290 patient safety incidents reported under NPfIT scheme

Nearly 300 incidents have put patients at risk since 2005 when health officials began systematic recording of safety matters under the NHS’s National Programme for IT [NPfIT].

The incidents are evidence that new IT systems in the health service can place the safety and health of patients at risk if they, or the use of them, goes wrong – though they can also reduce risks to patients if they work well.

NHS staff and executives have reported about 290 incidents in which there was a potential for patients to be harmed although most major NPfIT systems have yet to be rolled out to England’s hospitals.

It has also emerged that the NPfIT was launched by ministers in 2002 without any formal structure for identifying incidents in which the safety of patients was put at risk by errors arising from installations of new national systems.

NHS Connecting for Health, which runs part of the NPfIT, put in place a new structure for reporting incidents only after DNV Consulting wrote a highly critical – and unpublished – risk assessment of the safety of the NPfIT in 2004.

Most of the incidents reported under the scheme have involved radiology information systems and picture archiving and communication systems (PACS) which allow digital x-ray images to be stored, retrieved and distributed to computer screens.

Last year the partner of a patient who died in hospital complained to the General Medical Council because she says x-rays on a PACS system were mixed up. The partner has told Computer Weekly that she is waiting for a date for a judicial review over whether there should be a fresh inquest.

It’s not known if this was one of the 290 incidents which put the safety of patients at risk, some details of which were disclosed this week at HC2008, the annual healthcare IT conference at Harrogate which is organised by the British Computer Society.

Maureen Baker, national lead for clinical safety at NHS Connecting for Health, said at HC2008 that there has been a big improvement in mechanisms for reporting incidents and dealing with them since 2005 – though the NPfIT was launched in 2002 and £6.2bn worth of IT contracts were in place by January 2004.

Baker said that incidents are reported when there is the potential for a patient or patients being harmed.

She said: “We have had just under 300 incidents in two and half years. They cover just about every area that CfH has activity in. Probably the largest number relate to PACS issues almost certainly because PACS has the largest footprint of any of the systems. But we are able, we think, to detect when something goes wrong in any of the systems and quickly pick that up, address it and make it safe.”

One incident involved two NHS trusts which had connected PACS systems but both used similar ID numbers to store and retrieve the images. It was discovered that some numbers were duplicated so at times a correct number would retrieve the wrong x-ray image.

There have also been incidents of drugs “mis-mapping” – which could lead to the wrong drugs being given, or potentially causing a clash of medication.

Baker said: “Of the incidents we have dealt with we are not aware of a patient actually being harmed. It is very much the potential of being harmed. We looked to see if anyone has been harmed. We have not identified yet that that has been the case.”

But she said that when IT-related projects go wrong it can have a serious effect on patients. Information from one patient may go into another’s notes.

Baker said: “So many things go wrong for patients when the wrong information gets released to them: someone else’s blood test results in your notes could have very serious consequences for you, and the other patient as well.”

If x-rays are mixed up, NHS specialists may, at worst, act on incorrect information, diagnose someone else’s problem, or clear someone who has something wrong with them.

Of the incident in which there was confusion over the numbers under which x-ray images were stored, Baker said: “When it was picked up, when they realised they were getting images from another trust, [we asked] how long had this been happening and how many patients had it affected?”

Baker and her team helped to fix the problem by ensuring the correct images and unique numbers were assigned to the correct patients. She said problems such as this stem of the lack of any mandatory use of the NHS number. “If the trusts had been using the NHS number it would not have happened,” she said.

DNV’s independent review of safety and the NPfIT was commissioned by Aidan Halligan, the then joint senior responsible owner of the national programme.

Since then DNV has carried out a fresh review of the mechanisms in place to protect patients from mistakes after troubled go-lives has found there have been important improvements but still some gaps in safety arrangements.

DNV’s review has not been released. But Computer Weekly has learned that it disclosed that talks were underway to agree a contract change notice with local service providers to the NPfIT which would formally include safety of patients in the requirements of the programme.

The report also expressed concerns about a lack of clarity between NHS Connecting for Health and trusts over how they worked together on patient safety issues. There was also a lack of clarity on roles and accountabilities between parties over patient safety.

And there was a view among local service providers that although they owned some of the risks on the safety of patients, this would not be the case if NHS staff, nurses or clinicians used systems in a way which was outside the boundaries of the design.


Since posting this a spokesperson for NHS CFH has volunteered this comment:

“We have no evidence of any patient being harmed as a result of these patient safety incidents in the past two and a half years of the National Programme for IT. These incidents which could, for example, impact on dosage or frequency of medication if not picked up, need to be put in context of the thousands of users of the system who generate around 15 million transactions via the NPfIT in one week.

“NPFIT has been a central player in developing international standards of safety for the manufacture and use of clinical IT systems and expects these standards to be formally adopted as a European Directive later this year for healthcare providers.

“We actively encourage users to report any potential safety incidents and we pick these up to ensure that similar incidents are not repeated in other areas. This information is also used to make further improvements across the programme.

“We have trained over 400 staff on the Clinical Accreditation Training Scheme which also includes over 200 clinicians who are actively involved in the management of incidents.”


Maureen Baker- highlights of her talk to HC2008. She is Connecting for Health’s National Lead for Clinical Safety and has been a GP and Director of Primary Care at the National Patient Safety Agency.

She said: “At one point Aidan Halligan was joint senior responsible owner for the National Programme for IT. He at that point asked the National Patient Safety Agency to conduct a high level risk assessment of the national programme. NPSA also had a professional risk adviser as a member of its board. He was the person who conducted the risk assessment on behalf of NPSA and the Department [of Health]. This was almost four years ago…. [The review was carried out by Mark Boult of DNV Consulting.]

“…He [Boult] found that the programme was not talking about safety as a benefit.” She said the priority for the NPfIT was seen to be modernising the NHS. But most people – citizen, clinician, or IT professional – wanted the NPfIT to deliver better safer care for patients, especially given the amount of money, time and effort that was being invested in it.

“There had been very little formal risk assessment at that stage. IT has the ability to eliminate medication errors through illegibility as an example. However there is an opportunity to introduce new risks that weren’t there before. If you don’t undertake a structured programme of risk assessment you are losing the opportunity to identity possible new risks that might be introduced.”

She said that Boult’s report concluded that the NPfIT was not addressing safety in a structured, proactive manner and that other safety-critical industries would.

Baker said: “So this was a fairly hard-hitting report and conclusion. Fortunately it had the effect of galvanising senior management to realise that they needed to address safety as a very distinct issue and start to take work forward to make sure these concerns were addressed.”

Suppliers of systems were then compelled to consider what could go wrong which might result in harm to patients.

“When that report was received NHS Connecting for Health came to the NPSA [National Patient Safety Agency] to say: how can we work together to address these concerns?”

Baker added: “Our safety management approach started to be in place in 2005, so it has been running for just over three years.” But 2005 was a year after £6.2bn worth of contracts were signed between the Department of Health and service providers including BT, CSC, Accenture and Fujitsu.

Baker said: “The effort is to make the products as safe as design and forethought will allow. However in any field of human endeavour things can go wrong and another fundamental safety principle is to accept that sometimes things will go wrong and when that happens you have to be able to identify that and take swift action.

“So we have a safety incident management process. When we are notified of an incident where there is potential for patients being harmed, this is passed to duty clinical safety officer and duty safety engineer.

“We run a 24/7 duty to rota to deal with safety incidents. Our aim is to assess the incident jointly from safety engineering and clinical perspective and make sure within 24 hours. Make safe means that we will take away the opportunity for harm, up and including switching the system off.”

There have been 290 incidents in two and half years, she said. “They cover just about every area in which Connecting for Health has activity in.” Probably the largest number relate to PACS because it has the largest footprint of any system, she said.

Baker was critical of the lax approach to the NHS number – an approach which endangers patients.

“We’ve had NHS numbers for best part of 10 years but they are still not used routinely in every unit or every hospital or across the NHS.

“You need a unique number to ensure the matching up of the right results, the right notes, and especially when information is transmitted electronically across different sectors the potential for that to go to the wrong place becomes quite large.

“One of the factors minimising information going into the wrong notes is consistent use of the NHS number. We are trying to get the NHS mandated across the NHS. NHS number sounds like patient notes and filing but it’s actually it’s crucially important for patient safety.

“So many things go wrong for patients when the wrong information gets released to them: someone else’s blood test results in your notes could have very serious consequences for you, and the other patient as well.”

She said that NHS Connecting for Health has made big improvements in the management of safety. “There are still things we need to do – there are still gaps – but we have made considerable progress on what was essentially a standing start.” NHS CfH’s work today is “world-leading” on safety and IT.

When answering questions after her talk Baker conceded that there are newly-emerging areas of patient risk within the NPfIT.

In the audience, GP Mary Hawking asked:

“Who is responsible for looking at the safety implications of redesign of clinical systems?”

Hawking said that a single record system is being developed under the NPfIT in which a number of organisations and individuals are contributing and “clinical governance does not yet appear to have been established”.

She added that recorded in a detailed care record such as Lorenzo – a product to be introduced in the north of England – will be prescriptions made out by hospitals, GPs, and by independent prescribers in community care.

“If the community matron changes the management of heart failure she is going to have to alter the prescription previously prescribed by secondary care or the GP”, which could leave the patient is “at risk of receiving inappropriate medication”. Hawking asked: “Who is looking at the implications at the NHS CfH level?”

Baker replied: “You have correctly identified a potential hazard. It’s important it has been addressed appropriately. The concern is being formally addressed and there’s a proposal for work on this…All of us are going to rely on professional communities to throw up such concerns. There’s a more generic problem: if they sit a pitfall ahead, how do they bring that to our attention?”


NHS CfH says that patient safety work has progressed

It’s about people, not just technology

Is government trying to control information on problems after go-lives of National Programme for IT [NPfIT] systems?

Maureen Baker

Major incidents hit NHS IT systems

Fears over patient record system at Nuffield

Lessons from troubled go live of Care Records Service at Nuffield Orthopaedic Centre – letter from the National Audit Office

National Patient Safety Agency

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.