7 December Dear Mr Clover. Request for information

Transcription

1 By Ben Clover Freedom of Information Corporate Services Barts Health NHS Trust c/o Archives / Records Office Lower Ground Floor 9 Prescot Street Aldgate E1 8PR FOI@bartshealth.nhs.uk 7 December 2012 Dear Mr Clover Request for information Thank you for your of 30 October 2012 to Barts Health NHS Trust requesting a copy of the report on the external review of Criminal Records Bureau (CRB) compliance, referred to on page 33 of the Trust Board papers for October 2012, and the terms of reference/tender notice for it. I attach a copy of the report as requested. The purpose and aims of the review are set out in the Executive Summary section of the report. Please note that the Trust considers that disclosing the names of staff below Director or Consultant level may not be fair processing under the Data Protection Act. Therefore the attached document has been redacted accordingly under Section 40(3) of the Freedom of Information Act. A detailed programme has been put in place to address the findings of the external review of CRB compliance. The objectives are to stabilise the current position, to look back and remedy historic compliance issues and to put in place more robust systems and processes going forward. Formal project and sponsor groups have been established to oversee progress, reporting to the Trust Management Board, and Internal Audit is providing support. The Trust has briefed the Care Quality Commission accordingly. An update is scheduled to the Trust s Quality Assurance Committee in January I hope that this response meets your requirements. If you have any queries then please contact us at FOI@bartshealth.nhs.uk If you remain dissatisfied on how your request has been handled, you can complain in writing to: Barts Health NHS Trust: Newham University Hospital, The London Chest Hospital, The Royal London Hospital, St Bartholomew s Hospital and Whipps Cross University Hospital.

2 Freedom of Information c/o Archives and Records Centre Barts Health NHS Trust Lower Ground Floor 9 Prescot Street London E1 8PR FOI@bartshealth.nhs.uk If, after we have addressed your complaint, you remain dissatisfied with how we have responded, you are entitled to appeal to the Information Commissioner (Tel: ). Details are shown at Yours sincerely Ian Walker Director of Corporate Affairs 2

3 Investigation Report Criminal Records Bureau checks project Barts and the London NHS Trust 2009 to March 2012 CONFIDENTIAL Hilary Merrett Final version August 2012

4 Investigation Report CRB Check Project Contents 1 Executive Summary... 3 Background 3 Commissioning of the review and declaration of a serious incident... 3 Critical failures... 4 Key Problems... 4 Underlying causes... 5 Recommendations... 6 Overall Conclusions Background to and requirements of the CRB process Outline of current process High level policy requirements Procedural requirements Systems requirements Personnel requirements Methodology Terms of reference The investigatory process Limitations Acknowledgements Analysis Chronology of events Positive practice identified Key Problems and Contributory factors Additional Problems identified Learning and Improvements Main Themes / Root Causes Recommendations: Organisational governance and assurance processes Recommendations: Project management Recommendations: Policy / task definition Recommendations: Human Resources leadership and culture Appendix 1 Recommendations and current actions or plans Appendix 2 Documents reviewed... 41

5 1 Executive Summary Background The NHS has a legal and moral responsibility to protect all of its patients from harm, particularly in the case of children and vulnerable adults. The application of rigorous Preand Post-Employment checks is a crucial part of this responsibility. The Criminal Records Bureau (CRB) procedure forms part of these checks and is designed to help to ensure that unsuitable people do not obtain or retain employment in the Trust, but also to ensure fairness to potential and current employees in line with the Rehabilitation of Offenders Act Barts and the London NHS Trust Board had begun discussions on ensuring compliant Criminal Records Bureau (CRB) checking policy and procedure in the context of the proposed new Independent Safeguarding Authority (ISA) in Despite the postponement of these proposals, it became clear that there was a need to ensure that all existing employees had been appropriately checked. The Human Resources (HR) function of the Trust held the responsibility for this piece of work, which became known as the Recheck Project. This ran from October 2009 up until March Several problems contributed to mounting concern at Board level over the effectiveness of the project and the adequacy of controls in place, including: Assurances given to Trust committees on completion of checks for all high risk* staff proved to be inaccurate Continued changes to numbers of staff whose checks were reported as outstanding The identification of several high risk members of staff for whom no checks had been carried out The necessity of declaring non-compliance with CQC standards Outcome 12 *High risk staff in this context appears to have been interpreted as those working regularly with children. Commissioning of the review and declaration of a serious incident These issues resulted in a significant loss of confidence in the process and consequently the recognition of a potentially high degree of risk to patients, staff and the reputation of the Trust. The Chief Nurse decided to commission an external review of the project, with the aim of understanding what had gone wrong, learning from this and helping to ensure that current processes and controls are fit for purpose. A serious incident was reported to NHS London in February 2012, following on from the declaration of non compliance with Care Quality Commission Outcome 12. The incident was described as concerning an issue regarding the controls in place for CRB rechecking. The overall purpose of the commissioned review was to:

6 review the CRB checking and re-checking systems and processes at Barts and The London NHS Trust The specific aims of the project were to: ascertain the current level of controls and compliance determine how systemic errors arose that led to a loss of confidence in the data and CRB checking and re-checking processes make recommendations on future actions/ further controls/process changes required to ensure high level compliance This report describes the methodology, findings and recommendations of this review. The principles of structured root cause analysis have been applied throughout. In order to place the finding of this review in context, this report also sets out a brief outline of the CRB checking process, together with a description of the range of sometimes complex requirements to make the process run well. The consequences of failures in many of these requirements during the project are described and discussed in the body of this report. Critical failures There are three procedural activities which the investigation has revealed to be most significant in terms of problems during the project and in terms of ensuring the effectiveness of controls and compliance in the future. How and where these failed is examined in detail in the report and recommendations made to reduce the risk of error in the future. The three activities are: Recording of information for new recruits on Trust information systems Notification and recording of changes of employment information for existing staff Acting on receipt of CRB disclosures received from the CRB For each of these activities, there must be: Process Responsibilities Timescales Audit A clearly set out written procedure Identification of who is responsible for undertaking the task, with training and cover arrangements in place Timescales for completion of the task A clear audit process and assurance system to ensure this is undertaken Key Problems Thirteen key problems were identified as follows: 1. There was no initial project plan for the recheck project 2. There was no CRB policy

7 3. There was no agreement or consistent understanding about the criteria for CRB checks throughout the project 4. No clear project management plan once the project was formalised in Autumn HR resourcing issues and other concerns not managed properly and not escalated early enough 6. CRB clinics failed and clinics did not meet predictions and assumptions 7. Data lists inaccurate on ESR 8. Reports to OMG wrong / Phase 1 declared finished false assurance given 9. Operational Management Group did not escalate early enough 10. Disclosure receipt procedure failed 11. Lack of controls or audit processes in HR 12. Staff working when not checked and not risk assessed 13. Problems with services provider staff - not checked and working with convictions Underlying causes Each of these was analysed for its causes, drawing on the Contributory Factors Framework originally designed by the University College London Clinical Risk Unit, and amended by the National Patient Safety Agency. The following overall picture of underlying factors emerged: Problem number Organisational and Strategic factors Resource factors Team and Social Factors Education and Training factors Task factors Individual staff factors Communication From this, four main areas of recommendations for improvements were identified: Organisational governance and assurance processes Project management Policy / task definition Human Resources leadership and culture

8 Recommendations Within each of these areas, recommendations are detailed in the body of the report and are summarised below. Organisational governance and assurance processes Identify priorities on basis of safety as well as compliance and cost Decision-making support to organisation Clarity about mandatory requirements for all staff groups and providers Strengthen risk management and the escalation and assurance process Formalise meetings and action logs Invest in CRB programme maintenance Project management Project management approach and rigour Escalation process and trigger points Identify routine audit trail CRB systems issues Policy / task definition Policy style CRB and Pre and Post-Employment policy Training and support Reconcile policies Operational policies in support of recruitment checks critical activities Human Resources leadership and culture Internal governance, policy and risk management Role of the Recruitment teams Build external relationships with Divisions Build competence and confidence Organisational resilience etiquette Celebrate success Overall Conclusions In summary, it is important to revisit the goals of this review: 1. to ascertain the current level of controls and compliance 2. to determine how systemic errors arose that led to the failure in controls and a loss of confidence in the data and CRB checking and re-checking processes 3. to make recommendations on future actions/ further controls/process changes required to ensure high level compliance

9 While this summary identifies the main findings and recommendations in relation to the second and third of these goals, the main body of this report addresses them in detail. With regard to current levels of controls and compliance, the evidence shows the following: o a vast improvement in levels of current compliance o clarity about the checks outstanding and responsibility for follow up for rechecks o a draft policy exists (now ratified August 2012) which will address many of the loopholes and current uncertainties around policy and practice o a renewed vigilance and awareness across the Trust (including HR and Divisions) and will to maintain compliance o improved data quality and improved awareness and identification systems for where problems exist. However, the Trust cannot be assured positively at the time of writing on the robustness of its controls. This is due to a range of issues described in the report and its recommendations, including: o the new policy is not finalised nor implemented o many procedures are either still not written or are poorly communicated to staff o many staff are unclear on the process and / or their responsibilities within it o the current excellent data quality checking processes may be reliant on the existence of the Project and continuation may be at risk o current levels of compliance may be dependent on the efforts of particular individuals and there are low levels of organisational resilience o there is no clear audit trail for the whole process Controls for the three critical activities highlighted in this summary are still weak at the time of writing. Many recommendations are designed to address these weaknesses. The improvement in current compliance, however, does present a real opportunity for the Trust to increase its confidence in controls going forward. This opportunity arises because: o Future controls now need to cover small and thus manageable numbers of existing staff and new recruits o Many interviewees expressed an awareness that things could have been managed better and that there were gaps in staff knowledge and awareness that now need to be filled o The need for explicit and consistent policy and procedures has been recognised o The development of a simple unified tracking report is entirely achievable. In addition, it is also critical to note that this report describes events at Barts and the London NHS Trust and this has, since April 2012, been merged into a new organisation, Barts Health NHS Trust. The new trust has identified recruitment and medical staffing as a key priority area for attention. All of the issues highlighted above are understood to be within the scope of the identified priority area workplan. There is now a Workforce Resourcing Assurance Group,

10 constituted in July 2012, which reports to the Trust Management Group (TMB) and has an overall purpose as follows: a. Review the current status of Pre and Post Employment checks across Barts Health. b. Identify areas requiring improvement. c. To develop and deliver action plans to deliver compliance. d. To monitor progress towards compliance and provide regular reports to TMB e. Communicate with partners and stakeholders. A table showing which senior officer in the Trust is taking responsibility for each recommended action in this report is included at Appendix 1. There were a whole range of issues leading to the problems described in this report. Such failures occur against the background of management style and organisational culture 1. It follows that attention to improving organisational openness, making explicit the desire to improve rather than to blame, and clarifying expectations and responsibilities, will be rewarded by fewer failures and increased confidence in controls. 2 Background to and requirements of the CRB process 2.1 Outline of current process Potential new recruits to the Trust are guided through the application process for the appropriate CRB checks by their Recruiting Officer with Human Resources (HR) support (counter-signatories). The contract of employment will normally only be issued on successful completion of the required check. All Trust recruits are required to bring documentary proof of their identity in to the Trust and they will then be directed to the online application form of the electronic application system (the Atlantic system). This has a typical turnaround time of 1 8 days, rather than the paper system which could take up to 8-10 weeks. Designated personnel within the Trust can track the status of the CRB applications on line. Any convictions, whether disclosed by the applicant or not, are returned in hard copy format to the Trust. The implications of these will be discussed with Workforce Specialists or line managers and / or the individual, depending on the circumstances, and a decision on appointment made. Where applications are in process and managers wish to appoint, a risk assessment procedure is in place to assess whether the person can start work and, if so, under what supervisory arrangements. 1 Reason, J T 2001 Understanding adverse events: the human factor In Vincent C (ed) Clinical risk management: enhancing patient safety 2 edn. BMJ Publications, London

11 Staff records should include the CRB reference number only; disclosures notices should be stored for a limited period separately. During the Recheck Project reviewed in this report, Barts and the London NHS Trust ran the CRB application process using both paper-based and electronic systems, and by inviting staff due for rechecks to CRB clinics, manned by members of the HR department, to present their documentation and be guided through the application process. 2.2 High level policy requirements In order for the process outlined above to work successfully, the organisation must set its policy in relation to its duties as described in 1.1. Decisions around the following need to be explicit: Level of checks necessary for every group of staff (either enhanced, standard or no check required) on recruitment. There is guidance on how to make these decisions from NHS Employers, involving the frequency and intensity with which staff work with children or vulnerable adults. However, the organisation must decide how it applies this guidance to its workforce Frequency with which any rechecks will be made Whether portability of CRB checks is applicable to any staff groups (eg medical staff and, potentially, Trusts across London) The criteria to be applied when positive disclosures are received ie making decisions about employing staff with convictions, spent or otherwise, or allegations, and the implications of whether or not these were originally disclosed 2.3 Procedural requirements The operational procedures involved must take into account all staff working within the Trust, including those working under different management or contractual arrangements, for example: the Trust has an agreement under which the company referred to in this report as the main service provider or service provider provides domestic, portering, security, catering and other staff This company employs Help Desk and other staff directly Honorary contactors Agency and bank staff Volunteer staff These procedures must also describe the following processes for both new recruits and existing staff requiring rechecks (if at preset intervals and /or when a change of nature of work occurs for any employee): How employees apply to the CRB for the appropriate check How the Trust ensures that staff on long term sick or maternity leave (LTS/Maternity) have had the appropriate checks The process for assessing the risk of staff working supervised, or unsupervised if applicable, before their CRB check is completed

12 How the status of CRB checks is recorded 2.4 Systems requirements The process relies on accurate and up-to-date information about: Where potential recruits are in the recruitment process Staff members roles and place of work Any changes to department or nature of work undertaken Status of CRB check and CRB reference number This information is drawn from several different systems, whose purposes differ, and currently much information has to be manually transferred or updated. They are also used and updated by personnel from a range of different departments. Very broadly, the relevant information systems include: System Purpose Main Users Electronic Staff To maintain an up to date record of HR Records system staff employed by the Trust (ESR) Atlantic system To track the status of CRB checks HR Payroll systems To enable staff to be paid correctly Finance (including the Ledger) MAPS rostering system To book staff onto shifts and aid staff allocation and service provision Recruitment tracker To track the process of recruitment in detail and in a timely fashion Operational managers in Divisions HR 2.5 Personnel requirements There are several staff groups involved in managing and operating the process and the clarity of their respective roles and the quality of their relationships underpins the safety and reliability of the system. The key players include: Divisional managers Line managers Service provider managers and HR leads Divisional HR leads Recruitment teams in Corporate HR: o Medical staffing o Staff Bank o General Recruitment Resourcing managers in HR Workforce specialists in HR Systems staff in HR Corporate HR Assistant Directors

13 3 Methodology 3.1 Terms of reference A Steering Group comprising the Chief Nurse, Medical Director, Chief Operating Officer and Assistant Director of Human Resources agreed the overall purpose of the project: a review of the CRB checking and re-checking systems and processes at Barts and The London NHS Trust The aims of the project were to: ascertain the current level of controls and compliance determine how systemic errors arose that led to a loss of confidence in the data and CRB checking and re-checking processes, by o reviewing controls in place at specific time points * o investigating information on performance reported to CET and Trust Board at these times make recommendations on future actions/ further controls/process changes required to ensure high level compliance *specific time points were given as: October 2010 April 2011 October 2011 February The investigatory process The approach used for this review is based on the principles and practice of root cause analysis as applied to health care in the UK. The external investigator was on the team who designed the National Patient Safety Agency s 2003 elearning Root Cause Analysis toolkit and has undertaken many reviews and designed and delivered training programmes using this methodology. In summary, this approach involves: 1 agreeing terms of reference and scope (see 3.1 above) 2 gathering information 3 establishing the chronology or timeline of events 4 noting of good practice 5 identifying key problems or failures 6 identifying factors contributing to each of these problems 7 aligning these factors to key themes or root causes

14 8 identifying recommended actions to address the root causes 9 ensuring that the mechanisms for sharing learning from this process are described. While some categories of the contributory factors framework (Clinical Risk Unit 1999, amended National Patient Safety Agency 2009) have been used, the CRB project is not part of the clinical care or delivery process and consequently not all categories are applicable. Those that are considered helpful in this context are shown in the analysis in section 4.3. The gathering of data (stage 2 of the process) for the review comprised: A meeting with the Steering Group to agree the workplan and information / evidence required Interviews with relevant senior management, HR and a sample of Divisional personnel in person or by telephone (originally this was planned at 12 individuals: the final number interviewed was 22) Review of relevant policy and process documentation as follows : Action plans and progress reports for CRB check process, including progress and monitoring arrangements Pre-employment check policy; risk assessment procedure Related recruitment and information procedures and processes Medical staffing procedures and Bank and agency process / recruitment policy Senior team and committee minutes Review of related reporting processes and reports as follows: Report of current compliance / status quo with regard to CRB checks Sample of weekly reports to Divisional teams, including those for periods where incidents have occurred Sample of monthly reports to the Operational Management Group (OMG), including those for periods where incidents have occurred Sample of Trust Management Executive (TME) reports to cover whole period Stages 3 8 of the process are described in this report. Stage 9 (mechanisms for learning lessons) is for the Trust to agree and describe. 3.3 Limitations The following limitations should be noted. Triangulation: this has not been possible in all cases but the majority of information leading to identification of the key problems and contributory factors has been drawn from two or more sources. The author has not included any information that she does not consider, on the balance of probabilities, to be accurate. All the recommendations in the report are based on evidence from at least two sources (Trust document; interview and / or s).

15 Availability of information: it has not been possible to see all the requested information. At the point of writing, it is not clear whether in all cases the information exists. For example, extracts from Operational Management Group meetings and from Trust Management Executive meetings have been submitted but not as full minutes: while this has undoubtedly made the project manageable from a time perspective, it is possible that all references to CRBs have not been seen. In addition, the papers submitted do not align exactly with the time points included in the original terms of reference, and there was a dearth of evidence observed that could confirm whether OMG and TME received or responded to key documents and correspondence issued by HR. All submitted evidence of reporting and decision-making from any time during the period under review has been taken into account in the report. Timing: as is stated elsewhere, the Trust was in the process of merger with two others at the time of writing and, by the time of report finalisation, it is part of a new organisation. Many of the recommendations made relate to processes and ways of working which may now be superseded by new arrangements. 3.4 Acknowledgements It is important to acknowledge the guidance and support of Kay Riley, Chief Nurse, and Julia Whitehouse, Interim HR Director. Thanks are also due to Terry Roberts, Associate HR Director, and Helen Crane, PA, for invaluable help during this work and to all the personnel who were either interviewed or who supplied information in support of the review. This project involved discussing some sensitive issues, where anxieties about blame and recrimination have clearly been involved. All interviewees were open and constructive, with many expressing openly their feelings about how they themselves, as well as others, might have acted differently. It is crucial that the results of this investigation are used to reinforce the need to learn from the past and encourage openness, as failure to do this is certainly implicated in the story this report tells. 4 Analysis 4.1 Chronology of events The findings described in this report emerged following a thorough analysis of events, for which information was gathered as shown in the table below. Date if known Event Officer /s managing CRB process Supplementary information

16 Positive points Source of information Further information required Problems The following anonymised table shows key events only. Date Event? 2008 Staff member found to be working when allegedly not CRB checked. HR Director initiated checking (one source only) ISA to be set up. BLT Board meets to decide intervals for rechecks but 2009 then identifies need to undertake project to ensure all current staff are checked. Project started but not formalised as a project as such. October 2009 Atlantic electronic CRB logging system first used at Trust. Summer 2010 Autumn 2010 September st September th October 2010 November 2010 Issue raised at OMG (Operational Management Group) CRB Recheck project formalised as including Phases 1 (high risk staff) and Phase 2 (others) Responsibility within HR changes. Project plan produced and request for more support and investment to meet CRB project targets Plan issued to senior team and Divisional senior teams based on 60% attendance. Target completion Agrees weekly reporting to senior team. CRB clinics moved out to wards and departments 25 th February 2011 March 2011 Report for TME (Trust Management Executive) prepared showing 7 outstanding checks for Phase 1 and none outstanding predicted by 3rd March Evidence that some problems with project recognised as roles and responsibilities clarified. 24 th March 2011 Further report prepared for TME predicts all high risk checks to be completed by 31 st July Reports 550 in total outstanding for Phase 1. TME records problems with attendance and overlap between high and medium risk groups of staff. CE asks question about service providers. 39 reported outstanding from key service provider. 4 th April 2011 Draft CRB policy submitted to TME includes costings. 11 th April 2011 Issues about HR resourcing raised again by th April 2011 Paper produced for OMG shows 109 Phase 1 checks outstanding. Lists types of staff who might fall into Enhanced, Basic and No checks categories, includes comparison with other London trusts on their policies of levels of checks and seeks endorsement / adoption of these

17 categories. Appears to base predicted plan on adoption of categories. 24 th May 2011 HR starts to run joint CRB / RA (smart card registration) clinics to be more effective. June 2011 New CRB policy produced. Sets out requirements for levels of checks as per CRB / NHS Employees guidance but no official Trust policy /agreement on categories observed. July August 2011 Performing for Excellence programme starts. Restructuring affects HR and staff numbers and grades dealing with CRB reduced. 1 st August 2011 Responsibility for CRBs within HR changes. Further problems recognised Summer Autumn th September th 29 th September 2011 Problems with attendance at CRB clinics. Also problems with staff reporting turning up at clinics and no one there; having given documentation in and it being lost etc. Beginning of realisation that data quality was a big problem and staff lists to Divisions not accurate. Phase 1 reported as finished to OMG with 177 outstanding on Long Term Sick or Maternity leave (LTS/ Mat) Some improvement in attendance reported. Concerns expressed in HR re the CRB process and need to clarify. October 2011 Weekly lists going out to Divisions. Data cleansing ongoing 17 th October 2011 First evidence of Risk Assessments for staff whose checks not completed (except main service provider who had a system in place) Form drafted 20 th October 2011 TME told that 70 still outstanding for Phase 1 28 th October 2011 Paper prepared for CET advising of 219 Phase 1 outstanding and 1365 Phase 2s. Asks for more resource to achieve targets. Deadline of 31 st March 2011 for all checks to be completed. 10 th November Problems with outstanding Phase 1 LTS / Maternity reported upwards th November Divisional managers not all getting weekly reports due to data 2011 cleansing process 16 th November TME report shows figures changed again rd November Outstanding service provider checks identified. Investigation 2011 commissioned. 28 th 29 th 3 high risk staff ([paediatrics) identified as in work and not having had November checks. December 2011 Attendance problems at CRB clinics ongoing 7th December th December 2011 Trust Board agreed to declare non compliance with CQC Outcome 12. Decision to exclude or suspend staff whose CRBs not in process by 16 th December. Decision re criteria for levels of checks requested. Risk assessment process tightened up.

18 10 th December th December 2011 End December 2011 New flowcharts for recheck processes designed. Trust notified CQC of non compliance with Outcome 12. Evidence of concerns about project growing and pressure to bar staff from working. Names of staff to be barred circulated. TME met and reported 1200 staff had been reclassified to Priority 1. January th January 2012 HR Staff internal meeting many concerns raised re processes and support, including Red Box * disclosures being stockpiled in HR with no actions taken. Actions taken on Red Box 54 CRB disclosures returned where no 17 th January 2012 actions had been taken. 3 more high risk staff identified as working unchecked. 19 th January out of 16 Red Box cases remaining are medical staff 23 rd January 2012 Returned service provider CRBs found in drawer in HR 30 th January 2012 New Risk Assessment form drafted February 2012 Weekly verbal updates to senior team continue 9 th February 2012 SAI reported 16 th February 2012 Process for new starters and process for rechecks clarified responsibilities clarified 24 th February paper CRB applications forms found. 6 th 8 th March HR and service provider exchange correspondence about staff with 2012 convictions. Names and details included on s. 17 th March 2012 New sample CRB policy drafted 21 st March 2012 Update shows 89 outstanding (at 27 th April LTS / Maternity outstanding and 2 in process) but all accounted for. Question over whether honorary contractors information is on ESR (Electronic Staff Record) yet. * The Red Box was reportedly an actual box which was set up within the HR department to put the returned CRBs where convictions had been reported. This was not referred to in the procedure that was submitted as evidence to the reviewer, but was described by various interviewees as something they became aware of in January when the backlog of returned CRBs with convictions was discovered in January I have seen no evidence that it was officially part of the procedure, but it appears to have been used to store returned CRBs. 4.2 Positive practice identified The following is a list of examples of good practice evidenced during the review. This list is not exhaustive. Recognition of the need for project controls in autumn 2010

19 Efforts to establish controls, responsibilities and monitoring in October / November 2010 Efforts to improve liaison with staff and attendance at clinics November 2010 Escalation of concerns in March 2011 Internal meetings in HR commenced August 2011 Production of a written policy in June 2011 Development of risk assessment process and from October 2011 Closer monitoring and prioritisation of issue October 211 Recognition that data was a key problem October 2011 Project manager appointed November 2011 Liaison with Divisions and reporting improved November onwards OMG endorsed HT suggested deadline and backed up with official support for invoking disciplinary procedure Controls being introduced December 2011 Internal HR response to Red Box issue Data cleansing process from November 2012, involving Divisions Data quality checking process Induction programme drafted for Recruitment Officers February 2012 Flowcharts describing processes developed Expectations in senior corporate officers job descriptions requiring a service culture Negotiation of SLAs between recruitment and Divisions to ensure ESR is updated Rigour in staff bank regarding issue of contract dependent on check received Main service provider s existing CRB policies (now should be aligned with new Trust policy) 4.3 Key Problems and Contributory factors Problems causal These issues have been identified from the analysis of data as described in the methodology section of this report. They are failures which led to the overall loss of confidence in the CRB process and the commissioning of this review. For each key problem, a brief description of the problem is given, followed by the factors contributing to this issue by category. The categories used in the tables below are drawn from the Contributory Factors Framework originally designed by the University College London Clinical Risk Unit, and amended by the National Patient Safety Agency, for use in analysing clinical incidents. The categories that have been found to be applicable and how they have been interpreted in the review are set out as follows:

20 Category Organisational and Strategic factors Resource factors Team and Social Factors Education and Training factors Task factors Individual staff factors Communication These factors may include organisational or external targets, priorities or policy; culture and management style These factors may include the availability of resources eg staffing, information systems, funding etc These factors may include hierarchies and relationships in teams and departments; team culture and role definition These factors may include the availability, practical access to and quality of training These factors may include the design and clarity of procedures or tasks, as well as the availability and use of these These factors may include knowledge and skills, motivation or attitudes of members of staff or groups of staff These factors may include verbal and written communication There was no initial project plan for the recheck project The project started at an unspecified time in? 2008 or 2009, according to different accounts. There was a realisation that staff had not all had CRBs, or at least, they were not recorded for them and that these needed to be done. The scope of the work was not set; nor were role and responsibilities defined. Contributory factors Organisational and Strategic factors Resource factors Team and Social Factors Task factors Unclear priority from Trust board level HR team quickly became overloaded as the size of the issue was not identified Lack of clearly identified leader in HR The CRB process had not been set out, agreed, nor had the importance of data quality been identified There was no CRB policy Until June 2011, there was no written policy describing what the Trust expected in terms of CRB disclosures procedure. There was no clarity regarding the process for recruitment of new starters; for what other service providers (eg service provider) were doing nor for the

21 criteria for deciding on levels of checks to be undertaken on different staff groups. There was a draft policy produced as a result of TME request in May 2011 and a more comprehensive one issued in June 2011, but this does not appear to have been well understood by or communicated to relevant staff. Contributory factors Organisational and Strategic factors Resource factors Education and Training factors Task factors Trust culture of keeping things simple eg policy and meetings etc no detail in process. Lack of senior sponsor at Board or HR level Focus on cost of process, rather than principles No understanding of CRB principles and why they are important to the organisation Lack of understanding of complexity of process There was no agreement or consistent understanding about the criteria for CRB checks throughout the project This is linked it above. However, it is a significant problem and still appears to remain so. Many staff interviewed expressed differing beliefs about the levels of checks staff should undergo. There was a period during the project when HR believed that the Trust had endorsed certain groups of staff as needing no checks there is no evidence that this was ever understood or ratified by the Trust senior executive team. Different terminology is used in various documents eg high, medium and low risk and priority 1 and priority 2. The document which must be regarded as the current Trust CRB policy (June 2011), until the new draft one is amended and ratified, sets out the NHS Employers guidelines but does not definitively apply these to Trust staff groups, and appears to be contradictory in parts. There is still disagreement about the types of staff who may need enhanced, standard or no checks, with the result that, mostly, the assumption from the latter part of the project onwards is that all staff should have enhanced checks however this may represent an unnecessary expense for the Trust going forward. Contributory factors Organisational and Strategic factors Lack of senior project sponsor early on. Possible lack of organisational will to make definitive decision on this issue. Team and Social Factors Change of Associate HR directors (4) during the project Task factors Pre Employment check policy and CRB policy unclear Communication factors Lack of clear communication of

22 expectations between OMG, TME and HR function No clear project management plan once the project was formalised in Autumn 2010 This period saw several attempts to improve the situation: a formalisation of the project into Phase 1 (high risk staff to be checked) and Phase 2 (all others); weekly reports to the OMG; lists of staff being sent to Divisions, attempt to streamline the CRB clinics. However, there was still no robust project management evident. Reporting was managed largely by and inconsistent project plans. Had there been good project management discipline introduced at this stage, including project risk management, the reliance on data would have been highlighted as a risk factor and a plan to mitigate such risks agreed. In addition, the deadlines specified and outputs agreed would have been based on an analysis of the risks involved, rather than on assumptions of attendances at clinics and assumption that the OMG would respond to a line in a project plan requiring more HR resource. Contributory factors Organisational and Strategic factors Team and Social Factors Task factors Individual factors Lack of project management discipline generally Desire to get it fixed and to deliver on part of HR Task still unclear in terms of scale and reliance on data Staff involved were not familiar with or expert in exactly what information was needed and how to extract it HR resourcing issues and other concerns not managed properly and not escalated early enough There is evidence from early on in the project that HR personnel, including Resourcing Manager/s and Associate Directors, raised the issue of resource pressures on HR in the face of the scale of this task (by ). However, in the absence of a clear plan with identified dependencies, this could have been interpreted as a plea for more resources based on individual opinion. Ineffectual follow up to action planning and meeting discussions appear to have compounded this problem. Internal HR meetings have been reported during the course of this review: the only minutes seen include a full narrative but, while reference is made in trails about following up actions agreed at this meeting, there is no list of such actions. The lack of an audit or risk escalation system within corporate HR must thus be implicated.

23 Contributory factors Organisational and Strategic factors Team and Social Factors Individual factors Communication factors Lack of governance and assurance system within corporate HR (including risk register) Lack of leadership and consistent management in HR Lack of clarity of accountability within HR teams No rigour around internal meetings Concern amongst HR personnel to manage problems within the department Managed by CRB clinics failed and clinics did not meet predictions and assumptions Initially clinics were aligned to divisions and run centrally by corporate HR personnel. Assumptions were drawn up on 60% attendance of those invited to attend. Very low attendances at clinics and project slippage led to a rethink on clinics, whereby they were to be held out in wards and departments. Later they were run jointly for staff requiring CRBs and for those requiring Smart Cards, as the requirement for information and sight of documentation for staff was the same. There is evidence to suggest that the closer the team running clinics was to the staff involved eg some Divisions and also the Staff bank recruitment team, the more they took control of attendance and improved results. However, a fundamental problem was the inaccuracy of lists sent to Divisional managers on a weekly basis to tell them who required checks. Additionally, there was a prolonged period where staff reported a range of issues: Turning up for clinics where no one (from HR) was present Being asked to have a check when they had already attended Being asked to have a check or threatened with suspension when they had already submitted information and this had been lost Contributory factors Organisational and Strategic factors No clear organisational message to staff medics in particular that this was important Resource factors Loss of HR staff during summer 2011 meant more junior staff allocated to run CRB clinics Team and Social Factors Resentment in HR at having to run clinics no sense of ownership. No change management plan for when they took over different responsibilities

24 Education and Training factors Task factors Individual factors Communication factors Minimal training or guidance for staff running clinics No rigorous operational policy for what information should be gathered and how clinics should be followed up. Data lists sent to Divisions listing staff due check was very inaccurate Some staff reportedly working beyond their competence Relationship between corporate HR and Divisions strained Data lists inaccurate on ESR During the latter half of 2011, it was becoming clear that one of the main problems was the inaccuracy of staff lists. These changed frequently with more staff appearing as the data was cleansed and they were reassigned to different codes. As there had never been an accurate baseline of information, this problem also contributed to many others, including the further strain on relationships between Divisions and corporate HR. The potential for Electronic Staff Record (ESR) information to be inaccurate is widely known across the NHS it relies on updating by HR staff and the submission of prompt and accurate information by line managers and all those involved in the recruitment process. There are three systems used to record staff data and thus involved in the CRB procedures ESR; Payroll (including the Ledger) and MAPS (the real-time rostering system). They each have a fundamentally different purpose, with the consequence that different members of staff use them and have differing timescales and priorities for recording items of data. Contributory factors Resource factors Team and Social Factors Education and Training factors Task factors No systems expert involved early enough IT systems fit for purpose? Too many involved Pressure on staff in HR as they were undergoing a restructuring Implications of incomplete data or inaccurate coding etc not made clear to people using ESR Varying practice in submitting change or leaver information from Divisions in a timely fashion No clarity for timescales on updating ESR in HR No audit data quality check on ESR during first part of project No discipline of reporting on project spreadsheets used ad hoc from start of project.

25 Individual factors Communication factors Where Divisional staff were keen and even competitive, they responded well to the crisis in data accuracy and liaised with HR to improve lists accuracy: this did not happen in every division No on the ground discussion of importance of getting information correct in the first place Reports to OMG wrong / Phase 1 declared finished false assurance given There is a very strong organisational memory of Phase 1 (ie high risk staff) being reported as complete. This varies in accounts from March to June 2011 but there was a report to the Trust Management Executive in late February 2011 which reported only 7 outstanding checks to be done, with a prediction that they would all be complete by 3 rd March This turned out to be wholly untrue, although it is clear that the report was not wilfully misleading: the authors relied on data which was drawn from systems being changed on a daily basis, and whose baseline if any was inaccurate for the reasons given in above. There were various dates given by HR for Phase 1 completion subsequently, when it became clear that there was an unspecified number of high risk staff whose checks were still outstanding. Contributory factors Organisational and Strategic factors Pressure to deliver led to unrealistic deadline No rigorous high level assurance mechanism identified for such a major piece of work relied on s and Word action plan Task factors Different reporting formats spreadsheets run off ad hoc rather than database Lack of data definitions Included Long term sick and maternity leave staff in Phase 1 there was no plan to compete these in timescale No completion / audit discipline in place to check assurances given Individual factors Communication factors Desire to demonstrate targets delivered HR assumed OMG had ratified that certain staff did not need checks their baseline data was thus bound to be wrong Failure to explain to OMG / TME that outliers were not included

26 4.3.9 Operational Management Group did not escalate early enough The CRB Recheck Project had been identified as a business issue and thus the newly created OMG undertook the monitoring role in the Autumn of While this provided for the formalisation of the project and regular reporting with an escalation route to TME, this did not function as effectively as it should have done. Undoubtedly, the failure to recognise the fundamental problem with data, rather than the CRB clinic attendance problem alone, led the group to focus on action at Divisional level rather than realise the problem was not being addressed. There was also an over-reliance on one or two HR senior staff to deliver on a wide range of actions. There also seems to have been a mismatch between HR s understanding of the reporting and governance relationships and those of the OMG. Contributory factors Organisational and Strategic factors Resource factors Task factors Communication factors keep it simple approach to meetings made actions hard to audit and allowed expectations and misunderstandings to proliferate Failure to consider the eventual implications of project failure again, a risk managed project would have made this explicit The Trust was engaged in a whole range of intense and distracting activity around merger, opening the new hospital, restructuring etc Lax meeting discipline Much debate about the project progress conducted by s copied in widely to a range of officers Disclosure receipt procedure failed There was a breakdown in the procedure for following up disclosures received back from CRB (these are always hard copy where convictions are reported back following checks). In January 2012 it was discovered that 54 disclosure notices had been stored in HR offices and no further action taken. There was a brief administrative procedure in place describing actions where convictions had previously been declared and where they had not. It is unknown whether HR staff opening CRB disclosures were aware of this procedure or not however, the guidance was inadequate in terms of identifying overall responsibility timescales, follow up and audit. In combination with the fact that there was no reliable effective audit of which checks were outstanding, this further contributed to the failure of the project, loss of confidence and increased risk to patients, staff and the organisation.