Working in a hospital in the UK National Health Service, I'll chip in slightly
off-topic here, but it's all about risk assessment/management and a lot of what's said
here can be applicable in IT/security risk management...
Disclaimer: I'm not involved in clinical risk management directly, but I work very
closely with the clinical risk management teams here and am involved in our Trust's
drive for CNST Level 2 compliance (acronym explanations follow). Opinions and
understanding are my own, not my employers', and I speak on behalf of myself rather
than my employer, the NHS, Department of Health et al.
When someone sues an NHS hospital in the UK, the millions are paid out by the NHS
Litigation Authority. Hospitals in the NHS pay an annual premium to the NHS LA into a
pot of money from which the LA pays the claimants. This premium is based on the size
of the hospital, the procedures it carries out (maternity, mental health and other
specialties may carry "extra risk" and so LA contributions may be increased), and most
importantly the level of compliance with the so-called Clinical Negligence Scheme for
Trusts, or CNST. CNST outlines various standards and requirements which, if met,
should reduce the number of clinically negligent incidents and this leads to a lowered
CNST contribution to the Litigation Authority. It's a bit like fitting
insurance-approved locks to your house or fitting an alarm and thus lowering your
insurance premium. But here we're dealing with mega-bucks -- a typical CNST
contribution is about 1-2% of the total income for a hospital, or around a cou!
ple of million pounds in our case.
It turns out that, certainly in the UK, not all staff in the health service are
trained in basic CPR. I'm an IT manager. I don't often come into contact with
patients. I am not "cost effective" to train in resuscitation. Why? Risk
management. While it may be sterile, scientific, unyielding on the affected
individuals, and feel "unwholesome" to Joe Public, lines end up being drawn. For
example: the medical profession has decided on current criteria for assessment of
death; these feed into an NFR Policy ("not for resuscitation" policy which is used to
determine when resuscitation in, for example, a cardiac arrest can be stopped because
the patient is deemed to be unviable). The criteria used to determine NFR are
reviewed all the time and change, just as anyone who is in St. John Ambulance will be
taught a slightly different recovery position each year: the guidelines adapt to
changes in best practice and medical knowledge. But the lines are still drawn, and
sometimes !
these are short of 100%. On with the risk management!
While you might expect otherwise, the highest attainment level, CNST Level 3, only
specifies:
"CRITERION 5.3.1: 90% of eligible staff have attended basic life support training in
the last 12 months."
""Eligible" staff are those determined in the trust's own resuscitation policy
(reviewed at level 1) who should receive training."
-- CNST General Manual June 2002
Where the line is drawn for "eligible" starts to get a bit of an ethical mess:
training costs time and money, versus not training potentially costing lives. The
purists in risk management would need to get the units on both sides of the equation
homogenous to strike the balance of how much to spend on training. As a result, even
if only implicit in how much ends up being spent training staff to do resuscitation, a
"value" or "cost" is attached to a life ("cost" defined as how much financial impact a
death due to clinical negligence might cause to a healthcare organisation, not
necessarily the cost in terms of emotional trauma and hardships for those close to the
victim). [aside: for the true mathematician, one might consider severe injuries and
conclude these can "cost" more than death]
Whatever the figures people might attach to "value of life", a line is drawn somewhere
that might say something like: "all consultant doctors and nurses above grade F must
attend mandatory annual resuscitation training". And from that point on, CNST judges
you. A trust that fails to live up to its 90% attainment will pay more to the
Litigation Authority. The result: either cut costs somewhere (reduce staffing is a
classic way of doing this -- dropping from CNST level 3 to level 2 might cost you the
order of 10 nurses, though) or the bank account goes overdrawn (and being in the red
further reduces your funding in the next financial year: being in the red lowers your
"star rating", which directly influences how much money your Trust receives annually,
to the tune of 0.5% better off for each star you have... the consequences are
inevitable, aren't they? :-) But I digress somewhat...
A balance of an achievable level of training, training costs, insurance/litigation
payout and what I call the "magic seaweed factor" (the slightly unscientific way some
risks are assessed) all contribute to decide the level at which we train our staff in
basic resuscitation. Beyond that, it's a case of educating the non-trained to call
2222, the standard number across the NHS (or should be thanks to another scheme's
diktat) for crash teams, cardiac arrest and resuscitation.
My personal view is that I don't feel training the IT Department how to do CPR is
worthwhile: I'd rather have the extra nurse looking after the intensive care unit or
in the emergency department (after suicide a road traffic accident is the most likely
cause of harm to someone in my social demographic). Just so long as my colleague sat
opposite remembers to call crash when I collapse from stress-related heart failure.
Hope that this has been a useful contribution, even if slightly off-topic.
Regards,
Marek Isalski
Software Support and Data Security Manager
Software Support, IT Projects, Directorate of Health Informatics
Wythenshawe Hospital, South Manchester University Hospitals NHS Trust
>>> <[EMAIL PROTECTED]> 04/05/2004 00:18:29 >>>
(And I am told that in fact, hospitals *do* require all their staff to get
at least "basic CPR" training and the like...)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
