Clinical Risk Management: Agile Development Implementation Guidance

Similar documents
Central Alerting System (CAS) Policy

Document Details Title

ONR GUIDE LC22: MODIFICATION OR EXPERIMENT ON EXISTING PLANT. Nuclear Safety Technical Inspection Guide. NS-INSP-GD-022 Revision 3 TABLE OF CONTENTS

Lessons from NHS Connecting for Health. Dr. Maureen Baker CBE DM FRCGP Clinical Director for Patient Safety NHS Connecting for Health

Project Request and Approval Process

Guidance on supporting information for revalidation

Clinical Coding Policy

Guide to Incident Reporting for General Medical Devices and Active Implantable Medical Devices

Introduction to GRIP Governance for Railway Investment Projects

Moving and Handling Policy

Document Details Clinical Audit Policy

Risk Assessment. University Health and Safety Policy. Version 5: June 2016 Author: Health & Safety Services 1

COMMISSIONING SUPPORT PROGRAMME. Standard operating procedure

To detail the context, purpose and expectations related to Health, Safety and Wellbeing processes relating to the RMIT Community.

Methods: National Clinical Policies

Moving and Handling Policy

TAFE NSW HIGHER EDUCATION APPLIED RESEARCH GUIDELINES

Moving and Handling Policy

RBAC Implementation Mapping for the Electronic Prescription Service Release 2

Guide to Incident Reporting for In-vitro Diagnostic Medical Devices

Learning from Deaths Policy

Tel.: +1 (514) ext Ref.: AN 12/51-07/74 7 December 2007

HEALTH AND SAFETY POLICY

Cambridgeshire and Peterborough Sustainability and Transformation Partnership

Level 5 Diploma in Occupational Health and Safety Practice ( )

Post Market Surveillance Requirements. SAMED Regulatory Conference 2 December 2015

CHWARAEON CYMRU SPORT WALES

Initial education and training of pharmacy technicians: draft evidence framework

Terms of Reference (TOR) for Independent End of Project Evaluation

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

DOH Policy on Healthcare Emergency & Disaster Management for the Emirate of Abu Dhabi

Powys Health Board Safety Closure Report

Date 4 th September 2015 Dr Ruth Charlton, Joint Medical Director / Jill Down, Associate Director of Quality Laura Rowe, Compliance Manager

POLICY ON LONE WORKING JANUARY 2012

POLICY ON THE IMPLEMENTATION OF NICE GUID ANCE

Medical Devices Management Policy

Meeting of Bristol Clinical Commissioning Group Governing Body. Title: Bristol CCG Management of Serious Incidents Agenda Item: 17

Agile Development of Shared Situational Awareness: Two Case Studies in the U.S. Air Force and Army

NHS. The guideline development process: an overview for stakeholders, the public and the NHS. National Institute for Health and Clinical Excellence

Quality Impact Assessment Policy

Ensuring our safeguarding arrangements act to help and protect adults TERMS OF REFERENCE AND GOVERNANCE ARRANGEMENTS

ANEURIN BEVAN HEALTH BOARD & CAERPHILLY COUNTY BOROUGH COUNCIL ACTION PLAN

FOREWORD Introduction from the Chief Executive 2 BACKGROUND 3 OUR TRUST VALUES 4 OUR AIMS FOR QUALITY 5 HOW WE MEASURE QUALITY 16

ISM COMPLIANCE MATRIX

Unique Identifier: Review Date: November Issue Status: Approved Version No: 1.4 Issue Date: November 2017

Trust Board Meeting: Wednesday 13 May 2015 TB

Ready for revalidation. Supporting information for appraisal and revalidation

: Geraint Davies, Director of Commercial Services

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

INVITATION TO TENDER TO EVALUATE THE IMPACT AND EFFECTIVENESS OF THE FEAST PROJECT. Tender Ref: FEAST-E01. Invitation to Tender

Prevention and control of healthcare-associated infections

Section 10: Guidance on risk assessment and risk management within the Adult Safeguarding process

BASINGSTOKE AND NORTH HAMPSHIRE HOSPITALS NHS FOUNDATION TRUST

NATIONAL INSTITUTE FOR HEALTH AND CARE EXCELLENCE. Interim Process and Methods of the Highly Specialised Technologies Programme

POLICY FOR INCIDENT AND SERIOUS INCIDENT REPORTING

Policy for the Reporting and Management of Incidents Including Serious Incidents. Version Number: 006

Northumberland, Tyne and Wear NHS Foundation Trust. Board of Directors Meeting. Meeting Date: 25 October Executive Lead: Rajesh Nadkarni

The safety of every patient we care for is our number one priority

PROGRAMME SPECIFICATION(POSTGRADUATE) 1. INTENDED AWARD 2. Award 3. Title 28-APR NOV-17 4

HEALTH AND SAFETY POLICY. IAC Service Group. 3 Radford Business Park Radford Crescent Billericay CM12 0DP. Tel:

Public Health Reform Programme Leadership for Public Health Research & Innovation Commissioning Brief

Chartered Institute of Environmental Health (CIEH) Training Course Outlines

Terms of Reference for end of project evaluation

Trust Quality Impact Assessment (QIA) Policy

STRATHEARN SCHOOL. Draft HEALTH & SAFETY POLICY

NHS Governance Clinical Governance General Medical Council

This is the consultation responses analysis put together by the Hearing Aid Council and considered at their Council meeting on 12 November 2008

May 8, Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers Lane, Room 1061 Rockville, MD

Operating Facilities Programme. Assessment of the Periodic Review of Safety for the A** Facility at Aldermaston

Lone worker policy. Director of Nursing Therapies Patient Partnership Author and contact number Safety and Security Lead

Health and Safety Management System Procedure

P N R Associates Ltd

Fieldwork Safety Guidelines

Food Standards Agency in Wales

How NICE clinical guidelines are developed

Supporting information for appraisal and revalidation: guidance for Supporting information for appraisal and revalidation: guidance for ophthalmology

Contains Nonbinding Recommendations. Draft Not for Implementation

JOB DESCRIPTION. WMAHSN Patient Safety Programme Manager

TRUST BOARD, 26 NOVEMBER 2009 LEARNING FROM THE CQC INVESTIGATION INTO WEST LONDON MENTAL HEALTH NHS TRUST (WLMHT)

Fundamental Principles

POLICY ON THE CONTROL OF ASBESTOS AT WORK

ASBESTOS POLICY. Version: 3 Senior Managers Operational Group Date ratified: March 2016

MERTON CLINICAL COMMISSIONING GROUP GOVERNING BODY

Supply Chain Risk Management

Incident Management Procedure

POLICY DOCUMENT CONTROL PAGE

GUIDE FOR ACTION GRANTS 2015

Community Health Centre Program

Supporting information for appraisal and revalidation: guidance for psychiatry

Developing an Incremental Proposal for EU gas transmission. Draft Project Plan

Lone Worker Policy and Procedures

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Management of Reported Medication Errors Policy

Jo Mitchell, Head of Assurance & Compliance (EFM) Policy to be followed by (target staff) Distribution Method

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Procedures and criteria relating to delegation of authority

CEI Know-how Exchange Programme (KEP) Guidelines for the completion of the Application Form 2018

CONSULTATION ONLY - NOT FOR FURTHER DISSEMINATION

Serious Incident Management Policy

Department of Defense INSTRUCTION

Transcription:

Document filename: NPFIT-FNT-TO-TOCLNSA-1306.03 CRM Agile Development Implementation Guidance v1.1 Directorate / Programme Solution Design Standards and Assurance Project Clinical Risk Management Document Reference NPFIT-FNT-TO-TOCLNSA-1306.03 Project Manager Debbie Chinn Status Approved Owner Stuart Harrison Version 1.1 Author Ian Dugdale Version issue date 03.07.2017 Clinical Risk Management: Agile Development Implementation Guidance Page 1 of 14 The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.

Document Management Revision History Version Date Summary of Changes 0.1 14.09.2012 First draft 0.2 08.10.2012 Revised following review by Safety engineers appraisal. 0.3 16.10.2013 Revised following review by Safety engineers appraisal. 0.4 18.10.2012 Revised following review by Safety engineers appraisal. 0.5 01.02.2013 Revised following review by Safety engineers appraisal. 0.6 01.03.2013 Revised following review by Clinical Safety Officers and external appraisal. 1.0 16.04.2013 First issue 1.1 03.07.2017 Document refresh Reviewers This document must be reviewed by the following people: Reviewer name Title / Responsibility Date Version NHS DIGITAL Safety Engineers 01.02.2013 0.6 NHS DIGITAL Clinical Safety Officers 01.02.2013 0.6 Approved by This document must be approved by the following people: Name Title Date Version Stuart Harrison Lead Safety Engineer 25.03.2013 0.6 Dr Maureen Baker Clinical Director of Patient Safety 11.04.2013 1.0 Rob Shaw National Integration Centre and Assurance Director 11.04.2013 1.0 Glossary of Terms Term / Abbreviation Backlog What it stands for A list of user stories, features or technical tasks which the team maintains and which, at a given moment, are known to be necessary and sufficient to complete a project or a release: http://guide.agilealliance.org/guide/backlog.html Clinical Safety Officer (previously referred to as Responsible Person) Person in a Health Organisation \ Manufacturer s organisation responsible for ensuring the safety of a Health IT System in target organisation through the application of risk management. Page 2 of 14

Term / Abbreviation Clinical risk Clinical risk analysis Clinical risk control Clinical risk estimation Clinical risk evaluation Clinical risk management Clinical Risk Management File Clinical Risk Management Plan Clinical safety Clinical Safety Case Clinical Safety Case Report Daily scrum What it stands for Combination of the severity of harm to a patient and the likelihood of occurrence of that harm. Systematic use of available information to identify and estimate a risk. Process in which decisions are made and measures implemented by which clinical risks are reduced to, or maintained within, specified levels. Process used to assign values to the severity of harm to a patient and the likelihood of occurrence of that harm. Process of comparing a clinical risk against given risk criteria to determine the acceptability of the clinical risk. Systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling clinical risk. Repository of all records and other documents that are produced by the clinical risk management process. A plan which documents how the Health Organisation \ Manufacture s organisation will conduct clinical risk management of Health IT Systems. Freedom from unacceptable clinical risk to patients. Accumulation and organisation of product and business process documentation and supporting evidence, through the life cycle of the Health IT System. Report that presents the arguments and supporting evidence that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment at a defined point in a Health IT System s lifecycle. A meeting to bring all team members up to date on the information that is vital for coordination: each team members briefly describes any completed contributions and any obstacles that stand in their way http://guide.agilealliance.org/guide/daily.html Harm Hazard Hazard Log Health Organisation Health IT System Intended use Likelihood Lifecycle Death, physical injury, psychological trauma and/or damage to the health or well-being of a patient. Potential source of harm to a patient. Repository to record the results of the clinical risk analysis and clinical risk evaluation. Organisation within which health software is deployed or used for a health purpose. Product used to provide electronic information for health or social care purposes. The product may be hardware, software or a combination. Use of a product, process or service in accordance with the specifications, instructions and information provided by the Manufacturer to customers. Measure of the occurrence of harm. All phases in the life of a Health IT System, from the initial conception to final decommissioning and disposal. Page 3 of 14

Term / Abbreviation Manufacturer Patient Patient safety Post-deployment Procedure Process Release Residual clinical risk Safety incident Safety Incident Management Log Severity Sprint or iteration What it stands for Person or organisation with responsibility for the design, manufacture, packaging or labelling of a Health IT System, assembling a system, or adapting a Health IT System before it is placed on the market and/or put into service, regardless of whether these operations are carried out by that person or on that person's behalf by a third party. A person who is the recipient of healthcare. Freedom from harm to the patient. That part of the life cycle of the Health IT System after it has been manufactured, released, deployed and is ready for use by the Health Organisation. Specified way to carry out an activity or a process. Set of interrelated or interacting activities which transform inputs into outputs. A specific configuration of a Health IT System delivered to a Health Organisation by the Manufacturer as a result of the introduction of new or modified functionality. Clinical risk remaining after the application of risk control measures. Any unintended or unexpected incident which could have, or did, lead to harm for one or more patients receiving healthcare. Tool to record the reporting, management and resolution of safety related incidents associated with the Health IT System. Measure of the possible consequences of a hazard. In the context of an Agile project, is a period of time during which development takes place, the duration of which may vary from project to project (usually between 1 and 4 weeks), is in most cases fixed for the duration of a given project. http://guide.agilealliance.org/guide/iteration.html Top Management Upgrade path matrix User story Person or group of people who direct(s) and control(s) the Health Organisation and has overall accountability for a Health IT System. Matrix which defines supported and unsupported upgrade paths. It provides useful information to Health Organisations when deciding to upgrade or perform a clean install/implementation. is one or more sentences in the everyday or business language of the end user or user of a system that captures, who the user is, what a user does or needs to function and why it is needed. http://guide.agilealliance.org/guide/stories.html Page 4 of 14

Related Documents Ref Doc. Reference No. Title 1. SCCI 0129 Amd 39/2012 Clinical Risk Management: its Application in the Manufacture of Health Systems Specification http://content.digital.nhs.uk/isce/publication/scci0129 2. SCCI 0160 Amd 38/2012 Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems Specification http://content.digital.nhs.uk/isce/publication/scci0160 3. NPFIT-FNT-TO-TOCLNSA- 1300.05 4. NPFIT-FNT-TO-TOCLNSA- 1293.05 Clinical Risk Management: its Application in the Manufacture of Health Systems Implementation Guidance Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems - Implementation Guidance Document Control The controlled copy of this document is maintained in the NHS DIGITAL corporate network. Any copies of this document held outside of that area, in whatever format (e.g. paper, email attachment), are considered to have passed out of control and should be checked for currency and validity. Page 5 of 14

Contents 1 Introduction 7 1.1 Background 7 1.2 Audience 7 1.3 Scope 7 1.4 Assumptions and Constraints 7 2 Guidance 9 2.1 Clinical Risk Management Plan 11 2.2 Initial hazard identification and assessment 11 2.3 Prioritisation and selection of user stories 12 2.4 Constraints and limitations of releases 13 2.5 Delivery, Monitoring and Modification 13 Page 6 of 14

1. Introduction 1.1. Background Development processes that align with the Agile Manifesto 1 and Agile Principles 2 are considered to be Agile development processes. An Agile development continuously reviews the total functionality required (backlog), divides it and focuses on small prioritised, manageable pieces for development called iterations. It is not one long development cycle followed by a testing cycle found, for example, in the waterfall model. Instead, it is viewed as small sets of incremental deliverables that lead to complete delivery. An understanding of such processes is a prerequisite to this guidance. The guidance is not intended to be an 'all-inclusive' methodology to system development or software development lifecycle. Agile is the current approach being taken within NHS DIGITAL however this guidance may also be applicable to other similar development processes and practices including Scrum, XP, Kanban and Lean. A structured clinical risk management approach is essential to ensure that Health IT Systems deployed in Health Organisations are as safe as design and forethought will allow, and will support clinicians to practice safely. 1.2. Audience The primary audience of this guidance are Manufacturers of Health IT Systems designing, developing, and maintaining Health IT systems and seeking to demonstrate compliance with SCCI 0129 [Ref. 1] when following an Agile or iterative development approach. It will also be of use to Health Organisations working in partnership with Manufacturers in following an Agile or iterative development approach. 1.3. Scope This document is designed to provide an overview of the key clinical safety activities that are of particular importance when using an Agile approach to developing Health IT Systems. It is intended as a supplement to the SCCI 0129 Clinical Risk Management: its Application in the Manufacture of Health IT Systems Implementation Guidance [Ref. 3]. The activities described will assist Manufacturers in managing, tracing and communicating safety related system requirements in compliance to SCCI 0129 [Ref. 1]. 1.4. Assumptions and Constraints The following assumptions have been identified and apply to all projects using an Agile approach to develop Health IT Systems. The absence of any of these assumptions should be subjected to a risk assessment and managed appropriately and will influence project feasibility: 1 http://www.agilealliance.org/the-alliance/the-agile-manifesto/ (accessed January 2013) 2 http://www.agilealliance.org/the-alliance/the-agile-manifesto/the-twelve-principles-of-agile-software/ (accessed January 2013) Page 7 of 14

the high level concept or objective of the project will not change substantially to warrant a full reassessment during the project lifecycle sufficient resource from stakeholders involved in development activities, meetings, document reviews, demonstrations to users (often called Show and Tells ) will be made available in agreed timeframes it is crucial that all stakeholders understand and accept their individual responsibilities to ensure the scrum or sprint planning and review meetings capture the clinical safety hazard assessments, goals are achieved and lesson learnt appropriate facilities and test environments will be available for development and any necessary Show and Tell sessions. This may include access to external systems or virtual environments to simulate a live environment and remote access facilities. Page 8 of 14

2. Guidance An increasing number of Manufacturers are opting for an Agile approach to developing Health IT Systems. Figure 1 provides a pictorial representation of an Agile clinical risk management process. The adaptability and early release of skeletal functionality that is offered by this approach may be beneficial but also raises challenges to clinical risk management that must be addressed. Early clinical safety hazard identification together with ongoing assessments enables the developing product design to avoid as many hazards as possible and build in mitigations rather than add on safety controls. Incorporating this guidance into Health IT system development lifecycles will help demonstration of good design. The Clinical Safety Case Report is an iterative document that presents the arguments and supporting evidence that a system is safe for a given application in a given environment at a defined point in a Health IT System s lifecycle. During the Scoping phase, the first Clinical Safety Case Report should be produced when the user story(s) have been collated and prioritised and before the commencement of any development. It documents potential clinical risks, identified through an initial hazard assessment, which could arise from the system, its deployment and use. It is recommended that approval from the Manufacturer s Clinical Safety Officer is granted before commencing to the Product elaboration and development phase. Where the development is being undertaken in consultation with a Health Organisation, then the Clinical Safety Officer from the Health Organisation should also accept the Clinical Safety Case Report. During the Product elaboration and development phase the Clinical Safety Case Report is upissued as part of each sprint or prior to release. It is recommended that approval from the Manufacturer Clinical Safety Officers is granted before commencing to delivery phase. Where the development is being undertaken in consultation with a Health Organisation, then the Clinical Safety Officer from the Health Organisation should also accept the Clinical Safety Case Report. The level of approval for deployment will be dependent upon the clinical risk, which is determined on a release by release basis. Each new version of this document should include details of functional changes/related performance, a summary of all the clinical risks it contains, instructions to ensure safe operation post deployment, shortfalls/limitations and an overall statement of safety compliance for the Health IT System. This information is required to provide evidence that the overall Clinical Risk of the product is acceptable. Page 9 of 14

Scoping phase Gathering of User Stories Product elaboration and development phase Iteration / Sprint(s) Backlog Develop Evaluate _A_sprints_worth_of_user stories X day development cycle Daily Scrum Learn Ø Ø Ø Ø Ø Sprint Planning & Review meeting Progress review Demo system to stakeholders Gain backing for next sprint Learn from experiences Select next user stories to develop Deploy release Deploy release Clinical Safety Case Report (incl. Hazard Log) All identifiable clinical safety hazards are recorded ensuring stakeholder visibility and clinical safety status of the project. Approved by Ø Manufacturer s Clinical Safety Officer Accepted by Ø Health Organisation s Clinical Safety Officer Safety case report n Safety Case Report n+1 (incl. updated Hazard Log) Candidate for release version n+1 Iterative safety document provides assurance that clinical safety hazards are continuously identified, assessed & managed appropriately. Preceding reports are subsumed into latest report ensuring stakeholder visibility and clinical safety status of the Release & entire deployment. Approved by Ø Manufacturer s Clinical Safety Officer Accepted by Ø Health Organisation s Clinical Safety Officer Upgrade path matrix Figure 1. Pictorial overview of a typical Agile clinical risk management process Page 10 of 14

At and post the Deployment Phase the Clinical Safety Case Report should be up issued to support any modification to the Health IT System that changes its clinical risk. Further requirements and guidance for deployment and use of Health IT Systems is covered by SCCI 0160 [Refs. 2 and 4]. Within the documentation, it is essential to differentiate between different versions of the same product, dependencies, and supported upgrade paths should also be recorded (See Figure 1 upgrade path matrix). Each Iteration / Sprint must include all necessary test activities including Positive, Negative and Regression testing. The key activities listed below need special consideration in Agile approaches and will be explained in detail, in subsequent sections of this report: Clinical Risk Management Plan SCCI 0129 section 3 Initial hazard identification and assessment SCCI 0129 section 4 Prioritisation and selection of user stories SCCI 0129 sections 6.4 and 7 Constraints and limitations of releases SCCI 0129 section 3 Delivery, Monitoring and Modification SCCI 0129 section 7 2.1. Clinical Risk Management Plan 3.2.1 The Manufacturer MUST produce at the start of a project a Clinical Risk Management Plan, which will include risk acceptability criteria, for the new Health IT System. For an Agile development project it is recognised that the deployment plan may not provide fixed timescales or an absolute specification of features to be delivered in each release. However, the Clinical Risk Management Plan will provide the following important safety benefits to a project: an agreed version of the system estimates to the frequency and content of releases and Clinical Safety Case Reports. These estimates will also provide an indication of resource required from stakeholders. 2.2. Initial hazard identification and assessment 4.3.1 The Manufacturer MUST identify and document known and foreseeable hazards to patients with respect to the intended use of the Health IT System in both normal and fault conditions. 4.4.1 For each identified hazard the Manufacturer MUST estimate, using the criteria specified in the Clinical Risk Management Plan: the severity of the hazard the likelihood of the hazard the resulting clinical risk. Page 11 of 14

The preferred approach to clinical hazard control is to reduce the exposure to hazards through the application of good design. Typically, the root causes of hazards that lead to risks to patient safety arise either as a result of the specified functionality itself giving rise to a hazardous condition or through a fault, defect or systematic design flaw in the manufactured software. It is also possible that elaboration of specified functionality by Manufacturers could generate outcomes with patient safety implications. The Hazard log should record the identified hazards in both normal and fault conditions and document ways in which these hazards are to be reduced to acceptable levels of residual clinical risk. User stories should, where possible, be sufficiently detailed to allow an informed hazard identification and assessment to take place. However this may not always be possible given the high level nature of user stories, which may hinder hazards identification, therefore: initial hazard identification should be carried out in parallel with the original user story capture, elaboration and initial software scoping phase of the overall Health IT System development programme (see the Scoping phase of Figure 1). It is strongly recommended that a hazard workshop is run during the scoping phase to support complete hazard identification, as described in section 4.3 of Ref 3 it is of primary importance that recognition is given to both the clinical and technical aspects of the Health IT System, Clinical Safety Officers and relevant subject matter experts with appropriate experience conduct the assessments on-going hazard assessment processes should be included in sprint activities throughout the development life cycle, and are essential in providing further means of hazard identification and risk reduction [Product elaboration and development phase of Figure 1]. accurate cross referencing using unique identifier(s) should be used to maintain traceability between User Stories and related identified hazards. This will also ensure traceability throughout the systems life cycle. Early clinical hazard identification enables the developing product design to avoid as many hazards as possible and build in mitigation. This is a clear demonstration of good design but in recognition of practicability and commercial constraints it is unlikely to be possible to eliminate all potential hazards. 2.3. Prioritisation and selection of user stories 6.4.1 The Manufacturer MUST ensure that the clinical risks from all identified hazards have been considered and accepted. 7.1.1 The Manufacturer MUST undertake a formal review of the Health IT System prior to its delivery to ensure that all of the requirements of this standard have been addressed. 7.1.2 The results of this review MUST be recorded in the Clinical Safety Case Report. 7.1.3 The Health IT System configuration for the release MUST be recorded in the Clinical Safety Case Report. In Agile development the prioritisation and selection of user stories aims to identify the highest value or priority items going into each release (the lowest items may remain in a backlog). Prioritisation must be mindful of all identified clinical hazards associated to Page 12 of 14

individual or groups of user stories and their dependencies to ensure completeness of clinical risk controls. It is important to be able to confirm that all the identified hazards have been addressed. This can be achieved by ensuring that the overall hazard assessment and risk reduction process incorporates suitable means to be able to trace the history of each residual clinical risk or hazard, back to its initiating user story or root cause. The Clinical Safety Case Report should include details of all testing and other assurance activity (or references to the activity) that justifies how an acceptable level of residual clinical risk assurance has been achieved i.e. to provide evidence of the effectiveness of clinical risk control measures. Selection of user stories for development of a particular release must consider related clinical safety concerns e.g. user stories with identified hazards must not be released without suitable clinical risk controls, as recorded in the Hazard Log. Furthermore, if during development one or more items cannot be fully developed with the sprint period, a suitable and sufficient clinical risk analysis, commensurate with the scale, complexity and extent of the release shall be undertaken to establish if omitting the item would compromise the clinical safety of the release. 2.4. Constraints and limitations of releases 3.5.1 The Manufacturer MUST produce a Clinical Safety Case Report at each lifecycle phase defined in the Clinical Risk Management Plan. A Clinical Safety Case Report supporting a Health IT System release should contain information relating to its intended use in the defined clinical application and health IT environment. In particular it should contain details of any constraints or limitations in operation which, if exceeded, could lead to an increase in defined clinical risk. 2.5. Delivery, Monitoring and Modification 7.3.1 The Manufacturer MUST apply their clinical risk management process to any modifications or updates of the deployed Health IT System. 7.3.2 The application of this process MUST be commensurate with the scale and extent of the change and the introduction of any new clinical risks. 7.3.3 The Manufacturer MUST issue a Clinical Safety Case Report to support any modification to the Health IT System that changes its clinical risk. 7.3.4 The Manufacturer MUST maintain an audit trail of all versions and patches released for deployment. If user stories are modified, deleted or new user stories are introduced adherence to change management processes are essential to accurately define the scope, limitations or mitigations that support the clinical safety of each release. Whenever a Health IT System is modified, a suitable and sufficient clinical risk analysis, commensurate with the scale, complexity and extent of the modification (itself established by risk analysis), should be undertaken. This will establish what, if any, new clinical risks have been introduced. Where it is not possible to gather all stakeholders to attend a formal hazard workshop they must be fully consulted. This will ensure that no unacceptable clinical hazards are introduced as a result of a modification or by altering the basis of assessment of other parts of the Health IT System. Page 13 of 14

NOTE: The extent of the repeated clinical risk analysis will depend on the extent and the nature of the product modification. However, even apparently minor modifications can result in substantial clinical risks and thus, whatever the extent of the clinical risk analysis undertaken, it will need to be executed formally, rigorously and with due process. An audit trail of all releases should be maintained as part of the Clinical Risk Management File and the Safety Case Report amended as appropriate to provide traceability in the event of a hazard alert. Page 14 of 14

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback