Safety management: accountability across organisational boundaries

This investigation explores how patient safety is managed across different organisational boundaries, such as multiple providers within an integrated care system. It is one of a series of investigations exploring safety management and whether the principles adopted in other industries may assist in the management of safety in health and care. This follows HSSIB’s introductory report on safety management systems.

Everyone working in health and care has some measure of responsibility for patient safety. When an organisation is accountable for patient safety, it should ensure that systems and processes are in place to effectively manage safety.

Organisations should be able to proactively manage recurring or emerging safety risks and should not rely on waiting for harm to occur before taking action. Safety management systems (SMSs) in other industries set out the organisational structures and accountabilities required to do this and integrate safety management processes into day-to-day activities.

Integrated care boards (ICBs) facilitate integration between local healthcare organisations in their integrated care system (ICS), which brings together health and care service providers and commissioners of NHS services across a geographical area to plan care that meets the needs of its population. This investigation has examined accountabilities across organisational boundaries by exploring the safety management activities of ICBs, which have oversight of healthcare providers in their area.

This investigation explored the experiences of Ros, and her husband and carer Norman, to demonstrate the gaps in patient safety management when patients’ care is managed across multiple providers in an ICS.

The investigation engaged with patient safety and quality teams within ICBs to understand how patient safety risks were managed at this level of the health and care system. The investigation also engaged with NHS England regional and national teams to understand the risks that were escalated to them and how they were managed. During the investigation the Department of Health and Social Care commissioned a review of patient safety across the health and care landscape. The findings of this investigation report should be considered alongside the review’s findings.

• There are no overarching principles that all healthcare providers and ICBs can use which enable a consistent and collaborative approach to the management of patient safety.
• There is a difference in the perception of how patient safety is managed between ICBs and national health and care stakeholders, including the lines of safety accountability.
• National organisations’ expectations of how ICBs manage patient safety are not in line with what ICBs can currently achieve due to challenges with resourcing and the usability of safety data.
• Patient safety risks may be escalated from the regional to the national level but there is variability in how these risks are managed at a national level and how responses to escalations are fed back.
• Cross-organisational safety risks are not always being escalated to ICBs and there may be limited resources and capability to identify, define and investigate such risks.
• Learn from Patient Safety Events (LFPSE) is the national learning service for the NHS; however, challenges in the usability of LFPSE data means that system-level risks may not be visible to ICBs and the wider health and care system.
• Existing informal ‘good relationships’ between individual providers and an ICB facilitate the effective sharing and management of risks. Where these ‘good relationships’ do not exist or change, formal governance processes do not always ensure information sharing continues.
• Patients and carers are an important source of feedback to ICBs about patient safety risks across organisational boundaries. However, this can create inequities as some people are more able than others to make their voice heard.

HSSIB makes the following safety recommendation

1.1.1 This investigation report follows the HSSIB report ‘Safety management systems: an introduction for healthcare’ (2023a) that explored safety management principles. This investigation considers how safety management is co-ordinated and integrated across the health and care system.

1.1.2 The investigation gained an understanding of organisational patient safety accountabilities and responsibilities by speaking to staff working within ICBs and national organisations across the health and care system.

1.2.1 A safety management system (SMS) is a proactive approach to managing safety that is used in other industries. It sets out the necessary organisational structures and accountabilities to manage safety risks. It requires safety management to be integrated into an organisation’s day-to-day activities (Health Services Safety Investigations Body, 2023a).

1.2.2 The purpose of an SMS is to ensure that an industry achieves its business and operational objectives in a safe way and complies with the safety obligations that apply to it. However, it is a common misconception in healthcare that an SMS is a paper-based or electronic system specifically developed for demonstrating compliance with regulatory frameworks (Health Services Safety Investigations Body, 2023a). Instead, an SMS should be a dynamic set of arrangements which grows in maturity and develops as the industry evolves.

1.2.3 There are four recognised areas associated with the International Civil Aviation Organization SMS Framework (Federal Aviation Administration, 2021; International Civil Aviation Organization, 2018) (see figure 1):

• A safety policy establishes senior management's commitment to improve safety and outlines responsibilities, defining the way the organisation needs to be structured to meet safety goals. It should also outline the aims and objectives that an organisation will use to achieve its desired safety outcomes (Civil Aviation Authority, 2015).
• Safety risk management includes the identification of hazards (things that could cause harm) and risks (the likelihood of a hazard causing harm) and the assessment and mitigation of risks. Once risks are identified and prioritised, appropriate controls can be implemented to reduce the level of risk (Civil Aviation Authority, 2015).
• Safety assurance involves the monitoring and measuring of safety performance, evaluating how effectively an organisation is managing risks, the monitoring of risk controls and the continuous improvement of the SMS (International Civil Aviation Organization, 2018).
• Safety promotion includes training, communication and other actions that may help to enable a positive safety culture within all levels of the workforce. It also supports effective two-way communication of safety issues between staff working at an operational level and the organisation’s management (International Civil Aviation Organization, 2018).

Figure 1 Elements of a safety management system

1.2.4 More information about SMSs and their components is given in the first HSSIB report exploring the foundations of an SMS, (Health Services Safety Investigations Body, 2023a). HSSIB has produced a short SMS explainer video that provides examples of these principles.

1.2.5 Through a number of investigation reports, HSSIB (formerly the Healthcare Safety Investigation Branch, HSIB) has identified that the principles underpinning SMSs may help health and care organisations to respond more effectively to patient safety risks. Examples include reports on medication errors (Healthcare Safety Investigation Branch, 2020a), wrong site surgery (Healthcare Safety Investigation Branch, 2021a) and a lack of a timely response when a patient’s condition rapidly deteriorates (Healthcare Safety Investigation Branch, 2019). A review of these investigations showed that there are common themes that recur across different types of safety incident (Healthcare Safety Investigation Branch, 2021b).

1.2.6 There is currently ongoing work that is considering the applicability of SMSs to health and care, including:

• work by NHS England’s SMS co-ordination group
• research funded by the National Institute for Health and Care Research into the applicability of an SMS approach in health and care
• research by The Healthcare Improvement Studies Institute to explore the principles of SMS for health and care
• work by the Recommendations to Impact group that is chaired by HSSIB’s interim Chief Executive Officer, Dr Rosie Benneyworth
• the Patient Safety Commissioner has identified SMS as part of her strategy for patient safety (Patient Safety Commissioner, 2024)
• work by the Care Quality Commission to consider how it could regulate for safety management activities, across the full range of regulated providers
• the implementation of BS ISO 7101:2023 Healthcare organization management. This provides a universal set of requirements applicable to any healthcare organisation seeking to elevate the quality of its healthcare service delivery, or overarching management system (International Organization for Standardization, 2023).

1.2.7 The Infected Blood Inquiry (2024) also recognised the need for a systemised approach to safety and recommended that healthcare administrations ‘explore, and if appropriate, support the development and implementation of safety management systems (“SMS”s) through SMS coordination groups (as recommended by the HSSIB), and do so as a matter of priority’.

1.3.1 The NHS carries out governance and assurance activities across the healthcare system, with quality and patient safety being an important part of these activities. NHS England’s Oversight Framework specifies the required oversight and assessment activities. Oversight and assessment are defined by NHS England as follows:

• ‘Oversight is the ongoing monitoring of performance and quality of services being delivered by the NHS, to manage the delivery of the priorities set out in NHS planning guidance, the NHS Long Term Plan, and the NHS Long Term Workforce Plan. Its purpose is to provide assurance of performance and delivery as well as identify areas of challenge and those requiring support or intervention. The Oversight Framework specifically sets out how ICBs [integrated care boards] and NHS trusts and foundation trusts are overseen, it does not cover the oversight of primary care providers who are overseen by ICBs in line with their delegated commissioning responsibilities.’
• ‘Assessment is the process by which we judge an organisation’s capability and governance. For ICBs, NHS England has a statutory responsibility to conduct a performance assessment for each financial year. We have no similar statutory duty for providers but we work alongside the Care Quality Commission (CQC) to ensure these organisations are providing safe and effective care and delivering services in line with the conditions of their provider licence.’ (NHS England, 2024a)

1.3.2 A critical element of oversight is the early identification of patient safety issues and concerns so that they can be addressed before they have an impact or performance deteriorates further. Providers are expected to ‘escalate any new quality or performance concerns to the [quality] group including information on steps taken by the provider to manage and mitigate risk’ (National Quality Board, 2022a). It is anticipated that NHS England’s operating model for quality (publication date not known) could specify what these critical safety management activities involve. Currently, the National Quality Board’s (2022a) guidance on quality risk response and escalation in integrated care systems provides a structure for oversight processes.

1.3.3 In its introductory report on SMSs, HSSIB (2023a) identified that managing safety requires an integrated approach across a system. For safety to be managed effectively, each organisation must provide oversight with accountability for ensuring that safety management activities are developed and working properly.

National NHS systems for reporting and responding to safety incidents

1.3.4 In order to develop risk controls and manage patient safety risks, a system must first be able to identify hazards and risks. One component of safety risk management is the use of reporting systems to create routes for hazards to be highlighted so that analysis and investigations can take place in order to develop risk controls.

1.3.5 NHS England (2024b) has developed a safety incident reporting service known as Learn from Patient Safety Events (LFPSE). LFPSE ‘is a national NHS system for the recording and analysis of patient safety events that occur in healthcare’ (NHS England, n.d.). This is due to replace the Strategic Executive Information System (StEIS).

1.3.6 Staff, patients, and families involved in a patient safety incident will want to know ‘what happened and why and what can be done to prevent the incident happening again’ (NHS England, 2015). The NHS Patient Safety Incident Response Framework (PSIRF) sets out the NHS’s approach to developing and maintaining effective systems and processes for responding to patient safety incidents for the purpose of learning and improving patient safety (NHS England, 2024e). An investigation is one of the learning responses that can be considered to offer an in-depth review of a single patient safety incident or cluster of incidents to understand what happened and how, to help similar incidents from happening again (NHS England, 2022b).

1.3.7 In August 2022 NHS England published the Patient Safety Incident Response Framework (PSIRF) as a replacement for the Serious Incident Framework. The PSIRF is now the approach being used by healthcare providers and has four key aims:

• compassionate engagement and involvement of those affected by patient safety incidents
• application of a range of system-based approaches to learning from patient safety incidents
• considered and proportionate responses to patient safety incidents
• supportive oversight focused on strengthening response system functioning and improvement (NHS England, 2022a).

3.1.1 All the ICBs that the investigation engaged with readily recognised that Ros and Norman’s experience reflected risks that exist when patients receive care from multiple providers. In addition, the majority of ICBs told the investigation that Ros and Norman’s case would not be identified or addressed by their routine safety activities. They explained this was because they did not have a systematic way of learning about cross-boundary safety risks.

3.1.2 NHS Resolution told the investigation that patients who are interacting with the multiple interfaces of the healthcare system may face particular challenges, as reflected in its reports on diabetes lower limb complications and the Clinical Negligence Scheme for General Practice (NHS Resolution, 2022a; 2022b). These reports highlighted that safety management systems (SMSs) may offer the opportunity to support the early identification emerging safety risks and may be particularly valuable where patients’ care crosses between different healthcare providers.

3.1.3 Some ICBs provided additional examples of patient experiences, which affected different age groups and those with protected characteristics. This showed that such risks were not confined to patients such as Ros but were representative of risks which existed for many patients who had multiple touchpoints with the health and care system. ICBs were concerned that it was often only the patients and/or carers who “shout the loudest” who were able to highlight their risks, resulting in mitigations being put in place by an ICB, as in Ros and Norman’s case. ICBs told the investigation that there were “lots of families in a similar position without a voice”. They acknowledged that this inequity affected patients who were unable to advocate for themselves or who did not have someone to advocate for them. ICBs also stated that many patients were not aware that they could escalate concerns to the ICB and so this route of escalation could go unused.

3.1.4 A senior manager at NHS England told the investigation that some of the most “complex patients”, including those who were frail, elderly, cognitively impaired or children and young people, were commonly those “where risk isn’t managed appropriately”. They said that these risks should be managed at an ICB level.

3.2.1 NHS England’s Oversight Framework (NHS England, 2024a) states that an ‘ICB proactively manages system and provider risks’. During discussions with ICBs and NHS England regional teams, concern about the visibility of patent safety risks was a consistent theme. Visibility is required as the starting point for safety management, and lack of it constrains the types of activities that can be undertaken. If an organisation is unable to identify hazards and risks then it is also unable to identify the risk controls needed to manage those risks to ensure they are mitigated to acceptable levels.

3.2.2 Challenges for ICBs and integrated care systems (ICSs) in managing and monitoring patient safety risks, and escalating them appropriately, were highlighted by Patient Safety Learning, which found there was ‘not clear guidance or support to ensure that ICSs treat patient safety as a core purpose of healthcare’ (Patient Safety Learning, 2023).

3.2.3 ICBs described support from NHS England regional teams as being variable and said that a lot of the communication was around quality assurance (such as commissioning performance targets), not proactive safety management. This variability was acknowledged by NHS England regional teams.

3.2.4 ICBs told the investigation that they considered their primary mechanisms for identifying patient safety risks in providers were the Patient Safety Incident Response Framework (PSIRF) and the Learn from Patient Safety Events (LFPSE) service, which are discussed below.

Patient Safety Incident Response Framework (PSIRF)

3.2.5 ICBs supported the PSIRF (see 1.3.7) as a tool for providers, as it allowed providers to prioritise improvement work, rather than requiring them to produce reports about patient safety incidents that may be of limited value for learning. However, some ICBs stated that from their own perspective, the PSIRF had had unintended consequences for the management of patient safety such as reduced visibility of incidents which were occurring in providers, including those that might impact on the management of cross organisational risks.

3.2.6 Some ICBs told the investigation that the previous Serious Incident Framework (NHS England, 2015) allowed them to have greater visibility of risks when operating in their previous form as clinical commissioning groups (CCGs). PSIRF was developed as a response to identified weaknesses in the Serious Incident Framework, which included ‘misaligned oversight and assurance processes’ (National Quality Board, 2018).

3.2.7 It was the perception of some ICBs the investigation engaged with that since the implementation of PSIRF they did not have an understanding of the types of patient safety risks that were arising when patients moved between providers within the ICS. It was explained that this was because the reports produced were not always being shared with the ICB. The lack of visibility perceived by ICBs had come about because providers were no longer required to report all serious incidents to the ICB for assurance and oversight purposes.

3.2.8 Some patient safety specialists described PSIRF as having “eroded assurance activities and patient safety oversight”. Many of the ICBs reported that they now “feel detached from the incidents that happen” and that sometimes the first they heard of an incident having occurred was a request for a media statement. While this represents what the investigation was told by ICBs, the investigation acknowledges that not all cross-organisational incidents would have met the serious incident criteria and therefore required notification to the CCG. The limitations associated with the Serious Incident Framework equally did not allow ICBs to have full visibility of cross-organisational risks. The investigation acknowledges that PSIRF is a significant step forward for the investigation of incidents and the move towards a systems approach is in line with the latest approaches in safety science.

3.2.9 ICBs told the investigation that in addition to not always having sight of investigation reports, there were many PSIRF learning responses that did not trigger such a report. Therefore the visibility of risks from these incidents was further limited from an ICB perspective.

3.2.10 On consultation NHS England explained that ‘PSIRF was designed to reduce reliance on these reports and encourage more proactive engagement. ICBs are now asked to support coordination of incident response across systems and oversee providers’ systems for learning and improving following incidents’.

3.2.11 However, some ICBs told the investigation that they did not have the capacity to carry out this co-ordination role. Those ICBs that did engage in the co-ordination of responses were able to do so only in a limited capacity due to resourcing and issues with the co-ordination of responses (see below).

3.2.12 The investigation also heard that the burden of identifying incidents that required a cross-system response was solely on the provider, as while the ICBs had access to incident data, they reported there were challenges with the usability of the data for the purposes of identifying incidents which may require a cross-system response.

Co-ordinating responses to patient safety events

3.2.13 The PSIRF oversight roles and responsibilities specification (NHS England, 2022b) states that ‘where a response involving multiple providers and/or services across a care pathway is too complex for a single provider to manage, ICBs should support the co-ordination of cross-system response’. This is also reflected in the patient safety incident response standards (NHS England, 2024c). However, the investigation was told by ICBs that from their perspective unless they were made aware of the need for their support by a provider, it was difficult to identify cross-boundary risks through their usual safety management activities. This means that any involvement from the ICB was reactive and there was no opportunity for proactive involvement. In order to provide oversight of hazards and risks, the ability to proactively identify these is an integral part of safety management principles.

3.2.14 NHS England’s PSIRF standards (NHS England, 2024c) state:

• ‘Where multiple organisations need to be involved in a single learning response, the response is led by the organisation best placed to investigate the concerns. This may depend on capability, capacity, or remit.
• Organisations consider whether a learning response needs to examine the care provided throughout a specific care pathway as opposed to focussing solely on the part of the pathway most proximal to the incident.
• Organisations actively engage partner organisations that provided care to the patient(s) involved where that care may have played a role in the incident being examined.
• Organisations work together and co-operate with any learning response that crosses organisational boundaries.’

3.2.15 However, the investigation was told by ICBs that these expectations were not deliverable. One ICB said: “It is not realistic to expect providers who have not interacted before, including those from primary care who may be less engaged, to undertake these sensitive investigations.” On consultation NHS England told the investigation that there is no reason why organisations that have not interacted before cannot start interacting if required to, with ICBs taking a role to facilitate this interaction. NHS England acknowledged that where the capability to undertake sensitive investigations is lacking, then the expectation in PSIRF is that the ICB would support, commission, or undertake the investigation. However, this expectation is limited as PSIRF has not yet been rolled out to primary care and NHS England is in the process of piloting its implementation.

3.2.16 Some ICBs told the investigation that where patient safety incidents occurred which involved multiple providers, then the ICB may undertake a system-level investigation, as a way of actively inputting into the safety of the system.

3.2.17 Some ICBs described having limited capacity to undertake such system-level investigations, with some describing only being able to complete four per year. The safety teams within ICBs said that this limited capacity was frustrating because of the importance of this safety management activity, and that sometimes external organisations were commissioned to complete investigations instead at an additional financial cost to the NHS.

3.2.18 In addition, some ICBs reported that they did not have the skillset to undertake or support complex system-wide investigations that involve multiple providers. This was considered especially problematic where organisational accountabilities for managing risk were ambiguous, for example when a person had engaged with both health and social care providers. The ICBs recognised that these investigations were an opportunity to identify gaps between providers which posed a patient safety risk.

3.2.19 The investigation was told by ICBs that when ICS-level risks had been identified to them by providers, ICBs were often uncertain how these risks were being mitigated and which providers were taking these actions. The ICBs told the investigation that not having sight of PSIRF learning outcomes meant they did not have the opportunity to see what providers had changed as a result of incidents, describing their own involvement in this as “soft touch”. Some ICBs felt that the implementation of PSIRF had taken away their ability to ensure that change happened, and that this lack of oversight was on their risk registers. ICBs did not tell the investigation that further engagement with providers occurred to determine what had changed as a result. This perceived gap highlights that safety management principles are not reflected in the activities that ICBs are undertaking.

3.2.20 On consultation NHS England told the investigation that ICBs were able to talk with and ask their providers for information about mitigation of patient safety risks. NHS England described such proactive engagement as a crucial part of patient safety incident response planning, which ICBs must be fundamentally engaged in. While patient safety incident response plans are a part of PSIRF ICBs did not refer to these during discussions with the investigation about safety management. These plans need to be updated every 18 months and are not live documents.

3.2.21 The investigation identified that there was a disconnect between the expectations of NHS England and the perceptions of ICBs needing real-time information on risk mitigations across the system.

3.2.22 In an attempt to address this gap, some ICBs had introduced ad hoc multi-agency forums where individual risks were discussed. However, this was challenging because the ICB had to be aware of a risk to use such a forum. While this may be an appropriate approach to discussing risk, it was reactive due to challenges for ICBs in identifying the risks in the first place.

3.2.23 ICBs identified particular challenges in relation to providers with less established reporting cultures, such as in primary care (Carson-Stevens et al, 2016). Some ICBs described supporting a small number of primary care ICS-level investigations, but they did not oversee or contribute to investigations on pathways of care where multiple providers were involved. ICBs also stated that given staff in primary care do not commonly have patient safety teams, this impacted on their ability to investigate and manage cross-boundary patient safety risks. One of the intentions of PSIRF is to improve reporting culture by moving away from investigations that focus on individuals’ actions, but the implementation of PSIRF is in the pilot stage in primary care.

3.2.24 The investigation was told that patient safety specialists within ICBs and providers spent the majority of their time on implementing PSIRF, with little capacity for new improvement projects. Patient safety specialists recognised the importance of PSIRF and their role in its implementation, but that due to their limited capacity this resulted in a necessary trade-off with other safety management activities such as attending provider quality groups.

3.2.25 The investigation was told “the patient safety specialist roles are not understood” at all levels within an ICB and were often combined with other roles. Patient safety teams recognised that these specialists should be “theming recurring incidents” in line with PSIRF; however, there was limited capacity to do this.

3.2.26 ICBs told the investigation that in order to disseminate learning across their ICS they hosted patient safety learning events, each based on a specific theme. Many ICBs said they would like these events to reflect risks impacting their ICS identified from the data they had, but as this data was often absent themes were selected on an ad hoc basis instead.

Learn from Patient Safety Events (LFPSE)

3.2.27 In addition to the implementation of PSIRF, providers and ICBs have moved to LFPSE (see 1.3.5). This is designed to be a single NHS service for the recording and analysis of patient safety events.

3.2.28 On consultation NHS England told the investigation that visibility of providers data has never been greater as LFPSE allows ICBs to see every recorded patient safety event within their area. NHS England acknowledged that the service was new and requires more user input to improve the data produced by the system.

3.2.29 However, ICBs told the investigation that they faced challenges in understanding the detail of incidents and learning outcomes that happen at provider level. This meant that ICS-level risks were often not captured in a way that allowed the ICB to support improvement work. Some ICBs told the investigation that although they were able to download data from LFPSE, they described problems associated with the usability and utility of the data.

3.2.30 ICBs described not having the analysis tool, which had been a plug-in, available for the previous National Reporting and Learning System (NRLS). Reflecting this, one ICB told the investigation that it had “3,000 incidents downloaded but no way of understanding them”. This was explained to be because there were multiple entries relating to the same incident, entries which had not been fully completed, and the filtering of entries was described as “unhelpful” in navigating them. This investigation has not explored the functionality of the LFPSE service beyond the information provided by ICBs. During consultation, NHS England highlighted that the Strategic Executive Information System (StEIS) remains in place and can be used by ICBs to view serious incidents. NHS England also explained that the NRLS analysis tool would not reveal cross-system risks or any detail about the nature of the incidents recorded. NHS England told the investigation that the new Recorded Data Dashboard for LFPSE will allow for greater analysis of incident records than was possible with NRLS.

3.2.31 The investigation also heard how issues around the use of LFPSE data impacted a wide range of stakeholders, including regulators. This lack of useable information impacted on regulation activities and required information to be requested directly from providers.

3.2.32 The LFPSE service was described to the investigation as being frustrating and had been escalated to NHS England by multiple ICBs on various occasions because the data was not useful for identifying hazards and risks. In addition, financial constraints on ICBs meant that they could not afford to employ analysts to try to “make sense” of this data. The issue of resource is reflected in an NHS Confederation (2024) report, which identified that NHS England regional teams ‘increasingly expect the ICB to take on the oversight and assurance role, however no resources are being transferred to allow this, plus the ICB is expected to reduce running costs significantly’.

3.2.33 Digital dashboards have been developed to display aggregated LFPSE data. However, ICBs suggested that their design does not assist them to have visibility of cross-organisational risks.

3.2.34 In addition to challenges in the use of data from LFPSE, ICBs told the investigation that the platform itself was “cumbersome”. For example, one ICB reported that it took a long time to move from one page to the next on the system. ICBs were concerned that LFSPE data was difficult to search and filter and there were fears that patient safety issues were being regularly missed because of this. ICBs also identified that there was no built-in alerting system so that recurring issues could be identified, and no way of obtaining an overview.

3.2.35 ICBs suggested that they needed to be building a picture of ICS risks, including those which involved cross-organisational boundaries, but they could not currently do this because of the usability of the LFPSE service and data. There are other ways of obtaining a picture of risks and some of these are detailed below at 3.2.36.

HSSIB suggests safety learning for Integrated Care Boards

Local adaptations

3.2.36 ICBs told the investigation that because of the lack of visibility of patient safety risks within providers, they have needed to develop or use existing “soft intelligence” systems in order to understand hazards and risks across their ICS in a timely way. Such soft intelligence reporting systems included email inboxes and old CCG reporting systems and databases as adaptations. Many of these soft intelligence systems had been developed in response to the Mid Staffordshire NHS Foundation Trust public inquiry which highlighted the importance of reporting systems (Francis, 2013).

3.2.37 The investigation heard that some soft intelligence systems were more established than others. Some ICBs described using electronic reporting systems while others were using resources such as “google reviews” to support additional insights.

3.2.38 One ICB reported that it had developed its own process for getting additional intelligence by using medical examiners. This enabled the ICB to identify safety themes and consider improvement work. This agreement went beyond the statutory requirements of the medical examiner. However, there is an expectation that medical examiners share ‘intelligence and insight about themes and trends … to facilitate improvements in care’ (Royal College of Pathologists, 2023).

3.2.39 ICBs explained that “soft intelligence” systems were being used as a “stop gap” for accountability and responsibility and some had been developed in response to perceived limited visibility and oversight of patient safety risks, which is required by NHS England’s Oversight Framework.

HSSIB makes the following safety observation

Relationships with providers

3.2.40 The investigation was told that safety activities at the ICB level were dependent on informal, “good relationships” with providers to facilitate the effective sharing and management of risks.

3.2.41 The role of the ICB was seen as “bringing people together”. There was an expectation that providers would speak to one another but if there were challenges around this then the ICB would assist to “unblock” these. Some ICB patient safety teams had a presence at providers, joining them in person for meetings and on patient wards, which the teams found helpful for their relationships and for seeing how things were on the ground.

3.2.42 Relationships which had developed between providers and ICBs were often between individuals in those organisations on “a one-to-one basis”. The investigation was told that if the person who was the point of contact in the ICB was not there for an extended period of time, for example because of long-term sickness, then “relationships slipped”.

Perspectives on provider collaboratives by the wider healthcare system

3.2.43 Provider collaboratives (see glossary) can be either be established on a regional basis or developed locally. For the former, commonly mental health provider collaboratives, the specialised commissioning and budget responsibility currently sits with NHS England, which is separate from locally developed provider collaboratives for community and acute services (NHS England, 2024d). Locally developed provider collaboratives are a decision making forum for providers who have come together to work within a specific area, for example pathway of care.

3.2.44 NHS England regional commissioning arrangements for specialised services are currently under review with implications for accountability and responsibility. Delegation will put the funding and responsibility for most mental health services with ICBs, giving the opportunity to deliver earlier intervention, and care closer to home (NHS England, 2024d).

3.2.45 All of the ICBs the investigation engaged with described provider collaboratives as being outside of their patient safety oversight remit. NHS England regional teams agreed with this and explained that provider collaboratives reported directly to NHS England. Neither ICBs nor NHS England regional teams differentiated between provider collaboratives which were NHS England commissioned and those which were local agreements. However, the NHS England Oversight Framework states that the role of the ICB includes ‘leading the day-to-day oversight of providers across their NHS system, including but not limited to provider collaboratives’. A senior manager at NHS England told the investigation that while the Oversight Framework was clear on this point it had not been well communicated and therefore was not commonly understood.

3.2.46 ICBs said that some provider collaboratives were not forthcoming in sharing risks with them and one ICB said that it was “treated with suspicion” when attending governance meetings held by provider collaboratives. However, provider collaboratives should be members of system quality groups (see 3.4.4), as part of an integrated care system (National Quality Board, 2022b).

3.2.47 ICBs reported that they had very limited oversight of the risks held by provider collaboratives, describing these as “not transparent” to the rest of the health and care system. This lack of perceived oversight meant that ICBs may not be aware of patient safety risks within provider collaboratives despite them occurring within their ICS.

3.2.48 A senior manager the investigation spoke to at NHS England said the issue of ICBs not having oversight of provider collaboratives in relation to patient safety was a “big black hole”. It was unclear how this identified gap in oversight was to be managed.

3.2.49 One ICB described a positive relationship with a provider collaborative in its area. The ICB had positioned itself as an equal partner in the provider collaborative when it was set up, with senior leaders being involved across both organisations. The ICB explained that this had enabled it to have oversight of risks within the provider collaborative and greater awareness of ICS risks overall.

3.2.50 The investigation acknowledges that provider collaboratives were not engaged during this investigation and may have a different perspective on these relationships.

HSSIB suggests safety learning for Integrated Care Boards

3.3.1 The escalation of patient safety risks is informed by ‘National guidance on quality risk response and escalation in integrated care systems’, produced by the National Quality Board (2022a). ICBs engaged with were familiar with this guidance and found it helpful as a framework for escalation of risks. Figure 2 is a diagram from this guidance showing the escalation structure.

Figure 2 Framework for escalation of patient safety risks (National Quality Board, 2022b)

3.4.1 The majority of the ICBs engaged with described still being in the process of understanding their role in relation to patient safety management. Some were yet to establish governance processes and were still drafting operational agreements with providers and wider system partners to set these up. Those with such governance processes in place said developing them had been a “slow process”, with many putting this down to the lack of guidance and support. The investigation was told by NHS England that there was an expectation that ICBs develop these processes themselves and on consultation said there was guidance to help ICBs with this. NHS England regional teams also told the investigation they assisted the ICBs with the development of local policies and procedures, which was reflected by some ICBs.

3.4.2 In addition, ICBs described challenges not only relating to healthcare providers but where the accountability of risks that pass between health and social care have required “open and honest” conversations by ICBs. One ICB gave an example where patients were discharged but there was an ambiguity of accountabilities where patients needed both local community nursing care (healthcare) and care by the local authority (social care).

3.4.3 The investigation noted variability across all ICBs engaged with regarding the size, responsibilities and approach of the team that managed patient safety. The ICBs explained that the structure and activities of their patient safety teams (which were often incorporated into their quality teams) were still emerging and evolving and the teams’ ability to develop safety management processes had been impacted by restructuring and financial constraints. Many ICBs described a reduction in the capacity of these teams following restructuring, with these pressures having an impact on their patient safety management activities. Lord Darzi (2024) recognised that ‘constant reorganisations are costly and distracting’. One ICB told the investigation that while everybody said that safety was important it was still necessary to “shout quite loud” when reorganisation was happening within the ICB to ensure safety was a consideration when there were such pressures.

The structure of quality and safety management

3.4.4 ICBs described mandated system quality group meetings which had been set up so that providers could engage with the ICB and other partners (including the Care Quality Commission, Healthwatch and public health) on quality and safety issues. The National Quality Board (2022b) provided guidance which states that the objectives of system quality group meetings are:

• maintaining and safeguarding quality
• supporting and enabling improvement.

Safety management processes are not explicitly mentioned.

3.4.5 ICBs told the investigation that system quality group meetings are a key mechanism for ensuring their ability to understand what risks were present in their system, but the success of the meetings relied on the providers supplying information, attending and being engaged. While providers are required to attend these meetings (National Quality Board, 2022b), ICBs voiced concerns about the limitations on what providers would share in such forums, and in particular independent providers. The investigation was told by ICBs and NHS England regional teams that there were no nationally set requirements of what information was presented at these meetings. ICBs explained that providers’ willingness to engage in these meetings was dependent on their relationship with the ICB, which could be variable.

3.4.6 ICBs told the investigation that such relationships were “organic” and often not governed by guidance or a structure, with “a reliance on informal ways of working”. ICBs suggested that broader guidance would have been useful because they had identified duplication of work, where risks are being “managed elsewhere at different levels of the system”.

3.4.7 Some ICBs described attending quality meetings within individual providers as part of their management of patient safety, but not all providers invited them to attend such meetings as they were not required to do so. National guidance (National Quality Board, 2022b) states that ‘provider assurance and risk management remains at provider boards’, indicating that the ICB does not have a formal role at this level. In addition, the size of some ICBs’ geographical areas and the number of providers within their ICS could mean the number of such meetings was difficult to attend, if the ICB was invited, because of limited resourcing in the patient safety and quality team.

3.4.8 ICBs explained that although regional quality groups were in place, many ICBs did not have a systematic way of feeding into these meetings because there were no established processes at the provider level. This meant discussions at these groups may not be focusing on emergent and recurring risks. These meetings were attended by organisations such as professional regulators, patient representative bodies and arm’s length bodies. The lack of information available at these meetings may affect the ability of these organisations to put in place adequate risk controls. The use of safety management principles may help to define the data that would be required in order to achieve a systematic understanding of patient safety risks at a regional level.

Oversight

3.4.9 The NHS Oversight Framework (NHS England, 2024a) describes how oversight of NHS trusts, foundation trusts and ICBs operates. It states that ICBs are required to determine the ‘extent to which system partners are working effectively together to deliver and improve’. There is no supporting operational guidance indicating how this is to be achieved. Some ICBs described themselves as an oversight body while others indicated that they had specifically been told by NHS England regional teams to avoid that term.

3.4.10 NHS England’s Oversight Framework clearly describes measures and support mechanisms for when ICBs are seen to be underperforming. However, the Oversight Framework does not specify the day-to-day patient safety management activities to be undertaken by ICBs.

3.4.11 Reflecting this, a senior manager at NHS England told the investigation that while there is an expectation that ICBs will manage cross-organisational safety risks, NHS England “have not told ICBs they have to” do this or “flagged this” in planning or operational guidance. The investigation acknowledges that PSIRF guidance refers to management of cross-organisational safety risks. However, this does not direct how cross-organisational safety risks should be managed more generally outside of PSIRF.

3.4.12 While ICBs engage in some proactive safety management activities, such as assurance visits, these are limited by capacity and ICBs described a reliance on more reactive activities such as responding to incidents which had already occurred. The description of safety management activities by ICBs did not align with safety management principles. Such principles could help to specify standardised processes requiring ICBs to be proactive in managing patient safety by working effectively with other system-level partners.

Assurance

3.4.13 The investigation was told by providers, ICBs and national organisations that assurance information with differing level of detail, and in different formats and approaches, was required by various organisations, including regulators. Some examples provided were:

• NHS England
• Medicines and Healthcare products Regulatory Agency (MHRA)
• Care Quality Commission (CQC)
• UK Health Security Agency
• coroners
• local authorities/police.

3.4.14 These different reporting requirements were described as “frustrating” and conflicting, resulting in differing levels of information being provided. These processes were also isolated, with differing learning outcomes. The investigation was told that the fractured nature of these reporting requirements could prevent organisations such as ICBs having an overall understanding of risks and how they should be prioritised and effectively mitigated.

3.4.15 In addition, ICBs reported that in social care the responses to incidents were “punitive” and that there was limited consideration of contributory factors in investigations. However, people were now working across the boundary of heath and care with the aim of “changing the culture and understanding in local councils”.

3.4.16 Other mechanisms of assurance the ICBs described were visits to providers, which could be formal “quality assurance visits” or more informal visits to support providers with managing safety issues they were encountering. This “boots on the ground approach” was said to be very important for the safety teams within the ICBs in giving them an understanding of how safety was being managed within providers.

3.4.17 However, the investigation was told that because of restructuring there was reduced capacity within the ICB teams to undertake such visits. Also, as there were no national requirements for ICBs’ commissioning arrangements or the need to carry out visits, many had moved or were moving towards a more “centralised approach to safety management”. Some ICBs reported that due to this change they were more hands-off and were waiting for providers to escalate safety risks to them.

3.4.18 Some ICBs described having approached providers with requests for specific safety data which were met with “push back”. It was acknowledged that the competing priorities of quality and patient safety teams meant that such requests were in addition to other requirements, such as the implementation of PSIRF. One ICB described getting round this challenge by using key performance indicators in its contracts with providers to ensure data was reported to them.

3.4.19 The CQC told the investigation that there are gaps in how safety data is shared for assurance purposes and this data is required by a range of other stakeholders, including the CQC.

3.4.20 One ICB used the phrase “sovereign accountability” to describe how organisations managed their own assurance processes and escalated risks through to board level. Some ICBs told the investigation that this centralised approach was less proactive than it used to be under the previous CCG structure, with many oversight activities increasingly becoming a “once a month activity” rather than being part of everyday activities.

3.4.21 An analysis by the NHS Confederation (2024) identified that ‘NHS England will only delegate responsibility for provider oversight to ICBs with higher capability scores’. This means that the lines of accountability are different depending upon the performance of the ICB. ICBs told the investigation that this arrangement did not enable clear lines of accountability for patient safety management as it was unclear what ‘oversight’ related to.

3.4.22 The findings of this investigation are reflected in the findings of Lord Darzi’s review (2024), which reiterates those of the Hewitt review (2023), that there is ambiguity in ‘the relationship between providers and ICBs’ and that this is due to ‘differing understanding of their roles and responsibilities, including how far they are responsible for the performance management of providers’.

3.4.23 Applying safety management principles would require an accountability framework which would specify the roles and responsibilities of providers, ICBs, regions and other organisations in relation to patient safety and the types of risks they are required to manage. Without defining the accountabilities of all stakeholders within the wider health and care system it is challenging for ICBs and other system partners to understand their role in the management of patient safety.

National oversight

3.4.24 The Health and Care Act 2022 states that ‘the Department of Health and Social Care wants to ensure appropriate accountability arrangements are in place so that the health and care system can be more responsive to both staff and the people who use it’.

3.4.25 The challenges for oversight go beyond the patient safety guidance and structures developed by NHS England and relate to interactions between organisations with patient safety oversight accountability across the health and care landscape. These include, but are not limited to, the CQC and MHRA as well as interactions with social care such as local authorities. This shows that any development of safety management principles needs to be not at an NHS England level but across the national heath and care sector. The CQC suggested this would bring together the NHS and independent organisations that provide healthcare, as well as social care.

3.4.26 This reflects the findings of a previous HSIB investigation that looked at harm caused by delays in transferring patients to the right place of care (Healthcare Safety Investigation Branch, 2022a). It made a safety recommendation to the Department of Health and Social Care (DHSC) relating to developing and implementing a safety accountability framework that spans health and social care.

3.4.27 In its initial response to that safety recommendation, the DHSC agreed that ‘Accountability is central to patient safety in the NHS. It guides expectations and judgements about the performance of providers delivering health and care services’. The response went on to state:

‘Integrated Care Systems (ICSs) are partnerships of organisations that come together to plan and deliver joined up health and care services, and to improve the lives of people who live and work in their area. The Department considers that systems and the organisations within them should ensure that the right processes and improvement support are available to further improve patient safety and address any risks and issues as they are identified.

‘Forthcoming assessments of ICSs by the Care Quality Commission (CQC) will provide independent assurance to the system and to Parliament of how well different partners of the system are coming together to focus on the needs of their populations. This includes assessments of whether each ICS is performing well against statements of what good looks like under the theme of ‘quality and safety’. In addition, the Secretary of State’s priorities for the assessments include ‘To understand how effectively each integrated care system drives improvement of quality and safety at a system level.’ Following the report, system partners (integrated care boards, local authorities, and providers) are expected to come together through a local system improvement summit to review assessment findings and publish action plans, which the CQC will monitor.’ (Healthcare Safety Investigation Branch, 2022a)

3.4.28 The CQC told the investigation that it is unable to assess ICSs as there is currently no framework in relation to patient safety accountabilities in place to do so (ICS inspections have been paused following a recommendation by a review into the operational effectiveness of the CQC (Department of Health and Social Care, 2024a)). Following engagement with the DHSC, it provided an updated response, which stated:

‘Clear lines of accountability and responsibility are needed for effective patient safety management in the health and care system.

Regulators and oversight bodies are responsible for ensuring that accountability frameworks for providers support cross-agency and cross-sector working to improve patient safety and other outcomes that matter to the public. On 26 July 2024, the Secretary of State for Health and Social Care stated that he would ask Dr Penny Dash (pending completion of her final report into the operational effectiveness of the Care Quality Commission in autumn) to review and make recommendations on how to maximise the effectiveness of key organisations with oversight responsibility for patient safety. The Department will consider any recommendations relating to accountabilities for patient safety.

‘The Department acknowledges that patient safety accountability and delivery could be enhanced by taking a safety management systems (SMS) approach across the health system. NHS England is currently working with partners from across the healthcare system (including the Health Services Safety Investigations Body), academia and other safety-critical industries to explore how the principles of SMSs may be translated within a healthcare context. The Department will continue to work with NHS England and the Health Services Safety Investigations Body to understand how SMSs could be employed in the NHS.’ (Department of Health and Social Care, 2024b)

3.4.29 The investigation was told that transferring a patient’s care between healthcare providers and social care providers created specific challenges because of the differences in the processes and terminology used. These safety risks also spanned multiple regions. Challenges to the management of safety across organisations goes across health and care organisations, and effective safety management depends on them working together, although currently their approaches are not aligned. Steps have been made towards understanding systems-based investigation principles, such as the cultural change being championed through the PSIRF, but a wider system change is needed.

3.4.30 The development of approaches to safety management in other industries has typically involved collaboration between the regulators and multiple organisations over several years to develop regulations, standards, and good practice to assure safety management practice across an entire industry. The way this has been achieved in other industries was described in appendix 2 of the HSSIB (2023a) report ‘Safety management systems: an introduction for healthcare’. The key to this development is collaboration and the organisations’ commitment to work together to build on existing foundations to ensure continuous improvement.

3.4.31 While the investigation explored ICBs in relation to accountabilities, this is one element of a bigger picture which cannot be viewed in isolation, and reflects a challenge across the health and care landscape. The way other organisations interact with structures such as ICBs means that any safety recommendations aimed specifically at developing the ICB level would be siloed solutions. This is because of the number of organisational stakeholders involved at the system quality group level and the need for them to engage with each other to be able to manage patient safety.

HSSIB makes the following safety recommendation