In 2002, when I was chief executive of an acute trust, I remember sharing the indignation of the whole country over the series of train crashes that killed around 50 people between 1999 and 2002. It did not enter my head at the time that I was a senior executive in a service that killed more people than this every month through accident and mistakes.

Neither would this have occurred to many of my contemporaries at the time, most of whom were only aware of occasional calamities at their own hospitals, which were generally treated as malign conspiracies of system process failures, from which lessons would be drawn for the future.

But events and circumstances over the last few years have put the NHS firmly in the sights of various external regulators, all (or so it seems to the trusts under scrutiny) trying their hardest to outdo each other in terms of the harshness of criticism and recommended sanctions for safety breaches.

Whereas once the NHS appeared to be given the benefit of the doubt in relation to serious adverse events, such events are now likely to trigger aggressive external investigation by the police, the Health and Safety Executive, the coroner, the criminal courts and the Healthcare Commission.

Critical gaze

Some speculate that this more aggressive climate of accountability will be counterproductive and discourage the openness the NHS had been working hard to foster in relation to adverse incident reporting.

Others point to possible positive outcomes, such as the dramatic reduction in work-related deaths in heavy industries that is directly attributable to the criminal sanctions available to the Health and Safety Executive through the 1974 Health and Safety at Work Act.

In any event, NHS trusts now have to face up a world where the accidental death of a patient may trigger a criminal investigation and where coroners are more prepared to see mistakes as gross negligence and, therefore, as unlawful killing.

New corporate manslaughter legislation has also come into force. It replaces the near impossibility of pinning responsibility to a individual "directing mind", which the previous legislation required, with a much broader assessment by the court of the culture and robustness of process in the organisation concerned.

So how should boards respond to this new zero-tolerance climate around the safety of patients? How can they effectively ensure the safety of tens of thousands of patients who are subject to the care of thousands of individual members of staff?

Action plan

There are a number of key steps boards should take:

1. Accept responsibility

The first step boards must take is to fully accept that they are individually and collectively accountable for the safety of patients and that they cannot offer up the size and complexity of the organisation as an excuse when they find themselves in difficulty with regulators.

Chairs and non-executive directors in particular must understand that they are not just interested bystanders but share full corporate responsibility as members of the board.

2. Prioritise the safety agenda

Thinking back on my time as a chief executive, I am conscious of the disproportionate amount of time the board spent discussing the minutiae of financial reports and operational performance reports that were focused on key national targets.

The fact of the matter is that most trusts have established effective financial and operational performance management processes, but very few have developed quality and safety management processes that are anything like as robust. Board members can be absolutely certain that every day, in every NHS trust some patients will be exposed to danger through flawed processes and ill-judged actions by staff.

Board members must decide whether to spend their limited time in the comfort zone of traditional performance management or on taking on the altogether more challenging task of fundamentally changing their organisation's patient safety culture.

3. Understand the risks

The range of potential dangers to patients and staff in healthcare organisations is probably more extensive than in any other service or industry. It cannot be simplified or represented by a few high-profile issues.

Boards may well be obliged to focus on MRSA and C difficile rates, but in doing so they are demonstrating a focus on targets rather than safety. Even the most cursory examination of the work of the National Patient Safety Agency reveals that patients are in very real danger from a wide variety of other risks. An hour or so with the agency's 2007 report on medication errors will very quickly prove this point.

Before setting up new and improved processes for managing safety risks, boards must spend a serious amount of time individually and collectively researching, reviewing and understanding the range of risks to patient safety endemic in their organisation.

There is a substantial amount of published work on the full range of risks to patient safety in healthcare organisations that will provide a good starting point for the education of board members. With limited resources and management capacity, boards will need to prioritise action on specific risks.

Creating a more safety-conscious culture will require much more than mission statements and other inspiring rhetoric - like everything else, the safety agenda needs effective performance management.

4. Move from reactive risk management towards proactive safety improvement programmes

Historically, the local patient safety agenda in healthcare organisations has taken the form of a reactive process of incident reporting and process improvement related to serious adverse incidents (either locally or nationally). Through these processes, there has developed an increasing understanding of risk in patient care and increasingly sophisticated local processes for managing these risks based on incident reporting and analysis.

This remains an important and legitimate process, but of itself is limited in ambition and impact on patient safety. Inevitably, the "response to incident" process of safety improvement is taken more seriously by trusts when it relates to incidents that actually occur in their own organisation. This approach might be crudely characterised as closing the stable door after the horse has bolted.

Healthcare organisations with a more advanced approach to patient safety are proactively tackling known major risk areas by setting specific safety improvement objectives and achieving these objectives through a detailed performance management regime.

This approach requires agreement on appropriate metrics (i.e. which measures exist that can objectively demonstrate progress toward the achievement of a particular safety improvement objective). This more proactive and ambitious approach to improving patient safety is promoted and supported by a number of national healthcare-related organisations and is being pursued in a number of trusts.

5. Invest in the safety assurance process

Board members need to understand that there is a fundamental difference between executives, managers and clinicians making "assertions" that patients are receiving optimum, safe care and being properly "assured" that this is the case.

Assurance of satisfactory performance in any part of the board's endeavours requires robust, objective evidence with, wherever possible, measurable success criteria and some form of independent (preferably external) validation of the robustness of the process and the information on which boards are relying.

Difficult though this may be, board members need to subject all high-level performance management data on which they rely for the discharge of their responsibilities to a rigorous evaluation. They must ask themselves three questions in relation to the patient safety agenda:

  • Has the board prioritised high-level goals for patient safety improvement based on a proper understanding of the full range of risks to patients?
  • Can performance against these goals be assessed with objective information?
  • Is the board's confidence in the robustness of performance assessments based only on the degree of trust it has in the individual providing the information?

If the answer to the last question is yes, then the requisite level of assurance is not being received

Boards are generally well served in relation to assurance about traditional areas of performance management, such as finance and operational targets. Much of this agenda is subject to various forms of internal and external audit. Objective auditing of clinical performance and clinical pathway compliance (and therefore patient safety) is much less developed - mainly because it is not well enough resourced.

A comparison in most (if not all) trusts of the resources devoted to producing, analysing and auditing information on financial and operational performance with the resources available to clinicians for auditing and measuring clinical performance should be a cause for serious embarrassment and concern.

In many trusts, the investment in patient safety expertise is limited to a small central risk management team and a single-handed clinical governance lead for each specialty. On the other hand, armies of people are employed to record, track and report on financial and operational performance.

Fear of hostile regulatory scrutiny should not be boards' principal motivation for "raising their game" in relation to patient safety. The best motivator is a desire to run a world class service where patients can have total confidence that they will not come to harm by accident or error.

Fear of such an eventuality is very much a factor at present in the public view of the NHS and any trust that succeeds in convincing patients that they run a safe service will doubtless benefit from increased referrals and income.

The business logic for boards focusing on patient safety is, therefore, every bit as powerful as for focusing on financial and operational performance.