Risk managementA CPPE guideGUIDE/RISKMAN/18February 2018

We have written this guide to support pharmacy professionals who want to learn more about howthey can manage the risks that are inherent in their practice. This guide will signpost you to the mostappropriate places for your learning and to other key resources. It will also suggest some activities that youcould try out to help you implement change into the way you work.We have included case studies throughout this guide so that you can apply the learning to the NHSCommunity Pharmacy Contractual Framework and consider how you can identify and manage risk in yourregular practice.Risk management – guideAbout this guide to risk managementWe cover four key aspects relating to risk in this guide:1. What can go wrong in pharmacy practice?2. How do you learn from things that go wrong?3. How do you assess risk?4. How do you manage risk?There are exercises and case studies throughout for you to complete. The majority do not have suggestedanswers. They are an opportunity for you to apply what you have learned to a scenario.Why should you learn about risk?In pharmacy practice, the key external driver for being aware of risky practices and planning solutions ispatient safety. However, you may also have identified financial risks to your business and physical risk toyou, your pharmacy team and your customers.Clinical governance is one of the essential services offered by all pharmacy contractors as part of theNHS Community Pharmacy Contractual Framework – risk management is a key element of this. You have aresponsibility to be aware of the risks associated with your work, and to do what you can to reduce these.You can visit the Pharmaceutical Services Negotiating Committee (PSNC) website to look at the currentguidance for pharmacy contractors in relation to clinical l-service-clinical-governance/Risk management is often uncertain and it is unlikely that you will find a single solution that fits allcircumstances.Managing risk is about balancing different factors, some of which may be unknown and some of whichwill vary over time and in response to a range of influences. This is also affected by perception; yourviewpoint, experience and circumstances will affect how you assess risks and how you choose tomanage them.15

Risk management – guideViolationsViolations are when someone deliberately deviates from rules, policies or procedures. They may do thisbecause everyone else does too or because they are taking a shortcut to work around an impracticalsystem. An example of a violation would be ignoring all of the interaction alerts on your dispensing systemeven though the standard operating procedure (SOP) dictates that they should be reviewed.2.5 The Swiss cheese model of accident causationMany of the most serious patient safety incidents are identified as having a series of errors and failurescontributing to the eventual outcome and safety science proposes models of how these may occur.One such model is known as the Swiss cheese model of accident causation.5 This uses the analogy that theslices of Swiss cheese represent different types of safeguard.The holes in each layer of the cheese represent weaknesses in the safeguard which could be many things,such as an unplanned and uncommunicated change in practice, an IT failure or a design fault.If multiple slices are lined up in just the right arrangement, there would be a hole all the way from one sideto the other, as per the diagram below.When this occurs and an incident is not prevented, it appears that there were no effective safeguards inplace.For example, there may be many safeguards used to ensure that patients are provided with medicines thatare safe and appropriate for their use.Some of these safeguards will work prior to a person visiting a pharmacy:n A patient’s conversation with a GP and a warning that the medicine they are taking is incompatible withother medicines.n Manufacturers’ efforts to ensure their packaging is clear and that their products with similar names ordifferent doses can be easily distinguished.n International and national regulations, policies and recommendations. For example controlled drugregulations.In the pharmacy, there will be several more safeguards ranging from access to patients’ records, SOPs fordispensing and accuracy-checking, and interaction alerts built in to dispensing systems.All of these could be seen as different layers of the Swiss cheese. However, despite the number ofsafeguards in place, there is still a probability – a risk – that the holes in the cheese could line up and apatient could be involved in a safety incident.16

Background readingLilley R and Lambden P. Making sense of risk management – a workbook for primary care (second edition).2005. Radcliffe Publishing: Oxon.HSE. Safe handling of cytotoxic drugs in the ytotoxic-drugs.htmRisk management – guide4. How do you manage risk?4.1 Risk management strategiesFrom the previous section, it might seem that for every risk you find, you need to be reducing it in someway. However, it should reassure you that there are four different strategies to managing risk. These are:n Mitigaten Avoidn Transfern AcceptMitigate is likely the most common risk management strategy that you will consider. This is where youseek to control the risk and bring it to a level that is deemed to be acceptable. This may be by attemptingto reduce the probability of occurrence or the severity of the outcome and we will be going into moredetail on this in this section.Avoid is where you identify that the risk exists and choose actions that are beyond simply mitigating it,and avoid all actions that would give rise to this risk. For example, if you were concerned about the risksassociated with a delivery service, you might decide that you do not want to offer a delivery service. Ifyour pharmacy is debating taking on some additional services and you were concerned that the staffwould not be able to deliver these safely, you might decide that it is better that you do not offer them at all.Transfer involves insuring against the risk. Pharmacies are required to carry insurance. In some cases,pharmacy owners may want to take out extra insurance to cover specific issues where they feel the risksexist and may not be adequately managed.Accept is where you acknowledge that the risk exists but you do not take any action to either avoid,transfer or mitigate against the risk. For example, there may be a very low probability that all of yourpharmacy vehicles will break down on the same day. You are not going to mitigate this by ensuring there isanother. You may not be able to avoid this risk and you choose not to insure against it. Therefore, you areaccepting this risk.Deciding which you should do is often decided by the policy on risk management in your organisation.For example, if you consider the risk matrix introduced in the previous section, organisations maycategorise low, medium and high risk differently.We can consider how organisations view risk differently by looking at the following risk matrices for twodifferent organisations. Organisation 1, on the left, appears to be more risk-averse. They have few risks(the green section) which they would consider to be low risk. In contrast, Organisation 2, on the right, isless risk-averse and they consider few risks to be high risk.Organisation 1Organisation verityHighseverity27

Now that you’ve assessed your risks and put strategies in place to minimise the possibility of things goingwrong, you still need to have an ongoing awareness of risk.The strategic systems and good practice that you put in place can protect you and your patients frommany risks. However, the Swiss cheese model will still apply and other potential gaps and weaknessesare inevitable in the system. Therefore, you still need to be risk-aware every day, keeping up to date withincident reports from elsewhere, reinforcing the ideals of being open and actively looking for risk potentialto reduce it in your own practice. These are all features of a good safety culture.Risk management – guide4.8 Risk minimisation in the real world – a safer cultureSometimes managers are surprised by the perceptions of the people who work for them, not realising thatthey may not have a clear understanding of the expectations placed upon them, or that there is conflictbetween several goals. Sometimes staff may feel unwilling to tell their manager that the working conditionsmake it difficult for them to perform well and that this can lead to errors. Having a good safety cultureshould make it easier to communicate and help identify and address these misunderstandings before theylead to incidents.A good safety culture also means sharing information openly and freely, and fair treatment for staff whenan incident happens. We are all likely to have an emotional response to when things go wrong. You mayrecognise some of the stages listed in this diagram.CompetenceInternalisation“I’m responsible; this ishow I’m going to dealwith it.”Minimisation“It’s not that s is why it happened.”“It’s hopeless.”“It’s not really happening.”Letting go“It’s really happened.”TimeAdapted from the work of Elizabeth Kubhler Ross (Devine M and Hirsch W. Mergers and acquisitions: getting the people bit right.1998. Roffey Park Management Institute: Horsham).While safety culture may sound like a vague concept, there are means of measuring it and workingtogether to improve it. One such method is the Manchester Patient Safety Assessment Framework (MaPSaF)technique, which is used by pharmacy teams to evaluate their own performance and look towardsimproving it.This involves assessing a range of features of the environmental culture against levels on a rating scale.These would include local responses relating to incidents or safety issues.These levels are described as follows:n Pathological – ‘why do we need to waste our time on safety issues?’n Reactive – ‘we take patient safety seriously and do something when we have an incident.’n Bureaucratic – ‘we have systems in place to manage patient safety.’1n Proactive – ‘we are always on the alert/thinking about patient safety issues that might emerge.’n Generative – ‘managing patient safety is an integral part of everything we do.’31