Datix Risk Management Module
NameInitial Password
Level of access
Training delivery by
Date of Training
Area of responsibility
Further information on risk assessments, scoring and management can be found in the Risk Management Policy CG027
1.0Introduction
Risk Management is the process through which risks are identified, evaluated and controlled. The objective is to minimise the likelihood of a risk actually occurring and, or should it occur, minimise the adverse impact.
The Trust uses the Datix system to assist its staff in managing risks.
The purpose of this guide is to take you through the risk entry, approval and escalation process using the Datix Risk Management Module.
Access to the risk module and risk registers will be centrally controlled.
2.0Definitions and Terminology
Hazard –Something (e.g. an object, a situation, or an activity) with the potential to cause harm / an adverse effect.
Risk –The chance of something happening, which would have an impact upon objectives. It is measured in terms of likelihood and consequence.
Risk Score – The likelihood and consequence of a risk are rated on a scale of 1-5. A risk score therefore is obtained by multiplying the likelihood score and consequence score.
Consequence – a measure of the predicted harm, loss or damage will have on the people, property or objectives.
Likelihood – a measure of the frequency or probability that the consequence will occur.
Initial Risk Score – This is the score that is given to the risk on its first assessment and takes into account all of the controls that are already in place.
Controls / mitigating actions – A measure that is in place or will be implemented, which deliberately reduces or eliminates either the likelihood of the risk materialising or the consequence. Examples of controls might be the use of certain equipment, policies, procedures, training etc.
Trust Risk Register - The Trust’s Risk Register is a unified log of all the risks identified in the organisation. These risks will be accessible to staff at various levels and in different areas of the organisation. It is centrally hosted on Datix. The Datix module can be accessed by staff with appropriate permissions that can input risks onto the system.
Risk Owner – This is the person responsible for co-ordinating, overseeing or undertaking work to mitigate that risk.
Acceptable Risk - Agreeing to live with the level of risk e.g. where all reasonably practicable action has been taken but some risk still remains.
Risk assessments - A careful examination of what and how something is or being proposed to be undertaken, and whether there are enough precautions in place or whether more should be done.
3.0The Risk Management Module
The risk management module allows for risks at all levels within the Trust to be entered, managed and monitored.You will need to be set up with access rights to the module.
To start you need to log into Datix.
After accessing the incident reporting form click on the risk register icon and the following screen will be displayed – you need to be set up
Left hand ‘options’ column
At the present time the onlyoption that is being used is theAdd a new risk.
Right hand Status column
The Status column shows the total number of risk entries across the Trust and at which level these risks are being managed. The levels at which risks are being managed are -
.
Level 1 – Risks owned and managed at the ward / dept level –
Level 2 – Risks which have been escalated and owned at the speciality level
Level 3 – Risks which have been escalated and owned at the Care Board levelor the Corporate equivalent and thematic risk registers
Level 4 – Risks which have been escalated and owned at the Trust Board Level
NB – the risk management module layout is based on the Datix incident management module, so there are six status levels. The final two options are not used by the risk management module and so are marked with coloured squares
4.0Entering a Risk into Datix
To enter a new risk click on the ‘Add a new risk’ icon and the screen below will be displayed
- Principle Risk
Risk Title -each risk requires a title. This will be the primary descriptorused by Datix when producing reports. Try and keep it as short and relevant as possible, whilst explaining what the risk is.
Risk Type - there is a drop down box menu for you to make a selection from.The options available relate to the consequence scoring domainsused in the risk assessment process. Multiple options can be selected.
Risk sub- type –a drop down box menu allows you to be more specific about the type of risk. This option allows for greater analysis and identification of risks across the Trust and assists with the Trust to horizon scan risks.
- Risk Owner
Risk Owner – this is the person who is responsible for ensuring that the risk will be managed accordingly eg a departmental manager, matron, director etc.An identifiedindividual will be notified automatically once the risk has been entered. If you can not find the individual please and require that person be added to the drop down menu please contact the Datix team.
- Risk Description
Description of risk –Without a clear and accurate risk description, persons reviewing the risk may not be able to comprehend or understand the true nature of the risk. It will also make theability to assess the identification of the correct controls, mitigation and contingency plans more difficult.
A risk description should cover the risk cause, effect and impact, as the example below shows.
The cause of this risk is that there is an inability to release staff from the wards to attend Trust mandatory training due to the staffing vacancies and long term sickness levels.
The effect of this is that it results in staff not receiving their mandatory training in various clinical skills such as resuscitation and manual handling.
Ultimately the impact of this is that there are increased safety risks to patients and staff.
Please avoid abbreviations and specialist terminology where ever possible.
Initial Risk Score–This is the score that is given to the risk on its first assessment and takes into account the controls that are already in place.It is automatically calculated once you enter a score for likelihood and consequence.
Risk Entry Approving Committee – The committee that presently accepts the risk prior to managing / escalating or de-escalating the risk. This may be a ward meeting, Care Board Meeting, etc.
Strategic objective – thedrop down menu allows you to select an objective(s). A risk identified within the organisation must be linked to at least one strategic objective.
- Location
The location of the risk source needs to be identified here. Please be as specific possible.
The box “is this risk common to more than one area” is primarily aimed at risks cover the whole site eg failure to manage the car parking on site
- Date of the assessment
The Datix system is set up to automatically default to that days date - change the date accordingly.
- Risk Scoring
Current risk score - the score of the risk as you look at the entry on the screen. It should be reduced over time as the controls are implemented to allow a risk score as identified in the target risk score section. On the first assessment the Initial and current risk score will be the same.
The target risk score is the score you will have achieved once all the controls have been implemented. It should be as low as reasonably practicable.
- Details of the assessor
The majority of the fields in this section should be populated automatically. You will need to complete the mandatory fields accordingly.
Once you are satisfied that the information is correct, press the submit button and the next screen will appear.
You are asked to go back to the risk record to approve the risk. The risk has also been given a unique risk number.
5.0Approving a Risk
After pressing the back to record icon, Datix will present you with the following screen. The information you have previously entered will be transferred into this screen.
1ID
Datix will automatically create a unique risk identification number for each entry
2Approval Status
The approval status should automatically indicate level 1. As mentioned earlier the Trust manages risk via 4 levels
Level 1 – Risks owned and managed at the ward / dept level
Level 2 – Risks which have been escalated and owned at the speciality level
Level 3 – Risks which have been escalated and owned at the Care Board level or the corporate equivalent and thematic risk registers
Level 4 – Risks which have been escalated and owned at the Trust Board Level
An individuals ability to approve at a certain level will be controlled by the Datix team in conjunction with the Head of Risk Management.
NB THE BACKGROUND COLOUR DOES NOT RELATE / REFLECT THE RISK LEVEL. This a Datix replication issue due to the risk management module piggy backing onto the incident management module.
3 Key Dates
The opened date will been transferred from the previous screen
Last review date – all access and changes on Datix are automatically logged for audit purposes.
4Closed Date
The closed date should only be used when the risk has been removed (see section 7)
5Communication and Feedback
The major advantage of using this function rather than the Trust email system is that your communication is stored with the relevant risk entry creating an auditable communication trail. This option works in the same way as the communication and feedback option in the incident reporting module.
6 Linked Records
This feature allows you to link a risk entry to a number of options including an incident, other risk entries etc. - you will need to know the Datix ID to link entries. This is a very useful feature for level 3 and 4 risk registers.
7 Attach Documents
This feature allows you to attach documents to a risk entry, in the same way as the incident module does.
8 Action Plan / Entering a Control
When a risk is assessed,a number of actions/controls will be identified to control or mitigate it. These are required to be entered on to Datix to show how the Trust, via delegated individuals are managing these.
To enter an action/control click on ‘create a new action’ andthe following screen will be displayed. Each action will be given a unique ID number. This process will have to be repeated for each action.
1 Type
Select the type of control/action to be taken via the drop down box.
2 Priority
Each control should be prioritised
high – to be implemented within one month or soon
medium - to be implemented within three months
or low - to be implemented after three months
3 Details
This is a free text box which allows you to further describe the control action
4Progress
This free text box allows you to update the Datix record on any progress that has been made
5 Key Dates
You can choose when an action is to be started and when it is expected to be completed. The completion dateshould reflect the previously chosen priority.
6 Owner of the Action
The assessor can delegate actions to other members of staff that are more suitably skilled or knowledgeable. A notification email will be generated automatically that an individual has been delegated the responsibility. This should be discussed and agreed prior to delegation and must be agreed where delegating outside their area of control.
Once‘submit action’ has been pressed the approving a risk page will reappear, where it will display all the actions that have been created. You can now go back into the action as you desire and update with any progress that has been made.
Once the risk owner is satisfied that the action/control has been completely implemented they can press the relevant ’Press when action fully completed’ icon.
The following text box will appear, to which the ‘Apply’ icon should be pressed. The action will then automatically enter a date in the date done column.
6.0Risk Registers
Risks which can not be managed at the ward / dept levelshould be escalated by exception onto a risk register.
The Trust manages risk via 4 levels and has 3 levels of risk registers - Speciality, Care Board/ Corp equivalent/Thematic and Corporate. Wards and departments (level 1) do not have risk registers per say but, records of their risks.
The Trust will have a number of overarching thematic risk registers which will be populated and monitored bytopic lead committees. These include IPC, Safeguarding and EP&R.
Escalating and de-escalating a risk
The Trust recognises that a highly scored risk at a ward or service level would not necessarily be scored the same when taken in the wider context of the Trust as a whole.
The escalation process is designed to address this by allowing for risks to be escalated or deescalated by a sponsor, reason for escalation, action plan etc. rather than just because it has been graded within the Trust as being a high risk.
Each risk highlighted for escalation through the risk management structure will need to be reconsidered in the context of the existing risks at the next management level. As such the de-escalation of risks will follow the same process.
The process for escalating and de-escalating a risk
The decision to escalate or deescalate a risk should be taken by relevant committees/groups, and noted in the committee’s/group’s minutes.
As each level of the risk register will be access controlled, it is for the various nominated / responsible persons to amend Datix accordingly. Changes will need to be made to
- Approval status – risk moved up or down the numerical scale
- Risk entry approval committee – changed to the committee that now owns the risk egg Network Care Board changed to Corporate Level.
- A note of these changes should be documented on the Notepad section
7.0Risk Closure & Removal
Risks may be closed at various levels within the risk register structure, with only the Board able to close principal risks that affect the Trusts strategic goals. The closure of a risk will result in it being removed from the ‘live’ risk register.
Committees or risk forums can close risks once they have been eliminated. If a risk exists even at a low level these must be retained and be annually monitored and reviewed.
To close a risk, enter today’s date in the‘closed date’ section and save. The risk is now closed.
8.0Producing a Report
The producing of reports is presently undertaken centrally by the Datix Team. If you require a report please email Electronic Incident Reporting @ royalberkshire.nhs.uk detailing your request.
Further help
If you require further help please contact-
Tel – Head of Risk Management on ext 8123
Tel – Datix Systems Manager ext 8945
Tel – Datix Administrator ext 7043
Email - Electronic Incident Reporting @ royalberkshire.nhs.uk or
Risk Manager@ royalberkshire.nhs.uk
Page 1 Datix Risk management Module Standard Operating Document Version 2 – DraftDate – 5th August 2015
Author JEB – HoRMPage. 1