How to deal with risks in your practice

Although it is impossible to remove risk completely, by applying risk management principles, adverse incidents and associated potential harm can be significantly reduced, say Margaret Stone and Tim Harrison. They introduce the basic concepts

This content was published in 2010. We do not recommend that you take any clinical decisions based on this information without first ensuring you have checked the latest guidance.

Picture this: a community psychiatric nurse (CPN) enters your pharmacy to return a medicine supplied three days ago. She says you have dispensed it incorrectly. The returned medicine is quetiapine 200mg tablets, labelled “quetiapine 200mg tablets, take one tablet twice a day” but the GP told the CPN that he was increasing the dose to 300mg bd. What do you do?

In dealing with any incident, several questions should be considered:

  • What are the risks?
  • What are the priorities?
  • Where do responsibilities lie?
  • What actions are needed?

Immediate action should be to confirm the details of the error and assess the potential for patient harm. This will involve accessing the prescription and, if there has been a dispensing error, liaising with the CPN and GP and discussing the situation with the patient to find out how much of the medicine has been taken. If the patient has taken the medicine, missed doses or become anxious as a result of the error, he or she will need to be clinically assessed by the GP or the CPN. The outcome of this assessment should be sought. The patient will need to have the correct medicine dispensed and apologies should be offered. (The National Patient Safety Agency, in its 2009 document “Being open: communicating patient safety incidents with patients, their families and carers”, includes apologising in its framework for how NHS bodies should deal with patient safety incidents.) But that should not be the end of the matter. The next step should be to look at the incident to try to prevent it from happening again. In other words, risk management.

Risk is simply the potential for an unwanted outcome. In general, the more complex the activity the greater the risk and the more stages in a process the greater the number of risks. Risk management encompasses a series of activities including risk assessment, learning from mistakes, implementing changes as a result and reporting adverse events. This results in safer practice, enhanced patient care and reduced litigation.

In 2000, the Department of Health published a report called “Organisation with a memory” in response to increasing rates of serious adverse events in the NHS. One of the main messages was that NHS organisations must have systems in place to ensure they learn from adverse events. A key part of this involves the recognition that capturing and recording information on adverse events, and analysing them in the right way, is an essential step to reducing risk to patients.

A report and accompanying toolkit called “Seven steps to patient safety” was published by the NPSA to assist NHS organisations. The steps an organisation can take to improve patient safety are:

  • Build a safety culture
  • Lead and support staff
  • Integrate risk management activity into practice
  • Promote incident reporting
  • Involve and communicate with patients and the public
  • Learn and share safety lessons
  • Implement solutions to prevent harm

Risks in the pharmacy

Risk is present in every pharmacy and can relate to the staff and patients; the environment; equipment, medicines or chemicals; or the systems and management.

The following steps may be used as a guide for managing risks:

  • Identify actual and potential risks
  • Assess risks for potential severity (see below)
  • Prioritise and eliminate risks
  • Reduce opportunity and impact of risks that cannot be eliminated

Many pharmacy processes will have standard operating procedures (SOPs) associated with them. All processes, however, even those without SOPs, should have best practices that must be communicated to and followed by all members of staff, including part-timers, locums and bank staff. Communication of a process on a single occasion is not sufficient; the process must be revisited regularly, especially if it changes.

The importance of having effective and up-to-date SOPs and protocols has been clearly outlined by the Royal Pharmaceutical Society. In addition, regular review of all pharmacy procedures (at least every two years) is essential to risk management and is a Society requirement. Ideally, SOPs should be in place for all pharmacy procedures, not just the mandatory ones listed by the Society.

Risk assessment is the process by which potential risks are assessed or scored, using a matrix. An NPSA document “Healthcare risk assessment made easy” summarises risk assessment as comprising considering what the risks are, what the likely consequences will be and how often the risks might occur. These factors are put into a matrix and the risk is then scored. Generally, when using risk assessment tools, the higher the number the higher the risk. Considerations of risk for our scenario are detailed in the Box.

Types of incident

The term used by the NPSA for an adverse event is “incident”. This applies to all occasions when things do not happen as intended, whether there is an adverse outcome or not.

Patient safety incidents

A patient safety incident is “any unintended or unexpected incident which could have or did lead to harm for one or more patients receiving NHS care”. The NPSA uses five degree-of-harm descriptors for harm done to a patient following an incident. These are: no harm, low harm, moderate harm, severe harm and death. No harm patient safety incidents should still be reported because they are valuable for identifying patterns of where incidents are occurring. Without an intervention, such incidents could escalate into more serious harms if they are repeated.

The NHS is moving towards a system of low blame. This approach accepts that there are probably failures in the operating procedures, culture, management systems and other features, all of which combine to make a poor working environment, in which patient safety incidents can more easily occur. Professionals within the NHS are responsible for their own practices, but they should not usually carry all the blame when an incident occurs.

In pharmacy, patient safety incidents can be split into drug- and non-drug-related incidents. When an incident involving a drug occurs it should be classified using the patient safety incident harm categories. A common area of confusion when describing drug incidents, particularly dispensing incidents, is whether to class them as actual incidents or near misses. Actual incidents are those spotted after the normal checking process and have the potential to cause any degree of harm (e.g. an error spotted as the counter assistant hands out a medicine). Near misses are errors spotted during the normal checking process and often cause no patient harm.

It is important to collect data on near misses because many potential adverse events are detected during the normal checking process before they can cause harm. Application of such risk management techniques and implementing changes as a result can prevent an actual incident.

Non-patient safety incidents

An example of a non-patient safety incident is a member of staff slipping on a wet floor. Incidents that do not involve patients should still be reported and acted on to protect the safety of other staff and to fulfil employers’ obligations under health and safety law. Depending on their nature, such incidents may also need reporting to the Health and Safety Executive under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995(RIDDOR). The NPSA does not collect data on these incidents.

More than simple human error

An academic study of the theories of risk management is beyond the scope of this article, and probably best left to specialists. Many theories borrow heavily from the aviation industry to learn how to “design out”error. The basic premise underlying theories of risk management is that there are many factors that coincide to cause an error and it is important to consider these. Errors can beviewed as caused by people or systems.

In an article for the BMJ, James Reason discussed approaches to human errors. He proposed a model that describes how errors occur, despite people’s and systems’ best efforts. This model is called the Swiss cheese model and describes barriers as slices of cheese with holes. It shows that both system and people errors, when combined in a certain way, line up to allow an error to occur. The more barriers that can be put in place the less likely it is that all the holes line up. This model has been used widely in health care to help describe why errors continue. Its use in risk management is described further in a recent article by Phipps et al (PJ, 27 March 2010, p312).

Next steps

It is not only actions that can result inincidents, but also lack of action. Critical appraisal is essential. This involves regular review of working conditions, SOPs, staff training and appraisals, acting on feedback from service users and applying risk management principles. Although these may not be tasks pharmacists perform, each pharmacist is responsible for ensuring the tasks are completed. This has been highlighted by the recent introduction of the responsible pharmacist Regulations. The code of ethics for pharmacists and pharmacy technicians and the pharmacy contract also place the onus on individual pharmacists and pharmacy businesses to ensure that risks and potential harm are managed.

Once immediate action following an incident, such as a dispensing error, has been taken, further risk management means reporting the incident, investigating it, coming up with a plan of action and sharing results.


A dispensing error is a critical incident and should be reported as such using the organisation’s incident reporting system.The error report should indicate the level of patient harm. The person responsible for clinical governance within the organisation should be notified so that trends in errors can be analysed.


Incident investigation constitutes a basic part of the risk management and clinical governance functions of the organisation as well as being a professional and ethical responsibility for pharmacists and registered pharmacy technicians. It is best (if possible) that the person conducting the investigation has not been involved in the incident. Everyone involved should be interviewed separately, to be informed of the incident and to discuss any contributing factors. Once the contributing factors are identified, both human and system, an action plan can be put into place to reduce the chances of that type of error recurring.


A good action plan will contain details of who will do the actions and a timeframe for when these should be completed. A named individual should ensure the action plan is implemented, and evidence of this should be kept for audits.


Sharing incident details so that others can learn from them is vital. In England and Wales, reporting incidents to the NPSA is a contractual requirement for community pharmacists with the emphasis being on serious incidents. In Scotland, sharing of information on errors is a professional decision. If an organisation’s reporting system does not automatically link to the NPSA, pharmacists and technicians should consider making a report via the National Reporting and Learning System e-form on the NPSA website. It is also recommended that incidents are reported to the primary care organisation and some trusts already have an anonymous system for gathering information about incidents and action plans.

As part of Government reforms of the NHS, patient safety will become the responsibility of a national commissioning board. The exact nature of reporting requirements is not known, but the principles are likely to remain. The current NPSA system is likely to remain until April 2012 (PJ,11 September 2010, p262).

We would hazard a guess that most pharmacists have to deal with a dispensing error at least once in their working lives but risk is present in all aspects of pharmacy practice. A series of scenarios highlighting the risks that exist in everyday pharmacy practice and looking at the approaches to manage them will be published in The Journal or on PJ Online, covering topics from financial risk and personal safety to enhanced services and an allegation of inappropriate conduct. We hope pharmacists and pharmacy technicians will use these to reflect on their own practice to see if they are aware of and are actively managing risk

Box: Considerations in a dispensing error

What are the risks?

There are potential risks to the patient (health outcomes), the dispensary team (professional, legal and financial), the community psychiatric nurse (professional) and the business or organisation providing the service (legal, financial, reputation).

What are the priorities?

The priorities are to ensure no further patient harm and to minimise further risk.

Where do responsibilities lie?

Individual roles should be identified and agreed between all those involved.

What actions are needed?

Actions need to be decisive — immediate action is needed to reduce further risk and potential patient harm. They also need to be in the best interests of all involved, although the patient is the primary concern. Any action taken should also be transparent and communicated well — details of the incident, action plan and outcomes should be shared with all parties involved.

Last updated
The Pharmaceutical Journal, PJ, September 2010;()::DOI:10.1211/PJ.2021.1.64747

You might also be interested in…