Authors: Charlotte Davies, Steve Walters / Editor: Liz Herrieven / Codes: SLO11, SLO12 / Published: 16/05/2023

This is part 2 of our Risk and Safety blog. You can read part 1 here.

As soon as harm has occurred because of a risk, that risk has now become an issue and needs investigating. This blog was written before the new Patient Safety Incident Response Framework (PSIRF) was created – the principles are broadly the same.

Issues can be identified from a variety of sources: 

  • Complaints
  • Risk Assessment
  • Incidents (near misses)
  • Compliance with NICE guidance
  • Central Alerting System (CAS)
  • Recommendations of Confidential Enquiries / other external / high level / reports
  • Mortality Reviews
  • Freedom to speak up guardian

So what do we do if we are made aware of an incident?

Being aware of an incident doesn’t mean you are aware through formal processes. If you hear a patient has had a respiratory arrest after an iatrogenic opiate overdose, your incident management should start immediately. 

First, check the patient, and then staff are safe. This might mean going to physically review the patient, ringing them, or reviewing the notes. Obtain and secure all evidence – take a copy of the notes. Offer support to any witnesses. Check the incident has been reported – doctors are really bad at this. Make sure you document any communication you have with the patient and the family, as if this becomes a serious incident, duty of candor discussions are important.

If you think the incident is significant, identify someone to do an initial incident review, and determine the level of investigation required. This will normally involve liaising with the senior nursing or medical team, who can provide guidance. 

If they determine the incident needs formal investigation as a red incident or a serious incident, they will trigger the incident process which includes informing commissioners. Serious incidents must be reported to the commissioner within 2 days, sooner if media / public interest. Your trust will have a process to follow, but this probably follows the lines of: 

  • Potential incident identified
  • Synopsis written by person who identified the incident. This should include as much detail as possible, and avoid casting immediate blame, especially where facts are not immediately apparent. 
  • Synopsis reviewed by member of the executive team who determines whether incident is red, serious, or neither. 
  • Lead investigator allocated by department. Lead investigator contacts family and starts progress. 
  • Lead investigator submits 72 hour review or progress report to executive team, normally via the governance administrators. 
  • Lead investigator reminded of the CCG deadline, and asked for progress
  • Report submitted locally, then to division, then to the trust, and then to the CCG for approval. 
  • Evidence action plans met sought. 

Most incidents are not considered issues, as patient harm was minimal, but they are still logged on the central data base, and action taken by a member of the team. This might be noting the incident and saying everything was done at the time, or it might be doing a mini-investigation, or undertaking a reflective practice with a member of staff. The incidents and responses are shared amongst the trust team, and any themes can be identified. Even if it feels like nothing is being done, reporting incidents is really important as change takes time, and needs evidence. I’d like to think getting air conditioning in the department is because I completed an incident form every time a patient complained – but I suspect it was coincidence. 

So how do we share the learning? 

Once we have “learnt” from an incident, sharing the learning is important. How does your department share their learning? 

Lessons learned are no longer recommended as lessons generally weren’t learnt.

How do we investigate a serious incident and write a report?

At the time of writing we are aware that the process for writing an SI is soon to change to PSIRF, and SIs won’t exist in any recognisable form by 2023. We’ve updated this blog as much as possible to reflect both practices, as we know projects don’t always run to time and not all trusts will be working on the same timescale – we thought it might be useful. 

  • Ask for the most up to date trust template to be provided to you. Never assume the intranet has the most up to date version! 
  • Start with the timeline. I think it’s easier to start by documenting everything in time order. Cross reference it with where you found the information, and annotate with any problems or good practice you identify.
  • Arrange interviews or request statements as needed. If you have specific questions that you think need answering make sure you ask them. Remember this can be distressing, and your statement request letter needs to be supportive and reassuring about the process, particularly for new doctors. Interviews are now expected as part of the PSIRF, as statements often leave out the context of the incident, which is really important.
  • Arrange to spend an observation of the person or environment, to get contextual factors.
  • Speaking to the family and the patient might be really useful at this point, as they might be able to highlight concerns that you can address in your report.
  • Inform the medical education team if a doctor in training has been asked for a statement so they can provide support, inform their supervisor, inform their TPD and make sure it is documented on their Form R.
  • Once you have written the timeline, you can then review it and remove any unnecessary information.
  • A fishbone diagram could be used instead of a tabular timeline, but in my experience, starting with a timeline is crucial and helpful.

Identify Contributory Factors

You will have identified some factors already by writing your timeline.

  • Considering potential other factors can help identify other approaches and trends that might be otherwise ignored. You might not be able to affect the decision making process that led to an incident, but by taking a wider view, you might identify that noise pollution is detrimental to decisions and concentrate on that. The NHS framework is freely available and it is worth looking at each item mentioned, and carefully considering whether you think this could be a contributory factor. There are other methods of approaching causative factors, and looking at the human factors literature will help you learn further about these.
  • CMPs or care management problems are things you have identified that you think caused the problem. These should be numbered chronologically (ie the first problem you identify is CMP1) and maybe repeated throughout the timeline.
  • SDPs are service management problems
  • IFs are incidental factors that you have identified as not contributing to this particular incident, but where something hasn’t happened quite as it should.
  • GP points aren’t formally mentioned in my trust’s template, but I think it is useful to highlight where things did go well, or were better than expected.

Explore Contributory Factors

Once the contributory factors have been identified, the next thing to do is to explore them further. This might be providing research on how  significant noise is, or about existing ED pathways. As you explore these factors, write a narrative assuming the person who will be reading your report knows nothing about healthcare, let alone your department.

Depending on your trust template, at this point you will be asked to do a risk score – details on this are above.

Reducing the Risk

Strategies to reduce the risk are part of your safety action plan and recommendations. Recommendations are not the same as solutions, and will not necessarily state what needs to be done. The HSIB advocates for solutions to be part of a trust quality improvement plan, and separate to the investigation process.

Using the old style report generation, generally you need at least one strategy for every CMP, SDP or IF identified. The person you allocate to action this action should be aware before you allocate them.

NoLinkRecommendationAction plan to achieve compliance with recommendationLevel for action (Division/Team)Resource required / time / £ Lead responsible Expected date for completion How will we know the action has been effective? Residual risk score
S x L
Progress and sign off date

When deciding expected dates, always add 6 months onto your expectation – it takes that long for the report to be finalised.

The best safety action plans are those formulated from clearly identified contributory factors.


At this point, I normally send the report so far to the clinical lead, and any-one named in an action for their comments. The report isn’t finished – but the “meat” of the report is, and they might have useful suggestions that are easier to incorporate now, rather than later.

Finishing Off

Now is the time to complete all the rest of the boxes in your trust’s SI template.


The report then needs varying levels of approval and distribution:

  • All affected staff
  • Clinical Lead
  • Divisional Lead & Governance Team
  • Trust executive
  • The patient and their family
  • Departmental staff to share the learning.

The key thing about any incident investigation is reducing the possibility of this bad event happening again. Using a systems approach will really help you to do this – we covered this on our human factors blog, which might be worth a re-visit, and we can really recommend the HSIB’s educational offerings.

References and useful links