A new report from the Health Services Safety Investigations Body (HSSIB) has raised serious concerns about how NHS trusts are managing complex digital safety risks linked to electronic prescribing and medicines administration (ePMA) systems.
The investigation warns that significant unwarranted variation in how ePMA software is designed, procured and regulated across acute hospitals could increase the risk of medication‑related harm to patients if not urgently addressed.
The findings come at a time of intense national focus on digital transformation within the NHS, including ambitions for a single patient record as part of England’s 10 Year Health Plan. While digital technologies offer clear opportunities to improve care, HSSIB cautions that the current framework does not adequately support safe adoption at scale.
Wide variation in ePMA design and use
ePMA systems are now widely used in hospitals to prescribe medicines and record administration during inpatient care. Although such systems can reduce certain types of prescribing error, the HSSIB investigation found that there are no core national patient safety standards governing how ePMAs should be designed or procured.
As a result, hospitals are using systems that function very differently, creating inconsistency and increasing cognitive burden for clinicians who move between organisations or rely on locum staff. The report highlights that this variation can introduce new safety risks during prescribing and medicines administration.
Inconsistent compliance with digital safety standards
The report acknowledges that legally mandated NHS standards already exist for digital clinical safety and interoperability, and that these apply to ePMA systems. However, HSSIB found unwarranted variation in how NHS trusts comply with these standards, alongside a lack of national oversight or assurance to ensure consistent implementation.
This inconsistency leaves individual trusts responsible for interpreting and applying requirements, often without sufficient clarity or support.
Unclear regulatory roles and accountability gaps
The investigation also highlights confusion around the roles and responsibilities of national bodies involved in patient safety oversight, including the Care Quality Commission (CQC) and the Medicines and Healthcare products Regulatory Agency (MHRA).
In particular, there is uncertainty about when ePMA software should be classified as a medical device, and which organisation is responsible for assuring safety in different scenarios. HSSIB warns that this lack of clarity contributes to gaps in accountability and assurance across the system.
Safety learning not shared consistently
HSSIB found that patient safety learning related to ePMA systems is not systematically identified or shared across the NHS. Instead, learning often spreads through informal professional networks, meaning critical safety insights may fail to reach all trusts or influence national procurement and system design decisions.
This fragmented approach limits the NHS’s ability to learn at scale and prevent repeat incidents.
Trusts left to manage risks without sufficient support
While the responsibility for managing digital safety risks largely sits with individual NHS hospital trusts, the report concludes that many do not have the resources, skills or specialist capability required to robustly assess and manage the risks associated with ePMA systems.
Without stronger national coordination, HSSIB warns that digital safety risks will continue to be managed unevenly, increasing the likelihood of harm.
HSSIB safety recommendations
The HSSIB report makes a series of safety recommendations to national bodies, including calls to:
- Develop a national framework for core ePMA safety
- Clarify regulation, including when ePMAs should be classified as medical devices
- Introduce national assurance mechanisms for digital clinical safety and interoperability standards
- Provide additional support to acute trusts to build digital clinical safety capability and capacity
- Better integrate digital safety and patient safety across the healthcare system
The report concludes that without coordinated national action, the risks associated with ePMA systems will grow as digital transformation accelerates.
Clare Crowley, Senior Safety Investigator at the HSSIB, commented:
“ePMA is a core component of modern healthcare, but its safety depends on how it is designed, implemented and overseen. Our patient safety investigation highlights the need for greater clarity, consistency and national coordination so that ePMA software reliably supports safe care for patients.
“In the absence of this, NHS hospital trusts are being asked to carry the responsibility of assuring themselves that the ePMA software they choose to use is safe. This is a complex and resource intensive task. Not all trusts have the capacity, capability or support they need to do it robustly.
“As the NHS continues its rapid shift towards digital care and a single patient record, it is essential that patient safety is built in from the outset, rather than relying on individual organisations to identify and manage the risks.”
Image credit: iStock
