Many of the UK’s clinical commissioning groups (CCGs), primary care networks (PCNs) and health boards are unknowingly on the hook for the failing healthcare apps brought into the NHS in response to COVID, writes Dr Murray Ellender, CEO of eConsult.
There has been a major influx of digital health apps and services into the NHS because of the COVID-19 crisis.
Right now, there is a staggering total of 370,000 individual health apps available on the market and five million people download a health app every day.
Pre-pandemic, 90 per cent of GP consultations took place face-to-face and just two months into the first national lockdown, a whopping 90 per cent were done remotely.
In recent weeks, however, the industry has started to ask questions about the extent to which these apps and digital services have been vetted for safety and compliance.
A recent ORCHA study revealed that 80 per cent of healthcare apps being used by NHS trusts do not meet its standards.
The failings cited in the study include poor information, a lack of security updates and insufficient awareness of regulatory requirements.
One thing that has not been widely discussed, however, is the fact that according to the Health and Social Care Act of 2012, liability for these non-compliant apps sits with the UK’s 106 Clinical CCGs, 1,250 PCNs and 14 health boards across the UK, as well as the digital providers that have created them.
As you would expect, to create consistency across the NHS, digital providers entering the space are bound by a set of Data Coordination Board (DCB) standards; DCB0129 obliges us to demonstrate the safety of our services through aclinical safety case report, a hazard log and a clinical risk management plan, as well as incident reporting to enable the implementation of proactive and reactive patient safety measures.
However, the standard that places a burden of liability with CCGs, PCNs and health boards – DCB0160 – is not well known or understood. This lack of understanding combined with the breakneck speed at which the health service has had to adopt new digital services means many will have inadvertently fallen foul of it.
DCB0160 stipulates that when introducing digital services, CCGs, PCN’s and health boards must do the following:
- Conduct a formal risk assessment workshop and evidence the measures taken to mitigate any risk in implementing and using the system (before the system goes live)
- Prepare three documents summarising the outcome – a clinical risk management plan, clinical safety case report and hazard log
- Appoint a clinical safety officer to manage the process and take overarching responsibility for DCB0160
- Conduct regular, ongoing risk assessments once the service is live and operational
In short, if you are a health organisation and a manufacturer providing health care services within your patch is not meeting quality standards, you are responsible.
Even if the decision was made at a practice level, you must demonstrate that you have educated GPs about their obligations when procuring digital services and their responsibility to report digital health-related safety incidents.
The NHS Patient Safety Strategy contains a commitment to implement safer solutions throughout the NHS and digital health will receive greater focus following the difficult times the NHS has faced this past year. Regulators will rightly increase scrutiny on how safe and how compliant these services are for patients and clinicians.
Similarly, the Care Quality Commission (CQC) will require healthcare providers using online consultation systems to demonstrate that their online consultation implementation is safe and effective by evidencing any mandatory training that has been completed, outlining the potential risks and hazards, and producing clearly defined standard operating procedures.
As a practising GP myself, I am concerned that a lack of awareness of and compliance with DCB0160 will lead to safety incidents and unnecessary deaths.
That is why my company, eConsult, is investing heavily in creating content designed to educate the industry about this issue and our team is actively helping CCGs, trusts, and other organisations in assessing and operationalising DCB0160 compliance.
Ultimately, our patients trust us to keep them safe. As the universe of digital services in the NHS rapidly expands, that obligation isn’t just a clinical one.