Ratified by: Finance and Investment committee (FIC)
Date Ratified: 25/05/2022
Job Title of Author: Health, Safety, Fire and Security Manager
Reviewed by Sub Group or Expert Group: Property Health and Safety Steering Group
Related Procedural Documents: HSPOL08 Health & Safety at Work Policy QSPOL09 Risk Management Policy
Review Date: 25/05/2025
It is the responsibility of users to ensure that you are using the most up to date document template – ie obtained via the intranet.
In developing/reviewing this procedure Provide Community has had regard to the principles of the NHS Constitution.
Version Control Sheet
Version
V3 July 2016 Head of Safety & Resilience Review
V4 August 2018 Head of Safety & Resilience Review
V5 May 2022 Health, Safety, Fire and Security Manager Review Ratified FIC 25/05/2022
1. Introduction
This procedure has been developed to:
• Describe the management responsibility for the assessment of hazards and risks
• Provide guidance on the process of hazard identification and risk assessment
• Protect employees, patients and others through the identification of hazards and the risks generated therein
• Facilitate the systematic introduction of suitable measures to both control and reduce those risks to a minimum acceptable level.
2. Definitions
Hazard
Something with the potential to cause harm
Risk
The likelihood of a particular hazard being realised and the severity of the outcome
Risk Assessment
A systematic means of measuring the potential likelihood and severity of a given hazard
Risk Management
A holistic means of managing risk within an organisation on a priority basis
Risk Control Measures
Any means by which a risk is eliminated or reduced to an acceptable or negligible level
Residual Risk
A remaining risk, large or small, that remains following risk assessment and the introduction of risk control measures
Competent Person
A combination of training, knowledge, experience and personal qualities such as the ability to make sound judgements
Health & Safety Executive (HSE)
UK Regulatory authority for Health & Safety
3. Responsibilities
Group Chief Executive
The Group Chief Executive has ultimate responsibility for ensuring that:
• This procedure and guidance is implemented throughout the organisation
• All significant and high hazards are identified and risk assessed
• Action is taken to eliminate or control those risks so far as is reasonably practicable
Group Chief Officers
Executive Directors are accountable for the implementation of this policy and guidance throughout their areas of responsibility within the organisation.
Directors/Assistant Directors / Managers
Directors, Assistant Directors and managers are responsible for:
• The implementation of this procedure and guidance throughout their areas of responsibility
• Ensuring that risk assessments are undertaken within their areas of responsibility
• The introduction of suitable and sufficient measures to eliminate or adequately control a risk, and that those measures are regularly reviewed to ensure there use and adequacy
• Ensuring that all risk assessments are formally recorded using the documentation provided within this policy and guidance
• Ensuring all assessments are reviewed annually or earlier should the practice/process change
• Ensuring that where identified risk remain as low as reasonable practicable, following implementation of controls, ensuring these are entered onto the directorate risk register
• Where identified risks remain at significant or high following implementation of controls, these must be reported to the responsible Assistant Director and the appropriate committee (Safety & Resilience Group / Quality & Safety Committee). These risks must also be entered onto the risk register
Quality & Safety Team
Is responsible for:
• Providing support and advice to managers and staff in the process of risk assessment
• Managing and reviewing the process for risk assessment within the organisation
• Co-ordinating the Corporate and Directorate Risk Registers
• Supporting Managers and Directors to notify the Board, through the Quality & Safety Group of all areas of significant and high residual risk
All members of staff employed by the organisation
All members of staff are responsible for:
• The identification of hazards and either undertaking risk assessments and/or assisting their line manager to do so
• Notifying the Manager of any significant hazards / risks within their areas for inclusion into the risk registers
• Complying with all measures that have been introduced to eliminate or adequately control a particular hazard
• Notifying their line manager of any breakdown in measures that are used to control a hazard
4. Documentation
Documentation to be used in conjunction with this procedure and guidance is included within the appendices.
• Risk Quantification & Definition of Acceptable Risk
• Risk Assessment Pro-forma
The generic pro-forma is to be used for general risk assessments only (environmental, equipment, processes etc.).
More specific risk assessments such as Manual Handling, Display Screen, Fire, COSHH, Lone Working, New & Expectant Mothers, Stress etc., will require more detail and a specific pro-forma. Generic copies can be found on the intranet, alternatively you could speak to the Health, Safety, Fire and Security Manager
Details for the completion of the forms attached within the appendices is contained in the Guidance to this Procedure.
5. Training
In order to ensure that hazard identification and risk assessment is undertaken, it is essential that staff receive suitable and sufficient training in the techniques that are required.
Under current health and safety legislation employers are required to provide all such training that is necessary to ensure the competency of its employees, and that such training is undertaken during work hours at no charge to the employee.
Training in hazard identification and risk assessment techniques, including the use of the documentation, is within the Health and Safety mandatory corporate induction training session which is mandatory for all staff.
The organisation also provides Managers with additional training in risk management by running the IOSH – Managing Safely course. These are run over 4 day and the courses take place 4 times a year. Managers are advised to contact Learning & Development to book a place on this course.
6. Guidance to staff
Introduction
The key to hazard identification and risk assessment is to apply the KISS approach –
Keep
It Short & Simple
Over complication leads to confusion and a failure to implement.
Many of the processes/procedures that require a risk assessment will be ones that you have undertaken many times over many years. There is no need to change what you do if it is safe. This process will enable you to look at the processes and judge whether the way things are currently being done is the right way.
Risk assessment can be a time consuming process in the initial stages, and requires a high level of commitment from both staff and managers. However, the results of the process provides measurable reductions in absence from work, long term ill health and minor injuries, along with significant reductions in personal injury claims and insurance premiums. This allows the funding for better care of both staff and patients.
Hazard Identification Techniques
Workplace hazards can be identified in a number of different ways. Simply looking about your place of work will reveal many hazards, the majority of which can be eliminated by simple good housekeeping practises.
More significant hazards, perhaps those involved in a procedure or a patient care plan, will be less obvious. In such cases a more systematic approach should be adopted. Knowledge and experience are important in such instances if all hazards are to be considered.
Hazard identification can be carried out by an individual or as part of a group exercise for more complex situations, although group input in managing a particular hazard is far more effective and should be practised where possible.
Some typical hazards that you experience in your workplace may include:
Direct Patient Care
• Availability of services
• Acceptability of services
• Resuscitation programme
• Adequacy of policies, procedures, protocols and guidelines
• Standards of patient record keeping
• Adequacy of clinical supervision
• Informed consent arrangements
• Medical or clinical negligence
• Violent incidents by patients/clients
• Drug control
• Clinical audit and outcomes arrangements
• Adequacy, integration and competencies of staff
• Communication systems within and between departments
• Integration of professional inputs to the treatment and care processes
• Adverse incident reporting culture and systems
• The interface between health care and social care
• Safeguarding
• Patient’s Guide – “Your guide to the NHS”
Indirect Patient Care
• Security
• Fire precautions
• Fire incidents
• Buildings, plant and equipment
• Waste (particularly Clinical Waste)
• Control of infection
• Environmental health
• Material damage to buildings and physical assets
• Business interruption
• Environmental issues
Health and Safety
• Manual handling training
• Obligations and responsibilities
• Unsafe systems of work
• COSHH
• Failure to provide information, instruction, training and supervision
• Safe place of work
• Lone workers, their safety and security
• Contractors working on premises
• Staff competency
• Security of premises, access and control and personal security
• Patient competency – rehabilitation tasks
• Construction design and management regulations
• Fixed electrical installations
• Portable appliances
• Legionellae
• Accident reporting
• Personal safety training
• Infection control
Organisational
• Information technology
• Computer confidentiality
• Staff shortages/recruitment difficulties
• Loss of primary site services
• Reputation
• Insurance
• Finance
• Patient’s monies
• Computer theft or fraud
• Loss of computer software information
These are only examples, and should not be seen as a comprehensive list of hazards in your workplace
From the list above it is clear that some hazards are simple and can be dealt with immediately, whilst others will require a more thorough investigation and possibly the production of a safe working procedure (known as a safe system of work).
Where you know that the hazard can be removed simply and without disruption to staff and patients, then you should do so immediately.
The hazard may also be a procedure – such as moving a patient, and have a number of significant hazards associated with it. In such instances, a detailed investigation and risk assessment would need to be undertaken.
If you are unable to eliminate the hazard immediately, you should report to your line manager, who will determine whether a risk assessment is required or whether more specialist advice is required.
All hazards that contain a high or significant residual risk following any assessment and the introduction of risk control measures are to be reported to your Assistant Director for entry onto the Risk Register and will subsequently then be reported to the Quality & Safety Committee, Finance & Risk Committee and Board.
Risk Assessment
A risk assessment is nothing more than a careful examination of the hazards associated with work activities and premises that could cause harm to people. These hazards are evaluated to decide if adequate precautions have already been taken, or whether more can still be done to prevent harm.
The following factors apply in general terms to all risk assessments:
• An assessment need only be done once, and need not be duplicated to satisfy a similar duty under a different regulation (although the findings of an initial assessment may require a more detailed assessment such as with manual handling). Must be undertaken by a competent person
• Must be reviewed or reassessed when necessary, such as when there is a significant change in working practice or environment
• Must take into account changes in technology
• Needs to be monitored to ensure that risk control needs are measured and effective
• Requires adequate record keeping (sometimes for a prescribed period)
• Require consultation with staff and their appointed representatives
• Must be supported by information and training for staff
7. Carrying
out a risk assessment
Any risk assessment must consider and take account of the following:
• How likely is it that something will go wrong?
• Who would be affected?
• If it goes wrong, how serious are the consequences?
• How frequently does the risk arise?
• Are the effects immediate or delayed (acute or chronic)?
• What are the legal requirements to control the hazard?
• What are the Department of Health requirements?
The Health and Safety Executive (HSE) have produced a book about risk assessment entitled ‘5 steps to risk assessment’. The procedure detailed below follows that principle.
The steps are:
Step 1 - Identify the Hazards
Step 2 - Identify People at Risk, types of people and quantities
Step 3 - Evaluate the Risk (consequence versus likelihood)
Step 4 - Record your Findings/Communicate with stakeholders
Step 5 - Review and Revise the Assessment as necessary
Step 1 – Identify the Hazard
The hazard may have already been identified using the hazard reporting procedure or may be part of an initial assessment or review of an assessment.
There may have been an incident or near miss which highlighted a previously unknown hazard. You may have noticed a health and safety issue that has not been addressed.
Step 2 – Identify People at Risk
Consider any group of people who may be at risk. This includes employees, patients, visitors the public and maintenance contractors. Remember there is a greater duty of care toward the young, the sick and the elderly.
Quantities of people at risk should be identified in order to achieve a realistic risk rating for a particular hazard, numbers involved should be recorded on the risk assessment pro-forma appendix 2 as part of the risk assessment process.
Step 3 – Evaluate the Risk
For each hazard identified it is necessary to identify the significant risks. In doing this consider the worst case scenario and the control measures that that are already in use.
The most common method of evaluating risk is to give a numerical value. In order to fully integrate this procedure with the Risk Register the risk quantification maturity matrix attached in Appendix 1 must be used to identify the appropriate levels of consequence and the likelihood of the event occurring.
A numerical value between 1 and 5 must be given for both levels of consequence and
levels of likelihood, the figures must be recorded on the risk assessment form, by multiplying the figures by each other the risk rating is identified and appropriate action to be taken.
Having calculated the Risk Rating the action required must be considered. This is based upon what is ‘reasonably practicable’, weighing the overall risk against time, trouble, cost and degree of difficulty needed to eliminate the risk.
The level of control is based upon a hierarchy as outlined below:
• Eliminate the hazard at source – no residual risk.
• Substitute the hazard for one with a lower risk.
• Enclose the hazard.
• Segregate the hazard to prevent access.
• Develop written procedures to control the risk.
• Provide adequate supervision.
• Provide training to employees.
• Provide information and instructions – signs.
• Use of personal protective clothing (only as a last resort)
The risk assessment pro-forma attached in Appendix 2 should be used to record the levels of risk both before and after action has been identified.
Step 4 – Record & Reporting your Findings
The assessment must be recorded where there are five or more people employed, or where there is a significant risk. This means writing down the significant hazards, the risk ranking and suggested actions.
All assessments must be reported to all staff affected at least annually or when the process changes and the assessment reviewed. All assessments must be routed to the manager and appropriate assessments in accordance with the risk matrix must be routed to the Assistant Director to be included within the service Risk Register, assessments should preferably be routed electronically.
Step 5 - Review and Revise the Assessment as Necessary
Risk assessment is a continuous and on-going process. Any significant changes in either working practice or environment could introduce new or unfamiliar hazards and affect the risk assessment. Accidents and incidents may also identify hazards that are not adequately controlled. All reviews of a particular hazard must be communicated to staff.
8. Risk Registers
There is a requirement for the organisation to ensure all hazards that affect staff and other stakeholders are appropriately communicated to all, in order for the controls to be maintained and any changes in the controls to be monitored.
Corporate hazards and assessments shall be recorded within the organisation’s Risk Register, which is currently an excel spread sheet linked to the organisation’s strategic objectives.
The risk registers are reviewed monthly at the organisation’s Risk Management Review Group
9. Monitoring and Review
This procedure and guidance will be reviewed at least every two years.
Implementation of the procedure and guidelines will be undertaken during inspections & audits of the workplace which are undertaken by the Health, Safety, Fire and Security Manager
Completed Risk Assessments must be kept and reviewed on a regular basis (at least 3 monthly) to ensure that risk control measures have been implemented, are in use and effective.
The period of review of Risk Assessments will be determined by the severity of the risk. High risk activities will require shorter periods of time between reviews than lower risk activities. The longest period before a review of a risk assessment must take place is 1 year.
10.Links to other documents
The Risk Assessment Procedure and Guidance has links to the following Provide documents:
QSPOL09 Risk Management Policy
HSPOL08 Health & Safety at Work Policy
HSPOL19 Lone Working Policy
HSPOL05 Manual Handling Policy
HSPOL14 Control of Substances Hazardous to Health Policy (COSHH)
CSPOL01 Complaints Procedure
QSPOL01 Incident Reporting and Management Policy
11.Applicable Legislation
• Health & Safety At Work Act 1974
• Management of Health and Safety at Work Regulations 1999
• Manual Handling Operations Regulations 1999
• Lifting Operations and Lifting Equipment Regulations 1998
• Control of Substances Hazardous to Health Regulations 2002
• Provision and Use of Work Equipment Regulations 1998
• Personal Protective Equipment Regulations 2022
• Display Screen Equipment regulations 1992
Appendix 1: Risk Quantification & Definition of Acceptable Risks
Risk management defines risk as ‘The chance of something happening that will have an impact on objectives’. It is measured in terms of consequences and likelihood.
Risk = Likelihood x Consequence
A simple approach to quantifying risk is to define qualitative measures of likelihood and consequence such as the exemplars given below. This allows construction of a risk matrix, which can be used as a basis of identifying acceptable and unacceptable risk.
Appendix 2: Qualitative Measures of Likelihood
Qualitative Risk Assessment Matrix – Level of Risk
Level Descriptor
1 Rare
Description
Theeventmayoccuronlyinexceptionalcircumstances
2 Unlikely Theeventcouldoccurifcontrolsfail
3 Possible Theeventmayoccurduetoinsufficientcontrols
4 Likely Theeventwilloccurinmostcircumstances
5 AlmostCertain Theeventwilloccur
Qualitative measures of Consequence
Consequence
Negligible
<£2k Awareness limited to individuals within the organisation Low value claims handledbyex gratia payment Minornon Injuryorillness notrequiring intervention compliance. (1) Singleresolvable probleminpatient experience
Low Minor injury or ill health First
Coverage limited to elements within Justified complaint Single failure to meet internal (2) aid treatment –Noincapacity
£2k –
£20k the organisation (eg. trade unions) or some external stakeholders peripheral to clinical care (eg. car parking access) standards
Medium Significant injury orill
£20k –Coverage throughout Justified complaint Repeated failure to meetinternal (3) health, Medical intervention necessary > 3 days absence (RIDDOR reportable)
High Major injuries, or longterm
£200k organisation and/or some public coverage involving lack ofappropriate care,orbelow excessclaim standards. Patient outcome or experience below reasonable expectation inone or a numberofareas
£200k –Extensive local coverageand Above excessclaim. Single failure to meet national (4) incapacity or disability
Provide requires all relevant personal and particularly senior managers to use the above guidance to evaluate the level of risk Provide is exposed to. Provide will regard any risk with a colour of green (low) as acceptable.
High risk, immediate action required to remove or reduce the risk, consider stopping practice, these events must be investigated by the Manager / Assistant Director and added to the organisational risk register by the Assistant Director. Action required immediately.
Significant risk events require urgent action required to remove or reduce the risk, these events must be investigated by the Manager / Assistant Director and added to the organisational risk register by the Assistant Director. Action required within one month of date of assessment.
Moderate risk events require actions to be implemented if cost effective in reducing risk, these events investigated by the Manager / Assistant Director and added to the service risk register by the Assistant Director. Action should be taken within 3 months of assessment date.
Low risk events require actions to be implemented only if inexpensive or easy to implement, these events are to be investigated at the discretion of the Manager. Action should be taken within 6 months of assessment.
It is worth noting that risk assessments are to be undertaken for all hazards to which the organisation is exposed, on completion of assessments all staff and stakeholders working within the environment must be formally communicated the assessments, the collection of assessments at local level are to be considered as the local risk register/s.
Hazards that cannot be managed at a local level will form part of the service risk register on communication to the Manager
ASSESSMENT
ASSESSOR(S):
Please complete action plan overleaf
No Proposed Controls Action required to implement Approved
Action to be completed by whom and When Review Date
Date added to Service Risk Register
(Note: ALL RESIDUAL SIGNIFICANT & HIGH RISKS MUST BE REPORTED TO THE GOVERNANCE TEAM AND PLACED ON THE SERVICE RISK REGISTER)
Signed: Date:
Risk assessment to be reviewed annually, or if risks/control measures change.
