The scale of this review should be commensurate with the scale of the overarching clinical risk management process but needs to be sufficient to ensure that top management are adequately appraised of the work conducted.
In essence the review needs to show that:
- the manufacturer’s clinical risk management plan has been implemented and the outcomes recorded
- the residual clinical risk for each hazard is acceptable
- appropriate methods are in place to obtain relevant post-deployment information and to feed these into the manufacturer’s clinical risk management system
Top management need to be satisfied that all foreseeable hazards have been identified and that the clinical risk of each hazard has been reduced to acceptable levels. In all circumstances, top management remains responsible for the release of the health IT system.
Top management needs to be satisfied that any outstanding defects that remain unresolved at release have been reviewed by the operational CSO and the potential impact on clinical safety has been assessed. If the risk of any such defects remains unacceptable then the manufacturer must consider implementing additional risk control measures. Where further risk control measures are considered impractical then clinical risk benefits analysis needs to be conducted to establish whether the benefits of the release outweigh the residual clinical risk.