healthya is committed to safety and has a designated Clinical Safety Team that are aligned with the requirements of NHS Digital’s Clinical Risk Management Standards. The Team provides assurance across the healthya platform and are engaged in the full product lifecycle including design, development and approval of new products. This process ensures that both the desired outcomes of our clients are met, as well as conforming with governance of the national standards relating to risk and safety.
Our Clinical Safety officer, Dr Suhel Ahmed MB ChB, MRCGP, is a registered clinician with extensive experience who has also undertaken the required NHS Digital Clinical Risk Management Training. The Clinical Safety Team are responsible for all elements of Risk Management, including adherence to the DCB0129 and DCB0160 standards, mandated by NHS Digital. This requires all manufacturers of healthcare software to put in place appropriate systems to assess, monitor and respond to all aspects of safety relating to their products. As such risk assessments and safety analysis are routinely performed, ensuring that appropriate mitigations are applied, and offering assurance to customers and users that software meets functional requirements in a safe manner. Citations for all claims are available on request.
Reviewing compliance determines that the product is safe for use and any risks are mitigated, ensuring that systems are used safely in a clinical environment. This is a collaborative process with the team meeting with the deploying organisation where any issues or concerns can be reviewed and resolved. The team here also review all internal and customer-based requests to ensure that the requested features or changes are appropriate and advise the design teams as necessary.
Clinical safety is deeply embedded in healthya’s culture. This key focus on patient care enables the delivery of high-quality solutions and optimises the experience of both the care professional and also the patient.
Risk and Hazard Management Process
healthya is committed to clinical and technical safety. As ISO 27001 and Cyber Essential accreditation providers, healthya has embedded management and clinical risk systems in place to ensure the technical security, clinical safety, information security and quality of its systems and the data within it.
All data collected, process and stored is done so utilising encryption in-transit and at-rest of participant sign up.
All data collected, processed and stored is done so utilising AES-256 encryption in-transit and at-rest on participant signup. The transfer of data is via network only Transfer Layer Security (TLS) 1.2 only. This includes the transmission of data from healthya services to its hosts (AWS - London). Remote access to infrastructure holding data is monitored on a daily basis.
healthya has a clinical risk measurement, evaluation and management process overseen by Dr Suhel Ahmed, Clinical Safety Officer. The risk/hazard assessment process follows healthya’s standard Clinical Risk Management System approach. Risks may also be identified in other ways during the development and use of the healthya services to discover during design of a solution by supplier or NHS Organisations; participant engagement; feedback; in-app message; testing of amended functionality; ad-hoc testing of live service functionality; reporting of an incident or problem within the live service; and identification by a member of staff within the supplier or NHS Organisation. A full Hazard Log is maintained and updated by the Clinical Safety Team. Citations for all logs are available on request.
Examples of raised hazards we raised during the design and development of the app, what the causes were and how we had remedied this; Patient has more than one record on the system – Cause: The clinician would be unable to view previous requests submitted by the patient which might influence their clinical decision making. Remediation: creation of mandatory fields with an on-screen display of informing customers of mandatory fields. Another example: System performs slowly – Cause: Unexpected high user load - The system could be subject to use by more users than was anticipated at the time it was specified and designed. Remediation: Performance monitoring is in place to monitor the database and web application servers. CPU, RAM, network bandwidth and disk storage are monitored. Where required the hosting provider is contacted to manually increase the required resources and users would be notified as far in advance as possible if any downtime were required.
For each identified hazard, the following information will be defined and recorded as: hazard number; hazard description; impact, possible causes and existing controls – these are identified existing controls or measures that are currently in place and will remain in place post-implementation that provide mitigation again the hazard, i.e. will be used as part of the initial Hazard Risk Assessment. Each Hazard is reviewed by the Clinical Safety Team and appropriate stakeholders to estimate and evaluate clinical risk and controls and record the outcome.
healthya continually monitors its services. The contents of the app are reviewed every month by the Clinical Safety Team, or as peer-reviewed evidence emerges. In-app telemetry and feedback sent to our support team (in-app or on the web) helps us to identify and address inequities and inequalities in engagement and/or health outcomes.
Queries, requests or concerns
To exercise all relevant rights, queries or concerns, please in the first instance contact cs@healthya.co.uk (mailto:cs@healthya.co.uk)