Risk and Safety

Authors: Charlotte Davies, Steve Walters / Editor: Liz Herrieven / Codes:  / Published: 04/04/2023

In Emergency Medicine, we all think were great at managing risk and uncertainty. The FRCEM management exam used to look at assessing risk and safety and was a great way to make sure everyone knew how to manage and stratify risk. Thats been replaced by the management portfolio, and all new Consultants should have experience at investigating a serious incident. Weve written this post to emphasise some of the key points around risk, highlight some common terminology, and point out some common misunderstandings.

Risk management is important – weve all watched Bodies and seen how disastrous the well meaning Roger Hurley is, and hopefully we feel confident he wouldnt be practising in our hospital. But could he be? Without risk management – he probably could! SLO11 asks us to learn from patient safety incidents and SLO12 wants evidence weve prepared an investigation. 

First, some definitions: 

How do we identify risks and issues? 

Many risks are identified by clinicians who feel something isnt right. We also know about incidents from: 

  • Complaints
  • Risk Assessment
  • Incidents (near misses)
  • Compliance with NICE guidance
  • Central Alerting System (CAS)
  • Recommendations of Confidential Inquiries or other external high level reports
  • Mortality Reviews
  • Freedom To Speak Up Guardian

Never Events

There are a few never events that the NHS has determined should never happen, and they score highly on the risk matrix. Those that could apply to ED are:  

  • Retained foreign object post procedure.
  • Giving strong K+ instead of something else
  • Parenterally administered oral meds 
  • OD of insulin due to abbreviations or incorrect device
  • OD of midazolam due to wrong strength administered
  • Chest or neck entrapment in bed rails
  • ABO mismatch transfusion
  • Misplaced NG or OG tube
  • Scalding of patients

Each department is asked to review all the never events that could happen in their department on an annual basis, and document and review the processes in place to address the issues leading to the risk, and prevent those risks turning into reality, by becoming incidents.  

How do we reduce risk?

The first step to reducing risk is to identify the risk, and then score the risk. Remember a risk is something that hasnt caused harm yet, but has the potential to do so. Once identified, a systems-based approach will help identify ways to reduce the risk – have a look at our human factors blog for more details. Investigating excellence is one part of that. 

RCEM Safety Toolkit talks through all of these factors, and helps senior management prioritise individual risks and structure efforts and resources into reducing risk and thereby improving quality and standards of care. Every organisation has a Risk Register, which is populated through reviewing complaints, litigation, inspections, incident reports and trends or other sources of intelligence within a service area or directorate, to identify possible risks and actions to mitigate or resolve them. Risks dont have to be related to harm in terms of patient safety – they can be financial, operational, environmental, reputational, related to patient experience or outcomes, or a combination of these things. Most organisations have a risk manager or risk team who can help with scoring and facilitate this process.

An example

The clinical lead has noticed that there are not enough junior doctors to fully cover the rota in the department, and has suggested this should be added to the risk register. In this example, the lack of doctors is not a risk, it is an issue, because the rota gap already exists – it is a current problem. The risk is what might happen because of the rota gap (long waits for patients, lack of expertise, increased risk of error, increased risk of staff burnout and poor morale among the remaining team) and what this could cause (poorer patient experience and patient outcomes, and more staff leaving the department). If something then happens because of this shortage (e.g a patient deteriorates because of a long wait due to the staff shortage), that is an incident. 

All risks are then allocated a risk score. This is based on assessing the likelihood of a risk being realised, and the consequence or impact should it occur. Both are scored out of five (with five being the most likely and the most severe impact) with the two figures multiplied to give the risk score. This is shown on a risk matrix like the one below. Some trusts also score incidents like this, multiplying the impact of the incident with the likelihood of it occurring again. 

In terms of likelihood, the number you decide to allocate may be different to one allocated by your colleagues, and multi-disciplinary discussions around risk scores are always beneficial. The rough guidance is below – which means that the likelihood of crowding related incidents (incidents which occur because of crowding, not crowding in itself) will almost certainly always score a 5.

In terms of severity, this is the potential severity that could happen should a risk be realised, i.e. if an incident happens.

Scoring can sometimes be complicated. Consider the crowding example. It is almost certain that there will be minor harm resulting from crowding for patients and staff, but you could also say that it is possible (but far more unlikely) that there could be severe harm to a patient as a result.

Different organisations have different policies about which risks should be added to risk registers, but in general anything scoring 8 or over should be added, and actions developed to reduce or resolve the risk. Some measures might already be in place, for example using locums or overtime to reduce the risk caused by the rota gaps. These are known as controls or mitigations, and they should be taken into account when working out your risk score. Actions are things which will be undertaken to reduce the risk further, but havent happened yet or are in progress, for example a plan to recruit Clinical Fellows to fill the gaps fully.

If an event occurs ie. the risk has been realised and has led to an incident, the event should be reviewed immediately and potentially fully investigated under the incident management process.

What about risk to myself?

Always remember that tired doctors make mistakes – take your break. The Trust also has some legal responsibility to keep you safe – just because no-one has reported their hearing loss caused by high levels of noise exposure doesnt mean it couldnt happen. The Trust need your help to know which risks to their workforce they need to mitigate against.

Minimise the physical risk to yourself from working by healthy eating and taking risk-minimising action. This means not walking down the stairs whilst texting – youre more likely to slip and trip. Reverse into your parking slot at the beginning of your shift so the higher risk manoeuvre is done when youre feeling more alert.

Is it worth identifying at the beginning of your shift whether youre hungry, angry, late or tired (HALT), so the rest of the team know you need an extra eye kept on you?

And of course, make sure you always try and work as closely to the legal space as possible.

Are there Legislative Drivers?


Corporate Manslaughter Act 2008

  • Potential for senior managers (including clinical) of Trusts to be held accountable.

Health and Safety Executive:

  •   Prosecution of Trusts and individuals
  •   Increasing focus on patient safety incidents


  • Powers increased after Mid Staffs incidents.

This is all about risk – the potential for harm to occur. As soon as harm has occurred, risks become issues, and the process is focussed initially on finding out what went wrong, before putting further preventative strategies in place.


  1. NHS England – Patient Safety, Serious Incident framework.
  2. RCEM – Safety Toolkit.

Leave a Reply