Incident Near Miss Reporting Policy

The purpose of this policy is to consolidate the reporting arrangements that take place within NHS East Midlands and ensure that all incidents and near misses are captured in a systematic way within a “fair blame” culture.

The NHS is a complex service where many things can go wrong.  Although this does not happen very often, when serious failures do occur they can have a huge effect on staff and also undermine public confidence.

Even less serious incidents and “near misses” can reveal hidden risks that could potentially cause harm to staff in the future unless corrective measures are taken.

To do this NHS East Midlands needs to know where risks are and what form they take.  Identification is therefore the first step within the risk management cycle.

A method to identify risks to which members of the public and staff may be exposed is incident and near miss reporting.  Although a partially reactive system, it allows the organisation to take the necessary actions in preventing recurrence.

Although incidents have been reported within the NHS for many years, there has been a lack of uniformity through the NHS as a whole, with many different systems used to help identify, analyse and learn from what happened.

Scope

This reporting policy and procedure applies to all NHS East Midlands staff, visitors and contractors.  It also applies to staff who carry out work for NHS East Midlands within another organisation’s premises or staff who are injured while travelling on business during working hours.

This policy is intended to address all incidents, be they organisational or non-clinical incidents, whether they involve harm to the public or staff.

Aim

The aim of incident and near miss reporting is to:

• Improve the quality of the working environment of staff and the safety of visitors and staff by sharing and learning from experience;

• Encourage a reporting and questioning culture within NHS East Midlands that gives staff confidence to report incidents, openly discuss working practices and procedures and make improvements to the quality of services provided;

• Provide information to allow effective evaluation and monitoring of working procedures;

• Provide formal documentation to assist in the management of complaints, claims and investigations internally and by statutory bodies.

Definitions

An incident or accident:

An incident or accident that has given or may give rise to actual or possible personal injury or to property loss or damage. This includes incidents related to:

• working practices
• health and safety
• fire
• theft
• bomb threat / suspicious packages
• loss of information or data
• data security breaches
• incidents of violence / aggression from visitors or other staff

• Office/ personal security

An incident relating to breaches of security and/or confidentiality could be anything from users of computer systems sharing passwords to a piece of paper identifying an individual being found in a public place.

A security incident might be an “unusual” event e.g. something odd happening on the screen, a computer file disappearing, an unaccompanied stranger in a restricted area.

An information security incident is defined as any event that has resulted or could result in:

• The disclosure of confidential information to any unauthorised person (a breach of the Data Protection Act 1998)
• The integrity of the system or data being put at risk
• The availability of the system or information being put at risk
• An adverse impact e.g. NHS reputation, threat to personal safety or privacy, financial loss, legal obligation or penalty.

A near miss:

Any event that has the potential to cause actual harm to an individual, or individuals, damage to property, a security or data protection breach, despite the fact that no incident occurred on this occasion.

A Serious Untoward Incident:

Something out of the ordinary or unexpected, with the potential to cause harm, and/or likely to attract public and media interest that occurs on NHS premises or in the provision of an NHS or a commissioned service.

It is unlikely that a SUI will occur within NHS East Midlands premises however, if such incident should occur the NHS East Midlands Serious Untoward Incident Policy should be followed.

Principles of Incident Reporting

NHS East Midlands encourages an open, honest and immediate incident reporting system that is used to improve practice and reduce risk.  All staff have a responsibility to report incidents.

By promoting a fair blame culture and focusing on what happened, rather than who was at fault, the aim is to move away from a culture of blame to one of openness and learning from incidents.

If there is sufficient evidence that the actions/inactivity of those staff involved caused a serious and conscious breach of discipline, then it may be appropriate to refer to the Disciplinary Policy.

Employees working within a site that is leased by NHS East Midlands and owned by another employer should follow the procedure for that site and ensure that a copy of the details is sent to NHS East Midlands for recording purposes.

All incidents should be investigated in order to establish facts and any remedial action required.  However, the depth of investigation and level of analysis will depend on the seriousness and nature of the incident.

NHS East Midlands will comply with the reporting requirements of the following external agencies:

• Police where there is suspicion of mal-practice or criminal activity or assault.
• Local Authority, those incidents which may require their input e.g. estates.
• Deanery or other higher education institutions for incidents which may aid learning.
• The Health and Safety Executive for those incidents which can be categorised under RIDDOR(Reporting of Injuries, Diseases and Dangerous Occurrences Regulations) as in Appendix A

• The Counter Fraud Authority for those incidents relating to physical assault or any aggressive behaviour.

This list is not exhaustive and other agencies may need to be involved as appropriate.

Responsibilities

The Chief Executive is accountable for risk management within NHS East Midlands however the Director of Human Resources and Workforce has delegated responsibility for the development and implementation of risk management, including incident reporting.

All Directors must ensure that this policy is implemented within their area of responsibility.

All staff must ensure that they abide by this policy.

Managers are responsible for implementing this policy by ensuring that:

• Staff understand and adhere to the policy and procedures
• Incident reporting forms are available to all staff via INFOWEB and completed as required
• Incidents are investigated, and appropriate actions and changes are taken to prevent recurrence of the incident
• Incidents are routinely monitored and organisational learning is applied

• Completed forms should be sent to the HR Department within 6 working days of the incident or as under the RIDDOR procedure

Each member of staff is responsible for:

• Understanding and following the Incident Reporting policy and procedures
• Completing incident reporting forms as necessary and within the required timescales as set out in Appendix A
• Taking part in investigations following an incident or near miss, as required
• Implementing changes, as required

• Completing the Accident Book and notifying their Line Manager of accidents

The HR Advisor is responsible for:

• Receiving all incident reports
• Ensuring all incidents/near misses are recorded accurately on the database
• Ensuring that the database is kept up to date
• Supporting investigations
• Providing statistical information to Directorates on a quarterly basis for analysis
• Providing statistical information for reports to the Health and Safety Committee and the Board

• Notify the HSE and statutory agency within legal timescales

The Human Resources Department is responsible for:

• Ensuring notification of incidents, in the absence of the HR Advisor, by government organisations such as the Health and Safety Executive
• Supporting investigations

• Providing training and raising awareness with staff

The Health and Safety Committee is responsible for:

• Monitoring incidents

• Reviewing trend analysis of all incidents

The Information Governance Steering Group is responsible for:

• Monitoring all information focused incidents
• Reviewing analysis

• Providing recommendations to the Organisation on remedial actions required

Monitoring

The Human Resources Department will monitor and evaluate incidents and report their findings to the Health and Safety Committee and the Executive Team. The Information Governance Workstream Lead is responsible for monitoring and evaluating all information focused incidents reporting to the Information Governance Steering Group.

Trend analysis reports will be provided to Directorates and the Board on a quarterly basis as a minimum.

Training

Training on Incident Reporting and Investigation Techniques will be provided to staff at all levels across the organisation.

Examples of Incidents / Accidents / Near Misses

The following are examples of types of incident that will be reported using the incident report form:

A personal injury/ill-health

• A slip or trip on a wet floor surface or on a loose carpet tile
• Accidental burn

• Musculoskeletal problems associated with work activity

Property Damage

• A child kicking a ball through a window
• Damage caused by broken water pipes

• Damage caused by vandalism

Fire

• Any incident of fire anywhere on NHS East Midlands property or premises.  Any false alarms must also be reported

Theft

• Any incident of theft anywhere on NHS East Midlands property or premises

Bomb Threat / Suspicious Packages

• Any incident of threat anywhere on NHS East Midlands property or premises

Violent incident

• Any occasion where a member of staff feels either threatened by the behaviour of the person confronting them or where an individual actually assaults them or another person physically or verbally.

Personal/Building Security

• Any incident where security has been breached by trespass, theft/loss of computer equipment/USB’s, break in, or unidentified persons in work areas etc

Information Security

• Identifying that a fax that was thought to have been sent to one person has actually been received any another
• Loss of a laptop/computer with personal information on it
• Accessing a computer database using someone else’s authorisation
• Accessing a prohibited web site by mistake
• Any incident which breaches staff or organisational confidentiality including data loss.  E.g. confidential or personal information left on screens

What Should Happen When An Incidents Occurs?

When an incident has occurred, the following actions should be taken where appropriate:

• Attend to the immediate health needs of the individual(s) affected without putting yourself in any danger e.g. in the event of fire
• Re-establish a safe environment of service e.g. removing faulty equipment
• Secure the environment by ensuring that any equipment involved is secured for inspection and/or disposal.  Retain any documents, records and other policies and protocols pertaining to the incident
• Inform the most senior person (or person identified as being “in charge”) with responsibility for the area/persons affected to ensure that the situation can be contained and response escalated where required
• Complete an Incident Report Form stating only fact, not opinion, with the assistance of the most senior person (or person identified as being “in charge”) all parts of the form must be legibly completed
• For incidents and near misses the form must be completed as soon as possible after the event but within 3 days of the incident occurring
• For incidents requiring immediate reporting to the HSE, please contact the HR Advisor in office hours

• HR will comply with the reporting requirements to all relevant external agencies

Action Relating to Breaches of Confidentiality / Security

When an incident has occurred, the following actions should be taken where appropriate:

• All employees should be made aware that if they discover something that could be considered as an incident, they should report this to their line manager and complete an Incident Report Form
• This form should be copied to the Information Governance Workstream Lead and a copy kept with the HR Team.
• On initial notification the Information Governance Workstream Lead will asses the incident using the latest information security risk matrix issued by the Department of Health. In the event that the incident is classified as a serious untoward incident the Information Governance Workstream Lead will follow the NHS East Midlands Serious Untoward Incident Procedure.
• The content of the form will be discussed at the Information Governance Steering Group, this will be done by the Information Governance Workstream Lead at regular intervals.  If any incident is deemed to need urgent attention, is media worthy or could impact on NHS reputation the Information Governance Workstream Lead will report to the relevant personnel e.g. the Caldicott Guardian.

• The Information Governance Workstream Lead / HR will comply with the reporting requirements to all relevant external agencies.

• The Information Governance Workstream Lead will log the incident to enable a central register to be maintained of all incidents occurring within the organisation.

All registered incidents should be re-evaluated within a 6 month period to ensure the type of incident is no longer being reported or the volume of those types of incidents has dramatically reduced.

Grading an Incident

The first consideration is the likelihood of the incident happening again.  The table below contains descriptions for each of the likelihood scores listed below:

Select the column that best matches the likelihood of this incident happening again, look at the number at the top of the column. That number is the likelihood score.