Clinical risk management system

Dafydd Loughran
by Dafydd Loughran, CEO

This Clinical Risk Management System (CRMS) outlines the processes to be followed to ensure that the Concentric digital consent application is developed, implemented and used in as safe manner.

This CRMS provides a framework that promotes the effective risk management of potential health IT hazards and operational incidents. This CRMS addresses the requirements of DCB0129 and DCB0160 and follows best practice as promoted by NHS Digital.

This page details the following:

Purpose and scope

The aim of the CRMS is to ensure that everyone involved with the development, implementation and use of Concentric are aware of the activities to be undertaken to ensure patient safety is improved rather than compromised by its introduction.

Concentric Health is required to adhere to National Information standards created and monitored via the Data Coordination Board (DCB) within NHS Information Standards frameworks. This Clinical Risk Management System will be reviewed periodically to ensure that:

  • changes in working practices are incorporated
  • issues identified though internal audit are addressed
  • the safety approach continues to adhere to the requirements of applicable international standards
  • the system continues to protect the safety of patients in a complex and changing environment.

This CRMS applies to the organisation and to all local customisations, specific configurations, and subsequent updates to Concentric.

Product overview

Concentric is a digital consent (aka econsent) to treatment application. It has been in live clinical use since April 2020 and is used across both public (e.g NHS) and private healthcare organisations internationally (majority of use currently is in the UK).

Clinical risk management personnel

The Clinical Safety Officer must hold a current registration with an appropriate professional body relevant to their training and experience. They need to be suitably trained and qualified in risk management or have an understanding in principles of risk and safety as applied to healthcare IT systems.

Clinical Safety Officer responsibilities:

  • Ensuring that the Clinical Risk Management System, and the processes defined, are applied.
  • Reviewing and approving all clinical safety documentation.
  • Managing +/- escalating safety risks.

Clinical Safety Officer: Dr Dafydd Loughran | GMC: 7265351 |

Clinical risk management deliverables

Concentric Health maintains a ‘Clinical Risk Management File’ (CRMF) for the Concentric digital consent application. The purpose of the CRMF is to provide a central repository where all safety related information is stored and controlled.

The ‘Clinical Risk Management File’ includes this clinical risk management system and the following:

Clinical safety hazard log

Concentric Health maintains a clinical safety hazard log for the Concentric digital consent application. The purpose of the hazard log is to manage the effective resolution and communication of clinical safety risks.

Concentric clinical safety hazard log

Clinical safety case report

Concentric Health maintains a Clinical Safety Case Report for the Concentric digital consent application. The Clinical Safety Case Report is issued to support deployment and will be updated throughout the product lifecycle should the safety characteristics change.

Concentric clinical safety case report

Clinical risk management activities

Hazard identification, risk assessment and evaluation

Concentric Health conduct hazard identification workshops to identify potential hazards associated with the deployment and use of the Concentric digital consent application. The CSO is responsible for facilitating such workshops and ensuring attendance from appropriate representatives. Typically, attendance will include clinical, technical, and design expertise.

Where third-party components are used they will be considered in the scope of the hazard identification activities and subsequent risk assessment.

During workshops, the multidisciplinary team will consider the risk posed (based on both consequence should it happen and likelihood of happening) by identified hazards, and record a risk assessment as per the risk matrix.

Any updates to the hazard log identified during workshops will be reflected in the hazard log, with an audit trail of updates to the hazard log maintained.

For each hazard the following are to be documented: number, name, description, possible causes, existing controls, potential clinical impact (with controls in place).

Hazards may also be identified in a number of other ways, such as: feedback from healthcare organisation, release testing, user concerns/complaints. These will be managed by the CSO, and added to the hazard log if appropriate.

Risk control

Prior to deployment to production, if the initial (unmitigated) risk assessment and evaluation of any identified hazard is deemed unacceptable then further risk controls are required. These risk controls and their implementation will be documented within the hazard log.

Deployment and ongoing maintenance

To support clinical safety activities undertaken during any deployment phases the following are required as part of the approval process:

  • DCB0160 workshop with deploying organisation
  • Point of contact to communicate contents of product releases
  • Clinical safety approval from deploying organisation
Incident management

Clinical safety related incidents are managed by the CSO and documented within the incident log. The CSO will make an assessment of the clinical safety risk and determine the appropriate response, which may include any or all of; notification to all or specific users, notification to all or specific deploying healthcare organisations, revert to previous release, unsheduled down-time of the application.

Where any of the above actions are required due to a clinical safety incident, a root cause analysis will be undertaken with findings and actions documented within the incident log.

Clinical safety competence and training

The clinical safety activities described in this Clinical Risk Management System shall be undertaken by competent staff. Suitable training shall be undertaken by staff to maintain and expand their level of competence.

All registered clinicians involved in safety roles shall, as a minimum, have completed an accredited training course.


Audits shall be undertaken to ensure that projects are adhering to the defined safety requirements. Concentric Health undertake regular internal safety audits to ensure compliance with this Clinical Risk Management System.