‘We ensure that the website and mobile applications are safe for users’ — a day in the life of a clinical risk manager

Caroleena Bhojwani is part of the Babylon Health clinical safety team, which makes sure that the digital healthcare provider complies with strict industry standards.

I work as a clinical risk manager within the global clinical safety team at Babylon Health in London, a digital-first healthcare provider that offers accessible and affordable health services. Patients are either registered with Babylon’s GP at Hand NHS service, or registered with us privately.

NHS Digital has set strict quality and compliance standards for digital health systems. External regulators, and bodies such as the Care Quality Commission, look for the clinical risk management work undertaken to ensure that we are meeting these standards, which are based on UK legislation as part of the Health and Social Care Act 2012.

Since the COVID-19 pandemic started I have been working remotely, and my role is to make sure that the website and mobile applications are safe for users by ensuring that the clinical risk management process is adhered to when designing, developing and deploying updates to the Babylon application or website. For example, if our symptom checker identifies that a patient is pregnant, an ‘early exit’ will be presented to the user, where the feature will display a message signposting them to book an appointment.

This ensures that any information and processes do not lead to inadvertent patient harm, such as a delay in patient care or treatment.

As a pharmacist, my understanding of the patient’s healthcare journey allows me to ensure that features within the digital software setting lead to optimal outcomes for the patient.

08:45 — start

Every morning, I attend a meeting with product teams responsible for developing various products for use on the Babylon application and website. This is an opportunity for us to discuss any recent clinical safety projects, or updates to Babylon’s product roadmap. One such example is the addition of a mood tracker to our Monitor product, which allows patients to gain insights into their mental health.

After this, the global clinical safety team, who are all currently based in the UK, meet and discuss changes, new projects, or any other business they have. Although short, both of these meetings serve as vital communication channels for our work and occur at regular intervals in response to the COVID-19 pandemic.


The clinical safety team is required to provide internal education and training sessions throughout the year, which are now being held remotely owing to COVID-19. Today, I am training around 50 product specialists, clinical leads and engineers. I discuss the clinical risk management process and its application to the manufacturing and deployment of software.

I use this as an opportunity to demonstrate how everyone is responsible for risk management, as well as explain the strategies and processes the clinical safety team uses. This is often as simple as learning how to respond to and manage incidents appropriately — for example, through timely reporting of an incident to the incident management team and divisional leads to facilitate a resolution.


Safety artefacts, such as ‘safety reports’ or ‘safety cases’, are evidence-based documentation used to demonstrate the company’s efforts to ensure a product or service is safe for its users. The reports provide evidence and analysis of the activities and methods carried out to mitigate any risk to patients or healthcare provider users, prior to launch, and form part of the NHS Digital standards.

I spend the next few hours completing any outstanding reports, which include risk assessments for proposed changes, such as regular scheduled updates for the application. I ensure that every change is reviewed from a clinical safety perspective.

I also work on application releases and other ongoing projects. Knowing how to prioritise updates that are imminent or urgent is key. This is because each product has its own intended release date and some may be more imminent than others. Some releases may also be dependent on another release, like a domino effect.

Each safety report and application release is then signed off and approved by Babylon’s clinical safety officer or chief medical officer.


A product team is releasing a new feature, which requires integration with another internal service. This feature will give users the choice to share their mood tracker data with their Babylon therapist. As this is quite a significant change, the product requires a full review of the potential hazards and risks that this could introduce into the system.

I collaborate with subject matter experts, including technical, product and clinical leads, to review the hazard log — this is a document that is continually updated with hazards and mitigations related to each product or service delivered via the Babylon application. Together we discuss the product scope and how adequate design controls for reducing risk can be put in place.

We discover that this new feature introduces a potential hazard to relevant healthcare professionals using the application if they have not completed specific training prior to the feature going live. As such, the clinical risk management team will need to have further discussions about the potential clinical impact and how to ensure the necessary training is delivered prior to the release date.


The chief executive and high-level management address Babylon employees every week, including all the global teams, via a conference call.

The meeting consists of important company-wide updates, such as new deals in the pipeline, as well as insights from different areas of the business. Time permitting, there is usually an opportunity for questions, creating a regular and open communication channel between the employees and management.


I attend a meeting with one of the product teams to discuss the necessary safety requirements for an upcoming feature which will give users the choice to manually add a medication reminder as a notification. The product manager takes me through a demo with their technical and clinical lead present. This is an opportunity for me to ask questions from a safety perspective, and agree on timelines and requirements for the ‘safety case’, so that this feature has the appropriate approval in time for release.

More specifically, I ask about the details of the testing plan and testing methods. I confirm that end-to-end testing of the solution has been considered, as well as the methods for completing clinical and technical validation, for quality assurance purposes. These activities serve as evidence within the ‘safety case’ to support this release.


I meet with representatives from the regulatory team to discuss timelines for completing updates to documentation which demonstrates Babylon’s compliance to regulatory requirements. An example of this is post-market surveillance, where information is gathered to assess the safety and performance of the product after its launch to the live environment, and is used as evidence to support Babylon’s commitment to safety.


I catch up with the Canadian product team over a conference call to discuss a technical bug that could delay the release date of a new feature.

The bug alters the display of suggested safe alcohol limits to users and was found during routine testing prior to going live. We discuss the potential causes and a bug fix that will ensure that consistently correct information is displayed to reduce the risk of patient harm once the feature is released into the live environment. As part of this, I request further user testing and a meeting to discuss the bug with the medical director of the Canadian region.

17:30 — finish

Today I have been on duty for incident management monitoring. If a new incident has been raised in the live environment, remote meetings occur with the relevant teams to deal with the issue at hand. I have been keeping an eye on incoming incidents during the day and tending to them as they arise. I screen any outstanding incidents and ensure these are all risk assessed accordingly.

Before logging off, I am informed that a necessary update may be deployed to the application out of hours. I contact my colleague, who is on call this week, and hand the query over to them. The clinical safety team has an out-of-hours rota, so there is always someone available to manage major incidents and provide support.

Interested in a similar role?

To be successful in this role, pharmacists need to have:

  • Extensive healthcare knowledge;
  • Strong written and verbal communication skills to work with individuals from varied backgrounds;
  • A patient-centred approach, ensuring patient safety is paramount when making decisions and changes to products and services;
  • The ability to manage conflict, resolve problems and be innovative in their approach to work.

Clinical safety team members need to remain up to date and registered with their professional body — for example, the General Pharmaceutical Council.

Aim to complete the NHS Digital accreditation training on clinical risk management. This course offers training on how to practically implement NHS Digital safety standards and principles into health and social care organisation and is a good introduction to the application of clinical risk management in health IT systems.

If you would like to know more about the role of a clinical risk manager, Caroleena is happy to be contacted via LinkedIn at linkedin.com/in/caroleena-bhojwani

Last updated
The Pharmaceutical Journal, ‘We ensure that the website and mobile applications are safe for users’ — a day in the life of a clinical risk manager;Online:DOI:10.1211/PJ.2020.20208459

You may also be interested in