Alex O’Neill, Head of Compliance at CODE
Risk assessments within a dental practice are important for protecting your business, staff and patients, helping you to ascertain what could go wrong and understand whether you have the right protocols in place to prevent those risks. They are a method of learning and improving and are a vital part of your compliance.
At CODE, we are often asked who can carry out a risk assessment within a dental practice. By law, they must be carried out by a ‘competent person’. In order to be competent, you must have the necessary skills, experience and knowledge to manage health and safety. In a nutshell you need to have:
- An understanding of the task being assessed
- A detailed knowledge of the task being assessed
- An understanding of the risk assessment process
- An ability to influence, implement control measures
- An ability to maintain the control measures
The bottom line is that if something went seriously wrong in your practice, that could have been avoided due to proper risk assessment and management, you could potentially find yourself in court, opposite the HSE, explaining to them why you consider yourself to be trained and competent. Or, as a practice owner, you could be explaining why you delegated the task to a team member who you didn’t provide adequate training to when you asked them to be your ‘head of health and safety’.
The crux of the matter is that in order to perform a risk assessment correct training is required; something that you’re not going to achieve by reading an article, watching a webinar, or making a phone call. All we can do here is outline the fundamentals of risk assessment and cover where practices that do fall short routinely trip up. You also need enough seniority to make changes or be allowed to make changes by those in charge. Only you know if you’re competent to carry out a risk assessment.
“The lead nurse had used a template supplied to the practice from a compliance company to carry out a risk assessment. However, she had not received training to enable her to competently assess the risks.”
The quote above is from a CQC inspection report and shows that the regulator is looking more closely at practice risk assessments and those tasked with carrying them out. A question we often get asked on the iComply helpline is ‘how do I carry out a risk assessment’. It’s always an interesting question because if you need to ask then you probably shouldn’t be doing it yet. You need appropriate training first.
So, where can you get good training? I recommend the Institution of Occupational Safety and Health (IOSH) as a great place to start, they have a multitude of courses to help managers – www.iosh.com
- A hazard is something that can cause harm, e.g. electricity, sharps, chemicals
- A risk is the chance, high or low, that any hazard will actually cause somebody harm (usually scored) and the amount of seriousness of the harm
- Control Measures (risk controls) are measures you put in place (e.g. PPE) to reduce the likelihood that a Hazardous Event (e.g. a sharps injury) could occur
Risk Assessment – the steps
There are five established steps to performing a risk assessment and these include:
Step 1: Identify the hazards
Step 2: Decide who might be harmed and how
Step 3: Evaluate the risks, decide on precautions and implement them
Step 4: Record your findings and implement them
Step 5: Review your assessment and update if necessary
It is important to note that you are required to reduce ‘reasonably foreseeable risks’ to a ‘reasonably practicable’ level and you cannot be held responsible for risks that you can argue were not ‘reasonably foreseeable’. How would you prove you had done this? With the risk assessment; it is your paper trail of what you have assessed.
Risk assessments should be reviewed ‘regularly’, which is generally always interpreted as annually. Additionally, they should be reviewed after any significant physical changes to the business and following an incident, accident or near miss.
Templates and common errors
On the whole, a template would be used to perform a risk assessment, which will usually have columns and a workflow from left to right. You should first outline what the hazard is and ascertain who is at risk and how. You should decide the control measures the practice will use to reduce the risk, and then apply a final risk score. Risk scoring is generally based on (LxS); the likelihood that something could happen multiplied by the severity if the incident did occur, which gives a total risk score.
So where do practices commonly make errors?
- They use a template and do not add risks specific to their practice or remove risks that aren’t applicable
- They do not remove or add control measures. For example, they say they use safer sharps to reduce risk of sharps injury when they don’t
- They misunderstand risk scoring and in an attempt to make the practice look overly safe they score lower than is actually the case
- They score severity too low. It’s critical to remember that control measures generally reduce the risk something will happen, but the severity if it did happen is rarely reduced
- They perform risk assessments without any training
A note on control measures
There is an established ‘Hierarchy of risk controls’ that looks like:
- Eliminate – completely remove the hazard
- Reduce – change the process, use safer equipment
- Prevent contact – use a guard
- Safe system of work – a procedure for a hazardous task (may need supervision and training)
- Personal protective equipment (PPE) – gloves, eye protection
It’s important to note that PPE is right at the bottom of this hierarchy, with elimination in the top spot and reduction at number 2. That’s why when the Safer Sharps regulations mandated that we reduce the risks associated with sharps the consensus across the profession was that nurses did not need to be handling them and therefore they must not – the risk was then eliminated. It’s also why safer sharps are seen as pretty much mandatory now as your second option is to reduce and ‘use safer equipment’.
Should you outsource?
iComply has extremely useful risk assessment templates to help with your compliance if you are appropriately trained and competent to carry out risk assessments. Outsourcing is perfectly acceptable, especially if there is a particular area where you do not feel knowledgeable enough; I’ve worked with practice managers who only felt able perform health and safety risk assessments and outsourced for legionella and fire. If you do outsource then always read the reports and deal with the recommended actions as not carrying out what the expert has advised this is a key area where practices fail inspection
Alex O’Neill is CODE’s head of compliance, leading the team on compliance consultancy, researching regulatory changes in the UK and delivering CODE seminars. He is an experienced business coach and consultant with a focus on operational excellence and change management. He has advised a range of practices on the best strategies to achieve their goals.