GP practices have been advised to appoint a ‘clinical safety officer’ (CSO) who has two days’ training before using any medical transcription tools – amid confusion around new NHS England guidance.
A letter issued earlier this month by NHS England further developed its guidance on the use of ambient voice technology (AVT) – the technical term for transcribing tools used during consultations – and stated that ‘all NHS organisations must ensure that any AVT solutions being used meets the specified NHS standards’.
However, this has led to confusion among practices, ICBs, the BMA and suppliers about what they need to do and what packages they can use without incurring liabilities.
In an email to practices, Mid and South Essex ICB’s information governance team laid out its interpretation of new NHS England guidance. It stated that while its advice did not amount to a ‘do not use’ order, failure to adhere to the NHS England guidance ‘does mean that the responsibility and liability for any risks, including clinical safety issues or data breaches, will sit entirely’ with the practice.
The email seen by our sister title Pulse said that before using AVT, practices would need to appoint a CSO, who would need to be a trained clinician who understands the risks of introducing tech into clinical care, and that they will need at least two days’ training.
The ICB information governance team also advised practices that many packages, including Heidi, are not compatible with the guidance, and that the use of these products would leave practices facing greater liability if anything went wrong, including clinical safety issues or data breaches.
GP experts have said that this interpretation isn’t necessarily correct, and that the NHS England guidance fails to distinguish between GP practices and trusts, while Heidi said that it believes its technology does meet the standards set by NHS England.
Meanwhile, the BMA has issued guidance asking practices to consider whether their software is compliant, and has said it is requesting a meeting with the national chief clinical information officer, who issued the 9 June NHS England letter. The NHS England letter said that the adoption of AVT ‘is to be encouraged to improve both the quality of patient care and operational efficiency’.
It said that providers should only use AVT that are compliant with its standards, and that ‘liability for using a non-compliant solutions sits with the deploying organisation (eg, general practice or trust) or individual user’.
The letter also said it was the responsibility of ‘NHS organisations’ to determine whether the specific AVT is compliant. These standards include compliance with data protection regulations, that the technology supplier has a clinical safety officer and that there is ‘appropriate NHS clinical system integration’ (see box below for full list of requirements).
The Mid and South Essex ICB information governance team sent an email stating: ‘If your practice wants to use an AVT solution, you are responsible for carrying out a local clinical safety assessment, which includes… appointing a CSO— a trained clinician who understands the risks of introducing tech into clinical care.’
It later added: ‘The CSO must be a registered clinician who has completed NHS-approved Clinical Risk Management (CRM) training… The training is typically delivered over one or two days by accredited providers and must be completed before a clinician can take on the CSO role.’
The ICB added: ‘Heidi does not meet the standards set. Following discussion with them directly, they have confirmed that they are working towards most, but the one that trips them up is clinical system integration, it doesn’t output straight into S1, and sounds not likely to change any time soon.’
However, Heidi’s chief medical officer Dr Hannah Allen said: ‘Heidi collaborates closely with regulators around the world, including NHS England, to ensure we’re meeting and exceeding regulation and safety expectations for government, clinicians and patients. You can see how Heidi meets the latest NHS England guidelines here.
‘In the most recent guidance, NHS England notes integration is an “enhanced” requirement. Heidi requested to integrate with TPP via the NHS England IM1 program 12 months ago and we remain eager and ready to make this investment. We believe no scribe to date has integrated to TPP via the IM1 program and are instead leveraging integrations from partner organisations. Integrating directly is NHS England’s and our preference and we welcome their support to accelerate this.
‘Our approach to safety and product functionality is why one in two UK GPs and 15 UK Trusts trust Heidi to support 1.5million patient appointments every month. We understand it can be challenging for every ICB to keep up with evolving regulation and we’re here to help.’
Former GPC IT chair Dr Grant Ingram, who is now chief executive of Leicester, Leicestershire and Rutland LMC, said that the NHS England guidance ‘fails completely’.
‘This is OTT and just highlights the inappropriate approach of the management hierarchy to practices and innovation. The guidance from NHS England is for all organisations from large secondary trusts to single handed practices and therefore fails completely.’
‘ICBs should, in line with Department of Health and Social Care policy, be finding ways of encouraging and supporting practices to implement changes and innovations. We are told that AI is the future by Wes Streeting whilst ICBs are trying to strangle it at birth. CSOs should be at ICB level and provide the support and advice needed.
‘My LMC has issued high-level guidance to practices as to what they need to consider when implementing AI. In the absence of sensible national guidance it is a Wild West at present.’
Dr Paul Cundy, who is also a former chair of the GPC IT committee, said: ‘As long as practices comply with the law – ie, do DPIA and resolve any issues before they implement this new processing of patients data – they remain independent contractors and can do what they like.’
NHS requirements in full
- Core platform assurance requirements. Digital Technology Assessment Criteria (DTAC), Data Security and Protection Toolkit (DSPT,) Cyber Essentials Plus, CREST-approved pen testing.
- Data Protection Requirements as set by ICO – Local ICB / Trust governance approval including DPIA completion
- Clinical Safety Officer(s) named and accountable
- End-to-end encryption and GDPR compliance
- No unsafe functionality e.g. prompt injection access
- Appropriate NHS clinical system integration (API or FHIR/HL7 compliance and write-back capability).
- The responsibility for translation accuracy remains with the AVT supplier.
- Enhanced Requirements Medical Device Classification. All AVT solutions that undertake summarisation require, at least, MHRA Class 1 medical device status. Companies must NOT extend system capabilities to produce generative diagnoses, management plans, or other medical referrals and calculations without seeking at least MHRA Class 2a approval.
- Data Protection – Safeguarding Patient Information is paramount. Patient data from clinical sessions (e.g. immediate inference) should be automatically deleted unless legally or operationally required, in line with UK GDPR and DPA 2018 principles on data minimisation and storage limitation. Further guidance on this will be published shortly.
- System integration – Ensure appropriate integration with your IT infrastructure, systems and workflows. For example, in most general practice and hospital settings, AVT solutions will require integration with the principal electronic record system. This will enable automated workflow (e.g. diagnostic test requesting or prescribing presented within the system being used, for clinician validation and submission).
- Clinical and Operational Benefits Thresholds.Evidence of real-world clinical validation of benefits in the NHS care setting proposed (e.g. enhancing clinical efficiency and workflow, reducing administrative burden; improving patient care by increasing face to face time with patients; improving accuracy of documentation.
- improving data quality and capture of structured data recorded in electronic patient record systems)
- Clear economic justification and workforce impact.
Source: NHS England letter to providers and ICBs, seen by our sister title Pulse
A version of this article was first published by our sister title Pulse
