incident involves someone who is not a member of staff then it is the responsibility of the member of staff who is made aware of the accident or incident to follow the reporting requirements by completing an incident reporting form. In addition staff should take steps to remove/ prevent access to residual hazards that may remain at the site of the accident/ incident so as to prevent further injury/ near miss incident. This procedure applies to incidents of all types: clinical, non- clinical, health and safety and information incidents. All incidents must be reported centrally and the responsible manager will determine how the incidents will be handled. Incident Reporting Procedure, v9.6, Jun 16 Page 4 of 33

5 National guidance on IG incidents differs from guidance on all other incidents and this is reflected in the processes and responsibilities. 4 Definitions Term Definition Incident (or accident) An unplanned or unexpected event that results in one or more of the following: causes an injury, either physical or psychological, to staff, patients/clients, visitors, volunteers, agency/bank staff or contractors results in damage to or loss of equipment, buildings, assets or structures that results in unplanned interruptions to service provision. A failure to comply with Trust policies. Clinical Incident An unplanned or unexpected event occurring during the course of investigation, treatment, or follow up, which gives rise to injury or harm to a patient, including Safeguarding concerns. Sharps Incident Injuries caused by needle sticks, human bites, scratches or other injuries where the victim is at risk of contamination by human blood or body fluids. In the event of a sharps incident an incident form must be filled in and the victim should be managed under guidelines in the Trust s Infection Control Procedure. Serious Incident An incident that is scored at 9 or more when the Trust s unified risk scoring system in applied. These incidents are managed under the Trust s Serious Incidents Reporting Procedure. An illustrative list of serious incidents is shown at Appendix A. Security Incident An unplanned or unexpected event which results in harm to persons or property, including violence and aggression, theft, break-in or wilful damage. Incident Reporting Procedure, v9.6, Jun 16 Page 5 of 33

6 Term Definition Information Incident Actual or potential failure to meet the requirements of the Data Protection Act and/or the common law of confidentiality, including misuse, unlawful disclosure, recording or sharing inaccurate data, information security breaches, and inappropriate invasion of privacy. Other IG incidents include breaches of the Freedom of Information Act or the Environmental Information Regulations. Information Communication Technology Incident A system, service, device, or network failure which might lead to a failure of safeguards or compromise business continuity but has not resulted in an information incident. Cyber Incident Anything that could (or has) compromised information assets within Cyberspace Fire incident Any event which results in, or had the potential, to damage people or property, or the Fire Brigade. These incidents are managed under the Trust s Fire Safety Procedures. Dangerous occurrence A serious failure of machinery, premises or plant as defined in RIDDOR. In addition to managing these incidents within the Trust the Health and Safety Manager must send a report to the Health and Safety Executive. Hazard A hazard is a system and/or object that have the potential to cause harm. Incident Reporting Procedure, v9.6, Jun 16 Page 6 of 33

7 Term Definition Near miss An incident in any of the categories listed above which does not result in injury or harm to persons or damage to property, but had the potential to do so. Near misses should be reported in the same way as incidents using the Trust s incident form. Reportable Disease A work-related disease or condition listed in RIDDOR from which an employee or self-employed person is suffering and which has been confirmed by a medical practitioner or occupational health physician. Staff Any person undertaking the Trust s work, including employees, volunteers, students, and contractors. Data Loss Loss shall mean the temporary or permanent inability to access or retrieve data. Breach of confidentiality Any incident involving the actual or potential loss of personal identifiable information that could lead to identity fraud, or have significant adversely affected individuals. Adverse Media attention Media coverage or public concern about the organisation or the wider NHS. Personal confidential data Cyberspace Any data from which an individual can be identified. An interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services. Incident Reporting Procedure, v9.6, Jun 16 Page 7 of 33

8 5 Duties and responsibilities The Chief Executive The Chief Executive is responsible for the overall implementation, monitoring and revision of this procedure. Medical Director The Medical Director will be responsible for ensuring that a system is in place for investigating and follow up for all reported clinical incidents. They will also be responsible for contacting CCGs and patients when the Trust decides to initiate, or be a part of an investigation of a serious incident. Reporting and any Serious Incident to the respective commissioner. Associate Director of Quality and Governance The associate director has responsibility for the administration of non-clinical risk management, including health and safety across the Trust (excluding information governance), and will provide advice and support to managers and staff on all aspect of incident management (except information incidents), and will lead on facilitating the delivery of the actions to be taken in relation to all clinical incidents. The associate director is responsible for ensuring that all relevant clinical incidents are uploaded to the National Reporting and Learning Data base (NRLS) in line with CQC requirements. Director of Information Management and Technology The director will ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual cyber incidents are managed in accordance with NHS requirements. Ensure that there are effective mechanisms in place for reporting and managing cyber Serious Incidents Requiring Investigation (cyber-siris). These mechanisms should accommodate technical, operational or procedural improvements arising from lessons learned. Directors It is the responsibility of directors to: Incident Reporting Procedure, v9.6, Jun 16 Page 8 of 33

9 Disseminate this procedure within their area of responsibility and ensure its implementation by providing support and advice to their managers and staff. Promote incident reporting to their staff Ensure that recommendations arising from the analysis of incidents are actioned as appropriate within their directorate. Line Managers It is the responsibility of line managers to: Ensure that their staff understand and follow the incident reporting procedure Ensure that an incident form is completed for each incident/ accident correctly, and record any actions taken For a serious incident (scoring 9 or more on the Trust risk matrix) ensure that the incident form is forwarded to the Trust s Health and Safety Manager, and senior management (if appropriate), without delay in accordance with the Serious Incident Reporting Procedure 1 Ensure that the incident form is sent to the Health & Safety Manager as soon as possible, and no longer than three working days after the incident. complete part 2 of the incident form in all cases where immediate action is taken Ensure that risk assessments are carried out (or reviewed) on all significant identified risks and put into place appropriate action plans to eliminate or reduce the risk to an acceptable level. The results of written risk assessments must be communicated to all those who may be at risk and provided to their staff-side representative in writing if requested. Liaise with the Health & Safety Manager regarding any safety or health issues related to the health and safety of any injured person Make referrals to Occupational Health for ill health For all serious incidents, cooperate with senior managers and investigators to facilitate a full investigation and root cause analysis of the incident Implement any recommendations that are accepted following a serious incident 1 available via the Trust intranet and the Trust webpage as the Serious Incident Procedures ( The Investigating and Learning from a Serious Incident) Incident Reporting Procedure, v9.6, Jun 16 Page 9 of 33

10 The Governance Manager The Governance Manager is also the Lead for information governance and in relation to incident reporting, is responsible for: Ensuring that information incidents and risk management activity are reported and considered at the Information Governance Work Stream of the Clinical Safety and Governance Committee, and that agreed actions are followed through Provide expert advice on IG matters Assess IG incident reports for diversion to Serious Information Reportable Incident (SIRI) process Reporting IG incidents externally The Health & Safety Manager The Health and Safety Manager is responsible for: maintaining the Trust s file of incident forms and the Trust s database Ensuring that relevant accidents / incidents are reported to the appropriate authority if required, ensuring that accidents / incidents are properly investigated, and where necessary remedial measures taken in conjunction with appropriate agencies, for incidents scoring 9+ this must be in accordance with the Serious Incident Procedure Producing reports for tracking progress of implementing action plans and reports exploring trends to the Health and Safety Committee Providing staff with help and advice on completing incident forms and appropriate actions following an incident or near miss Provide summaries of incidents to the information governance, patient safety and clinical risk, and corporate governance and risk work stream leads. Clinical Governance Manager The manger shall lead on all safeguarding incidents (including PREVENT) and monitor clinical incidents for clinical risk and revalidation management purposes. Employees It is the responsibility of employees to: Report all accidents / incidents on the Trust s incident form and send it to the Health and Safety Manager as soon as possible, or for cyber security Incident Reporting Procedure, v9.6, Jun 16 Page 10 of 33

11 incidents, to ICT helpdesk immediately The employee or the management should immediately inform the Trust s Health and Safety Manager any incident graded 9 or more The person completing the form or the line manager should grade the incident using the Trust s risk matrix 6 Procedures 6.1 Reporting via the Trust s Incident Reporting Form All incidents are to be reported on the Trust s unified incident reporting form, shown at Appendix B. This form can be accessed via the front page of the Trust intranet, on the Trust s website, or from the Health and Safety Manager. Staff should follow guidance on the form and complete it as fully as possible. The incident form must be completed legibly and factually in pen, or typed, immediately following the incident. It should record the facts of the incident and not opinion. Further help on completing the form can be obtained from the Health and Safety Manager. When complete the form should be sent either by or internal post and marked for the attention of the Health and Safety Manager. A copy of the report should be forwarded to the department manager. The person completing the form should grade the incident following the Trust s grading matrix. If the reporter is unclear about the grade then the matter should be referred to their manager or the Health and Safety Manager Health and Safety Manager for further advice. In the event of any serious incident these should be reported to the Health and Safety Manager Staff working on sites not owned or managed by the Trust who have reported an incident to the host body can send a copy of that incident report to the Health and Safety Manager, or complete a Trust Incident report noting that the incident has been reported elsewhere. 6.2 Action to be taken by the Health and Safety Manger i. On receipt of the incident form, the Health and Safety Manager will review it for completeness, obtain further information if required and review the grade recorded on the form. If grading is incomplete or questionable the Health and Safety Manager will review the grading with the reporter, the relevant manager Incident Reporting Procedure, v9.6, Jun 16 Page 11 of 33

12 ii. and the Associate Director for Quality and Governance (or the Governance Manager for IG incidents). Where grading cannot be agreed, the Associate Director for Quality and Governance (or the Governance Manager for IG incidents) will determine the score. The Health and Safety Manager will record the details of the incident on the Trust s incident database. The Health and Safety Manager will retain the original incident form and forward a copy of the form without delay as set out in the table below: Senior Staff to be informed and sent a copy of the Incident Director of area involved (for all incidents scoring 9+) Associate Director for Governance and Risk (all incidents) Associate Medical Director for Patient Safety (all incidents) Clinical Governance Manager (all incidents) Deputy Chief Executive SIRO (all incidents) IG Manager (all incidents) Caldicott Guardian (all incidents) The lead manager (see appendix G) for those that meets the respective NLRS notifiable safety incident threshold Estates General Clinical IG 6.3 Duty of Candour On receipt of every form the Health and Safety manager will assess whether the incident meets the criteria of a notifiable safety incident under the Duty of Candour. If the incident appears to meet the criteria, the H&S Manager will refer the case to the Medical Director. If the Medical Director confirms that the incident meets the criteria of a notifiable safety incident the patient will be informed of this in line with the regulations. The H&S Manager will record the assessment of whether the incident meets the criteria, and the subsequent action taken where it does, on the incident database. Incident Reporting Procedure, v9.6, Jun 16 Page 12 of 33

13 6.4 Investigation The degree of investigation of an incident will be determined by the incident severity as indicated by the Trust s risk grading system (see section below), or by the IG SIRI criteria (for all IG incidents). Incidents scoring 9 or more will be investigated under the Trusts Serious Incident Procedure*. 6.5 Additional reporting Mandatory requirements direct that certain categories of incidents are reported to various external agencies e.g. the Health and Safety Executive (RIDDOR reporting), the National Reporting and Learning System (NRLS); and the Medicines and Healthcare Products Regulatory Agency (MHRA). Designated senior managers are responsible for making these reports according to their role. In addition, all information incidents must be reported to the data subject. 6.6 Reporting procedure for non-trust employees who have an incident or accident on Trust property Patient/service-users All accidents/incidents involving patients are to be reported by a member of staff reported on an incident form in accordance with the process detailed above. The form when complete should then be forwarded to the Health & Safety Manager. Where contractors do not have their own forms, the incident may be recorded on a Trust form. Contractors Contractors are responsible for reporting any accidents/incidents directly to their employer or the enforcing authority if necessary using their own company reporting systems. To enable the Trust to monitor activities taking place on its properties copies of any such incidents involving contractors or self-employed persons must also be forwarded to the Health & Safety Manager to be used for information purposes. Students If a student is on placement with the Trust and has an accident the staff member responsible for that student during the placement must report the matter to the university/ college from where the student came as soon as possible in addition to completing the Trust s incident form. Incident Reporting Procedure, v9.6, Jun 16 Page 13 of 33

14 Visitors to Trust sites If a visitor has an accident appropriate first aid should be provided and any practical assurance required. An Incident form should be completed by the member of staff witnessing the accident by the person to whom the accident was reported. The form should then be forwarded to the Health & Safety Manager. 6.7 Legal, Statutory and Stakeholder Reporting GREEN (Low risk score 1-5) These are untoward occurrences that can generally in most instances be managed adequately and promptly at the time of the incident and require no further investigation. YELLOW (Moderate risk score 6-8) These are incidents/ near misses that may also be able to be managed adequately and promptly at the time of the incident; however, depending on the type of accident/incident and its possible implications, it may be escalated to a manger s attention. The incident itself may have may have consequences in terms of its potential to cause a serious or adverse outcome that will require on-going management action. AMBER (High risk scores 9-12) Incidents that are scored 9-15 should all undergo a preliminary investigation as set out in the Trust s Serious Incident Procedure; following the preliminary investigation the relevant Director, the Medical Director, Associate Director Quality and Governance, or Governance Manager for IG incidents, will determine whether a full root cause analysis is to be carried out. RED (Catastrophic risk score 15-25) Incidents that are scored should be investigated under the Trust s Serious Incident Procedure; the process is overseen by the Chief Executive. A preliminary investigation is carried out followed by a full root-cause analysis is to be carried out for all red incidents. These arrangements are summarised in the table below: Incident Reporting Procedure, v9.6, Jun 16 Page 14 of 33

15 Risk level Escalation level Initial reporting Level of Investigation Review Extreme Red Board Complete incident form Inform CE and leads in appendix G Following SI Procedure Health & Safety Manager to ensure all appropriate agencies (HSE, NPSA etc.) are informed and record Conduct full investigation and root cause analysis following the Serious incident Procedure Consideration and decision of who is to contact the patient or CEO and/or Medical Director to ensure all relevant external agencies are informed in accordance with the Serious Incident Procedure. Health & Safety Extreme Red (cont d..) on database Associate Director of Quality and Governance to report via STEIS. patient s family and inform them of the investigation. Manager to ensure Clinical Incident review is carried out Findings/ recommendations to go EMT High Orange 9-12 Executive Management Team (reporting to Board ) Complete incident form Following SI Procedure Health & Safety Manager to ensure all appropriate agencies (HSE, NPSA etc.) are informed and record on database Conduct a preliminary investigation and consider a full investigation and root cause analysis following the Serious incident Procedure Consideration and decision of who is to contact the patient or patient s family and inform them of the investigation. Health & Safety Manager to ensure Clinical Incident review is carried out Findings/recommend ations to go appropriate committee Moderate Yellow 6-8 Directorate/ Department Complete incident form, inform line manager Inform Health & Safety Manager, Health & Safety Manager t to ensure all appropriate agencies (HSE, NPSA etc.) are informed and record on database Line Manager and Health and safety manger to decide any further preventative actions or the need for a local investigation. Review risk assessments if required, i.e. if any action taken following investigation Low Green 1-5 (tolerated risks) Department, but monitored at Directorate level Complete incident form with a line manager completing section two on any actions taken or to be taken, H&S Manager to ensure all appropriate agencies (HSE, NPSA etc.) are informed and record on database No further investigation normally instigated unless felt required by Line Manager Re-grade if required following any investigation Review risk assessments if required 6.8 IG Incidents IG incidents will be assessed for seriousness by the Governance Manager at the outset using the flow diagram in appendix E. If the result is that the score is less than 2, then this procedure applies; otherwise, the HSCIC guidelines apply. Incident Reporting Procedure, v9.6, Jun 16 Page 15 of 33

16 7 Training Requirements 7.1 Training The Trust recognises that training of all staff is an essential to the effective working of this incident reporting procedure. Specific training will be offered by skilled staff and it will be co-ordinated and monitored through the Staff Training Committee. The responsibility for training in incident reporting lies with the Associate Director Quality and Governance and the Medical Director who will work with the HR Lead for training to ensure that training delivered meets current staff needs, and that records of attendance are kept. The Trust has determined that training needs to be provided at a basic level for all staff and at a higher level for key staff in the trust. The format of training that will be made available under the Risk Strategy is as follows: All new staff will receive an introduction to the Trust s approach to incident reporting as part of basic induction. All staff will receive updating training on incident reporting at the biennial INSET days, attendance at which is mandatory for all staff. Managers and Senior Staff will receive specific training on incident reporting and investigation as part of on-going in service training for managers. Board of Directors will receive specific training on risk management in a joint training session to be held annually with the members of the Management Team. The topics to be covered will be determined by the prevailing needs of the Trust. The training providers will monitor and report attendance as appropriate and ensure that attendees evaluate each session to ensure learning objectives are met and improvements to future sessions can be made. Training will be provided by internal staff with appropriate skills, alternatively the Trust will use external skilled risk advisers to provide training to ensure that training is of the highest standard. Incident Reporting Procedure, v9.6, Jun 16 Page 16 of 33

17 8 Process for monitoring compliance with this Procedure 8.1 Regular Reporting In order to assess compliance with this procedure and to ensure that the Trust learns from incidents that occur in the course of its business the following routine reviews will be undertaken: The Associate Director Quality and Governance with support from the Health and Safety Manager will ensure that the following reports are produced: Quarterly report on all incidents for the Corporate Governance and Risk Work stream of the Clinical Quality, Safety, and Governance Committee. Quarterly report on all clinical incidents for the Patient Safety Work stream of the Clinical Quality, Safety, and Governance Committee. Quarterly report on all information and ICT incidents for the Information Governance Work stream of the Clinical Quality, Safety, and Governance Committee. The work streams will monitor the effectiveness of incident management and may make recommendations for changes to practice or procedures based on reports received. 8.2 Risk Register Incidents that indicate an on-going risk to the trust following investigation and treatment should be entered onto the Trust s risk register together with details of the on-going action/treatment plan. The risk register will be reviewed by the Board of Directors, Management Team and Directors, as appropriate to level of risk indicated. 8.3 Serious Incident Monitoring Monitoring of compliance with incident reporting and investigation for incidents rated at 9+ using the Trust risk matrix will be monitored under the serious incident procedure. 9 References Incident Reporting Procedure, v9.6, Jun 16 Page 17 of 33

18 Department of Health. (2000). An Organisation with a Memory: Report of an Expert Group on Learning from Adverse Events in the NHS. London: Department of Health. Department of Health. (2001). Building a Safer NHS for Patients: Implementing an Organisation with a Memory. London: Department of Health. Health & Safety Executive. (1995). Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR Explained, Version 6), Suffolk: Health and Safety Executive. Available at: National Patient Safety Agency. (2005). Building a Memory: Preventing Harm, Reducing Risks and Protecting Patient Safety London: National Patient Safety Agency. Health and Safety (Consultation with Employees) Regulations (Statutory Instrument 1996 No. 1513). London: The Stationery Office. Available at: Compliance Framework. (2013). Monitor: London. Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation f 10 Associated Documents The procedure should be read in conjunction with the following policies as appropriate: Risk Management Strategy and Policy Serious Incident Procedure Major Incident Plan Raising Concerns and Whistleblowing and Procedure Health and Safety Policy Infection Control Procedure (in relation to needle stick incidents) Fire Procedure Business Continuity Plan. Information Governance Framework [see IG Policy] Serious Information Reporting of Incidents Guidelines Being open and candid with patients involved in an incident procedure Cyber Security Incident Response Special Operating Procedure Incident Reporting Procedure, v9.6, Jun 16 Page 18 of 33

19 Appendix A: Serious Incidents Serious Incidents The following is an illustrative list of examples of serious incidents. These are managed under the Trust s Serious Incident Procedure. An accident or incident involving a patient, member of staff, visitor on Trust property, contractor or other person, to whom the Trust owes a duty of care, occurs causing serious injury or death. A patient causes serious harm to another person whilst on premises and/or under care to the Trust Serious damage occurs to Trust property as a result of fire, flood, criminal activity etc. Large-scale theft or fraud has occurred or major litigation is likely or expected. A serious work-related disease or condition listed in RIDDOR 2 3 from which an employee is suffering and which has been confirmed by a medical practitioner or Occupational Health Physician. Serious breach of confidentiality. Adverse Media Attention Allegation of Abuse 2 For more information on grading incidents refer to the Incident Reporting Procedure available on the intranet Incident Reporting Procedure, v9.6, Jun 16 Page 19 of 33

20 Appendix B: Risk Matrix Definitions RISK SCORE = Consequence score x likelihood score When scoring an incident consider the actual or potential consequence /of the incident. Descriptor/Grade Negligible (1) Low (2) Moderate (3) Major CONSEQUENCE/IMPACT DESCRIPTION Negligible impact on strategic objectives Nil/negligible: Injury; loss; service interruption; environmental/estate impact; impact on reputation; impact on quality; litigation or complaint; non-identifiable data loss. Small variance from overall strategic objective. First aid treatment with full recovery. Complaint possible; Local low key external interest. Minor: financial loss (up to 5k); service interruption; adverse effect on environmental/estate; adverse effect on reputation; adverse effect on quality. Loss of individual machine, system, network, applications up to half a day; minor breach of confidentiality, where no sensitive data was disclosed/lost. Notable negative variance from overall strategic objective. Medical treatment required up to 3 months to recover; Reportable under RIDDOR; complaint probable. Moderate : financial loss (5K 200k); service interruption for more than one week; adverse effect on environmental/estate; adverse effect on reputation. Local press, stakeholders express concern; adverse effect on quality; temporary loss or mislocation of data internally; moderate risk of low value claim. Loss of individual machine, system, network, applications over half a day; loss of several machines, systems, networks, applications up to half a day; breach of confidentiality involving sensitive data Significant variance from overall strategic objective. Incident Reporting Procedure, v9.6, Jun 16 Page 20 of 33

21 (4) Long term illness or injury (up to one year); Reportable under RIDDOR Complaint expected/received. Major : financial loss (200k 3m); service interruption of more than one month; adverse environmental/estate conditions leading to loss of service; significant adverse effect on reputation; significant medical intervention required for more than one week, significant concerns raised by stakeholders; significant adverse effect on quality, including risk of failing to meet CQC standards. High value claim; action by HSE anticipated; moderate risk of high value claim. Loss of one or more non-patient activity networks, systems, applications for more than one day; loss of one or more patient activity networks, systems, applications for more than half a day; permanent loss of non-patient data; significant breach of confidentiality involving sensitive data which caused the subject distress. Extreme/ Catastrophic (5) Failure to meet strategic objective threatens independent functioning or stability of the Trust. Death and/or Financial loss3m+ Certain : risk to reputation, national press 3+ days, risk of questions in the House of Commons. Serious/long term and/or permanent loss of information that impacts directly on service delivery; Quality- External controls exerted ; Threat of Judicial review, expected litigation valued at 1M+; High profile breach of confidential information (eg patient identity). Buildings/property condemned leading to major loss of service. Permanent patient data loss; severe breach of confidentiality involving sensitive data, caused distress, and involved over 10 individuals. Incident Reporting Procedure, v9.6, Jun 16 Page 21 of 33

22 The likelihood score is determined by a judgement of the chance of the event occurring or recurring. Score Descriptor Likelihood of repeat event 1 Very unlikely to occur Will only occur in exceptional circumstances. 2 Unlikely to occur Unlikely to occur but the potential exists. 3 Could occur Reasonable chance of occurring; has happened before on occasion. 4 Likely to occur Likely to occur strong possibility. 5 Almost certain to occur Note: The event is expected to occur in most circumstances. Following a serious incident scoring 4 or 5 in terms of impact the scoring for likelihood of recurrence should always be 3 or more, this would result in a risk score of 12 or more. This would ensure that all risks at this level are considered by the management committee, and a detailed internal investigation would be established and carried out. Risk Score Matrix Almost certain to occur Likely to occur Likelihood Could occur Unlikely to occur Very unlikely to occur Risk Matrix Negligible Minor Moderate Major Consequence Catastrophic /Fatal Appendix C: Incident Report Form and Guidelines Incident Reporting Procedure, v9.6, Jun 16 Page 22 of 33

23 Incident Form and Guidence If the Incident is serious, please call immediately for advice Lisa Tucker (H&S ) x 2585 Part 1 Incident Details [ or send to the Health and Safety Manager with in 2 days of Incident occuring] Date and time Location of incident: Incident type : Clinical incident Slip/ trip/ fall (accident) Verbal/physical abuse Safeguarding (adult) Information Governance Theft or damage to property Safeguarding (child) IM and T Vehicle/car park incident Other (please state): Factual details of incident (continue on separate sheet if necessary) Grade (refer to matrix) Consequenc e Likelihood Score (C x L) Serious Incident? Y / N Who was affected by the incident? Visito r Trainee/studen t Contract or Public Oth er Staff member (include name, job title and place of work) Patient (please record Initials or name withheld) Did any person suffer injury or ill health? Please include details; checked by First Aider? Incident Reporting Procedure, v9.6, Jun 16 Page 23 of 33

24 If a member of staff, were they able to continue working? If NO, for how long were they absent? Details of any WITNESS to the incident Na me Titl e Bas e Details of PERSON COMPLETING Part 1 of the form Name Title Base Part 2 - Action Plan to be completed by Manager of area where incident occurred When and to whom was the incident / risk reported? (e.g. You as the line manager) Immediate steps taken to respond to incident or reduce risk. Any further actions planned or changes that will take place as a result of the incident? Incident lead; Who will be responsible for the action plan? Is advice needed from others? (E.g. professional leads, managers, other agencies)? In the case of a Notifiable Safety Incident 4 * that has caused significant harm to the 4 Health and Social Care Act 2008 Regulations 2014: Regulation 20 : definition of a Notifiable Safety Incident" - In relation to a health service body, notifiable safety incident means any unintended or unexpected incident that occurred in respect of a service user during the provision of a regulated activity that, in the reasonable opinion of a health care professional, could result in, or appears to have resulted in (a) the death of the service user, where the death relates directly to the incident rather than to the natural course of the service user s illness or underlying condition, or (b) severe harm, moderate harm or prolonged psychological harm to the service user. Incident Reporting Procedure, v9.6, Jun 16 Page 24 of 33

25 service user, have we followed the Duty of Candour? Fair blame statement 5 It is Trust procedure that no disciplinary action will result from reported incidents or mistakes subject to certain exceptions: incident warrants police investigation of individual members of staff incidents that reveal that actions of an individual are judged to be far removed from acceptable practice, and thereby put patients at risk Repeated failure by a member of staff to report incidents Malicious use of the reporting system Details of Manager completing part 2 Name: Post: Date: Signature: *The section is for Risk Department use only* To whom has the incident been reported (Tick box) HSE/RIDDO R Police CFSMS NPSA Monitor ICO STEIS Other If other, please state Date reported Is further investigation is required? Yes No Guidance on completing the form: For detailed guidance please refer to the following documents available on the intranet: Incident Reporting Procedure; and Serious Incident Procedure; This form should be used with reference to the Trust s Incident Reporting Procedure for incidents of ALL types that occur at the Trust. It should be completed as soon after the incident as possible, and should record FACTS only and not opinions If it is necessary to protect the confidentiality of a patient involved in an incident the case can be reported anonymously, however the reporter should always be able to identify the patient should further investigation be required. Scoring risk 6 5 Refer to Trust s incident reporting procedure, available on the intranet Incident Reporting Procedure, v9.6, Jun 16 Page 25 of 33

26 The severity of adverse events and remaining risks are scored using the matrices below. The score is the sum of consequence score x likelihood score. Further detailed information on scoring is contained in the Incident Reporting Policy and Procedure which also has a list of definitions to guide you in your scoring of consequence and likelihood. Action to be taken following an incident is determined by its risk score, see below: Trust Risk Matrix Almost certain to occur Likelihood Likely to occur Could occur Unlikely to occur Very unlikely to occur Risk Matrix Negligible Minor Moderate Major Catastrophic Fatal Consequence Action to be taken as determined by grading of incident Green (Low risk) score 1-5 Yellow (moderate risk) score 6-8 Amber (high risk) score 9-12 RED (Catastrophic/extreme) score generally require no further investigation may require local (Directorate) action to mitigate risk and learn from incident Incidents that are scored 9-15 should undergo a preliminary investigation then relevant Director will determine whether a full root cause analysis is to be carried out. Incidents that are scored should be investigated under the Trust s Serious Incident Procedure; the process is overseen by the Chief Executive. 6 For more information on grading incidents refer to the Incident Reporting Procedure available on the intranet Incident Reporting Procedure, v9.6, Jun 16 Page 26 of 33

27 Appendix D: RIDDOR Reportable Incidents Reportable injuries or events to the Health & Safety Executive (HSE) under RIDDOR. Under RIDDOR, it is an offence to fail to report an event reportable under the RIDDOR criteria, or by failing to report with the specified periods. The Health and Safety Manager will report any incident that falls under these regulations. What has to be reported? Incidents falling within the below criteria involving staff, patients, contractors and visitors. The event types that are required to be reported under RIDDOR are: deaths major injuries accidents resulting in over 5 off of work injury diseases dangerous occurrences gas incidents Death or major injury The Risk Management Coordinator must be informed immediately for reporting to the HSE without delay. This will normally be done by telephone followed by the completion of the appropriate form within 10 days. Death If there is an accident connected with work and your employee, or a selfemployed person working on your premises is killed or suffers a major injury (including as a result of physical violence); or a member of the public is killed or taken to hospital; Major injuries: Fracture other than to fingers, thumbs or toes; amputation; dislocation of the shoulder, hip, knee or spine; loss of sight (temporary or permanent); Chemical or hot metal burn to the eye or any penetrating injury to the eye; Injury resulting from an electric shock or electrical burn leading to unconsciousness or requiring resuscitation or admittance to hospital for more than 24 hours; Any other injury: leading to hypothermia, heat-induced illness or unconsciousness; or requiring resuscitation; or requiring admittance to Incident Reporting Procedure, v9.6, Jun 16 Page 27 of 33

28 hospital for more than 24 hours; Unconsciousness caused by asphyxia or exposure to harmful substance or biological agent; Acute illness requiring medical treatment, or loss of consciousness arising from absorption of any substance by inhalation, ingestion or through the skin; If there is an accident connected with work (including an act of physical violence) and your employee, or a self-employed person working on your premises, suffers an over three-day injury you must report it to the enforcing authority within ten days. Acute illness requiring medical treatment where there is reason to believe that this resulted from exposure to a biological agent or its toxins or infected material over-three-day injury. An over-3-day injury is one which is not "major" but results in the injured person being away from work OR unable to do their full range of their normal duties for more than three days. Disease If a doctor notifies you that your employee suffers from a reportable work-related disease then you must report it to the enforcing authority. These include: o Certain poisonings; o Some skin diseases such as occupational dermatitis, skin cancer, chrome ulcer, oil folliculitis/acne; o Lung diseases including: occupational asthma, farmer's lung, pneumoconiosis, asbestosis, mesothelioma; o Infections such as: leptospirosis; hepatitis; tuberculosis; anthrax; legionellosis and tetanus; o Other conditions such as: occupational cancer; certain musculoskeletal disorders; decompression illness and hand-arm vibration syndrome. Dangerous Occurrence If something happens which does not result in a reportable injury, but which clearly could have done, then it may be a dangerous occurrence which must be reported immediately (e.g. by telephone or completing an incident form). Reportable dangerous occurrences that have the potential to occur at the Trust are: o Collapse, overturning or failure of load-bearing parts of lifts and lifting equipment; explosion, collapse or bursting of any closed vessel or associated pipe work; o Plant or equipment coming into contact with overhead power lines; o Electrical short circuit or overload causing fire or explosion; any Incident Reporting Procedure, v9.6, Jun 16 Page 28 of 33

29 unintentional explosion, misfire, failure of demolition to cause the intended collapse, projection of material beyond a site boundary, injury caused by an explosion; accidental release of a biological agent likely to cause severe human illness; o Collapse or partial collapse of a scaffold over five metres high, or erected near water where there could be a risk of drowning after a fall; Keeping Records The Trust must keep a record of any reportable injury, disease or dangerous occurrence. This must include the date and method of reporting; the date, time and place of the event, personal details of those involved and a brief description of the nature of the event or disease. You can keep the record in any form you wish. Incident Reporting Procedure, v9.6, Jun 16 Page 29 of 33

30 Appendix E : Diversion to SIRI process Information governance incident assessment for diversion to SIRI process Information Governance Incident Assessment for Diversion to SIRI Process Manage using standard procedures Baseline assessment Sensitivity assessment start Irrespective of the media: Does the incident identify failure to meet the requirements of the DPA and/or the common law of confidentiality? Was data disclosed inappropriately or misused/ inaccurate/ privacy invaded? Is one or more individuals at risk of identity fraud or could be significantly affected? Close incident and log; note lessons learned at IG work stream assess SIRI level Are fewer than 10 individuals affected? Are 11 to 100 individuals affected? Are 101 to 1000 individuals affected? Are more than 1001 individuals affected? Score 0 Score 1 Score 2 Score 3 If: If: No sensitive data at risk Data subject to legal disclosure eg FOI Individual unlikely to be identified Detailed information High risk confidential data One or more similar incident in last year (check with IG Lead) Failure to follow procedure Likely media interest and/or complaint made to ICO (check with IG Lead) Individual is likely to suffer distress and/or detriment (eg financial) An individual is likely at risk of harm as a result or clinical SUI Deduct 1 for each Unlikely to apply but check Add 1 for each Is the total 2 or more? SIRI level Final report Review SIRI level in light of findings and update if indicated Investigation IG Manager initiates response plan IG Manager to log incident using toolkit severity is reduced due to fortunate events which were not part of preplanned controls? HSCIC guidelines apply Record as near miss Incident Reporting Procedure, v9.6, Jun 16 Page 30 of 33

31 Appendix F : Equality Impact Assessment Completed by Jonathan McKee Position Governance Manager Date The following questions determine whether analysis is needed Yes No Does the policy affect service users, employees or the wider X community? The relevance of a policy to equality depends not just on the number of those affected but on the significance of the effect on them. Is it likely to affect people with particular protected X characteristics differently? Is it a major policy, significantly affecting how Trust services are X delivered? Will the policy have a significant effect on how partner X organisations operate in terms of equality? Does the policy relate to functions that have been identified X through engagement as being important to people with particular protected characteristics? Does the policy relate to an area with known inequalities? X Does the policy relate to any equality objectives that have been set by the Trust? X Other? X If the answer to all of these questions was no, then the assessment is complete. If the answer to any of the questions was yes, then undertake the following analysis: Yes No Comment Do policy outcomes and service take-up differ between people with different protected characteristics? X Incident Reporting Procedure, v9.6, Jun 16 Page 31 of 33