Index
- DTAC
- Clinical Risk Management System
- Clinical Safety Case Report
- Hazard Log
- User Journeys
- DPIA
- Certificates and Documents
DTAC
A. Company Information
| Code | Question | Response |
|---|---|---|
| A1 | Provide the name of your company | Babble Ltd |
| A2 | Provide the name of your product | babblevoice |
| A3 | Provide the type of product | VOIP phone system |
| A4 | Provide the name and job title of the individual who will be the key contact at your organisation | Alison Jenkins, Installation Project Manager |
| A5 | Provide the key contact's email address | support@babblevoice.com |
| A6 | Provide the key contact's phone number | 01442 299280 |
| A7 | Provide the registered address of your company | 121 High Street, Berkhamsted, HP4 2DJ |
| A8 | In which country is your organisation registered? | UK |
| A9 | If you have a Companies House registration in the UK please provide your number | 7409196 |
| A10 | If applicable, when was your last assessment from the Care Quality Commission (CQC)? | N/A |
| A11 | If applicable, provide your latest CQC report. | N/A |
B. Value proposition
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| B1 | Who is this product intended to be used for? | Patients and Workforce | Principally, primary care clinicians and support staff. Patients have access to certain admin functions, e.g. booking GP appointments |
| B2 | Provide a clear description of what the product is designed to do and of how it is expected to be used | Babblevoice is a purpose-built, cloud-hosted telephone system designed to support primary care practice, patients and staff by integrating with clinical software and includes primary care-specific functionality. The reporting suite in babblevoice enables users to understand call patterns by giving real-time and historical information. There is a call recording function in babblevoice and calls can be recorded and played in the reporting suite or downloaded to a desktop. | |
| B3 | Describe clearly the intended or proven benefits for users and confirm if / how the benefits have been validated | Patient access is an NHS priority. Babblevoice helps improve patient access by offering a modern, purpose-built, cloud-hosted phone system. Babblevoice supports practices, patients and staff by, for example, allowing patients to book their own appointments using an automated system, automatically screen pops patient records and supports click to dial. Babblevoice offers an unlimited number of concurrent phone lines which means patients need never hear the engaged tone again. Babblevoice is on the Better Purchasing Framework for cloud-hosted telephony. Sunderland CCG study, 2018 showed a 50% reduction in DNAs, a 25% reduction in reception staffing levels, improved patient satisfaction, a 100% reduction in customer complaints regarding the phone system and 1 minute saved per telephone conversation. | |
| B4 | Please attach one or more user journeys which were used in the development of this product. Where possible, please also provide your data flows | Provided | User journeys, DPIA, Data flow diagrams |
C. Technical questions
C1. Clinical Safety
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| C1.1 | Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? | Yes | |
| C1.1.1 | Please detail your clinical risk management system | Provided | Clinical risk management system |
| C1.1.2 | Please supply your Clinical Safety Case Report and Hazard Log | Provided | Clinical safety case report and Hazard Log |
| C1.2 | Please provide the name of your Clinical Safety Officer (CSO), their profession and registration details | Theresa Finn, GP | |
| C1.3 | If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare Products Regulatory Agency (MHRA)? | Not applicable | |
| C1.4 | Do you use or connect to any third-party products? | Yes | |
| C1.4.1 | If yes, please attach relevant Clinical Risk Management documentation and conformity certificate | Provided | Information security policy |
C2. Data protection
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| C2.1 | If you are required to register with the Information Commissioner, please attach evidence of a current registration. If you are not required to register, please attach a completed self-assessment showing the outcome from the Information Commissioner and your responses which support this determination. | Provided | ICO certificate |
| C2.2 | Do you have a nominated Data Protection Officer (DPO)? | Yes | |
| C2.2.1 | If you are required to have a nominated Data Protection Officer, please provide their name. If you are not required to have a DPO please attach a completed self-assessment showing the outcome from the Information Commissioner and your responses which support this determination. | Nicola Hueting | |
| C2.3 | Does your product have access to any personally identifiable data or NHS held patient data? | Yes | |
| C2.3.1 | Please confirm you are compliant (having standards met or exceeded status) with the annual Data Security and Protection Toolkit Assessment. If you have not completed the current year's assessment and the deadline has not yet passed, please confirm that you intend to complete this ahead of the deadline and that there are no material changes from your previous years submission that would affect your compliance. | Confirmed - Standards met 22/23. We intend to complete 23/24 prior to the deadline, and there are no changes that would affect our compliance, compared to previous years. | |
| C2.3.2 | Please attach the Data Protection Impact Assessment (DPIA) relating to the product. | DPIA | |
| C2.4 | Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer (if one is in place) or an accountable officer where exempt in question C2.2. | Confirmed | |
| C2.5 | Please confirm where you store and process data (including any third-party products your product uses) | EU | |
| C2.5.1 | If you process store or process data outside of the UK, please name the country and set out how the arrangements are compliant with current legislation | All data is stored in the EU region Dublin, Ireland or the UK. All data is stored with AWS - who are world leaders and have security standards. We are migrating all data and services to the UK. | Further information if required: NHS digital allows NHS & social care providers to use cloud computing services for NHS data & the data can be hosted within the UK - European Economic Area view here |
C3. Technical security
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| C3.1 | Please attach your Cyber Essentials Certificate | CE certificate | CE Certificate |
| C3.2 | Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. | Provided | Summary PEN Test |
| C3.3 | Please confirm whether all custom code had a security review. | Yes - Internal code review | We ensure our design is as simple as possible. All code is reviewed internally before release. |
| C3.4 | Please confirm whether all privileged accounts have appropriate Multi-Factor Authentication (MFA)? | Yes | |
| C3.5 | Please confirm whether logging and reporting requirements have been clearly defined. | Yes | |
| C3.6 | Please confirm whether the product has been load tested | Yes |
C4. Interoperability criteria
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| C4.1 | Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? | Yes | |
| C4.1.1 | If yes, please provide detail and evidence: The API’s (e.g., what they connect to) set out the healthcare standards of data interoperability e.g., Health Level Seven International (HL7) / Fast Healthcare Interoperability Resources (FHIR). Confirm that they follow Government Digital Services Open API Best Practice. Confirm they are documented and freely available. Third parties have reasonable access to connect. If no, please set out why your product does not have APIs. | See babblevoice api documentation | |
| C4.2 | Do you use NHS number to identify patient record data? | Yes | |
| C4.2.1 | If yes, please confirm whether it uses NHS Login to establish a user’s verified NHS number. If no, please set out the rationale, how your product established NHS number and the associated security measures in place. | We present a patient record for a calling (telephone) patient to a practice user which presents the NHS number from the patients record. | We are currently working to include NHS Login for other features. |
| C4.3 | Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability (e.g. OAuth 2.0, TLS 1.2) | Yes | |
| C4.3.1 | If yes, please detail the standard | We work with EMIS Web and IM1 for API access to both of these products. | |
| C4.4 | Is your product a wearable or device, or does it integrate with them? | No |
D. Key principles for success
D1. Usability and accessibility
| Code | Question | Response | Supporting Information |
|---|---|---|---|
| D1.1 | Understand users and their needs in the context of health and social care: Do you engage users in the development of the product? | Yes | |
| D1.1.1 | If yes or working towards it, how frequently do you consider user needs in your product development and what methods do you use to engage users and understand their needs? | See supporting information | Initially, users were asked for their input, and babblevoice was built from this. We now have a customer support helpdesk where customers can raise product development/feature ideas. These are then passed to our development team for action if deemed appropriate. The wives of both Directors are GPs, providing daily interaction with people in a practice. Every customer service call requests feedback from the customer. |
| D1.2 | Work towards solving a whole problem for users: Are all key user journeys mapped to ensure that the whole user problem is solved, or is it clear to users how it fits into their pathway or journey? | Yes | |
| D1.2.1 | If yes or working towards it, please attach the user journeys and/or how the product fits into a user pathway or journey | User journey maps | |
| D1.3 | Make the service simple to use: Do you undertake user acceptance testing to validate usability of the system? | Yes | |
| D1.3.1 | If yes or working towards it, please attach information that demonstrates that user acceptance testing is in place to validate usability. | Onsite Visit Report | |
| D1.4 | Make sure everyone can use the service: Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? | Working towards it | |
| D1.4.1 | Provide a link to your published accessibility statement. | We are working towards this. | |
| D1.5 | Create a team that includes multi-disciplinary skills and perspectives: Does your team contain multidisciplinary skills? | Yes | |
| D1.6 | Use agile ways of working: Do you use agile ways of working to deliver your product? | Yes | |
| D1.7 | Iterate and improve frequently: Do you continuously develop your product? | Yes | |
| D1.8 | Define what success looks like and be open about how your service is performing: Do you have a benefits case that includes your objectives and the benefits you will be measuring and have metrics that you are tracking? | Yes | |
| D1.9 | Choose the right tools and technology: Does this product meet the NHS Cloud First Strategy? | Yes | |
| D1.9.1 | Does this product meet the NHS Internet First Policy? | Yes | |
| D1.10 | Use and contribute to open standards, common components, and patterns: Are common components and patterns in use? | Yes | |
| D1.10.1 | If yes, which common components and patterns have been used? | Bootstrap + internal library | |
| D1.11 | Operate a reliable service: Do you provide a Service Level Agreement to all customers purchasing the product? | Yes | |
| D1.12 | Do you report to customers on your performance with respect to support, system performance (response times) and availability (uptime) at a frequency required by your customers? | Yes | |
| D1.12.1 | Please attach a copy of the information provided to customers | Not provided | |
| D1.12.2 | Please provide your average service availability for the past 12 months, as a percentage to two decimal places | 99.99% for the last 6 months |
Clinical Risk Management System
babblevoice
Published Date: 11th September 2023
Document filename: Babblevoice Clinical Risk Management System
| Document Reference | |
|---|---|
| Owner Babblevoice Directors | Version 1 |
| Authors: Clinical Safety Officer and Operations Director | Version Issue date 15/5/2023 |
| Version review date 14/5/2024 |
Document Management
Reviewers
This document must be reviewed by the following people:
| Title/Responsibility |
|---|
| Director - Commercial |
| Director - Operations |
| Clinical Safety Officer |
| QMS Manager |
| QMS Officer |
Approved by
This document must be approved by the following people:
| Name | Title |
|---|---|
| Antoine Lever | Director - Commercial |
| Nick Knight | Director - Operations |
Introduction
Babblevoice is a healthcare IT organisation, (HIT organisation), providing telephone systems to Medical facilities across the NHS and integrates with clinical systems in General Practice to help clinicians. This Clinical Risk Management System (CRMS) outlines the processes to be followed by the organisation to ensure that no unnecessary harm comes to patients whilst Babblevoice is being developed, implemented and used in practice.
This CRMS provides a framework that promotes the effective risk management, by Babblevoice of potential health IT hazards and operational incidents.
This CRMS compliments the organisation's risk management framework and, wherever practical, uses existing procedures, processes and governance arrangements.
This CRMS addresses the requirements of DCB0129 and DCB0160 and follows best practice as promoted by NHS Digital.
This CRMS will be reviewed and maintained in accordance with the Organisation’s quality assurance policy.
Purpose
The aim of the CRMS is to ensure that all of the organisational staff involved with development, implementation and use of Babblevoice, healthcare IT system, are aware of the activities that are required to be undertaken to ensure patient safety is improved rather than compromised from the introduction of Babblevoice, healthcare IT system.
Babblevoice is required to adhere to National Information standards created and monitored via the Data Coordination Board (DCB) within NHS Information Standards frameworks.
The mechanisms used are approved process Clinical Risk Management System compliance documents.
This Clinical Risk Management System will be reviewed periodically to ensure that:
• changes in working practices are incorporated
• issues identified through an established internal audit programme are addressed
• Adherence to the requirements of applicable international standards
• Babblevoice continues to protect the safety of patients in a complex and changing environment
Scope
The scope of this document is to act as the central reference point for the processes and procedures to be implemented to identify and manage clinical risks whilst developing, deploying, maintaining and updating Babblevoice.
It applies to all subsequent updates or upgrades to the system. The policy also applies to any local customisations or specific configurations made to a healthcare IT system by the organisation. The scope of the Health IT System may extend beyond a Manufacturer’s organisation and include hardware and or software procured or supplied from other organisations and include infrastructure already in use at a Health Organisation.
Healthcare IT Clinical Risk Management (CRM) Governance Arrangements
The responsibility for healthcare IT CRM within the Organisation resides with the Technical Director. Organisational management of healthcare IT related risks is as per the existing management arrangements as specified in the Organisation’s Risk Management Strategy detailed in the babble Business Continuity Plan.
Clinical Risk Management Team Organisation Chart
The organisation chart provides the overview of resources and personnel involved in clinical risk management for the Organisation.
Personnel
Roles and responsibilities for the following clinical safety-related positions are defined in the appendix.
- Clinical Director for Patient Safety
- Clinical Safety Officer
- QMS Manager incorporating Patient Safety
Governance
Governance for patient safety within the Organisation is provided through the following forums:
Clinical Risk and Safety Meetings - Annually and on a prn basis.
Healthcare IT Clinical Risk Management Deliverables
Clinical Risk Management File
Babblevoice will establish a Clinical Risk Management File (CRMF). The purpose of the CRMF is to provide a central repository where all safety-related information pertaining to babblevoice IT system is stored and controlled.
Clinical Risk Management Plan
Babblevoice will establish a Clinical Risk Management Plan (CRMP). The purpose of the CRMP is to identify the clinical risk management activities that are to be undertaken and the phasing of these activities in the project lifecycle. The CRMP will also identify the resources required to discharge these clinical risk management activities.
Hazard Log
Babblevoice will establish and maintain a Hazard Log (HL). The HL will be controlled and configured in accordance with Babblevoice document control / quality management policy.
Babblevoice Incident Register is used to record the details of any incident with the possibility of causing disruption to 2 or more customers.
The HL will be made available within the CRMF. The purpose of the HL is to manage the effective resolution and communication of hazard risk within Babblevoice.
Clinical Safety Case
Babblevoice will establish and develop a Clinical Safety Case (CSC) for each safety related HIT system.
- Data breach register
- Babblevoice Incident Register
Clinical Safety Case Report
Babblevoice will issue a Clinical Safety Case Report (CSCR). The CSCR will be issued to support initial deployment and will be updated during the lifecycle of the healthcare IT system should the safety characteristics change. The CSCR will be controlled and configured in accordance with the Organisation’s document control policy. The HL will be made available within the CRMF.
Healthcare IT Clinical Risk Management Activities
Clinical risk management is about minimising risks and harm to patients by:
- Identifying what can and does go wrong that can affect patient safety
- Understanding the factors that influence this
- Learning lessons from adverse events and poor outcomes
- Ensuring action is taken to prevent recurrence
- Putting systems in place to reduce risks
Hazard Identification
Babblevoice will conduct hazard identification workshops to identify potential hazards associated with the deployment and use of a healthcare IT system. The CSO will be responsible for facilitating such workshops and ensuring attendance from appropriate representatives. Typically, representatives from the following domains will be required:
- Help Desk manager and engineers
- QMS Manager/ Patient Safety Officer
- Development team
The workshops will have minutes taken and a copy stored in the CRMF. ** **If an aspect of Babblevoice IT healthcare is not deemed be safe, then this will be formally recorded and the CSO will discuss with the Compliance Team and Top Management. The meetings will be twelve monthly.
The Compliance team to organise and set up the meetings, then collate the info afterwards.
Where any third-party components are used to support the healthcare IT system then they will be considered in the scope of the hazard identification activities and subsequent risk assessment. Where none are used a positive declaration to this effect will be recorded in the minutes.
All identified hazards will be recorded in the HL by the CSO.
Risk Assessment and Risk Evaluation
Babblevoice will conduct healthcare IT system risk assessment and risk evaluation in accordance with the Risk Management Strategy. (Appendix 1).
The Hazard Log will be updated to capture the risk assessment and evaluation.
Risk Control
Where the initial risk evaluation is deemed unacceptable, further risk controls will be required. Babblevoice will manage healthcare IT system risk in accordance with the Risk Management Strategy.
Deployment and Ongoing Maintenance
To support clinical safety during deployment of babblevoice, regular management meetings, director meetings, technical meetings, Help desk meetings are held, where there is opportunity to discuss complaints, issues and clinical safety. The CSO is kept in the loop regarding any changes or new concerns.
Management Meetings are conducted fortnightly, and ISO Management Review Meetings are held every six months. Minutes are recorded and saved for these.
Incident Management
Clinical safety-related incidents are dealt with in a similar manner as other incidents within babblevoice, such as technical, financial or reputational.
Babblevoice maintains two registers that may include incidents that impact patient safety.
- The Data Breach Register
- The Register of Service Issues
The CSO has access to review both registers for comment. In addition, the CSO will be informed if there is considered to be a significant incident that could affect patient safety such as a significant breach of patient data access, a complaint involving patient safety or a “Level 3 Emergency”. For reference see the Helpdesk Emergency Response Plan, whereby the Helpdesk Manager must inform the Compliance Team, who must inform the CSO.
Clinical Safety Competence and Training
Overview
The clinical safety activities described in this Clinical Risk Management System shall be undertaken by competent staff. Suitable training shall be undertaken by staff to maintain and expand their level of competence.
Competency
All of the staff identified in the organisation chart, shall be sufficiently competent for the roles and tasks which they are asked to undertake. Where an individual does not have sufficient experience or knowledge then that person shall be monitored, and his/her work reviewed, by someone who has the necessary competence. Such supervision shall prevail until it is judged that the individual has amassed the necessary experience to undertake such tasks unsupervised. See Staff Policy.
The first test in establishing competency shall be at the interview stage, where potential staff shall be assessed against the above representative roles and agreed job descriptions. Thereafter, competence shall be monitored through the organisation’s established appraisal scheme. Any perceived deficiencies identified during the course of the work or at the appraised stage, especially during probation, shall be addressed immediately, for example, through the assignment of a competent supervisor or the provision of suitable training.
All registered CSOs will, as a minimum, have completed an accredited training course.
Training
As part of the employment process and thereafter through the appraisal scheme, clinical safety personnel will undergo suitable training to develop, maintain or enhance their competency level. Such training can comprise:
- ‘On the job’ training conducted under supervision
- Internal training courses
- Approved external training courses.
All registered clinicians involved in clinical safety roles shall, as a minimum, have completed an accredited training course.
Completion of any safety training shall be recorded by the individual on the annual appraisal form.
Audits
Overview
Audits shall be undertaken to ensure that babblevoice causes the minimal possible clinical risk to patients by adhering to the defined safety requirements. Such audits will focus on the Clinical Safety Team and third-party suppliers.
Internal Safety Audits
Babblevoice shall undertake regular internal safety audits to ensure that it is compliant with this Clinical Risk Management System. The scope of an internal safety audit will be the formal Clinical Risk Management System and the Organisation’s documentation supporting this document.
Supplier Audits
Babblevoice shall undertake regular third-party supplier audits, as a minimum annually, to ensure compliance with their Clinical Risk Management System. The audit shall focus on the Clinical Risk Management System, the evidence which demonstrates its effective operation and any issues arising from the deployment of the healthcare IT products and services. The basis for the audit shall be DCB0129.
Appendix 1 Hazard Risk Assessment and Evaluation
Hazard Likelihood Definitions
| Likelihood Category | Interpretation |
|---|---|
| Very high | Certain or almost certain; highly likely to occur |
| High | Not certain but very possible; reasonably expected to occur in the majority of cases |
| Medium | Possible |
| Low | Could occur but in the great majority of occasions will not |
| Very Low | Negligible or nearly negligible possibility of occurring |
Hazard Consequence Definitions
| Consequence Classification | Interpretation | Number of Patients Affected |
|---|---|---|
| Catastrophic | Death | Multiple |
| Permanent life-changing incapacity and any condition for which the prognosis is death or permanent life-changing incapacity; severe injury or severe incapacity from which recovery is not expected in the short term | Multiple | |
| Major | Death | Single |
| Permanent life-changing incapacity and any condition for which the prognosis is death or permanent life-changing incapacity; severe injury or severe incapacity from which recovery is not expected in the short term | Single | |
| Severe injury or severe incapacity from which recovery is expected in the short term | Multiple | |
| Severe psychological trauma | Multiple | |
| Considerable | Severe injury or severe incapacity from which recovery is expected in the short term | Single |
| Severe psychological trauma | Single | |
| Minor injury or injuries from which recovery is not expected in the short term | Multiple | |
| Significant psychological trauma | Multiple | |
| Significant | Minor injury or injuries from which recovery is not expected in the short term | Single |
| Significant psychological trauma | Single | |
| Minor injury or injuries from which recovery is expected in the short term | Multiple | |
| Minor psychological upset; inconvenience | Multiple | |
| Minor | Minor injury from which recovery is expected in the short term; minor psychological upset; inconvenience; any negligible severity | Single |
Clinical Risk Management Risk Matrix - Hazards
| Very High | 3 | 4 | 4 | 5 | 5 | |
|---|---|---|---|---|---|---|
| High | 2 | 3 | 3 | 4 | 5 | |
| Likelihood | Medium | 2 | 2 | 3 | 3 | 4 |
| Low | 1 | 2 | 2 | 3 | 4 | |
| Very Low | 1 | 1 | 2 | 2 | 3 | |
| Minor | Significant | Considerable | Major | Catastrophic | ||
| Consequence |
Risk Matrix Key - Severity
| 5 | Unacceptable level of risk. Mandatory elimination or control to reduce risk to an acceptable level. |
|---|---|
| 4 | Unacceptable level of risk. Mandatory elimination or control to reduce risk to an acceptable level |
| 3 | Undesirable level of risk. Attempts should be made to eliminate or control to to reduce risk to an acceptable level. Shall only be acceptable when further risk reduction is impractical. |
| 2 | Acceptable where cost of further reduction outweighs benefits gained. |
| 1 | Acceptable, no further action required. |
Appendix 2 - Definitions
NHS Digital: Design, develop and operate national IT and data services that support clinicians at work, help patients get the best care, and use data to improve treatment. Its teams build and run the NHS App, the NHS login and NHS website. Its algorithms run NHS 111 and most 999 centres, reducing demand on the frontline. It provides national digital systems and platforms such as the NHS Spine to facilitate key NHS services such as screening programs. It protects the NHS and care organisations from cyber attacks and monitors for new threats 24 hours a day. Its teams support organisations across the NHS with advice, assessments, and training. NHS Digital merged with NHS England on 1 February 2023.
Clinical Safety Team: The clinical safety team provides a clinical safety assurance service across the whole of NHS Digital's work and to the wider health and social care service in England. It ensures that the health IT used by care professionals is safe and that organisations have met mandatory clinical safety standards, DCB 129 and DCB 160. The Clinical Safety team is a multi-disciplinary team made up of Safety Engineers and Clinical Safety Officers, based across Leeds, London and Exeter offices.
CSO: Clinical Safety Officer - the person responsible for ensuring that the healthcare IT Clinical Risk Management System is applied to all clinical systems. The Clinical Safety Officer (CSO) for the Organisation is responsible for ensuring the safety of a healthcare IT system through the application of clinical risk management. The Clinical Safety Officer must hold a current registration with an appropriate professional body relevant to their training and experience. They also need to be suitably trained and qualified in risk management or have an understanding in principles of risk and safety as applied to healthcare IT systems. The Clinical Safety Officer ensures that the processes defined by the clinical risk management system are followed.
DCB: Data Coordination Board
Information Standard: A document containing standards that relate to the processing of information.
DCB 0129: Clinical Risk Management: its Application in the Manufacture of Health IT Systems.
Prepared by the NHS Digital Clinical Safety team, this standard is designed to help manufacturers of health IT software evidence the clinical safety of their products. This standard provides a set of requirements suitably structured to promote and ensure the effective application of clinical risk management by those organisations that are responsible for the development and maintenance of Health IT Systems for use within the health and care environment.
The standard includes implementation guidance and is supported by the related standard for the application of clinical risk management in the deployment and use of Health IT Systems - DCB 0160.
Clinical Risk Management: Systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling clinical risk.
DCB 0160: Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems
Prepared by the NHS Digital Clinical Safety team, this standard is designed to help health and care organisations assure the clinical safety of their health IT software
This standard provides a set of requirements suitably structured to promote and ensure the effective application of clinical risk management by those health organisations that are responsible for the deployment, use, maintenance or decommissioning of Health IT Systems within the health and care environment. It includes implementation guidance and is supported by the related standard for the application of clinical risk management in the manufacture of Health IT Systems - DCB0129.
DCB0129 and DCB0160 are published under section 250 of the Health and Social Care Act 2012.
| Ref | Doc Reference Number | Title | Version |
|---|---|---|---|
| 1 | NHS Digital Clinical risk management standards | https://digital.nhs.uk/services/clinical-safety/clinical-risk-management-standards | Last edited: 27 July 2020 |
| 2 | DCB0129 Amd 24/2018. 2018 Update | Clinical Risk Management: its Application in the Manufacture of Health IT Systems: http://www.digital.nhs.uk/isce/publication/dcb0129 | 3.2 |
| 3 | DCB0160 Amd 25/2018. 2018 Update | DCB0160: Clinical Risk Management: its Application in the Deployment and USe of Health IT Systems: https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb0160-clinical-risk-management-its-application-in-the-deployment-and-use-of-health-it-systems | Released 7/06/2018 |
| 4 | ISO 27001 | International Standards covering almost all aspects of technology, management and manufacturing. https://www.iso.org/isoiec-27001-information-security.html |
Clinical Safety Case Report
babblevoice
Published Date: 11th September 2023
Document filename: Babblevoice Clinical Safety Case Report
| Directorate/Programme | Digital Telephony System |
|---|---|
| Document Reference | Clinical Safety Report |
| Directors Mr A. Lever, Mr N Knight | Status |
| Owner Dr Theresa Finn | Version 1.2 |
| Authors N Hueting, Dr Theresa Finn | Version issue date 30/11/2023 |
Document Management
Revision History
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | 11.9.2023 | |
| 1.1 | 29.10.2023 | Editing of Test Issues (Nick Knight) |
| 1.2 | 30.10.2023 | Addition of Summary Safety Statement (Theresa Finn) |
Reviewers
This document must be reviewed by the following people:
| Reviewer name | Title/Responsibility |
|---|---|
| Antoine Lever | Director - Commercial |
| Nick Knight | Director - Operations |
| Theresa Finn | Clinical Safety Officer |
| Nicola Hueting | QMS Manager |
Approved by
This document must be approved by the following people:
| Name | Title |
|---|---|
| Antoine Lever | Director - Commercial |
| Nick Knight | Director - Operations |
| Theresa Finn | CSO |
Related Documents
These documents provide additional information and are specifically referenced within this document.
| Ref | Doc Reference Number | Title | Version |
|---|---|---|---|
| 1 | DCB0129: Clinical Risk Management: its Application in the Manufacture of Health IT Systems - NHS Digital | DCB0129 | 2018 Update |
| 2 | DCB0160: Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems - NHS Digital | DCB0160 | 2018 Update |
Introduction
The purpose of the Clinical Safety Case Report is to review the clinical risk management activities of the company, Babblevoice, according to the National Clinical Standards required by DCB 0129 and DCB 0160 mandated under the Health and Social care Act 2012.
This document provides the Clinical Safety Case and Hazard Log for Babblevoice.
The audience for this document includes: * Babblevoice staff * For inspection by Healthcare organisations using the Babblevoice telephony system such as GP Surgeries, ICBs, NHSE
System Definition/Overview
Designed by GPs for GPs, babblevoice is an intelligent, easy-to-use phone system with one clear objective - to better connect practice, patients, and staff. Our streamlined approach to calls saves time and cost.
Babblevoice is a cloud-based telephone system founded in 2010 and niched to Primary Care in 2015. More and more time in surgery is spent on the phone with patients, leading to increased demand in capacity for phone lines and exemplary management techniques.
- Increased line capacity.
- Easy-to-use interface designed for a manager.
- Call recording to help address patient complaints.
- Reporting to help manage call volume.
- Integration with EMIS and SystmOne to offer click-to-dial, screen popping and appointment management via IVR.
At the time of writing, Babblevoice serves approximately 150 accounts, where some accounts have only one surgery and others have up to thirteen surgeries. We serve an estimate of over 200 surgeries with approximately 4500 active handsets. Handsets are used by any staff member in the surgery or home office.
All development is done in-house with a continuous improvement attitude. Since 2019, we have undertaken a large project to improve the scalability and reliability, including moving our infrastructure to Amazon Web Services (AWS). We hope to complete this project by early 2024 with further projects planned.
Clinical Risk Management System
Safety management has been conducted following Babblevoice’s Clinical Risk Management Plan.
This process has included:
- Following DCB0129 and DCB0160 Standards
- Multidisciplinary team meeting to brainstorm potential clinic risks using The SWIFT “Structured What if Technique”, Functional Failure Analysis and HAZID “Hazard Identification”
- The initiation of a Clinical Safety Team and regular meetings
- Weekly lead team meetings and development team meetings where discussion of any clinical risk events can be discussed
- Incident Register kept of any events when the phone system fails, the cause, duration and fix
- Data Breach Register includes access to patients telephone recordings
- Audits
Clinical Safety Team:
- Nick Knight, Director- Operations
- Antoine Lever, Director- Commercial
- Nicola Hueting, QMS Manager
- Dr Theresa Finn, Clinical Safety Officer
Clinical Risk Analysis and Evaluation
Babblevoice is a cloud-based telephony system that integrates with the clinical software in General Practice. It is not a medical device and does not require Care Quality Commission (CQC) registration. It cannot cause direct harm to patients. The main hazard to patients is loss of telephone access to their GP Practice if there is a system failure or internet outage. General Practice is not an emergency provider in the same way that A&E departments are, but a telephone outage could cause delay for patients getting advice in a time critical situation regarding infections, medication or mental health.
Using the DCB0129 and DCB0160 Standards Clinical Risk Matrix, which looks at severity classification and the likelihood of harm occurring, Babblevoice scores no more than a 2 for this risk and other risks.
A level 2 Risk is “Acceptable where the cost of further reduction outweighs benefits gained or where further risk reduction is impractical”.
Clinical Risk Control
Babblevoice aims to maintain the clinical risk to patients at a level of 2 or less.
A major redesign of the software is underway and due in early 2024. This is aimed to increase scalability and reliability, so less system crashes occur. The present system includes alerts when a server has failed, so the problem can be rectified quickly.
Babblevoice maintains Standard Operating Procedures and process documentation.
Babblevoice staff go through an induction process and training regarding patient confidentiality and safety. If they have concerns about patient safety they can report to the Compliance/ Safety Officer or Operations Manager who will discuss the case with the Clinical Safety Officer.
All new customers have training to use the system, and what to do if it crashes, so that they can be up and running as quickly as possible.
Hazard Log
We have identified 13 potential hazards, all of which are almost exclusively low-risk, of level 1 or 2
Test Issues
Summary of any outstanding test issues and the impact on clinical safety.
Our Agile-like development process uses tools from GitHub including git (version control), issue tracking, release management and project management. We employ a Test-Driven Development (TDD) approach where possible - each project has unit and interface testing to simulate as much of the natural world as possible.
TDD tests that the software works as intended, and locks in the features so that they are not lost or broken in future releases. We also write tests to apply load and time to simulate a real-world environment. Each repository in GitHub should contain a “readme” file where appropriate. This file is where we document information about test structure, interface usage, the purpose of the project, as well as any other appropriate information.
We use Docker to deploy our software, providing an easy mechanism for updates. Docker allows us to create a near-identical environment for test and production (live system).
Depending on the sub-system, we can release updates to be tested by our test engineers for final approval. Clinical safety is considered for new and innovative features before we release them. For example, adjustments to a reporting element wouldn’t need clinical approval, but integrating AI assistance would require clinical safety approval.
We maintain up-to-date:
- Major Incident Register
- Clinical Risk Register/ Hazard Log
- Data Security Breach Register
These registers monitor our performance and reliability and are discussed at management meetings. Any safety incidents would be reported to our CSO.
Summary Safety Statement
Statement from the Clinical Safety Officer summarising the safety position of the Health IT System in the context of the intended deployment.
Dr Finn worked as a GP Partner in the NHS for nineteen years.
She was the senior partner for eleven of those years. She has had first hand experience of using Babblevoice cloud-based telephony for 5 years in her practice.
She now works for Defence Primary Health Care. She became a CSO in 2022 under the guidance of the NHS Digital training scheme and began providing advice to Babblevoice regarding the DCB 0129 and DCB 0160 National Clinical Standards. She has helped the company produce their Hazard Log and analyse their clinical risks using the DCB0129 and DCB0160 Standards Clinical Risk Matrix.
Babblevoice cannot cause direct harm to patients. The main hazard to patients is loss of telephone access to their GP Practice if there is a system failure or internet outage. General Practice is not an emergency provider in the same way that A&E departments are, but a telephone outage could cause delay for patients getting advice in a time critical situation regarding infections, medication or mental health. So, the aim of the Babblevoice team is to minimise the number, and the duration, of any outages, whether due to internal or external causes.
Using the Clinical Risk Matrix, Babblevoice scores no more than 2 out of a maximum of 5 for each risk which means that the severity and the likelihood of harm occurring to a patient or patients, is low and acceptable.
Quality Assurance and Document Approval
Documents are reviewed by:
- The Directors, Antoine Lever and Nick Knight
- The QMS Manager,
- The CSO, Dr Theresa Finn.
Configuration Control / Management
GitHub is used to store documents, thereby keeping them version controlled.
Hazard Log
Clinical Safety Hazard Log - babblevoice Part #1
| Programme | babblevoice |
|---|---|
| Sub-Prog/Project | EMIS API Integration |
| Document Record ID Key | |
| Prog Director | |
| Status | Approved |
| Owner | Nick Knight |
| Version | 1.1 |
| Author | Bhargav Garikapati |
| Version Date | 21/01/2022 |
This document outlines potential hazards with babblevoice and its integration with EMIS, using the EMIS API.
Hazard Description
| No. | Date Added | Effect | Hazard | Harm | Possible causes |
|---|---|---|---|---|---|
| 1 | 30/07/2021 | Unauthorized user is able to call patients | If babblevoice is left logged in, an unauthorized user could call patients/staff | Potentially misleading patients. Inconvenience for other staff | babblevoice is left logged in |
| 2 | 30/07/2022 | Unauthorized user is able to access call recordings | If the call recording is left open, an unauthorised user could listen to a call | Potentially misleading patients. Inconvenience for other staff | Call recordings site is left open and logged in |
| 3 | 30/07/2021 | Incorrect appointment booking | Using the IVR system, patients could incorrectly book an appointment for the wrong date/time | Patient misses appointment | Appointment configuration out of date |
| 4 | 30/07/2021 | Call record filed for the wrong patient | After a phone call, the user could select the wrong patient to file a phone call note | Patient records would be incorrect and possibly misleading. The wrong call recording would be present on a patient record | User error when selecting a patient. Edge cases where patients share the same name/address could also trigger the hazard |
| 5 | 30/07/2021 | User calls the wrong patient | Using babblevoice, the user could accidentally call a different patient other than the intended one. | It is likely that the user would spot the issue - however in severe cases, the wrong patient could receive sensitive information | Accidentally pressing keybinds |
| 6 | 21/01/2022 | User selects the wrong patient due to duplicate EMIS instances | If multiple instances of EMIS Web are running, an API call could trigger the wrong patient | Incorrect logging of calls to the patients medical record, and possibly incorrectly calling a patient with the wrong information | Multiple instances of EMIS Web are running, but minimised or in the background |
| 7 | 21/01/2022 | User misses important information about the current patient and software status | babblevoice uses Windows notifications to inform the user about the software status, and in some cases the patient information. If Windows notifications are disabled, the users may miss important information, such as a failure to connect to EMIS | Continued use of babblevoice without knowing that the EMIS Web functionality has been disconnected (in rare circumstances). Its also possible that the user could dial the wrong patient and then not see the notification with the patients name | Windows notifications disabled in user settings, or across a whole surgery by the administrator |
| 8 | 21/01/2022 | A patient books up multiple appointment slots by repeatedly using the IVR | When in IVR mode, patients can call and book an appointment slot. If the patient then calls again, they are offered another slot. If this continues, the patient could book up multiple slots, limiting the availability for other patients | Other patients may not be able to find an appointment slot, or their appointment slot is delayed. Also, there could be a waste of resources if the booked patient doesn't arrive at every appointment | Users have to setup the IVR correctly, or they accidentally increase the maximum appointments allowed for each patient |
| 9 | 21/01/2022 | The IVR incorrectly identifies a patient and books an appointment slot | When calling into the IVR, the patients are required to give their date of birth. Using the patients phone number and date of birth, the IVR determines which patient is calling and allows them to book an appointment. The wrong patient could be selected if multiple patients share the same DOB, caller ID and other factors | The patient books an appointment for the wrong person, and when arriving at the appointment there could be confusion as to the identity of the patient | This hazard is caused by rare coincidence of data between patients. Multiple patients would need the same phone number, name and book at the same medical centre |
Initial Risk Assessment
| No | Severity | Likelihood | Risk | Justification |
|---|---|---|---|---|
| 1 | Minor | Low | 1 | |
| 2 | Significant | Low | 2 | |
| 3 | Minor | Low | 1 | |
| 4 | Significant | Low | 2 | |
| 5 | Minor | Medium | 2 | |
| 6 | Minor | Low | 1 | |
| 7 | Minor | Medium | 2 | |
| 8 | Significant | Low | 2 | |
| 9 | Considerable | Low | 2 |
Residual Risk Assessment
| No | Severity | Likelihood | Risk | Justification | Owner | Status |
|---|---|---|---|---|---|---|
| 1 | Minor | Low | 1 | Open | ||
| 2 | Significant | Low | 2 | Open | ||
| 3 | Minor | Low | 1 | Open | ||
| 4 | Significant | Low | 2 | Open | ||
| 5 | Minor | Medium | 2 | Open | ||
| 6 | Minor | Low | 1 | Open | ||
| 7 | Minor | Medium | 2 | Open | ||
| 8 | Significant | Low | 2 | Open | ||
| 9 | Considerable | Low | 2 | Open |
Hazard description
| No | Date Added | Effect | Hazard | Harm | Possible Causes |
|---|---|---|---|---|---|
| 1 | 06/10/2022 | Loss of ability to make or receive calls | Patient cannot get help in a time critical situation | Delayed medical treatment or hospitalisation of patient | Internet provider outage |
| 2 | 06/10/2022 | Loss of ability to make or receive calls | Patient cannot get help in a time critical situation | Delayed medical treatment or hospitalisation of patient | babblevoice server failure |
| 3 | 06/10/2022 | Engineer uses/sells details inappropriately/commits fraud/ID theft | Patient/s details used inappropriately | Psychological distress to patient/s | Helpdesk engineer listens in to telephone recordings without consent |
| 4 | 06/10/2022 | Outgoing phone calls cannot be made by clinicians, but no effect on incoming calls | Patient cannot get help in a time critical situation | Delayed medical treatment or hospitalisation of patient | Client runs out of funds |
| 5 | 31/10/2023 | Unable to log into babblevoice | Unable to answer/make calls through Desktop | Delayed medical treatment or hospitalisation of patient | Google SSO or NHS Login is down |
Initial Risk Assessment
| No | Severity | Likelihood | Risk | Justification |
|---|---|---|---|---|
| 1 | Significant | Medium | 2 | Phone system is up and running quickly |
| 2 | Significant | Medium | 2 | Phone system is up and running quickly |
| 3 | Significant | Very Low | 1 | |
| 4 | Minor | Low | 1 | |
| 5 | Minor | Low | 1 |
Residual Risk Assessment
| No | Severity | Likelihood | Risk | Justification | Owner | Status |
|---|---|---|---|---|---|---|
| 1 | Minor | Medium | 2 | Closed | ||
| 2 | Significant | Medium | 2 | Open | ||
| 3 | Significant | Very Low | 1 | Open | ||
| 4 | Minor | Low | 1 | Open | ||
| 5 | Minor | Low | 1 | Open |
User Journeys
User 1 - Console i.e. Practice Manager
User 2 - Desktop user i.e. GP, Receptionist
User 3 - Vibes/Statistics i.e. Practice Manager
Patient User Journey
Marketing, Sales and Customer Experience
Development Journey
Babblevoice DPIA
| Policy Owner / Approver | Effective Date | Next Review Date | Status |
|---|---|---|---|
| Operations Director | Draft |
The need for a DPIA
Babblevoice has been working with GP surgeries since 2015. We have grown in size and continuously increased the services we provide to our customers.
Our customer is a GP surgery, but we have also to consider the surgery is using our service, which may capture data of their customer - the end patient.
A GP surgery uses babblevoice to handle all of their phone calls. We carry the voice traffic of every phone call and offer further services.
- Call recording.
- Reporting data.
- MIS integration.
The data
A phone call can contain sensitive information. The phone call travels over the PSTN (public switched telephone network). The PSTN does not encrypt traffic - so when a phone call is presented to babblevoice from the PSTN, or we present a call to the PSTN then it has to be assumed that this data flow is unencrypted in transit.
As part of the phone call, we allow our customers to enable call recordings, collect call records of calls taking place, and maintain statistics about phone calls.
With the phone call, we cannot impose encryption in transit across the PSTN - as we record all of the above data - this data, once captured, should be treated very carefully as it can contain sensitive, personally identifiable information.
Scope
We collect
- Call recordings - almost certainly can contain PII. There is a possibility they may contain special category or criminal offence data.
- CDR (call records), which can contain partially identifiable information (phone numbers).
- Statistics - this is statistical information aimed at helping surgeries manage their surgery; this is anonymised and no longer contains any identifiable information.
- Voicemail - may contain PII.
- Usernames and email addresses of users.
The amount of data we collect, along with retention rules, are set by our customers. We only act on their behalf by way of providing a hosted service.
Data collected is potentially all phone call information and the recordings of phone calls for a GP surgery. We are mindful of extrapolating these numbers to patients' quantity; for example, a small surgery might look after 10,000 patients. In a week, a surgery of this size will manage 1000 phone calls, all of which we collect data on. When we wrote this policy, our intention, we only cover the whole of the UK.
Context
We do not have a direct relationship with the individuals on who we might hold data. We are a service provider to GP surgeries who maintain the relationship with the patient - whose information we might retain.
Our responsibility is to advise our customers that they need to ensure that their patients understand the data collection. We are aware that this might include children and vulnerable groups.
The only type of processing we perform is recording and storage. This data is then made available to our customers. We do not currently use any novel form of processing and are aware of our security considerations.
As part of understanding security, we will maintain standards to ensure good security practices.
- ISO 27001.
- NHS DSPToolkit.
- Cyber Essentials+.
We also use 3rd party (AWS S3) storage and we are working to ensure that all aspects of the National Cyber and Security Centre Cloud security guidance are followed.
Our goal is to ensure that our customer has the tools to ensure that they can meet their requirements regarding the individual's right to control.
We will review this over time.
Nature of Processing
We record and store the audio of phone calls and record statistics of them as outlined above.
The purpose of this is to help our customers.
- Manage the workload of managing inbound and outbound telephone calls within the surgery environment.
- Provide tools to assist with complaints resolution within a surgery environment.
Note, whilst we talk about surgery environments in this document, we know that other business types use our system - but health patients are the most sensitive type of users we see that use our system.
Consultation
We process data on behalf of our customers on behalf of the individuals. We rely on consulting with
- Our customers - the GP surgeries.
- Industry standards (see above).
- Professional standards by way of ongoing professional developments of all relevant staff.
Proportionality
Our goal is to help practice, patients and staff better. When processing data, we are doing this to improve the service a GP surgery can provide.
If a function does not improve the service a customer cannot demonstrate, then we will not continue to offer that service.
- Call recordings have identified both end-user staff training requirements and complaint resolution of patients.
- Call records help surgeries manage their call flow.
- Call statistics help surgeries provide a better phone service.
As part of our relationship, we follow advice from the NHS - data is only stored in the EU, and we have a plan to migrate to the UK.
Identify Risks
This risk analysis is separate from business continuity - which is covered in our business continuity planning. We exclude snooping on telephone traffic as PSTN data (which is discussed above) is not encrypted - so any telephone call has to be treated as unsecured. But our goal is once we have captured any data, it is secure and only transmitted securely to the authorised individuals.
| Risk | Likelihood of harm | Severity of harm | Overall risk |
|---|---|---|---|
| Unauthorised access to phone call recordings - internal | High | Low | Medium |
| Unauthorised access to phone call recordings - external (3rd party) | Low | High | Medium |
| Data in transit is snooped on | High | High | Low |
| Loss of call recordings or call records | Medium | Low | Low |
| Innapropriate access provided by babble staff to inappropriate end users | Medium | High | Medium |
Risk Reduction
All of our risks are around data access in storage or transit.
- Storage is outsourced to AWS S3, who offer very high standards of security.
- Ensure we follow best practices in authentication and security whilst using AWS services.
- Maintain logs of access to call recordings to identify abuse.
Certificates and Documents
Data Flow Diagrams
