In line with the compliance requirements of the NHS Digital safety standard DCB0129 a structured clinical safety assessment has been undertaken of the Concentric digital consent application. This clinical safety case report (CSCR) outlines the evidence that the safety and documentation requiremements are met.
This CSCR outlines our approach to clinical safety risk assessment and the mitigations in place to manage identified risks.
As with all software used in clinical practice there are some potential hazards, these have been assessed and documented in our clinical safety hazard log (CSHL), and assigned to a clinical risk category:
|Clinical risk category||Number of hazards|
All identified risks have been deemed tolerable and do not require further supplier-side mitigations. Between 9 and 11 (depending on which integrations are in place) hazards include controls that should be put in place by the healthcare organisation using Concentric.
Last updated: 15th May 2023
As with all software used in clinical practice there are some potential hazards. For the purposes of the use of Concentric within the UK we are required to ensure compliance with the NHS Digital safety standard DCB0129.
This clinical safety case report (CSCR) outlines the evidence that the safety and documentation requiremements are met and outlines a set of claims regarding the safety of the Concentric digital consent application. It outlines our approach to clinical safety risk assessment, and summarises our clinical safety hazard log (CSHL).
In the interest of transparency this CSCR is made publically available, but is written for stakeholders involved in the deployment of Concentric into clinical environments, including those involved in ensuring that DCB0160 standards are met by healthcare organisations using Concentric. A template DCB0160 Clinical Safety Case Report addendum is made available.
This section describes what is within the scope of this CSCR, the product’s intended use, functional user flow, system architecture, and device classification.
This CSCR includes the entire scope of the Concentric digital consent web application - of which the microservices are:
- authApp - responsible for login and single sign-on.
- clinicianApp - used by clinicians to create consent episodes, share information with patients, document consent etc.
- patientApp - used by patients to view consent information and record consent remotely.
- adminApp - used by admin users to view use dashboards and manage user accounts.
- ontology - responsible for content templates.
The scope includes the third party processors used.
As per best practice for Software-as-a-Service (SaaS) web applications Concentric undergoes regular releases across the 5 microservices as outlined in our release processes summary.
Overview and intended use
Concentric is a digital consent to treatment web application for managing the preparation and sharing of consent information, and the documentation of consent for treatment. This includes consent for any treatment where written consent is considered best practice, including operations, procedures, and medical treatments.
All consent form scenarios are managed within Concentric:
- Patient agreement to investigation or treatment (AKA consent form 1 and consent form 3)
- Parental (or person with parental responsibility) agreement to investigation or treatment for a child or young person (AKA consent form 2)
- Treatment in best interests for an adult who lacks the capacity to consent to investigation or treatment (AKA consent form 4)
This CSCR covers use of the product within the context of a UK healthcare organisation.
The high-level user flow is that consent information is prepared by the clinician, shared with the patient, and if appropriate consent is documented by the patient and may need to be re-confirmed on the day of treatment.
Our 30 minute onboarding video demonstrates the Concentric process and the various workflows. To further appreciate the user flow please request access to the demo environment of Concentric by contacting firstname.lastname@example.org. There is flexibility within the product to ensure that Concentric can be used across the different pathways. This includes the ability to share information prior to, during, or after a consent conversation, and the option to enable remote consent where appropriate.
Depending on which integrations are in place, part of the user flow may occur with the output consent documentation in the organisation’s Electronic Health Record/Electronic Document Management System. As part of the DCB0160 process it should be ensured that there is appropriate understanding within the organisation of the proposed process in the local context.
The technical details and system architecture are outlined in our technical resources.
Medical device status
Concentric is not classified as a medical device in the UK, as per the MHRA’s Medical device stand-alone software including apps guidance.
Clinical safety analysis
This section describes the people involved in clinical safety analysis, the methodology followed, and the evaluated safety profile.
Team and competency
Clinical safety activities relating to Concentric are led by Dr Dafydd Loughran, a registered clinician and trained Clinical Safety Officer (CSO). In addition to the CSO, cinical safety activities involve a multidisciplinary team (MDT) who all understand the product and how it is used in the clinical setting, including the Chief Medical Officer and Chief Technical Officer.
Clinical safety hazard analysis is undertaken at least annually by the MDT to identify new hazards and re-evaluate known hazards, consider causes and existing controls, and identify any controls that should be introduced. Any controls that require input from the healthcare organisation using Concentric are flagged as such.
The output from the hazard analysis is documented in our CSHL, including an evaluation of the clinical safety risk of each hazard based on the hazard’s severity and likelihood of patient harm given the presence of existing controls. The risk matrix used is shown within the ‘Risk Matrix’ tab of the CSHL.
Clinical safety hazard profile
The following is a summary of the detail within the CSHL.
|Clinical risk category||Number of hazards|
- Usual Concentric digital consent process is not possible due to technical or device unavailability.
- Consent documentation is attached to a different patient record in error.
- Concentric provides incorrect clinical information to patient.
- External to Concentric signposted resources may contain incorrect information or not be relevant to the individual.
- External to Concentric signposted resources may not be available.
- Information presented is difficult for a patient to access, engage with, or understand.
- Local unauthorised user gains access to Concentric.
- Communication to the patient is accessed by a different individual to the intended recipient.
- Incorrect clinician is associated with a change or consultation.
- (If no patient demographics integration) Incorrect patient demographics are entered for a patient.
- Clinician chooses to use paper consent process outside of Business Continuity Plan scenario.
- Unauthorised user gains access to Concentric via cyber attack.
- Communication to the patient is not successfully received.
- (If no document integration) Completed consent documentation is not visible within the main electronic health record / document management system.
Some historic hazards (e.g Haz-04) may no longer feature within the hazard log as they have been closed, but to avoid potential confusion their hazard ID is not reused.
All hazards are deemed to be acceptable (risk: low) or tolerable (risk: medium) and therefore no further mitigation is required at this time.
Clinical safety officer activities
A number of activities are performed by the CSO:
- Each deployment to a production environment is approved by the CSO, including ensuring that appropriate testing controls are in place in line with the clinical safety risk.
- All bug and feature request tickets are assessed by the CSO with regard to clinical safety and the ticket priority includes consideration of clinical safety impact.
- The CSO coordinates and leads on clinical safety activities, including the review of the CSHL and CSCR at least annually.
Risk management in live service
There are a number of processes in place to manage clinical safety risk in live service between releases.
Application support and business continuity
Our approach to system availability, integration monitoring and issue resolution is outlined on our application support and service level agreements (SLAs) page. Where there are issues with using Concentric as per usual processes a business continuity plan (BCP) is put in place with each healthcare organisation using Concentric based on this digital consent BCP guidance.
Incidents and identification of new hazards
Clinical safety related incidents and identification of new hazards, originating from any source (e.g. customer, software release, Concentric Health employee, social media) are managed with involvement from the CSO and where appropriate will lead to the creation or updating of a bug or feature request ticket.
Where an incident or new hazard is deemed by the CSO to be significant, key stakeholders - including those within healthcare organisations using Concentric - will be notified, particularly where they may be required to implement controls themselves, and an assessment will be done regarding whether the CSHL and this CSCR need to be updated.
As part of the CSCR we make the following assertions:
- All foreseeable clinical safety hazards are known, have been evaluated and documented by a multidisciplinary team, and are at an acceptable or tolerable level.
- Robust post-market surveillance mechanisms are in place to ensure the clinical safety of the product in the production environment, and to respond to incidents appropriately.
This clinical safety case report outlines the evidence that the Concentric digital consent application is appropriate for clinical use as per the outlined intended use, and is compliant with the DCB0129 standard.
Clinical safety hazard analysis involving the appropriate people demonstrates that Concentric is a low-risk healthcare product which is not considered a medical device, and has a safety profile that is deemed to be tolerable.