Clinical authority to release

Prior to delivery of the health IT system for go-live, the manufacturer will need to undertake a formal review of the clinical risk management activities conducted to ensure that the requirements for the clinical safety management system have been addressed.

This meeting should include the following representatives (adjust as appropriate for equivalent roles) and will be a formal process and include the sign-off of the system using the clinical authority to release (CATR) checklist document. The meeting should include (adjust as appropriate for equivalent roles) the

• chief medical officer or equivalent
• director of operations or equivalent
• project/programme manager
• operational clinical support officer (CSO) for the project
• system CSO or clinical safety lead
• product director or equivalent
• technical services manager
• quality assurance manager

The scale of this review should be commensurate with the scale of the overarching clinical risk management process but needs to be sufficient to ensure that top management are adequately appraised of the work conducted. 

In essence the review needs to show that:

• the manufacturer’s clinical risk management plan has been implemented and the outcomes recorded 
• the residual clinical risk for each hazard is acceptable
• appropriate methods are in place to obtain relevant post-deployment information and to feed these into the manufacturer’s clinical risk management system

Top management need to be satisfied that all foreseeable hazards have been identified and that the clinical risk of each hazard has been reduced to acceptable levels. In all circumstances, top management remains responsible for the release of the health IT system.

Top management needs to be satisfied that any outstanding defects that remain unresolved at release have been reviewed by the operational CSO and the potential impact on clinical safety has been assessed. If the risk of any such defects remains unacceptable then the manufacturer must consider implementing additional risk control measures. Where further risk control measures are considered impractical then clinical risk benefits analysis needs to be conducted to establish whether the benefits of the release outweigh the residual clinical risk.

Expected outputs at this stage of the clinical safety process which will be reflected in the risk management file.

Safety closure report – ready for CATR

A closure report needs to be produced at a point where the software version is the release candidate for deployment for go live. It will follow the same format as the safety case reports. It will also:

• include a final safety statement
• give evidence of any issues that are still outstanding
• include any caveats that need to be introduced in case of work-off plans for outstanding development

CATR sign-off document

The CATR document has a list of essential requirements that have to be fulfilled for the system to be signed off as clinically safe for deployment to the health organisation. A copy of the CATR should be produced and given to the health organisation.

Further actions if required

Any actions that have been documented as part of the process will need to be given ownership and a timescale for completion. If this impacts the decision to sign off then a work-off plan will need to be put in place to make sure the consequence is minimal.