I previously wrote a blog post called 50 Shades of Grey where I spoke about why I believe we need to do a better job of articulating the fact that a) Infection Prevention and Control is basically 80% risk assessment and b) risk assessments therefore look different in different settings as patients and scenarios differ.

Following on from this post I recorded a podcast with Martin Kiernan as part of the Infection Control Matters series where he reminded me that I said in that original post that I would write a follow up with more details about the components of risk assessment and the different ways you can capture your thinking around them. So continuing what appears to have turned into a bit of a risk assessment themed July here are some of my thoughts about the different ways you can go about developing your own risk assessment framework.

Firstly a disclaimer. The following are things that I have found useful for how my brain works. I hope that others might find it useful but if you do not I apologise, maybe you could share what works for you instead? Then we could have a collective resource around this.

What is risk assessment?

The basics of risk assessment are to understand what risks are present and to put measures in place to decrease those risks. Sounds simple right? The problem is that we throw around the words risk assessment as if we all have the same understanding of what the words really mean, in reality as that concept is applied in different settings or by different professions it can have very different meanings.

a systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking

If you talk about requiring a risk assessment to someone working in engineering or Health and Safety you will get a very different piece of documentation to that I would expect in IPC. Now some of that is to do with the amount of information that needs to be processed in order to come to a conclusion and some of that is about how we convey information. The aim of an engineering or Health and Safety based risk assessment is to give a risk level and matched control measures. The aim of an IPC risk assessment is to support complex decision making. In IPC a risk assessment is more like a framework for ensuring you have taken into account multiple factors in order to support informed action. They are not a one and done process, they are dynamic and can change rapidly as more information is added to the framework. Patients for instance can become more or less infectious, more or less mobile, require more or less intense interventions and outbreaks have information that changes as they develop or come under control.

The use of a framework is nothing new, a lot of medicine and healthcare is based on algorithms we develop during training. The thing is that these are often integrated into our thinking as cognitive processes via experiential learning and we don’t often talk about them. There are two issues with this, one is if we can find a way to visualise or share how we go through our risk assessment framework it can prove helpful to others as they can have access to it without having to fully develop their own. The second thing is that, like anything developed through experiential learning, our frameworks may have intrinsic bias or weaknesses based on the scenarios used to develop it. I am much more likely to dive down a scientific vs ward practice approach for instance. By being able to share our frameworks we can therefore have better conversations with colleagues to both share our thinking and if needed modify our frameworks for future use. The framework itself isn’t static and should continue to develop as we see more, learn more, after all microbes aren’t static and healthcare is ever changing.

What is different between health and safety and IPC risk assessment?

Below is a matrix that I think most of us will be very familiar with and is commonly used in Health and Safety risk assessment. They are based on identifying how likely a risk is likely to be and the impact that risk would have if the incident occured. The thing is that for IPC risk assessments this misses a whole third axis, what are the implications of the intervention on other aspects of that patients care? What are the consequences of controlling this risk for the patient? When we are managing IPC risk we are not always talking about risk from an inanimate object we are often talking about humans that can experience negative impacts from risk interventions. There is for instance data on the impacts of isolation on patient care and also the impacts on staff from cohorting and other measures. I’m not suggesting we therefore don’t need to control risk in IPC, just that a 2 axis table may not be able to capture the complexity of the decision making associated with that risk.

The other difference is the dynamic nature of IPC risk assessments. Although Health and Safety risk assessment should be revisited and reviewed, they are for the most part fairly static. IPC risk assessments can change every time we received new information, results become available, patients become better or worse. Finally, risks in IPC are cumulative, and so the impact of the risk may be low during a 15 minute outpatient appointment but much more significant during a 7 night inpatient stay. All of which mean that a framework that can manage these changes will probably look different to the matrix we are used to seeing.

What are the components of IPC risk assessment?

Below I’ve included some of the key components that I use in my risk assessments and decision making. Overlaid on top of these specifics are always:

• Length of exposure
• Level of exposure
• Susceptibility
• Clinical consequences

These always need for each scenario to be looked at bi-directionally i.e. what is the risk from the patient or other patients, what is the risk from the organism to the patient themselves. Even if you’re looking at things like infrastructure or staff the same thing applies. What is my risk of contaminating the sinks with this patients’ Pseudomonas aeruginosa? What would that mean for other patients, visitors and staff? It’s also important to know where or what you are getting your information from? How does that information/data collection method impact the true extent of the information you have? For instance if you are only doing responsive screening you may miss out on asymptomatic carriage vs the information you may have using universal screening. Developing a framework that captures key information is essential but it also needs to be done is a way that acknowledges any knowledge deficits in what is being captured. These are important for the ‘assessment’ bit of risk assessment and impact final decision making. Knowing what you do not know is a large part of the process.

How do we develop a framework that will help us?

Some of the below is taken/modified from a session I gave on risk assessment at the 2021 Paediatric IPC course from the GOSH Learning Academy (shameless plug for the 22/23 sessions below) but the principles apply even if you are not looking at this from a paediatric perspective. Again these are just methods that work for my brain so you may have different formats that work for you.

I think the formats that I find useful to help both the process and to visualise for different audience fall into three main categories:

• tabular
• question based
• flow chart or algorithm based

Each one has pros and cons depending on the amount and variability of the information you are trying to collect and the number of decisions that are open to you based on each piece of data.

Tabular recording

Tabular recording works well if you have electronic systems to record the input data and the decision making based on those actions are clearly defined. A good example of this type of risk assessment framework might be reviewing results for a new MRSA outside of an outbreak setting, and it is very similar to the way that data is collected on the HCAI reporting portal. The benefits of this kind of system is that it is very defined (each field can have definitions linked to it) and therefore it is a good way to ensure the capturing of a minimum data set, as you can require all fields have a response. It is also a good check list for those completing so that items don’t get forgotten. It also permits really good data analysis, you can run reports to see if, for example, everyone with a C. difficile diagnosis had a box ticked to indicate the ward was called and advised to start chlorine cleaning. You can then also run a report against the cleaning order to see that not only the advice was given but whether it was acted on. As a scientist I like this as it removes variability in response, however that inflexibility also reduces it’s usefulness in non standard situations, especially in outbreak scenarios where there may be a large number of possible actions. You can always add in open text fields to record that kind of open data but you then also lose some of the benefits of using this system as you then can’t analyse the inputs easily and you lose the consistency of recording. I recommend this kind of risk assessment framework for complex but standard tasks, where a lot of information needs to be gathered but the number of resulting actions can be captured in a defined list.

Question based

Question based frameworks are (I think) the one that most people working in IPC are most familiar with. You take a call and you work through a mental checklist of information gathering, decision making, and action taking. Even this common tool is often not recorded as a framework that is written down however. When I learnt I did so by listening to calls others took and then having experienced staff listening into mine, pointing out questions I may have missed and therefore data I had not captured. I think even in this scenario it is helpful to have a list of key questions (and sub questions) as prompts or at least a list of framework points to make sure you are capturing key items that would impact your decision making.

There are benefits to this approach, because it is a free framework it enables the capturing of unexpected or non standard information and further exploration of key points. This level of flexibility however does mean that it is possible to go down an information rabbit hole and miss the collection of key information that could have changed the decision outcome. It is especially useful for scenarios where there are lots of possible decision outcomes, such as in outbreak meetings. It also has a downside in terms of the requirement for conscious recording of all data components, which can be time consuming or fail to truly reflect the situation. The free nature of the information gathering can also lead to a lack of consistency between individuals and increase the experiential bias of how scenarios are managed. I would suggest that although this is the most frequently utilised approach it could be improved by having a question frame work recorded so that at least there is a structure, both for data collection and for recording decisions made on the basis of that information.

Flow chart/algorithm based

The main final risk assessment framework is probably the one most of us have become most familiar with following and producing during the pandemic. That is the use of flow charts or visual algorithms. Although in many ways these are the most intuitive for most people to follow they are actually pretty difficult to do well, I know we are up to versions 14+ on some of ours, a lot of those are changes because of guidance, but some are for clarity as it always amazes me how people can read the same info in different ways. This clarity can be especially challenging using this kind of framework as you have to minimise words to make it readable, which can lead boxes open to interpretation and you have no space to include definitions or other wordy items that would support their use.

The advantage of this sort of framework is that it often clearer to describe a process like this than to do so in words, where you would use many 1000s to cover what is shown in a 1 sided sheet of A4. That said this approach is only good for fairly straight forward processes with highly limited variability. The example below comes from a PHE document and despite how much I appreciate the effort that went into creating it, it is clear how easy it is to produce something that is quite hard to follow as soon as the data becomes complex or too many options are available. I would therefore tend to only use this kind of approach with a fairly linear risk assessment that needs to be circulated widely and does not have a high level of decision recording linked to it.

I thought I would mention here the final version of a risk assessment that I use regularly and that is a discussion based assessment. This tends to come after one of the three frameworks I’ve mentioned above and has a whole complexity in itself, both in terms of the decision making but also the recording process. I think I will cover this more separately as it is a slightly different thing but I thought I would just include the below info graphic. If you are going to go through a discussion based risk assessment process (which I think is important, dependent on complexity, to deal with some of the bias and potential for missed info) it is important to pre determine how those discussions are going to lead to decisions and how those decisions will be recorded. It is endlessly interesting to me that different professions will go into meetings with very different ideas about how decisions are reached and so, especially in an MDT setting, there should be clarity ahead of meeting in order to ensure a fair and equitable process.

How can we share our risk assessments with others to aid understanding?

We are re-entering a period of ‘normal’ healthcare where instead of us using a command and control approach, where algorithms for risk are determined centrally and based on test and response, individuals are being expected to return to individual risk assessment for patient care. This is fine but there are now a number of members of staff who haven’t experienced this form of risk assessment enough to have the experiential component, even those members of staff who have pre pandemic experience may now lack confidence due to the fear of consequences in this new world where many of the components of the risk assessment have changed. I’m hoping that by sharing some of my thinking on this we will be able to come together and share some of the frameworks that we use to make risk assessments to support learning, build confidence, identify bias and work towards improvement in all that we do.

Here are the links to the other posts I’ve done on risk assessment including the post the podcast above refers to, one on paediatric risks and one on environmental IPC.

All opinions on this blog are my own

Firstly let’s get out of the way. This isn’t a pity post, I live a full and amazing life and can achieve anything I want to achieve. It’s just sometimes I achieve it in a different way or I accept there might be some health consequences if I choose to do so – much like other people accept the possibility of a hang over if they open a second bottle of wine. I don’t have a severe condition, I’ve not got cancer or anything major but I have a mild auto immune condition that means I rarely feel ‘well’. Most days I have at least some variety of discomfort, swelling, mild temps, bad chest, sore throat, nausea. On bad days my limbs and face swell and I can’t eat or sometimes drink. This is just life, it doesn’t stop me living and as I said it’s mild and hasn’t hospitalised me in my adult life.

If it is not a show stopper then why am I posting about it? I’ve noticed a lot of healthcare colleagues posting in recent times about the problem of presenteeism and that we should just switch to symptom based isolation for SARS CoV2 and do away with testing outside of healthcare. They make these tweets as if this is the simplest solution and is completely logical. The thing is this choice might be both the simple and logical thing IF you make it from a position of health privilege. What I mean by that is that this is simple IF you are fortunate enough to be a position where 5 days out of seven you don’t have to manage your symptoms, and IF you don’t not have to worry about how you feel on any given day as you find it easy to tell when you’re sick. For someone like me who can’t readily differentiate from the list of SARS CoV2 symptoms and my everyday life you would make my life and existence even harder.

Turning up for work

Every day in Infection Prevention and Control (IPC) we make calls linked to new staff positives so we can make risk assessments linked to patient or staff exposures. Every day we get people who find that they have been at work whilst symptomatic and every day we sigh and roll our eyes, even I do it. We top up on caffeine and wonder why it is so hard for people to recognise when they have the below symptoms and why they don’t just stay off work if the answer to any of the below is yes:

Imagine what it’s like therefore to work and be implementing guidance linked to this knowing that if you obeyed the letter of the law I would effectively be taking PCR tests every 3 days on top of daily lateral flows just to navigate getting to work. I of all people should not therefore roll my eyes but should demonstrate some compassion. If its is hard for them then I need to demonstrate both compassion to them and to myself by recognise how challenging this is. Symptom based detection has become especially an issue during Omicron with the very generic symptom list, people have pretty mild symptoms at the start and they are no where near as identifiable as the alpha symptoms. It’s much harder therefore, especially in winter respiratory season, for people to clock that they have symptoms they need to act on.

People put a lot of emphasis on presenteeism being an issue in the NHS and that that is the reason why people are attending. I think that’s true, everyone feels the pressure to be available right now. In some ways being able to work remotely and therefore being ‘always on’ has made this even harder. I also think it’s not just that. Everyone I know at work is physically broken in some way or other after 2 years of this, even if they don’t have an underlying condition. Therefore it is just harder to know when feeling physical symptoms are linked to just being a heathcare professional during a pandemic or because this is something different.

I’ve been working in Infection Prevention and Control for 18 years now and I can say that the last 2 years have been incredibly challenging. That’s not to say it hasn’t been hard for everyone. For me it’s been 2 years of constant change, long hours and weekends, challenging conversations and continuous decision making. I know IPC colleagues who haven’t had a day off in 2 years. That’s just isn’t sustainable even if you don’t have something already going on, for people like me who have conditions exacerbated by tiredness and stress the miracle would probably have been if I didn’t feel this way. I for one am so far away from ‘a two week holiday will make this better’ that it’s sometimes hard to imagine ever feeling like me again. Yet we turn up, because that is what is needed of us and that is what we require of ourselves. Let’s just acknowledge that it’s more complicated than any of us are talking about in the context of symptom based diagnostics.

Its unpredictable and so I can’t work from a baseline

If you are a healthcare worker exposed to SARS CoV2 in the community or in your household the rules are different to those if you are not. Working in healthcare if I am exposed I need to get a negative PCR test before I return and lateral flow test every day for 10 days. I then need to submit a declaration daily that I am still symptom free and upload my lateral flow test result prior to attending to work. Whilst at work I need to take all my breaks alone so that I don’t risk exposing my colleagues and I can’t take off my mask around others (I obviously would never take my mask off around patients at any point – for their protection and for my own). Again, this seems really straight forward and super sensible. It is, I’ve done a lot of work with implementation on this and it’s a sensible system that prevents chains of transmission and ensure safety. It’s also really hard for people like me. I’m not in a position to be able to declare symptom free and therefore I’m not in a position where I can be granted an exemption. That means that if I’m exposed I have to work from home. Although it is theoretically possible for me to do this for chunks of time it leaves my colleagues unsupported and therefore I don’t feel like it’s something I can risk. I therefore have spent most of the last 2 years as a hermit, not just to protect myself, but because I don’t want to place additional strain on an already stretched system because I decided to have a life. If I was in a position where I could say what my baseline symptoms are and could therefore detect a change it might be different, but I can’t, every day is different and so there is a constant choice about how much life I live and how much exposure I can risk.

One of my colleagues this week asked me why I don’t just remove the COVID tracker app. I said it’s for a couple of reasons:

• I think that we have a responsibility to walk the walk, it is the safe and responsible thing to do in terms of public health and how can I expect others to do it when I’m not prepared to do it myself
• I keep it precisely because I can’t easily detect if I have symptoms, when I get alerted I switch from screening every other day to daily in order to manage the increased risk. This means that there will be a shorter period of me putting others at risk if I do become positive. I also ensure I take a PCR test, which I don’t do routinely as symptom based triggers don’t work for me
• I’m theoretically at higher risk if I do get sick, even though I’ve been vaccinated, the earlier I know the sooner I can try to ensure I manage my safety and the risk to my household

What will happen if I do get sick?

I was ventilated for acute viral respiratory illness as a child, I’ve done the waking up in intensive care as I posted about before. I have some lung damage which means that I get respiratory symptoms and chest infections easily. These also make auto immune condition worse and so all in all I’m not looking forward to my (inevitable) COVID-19 experience. I’ve spent the pandemic working myself into near exhaustion and there is always that part of my mind that worries about what would happen when my number comes up. I’ve been extremely fortunate to not have caught SARS CoV2 so far and I feel better about my risk now having been triple vaccinated. I also know that I don’t mount a good vaccine response and that 2021 was the first year I was so worn down that I got shingles, which probably doesn’t reflect that I’m in a massively good place immunologically.

At work my health is a bit of a running joke as I’m always symptomatic. When people hear me hacking it’s a running gag that people can always hear me coming and my standard response of ‘having functioning lungs is over rated’ is probably well known. I don’t really know if my fear ever really lands with others as I try to ignore it, but it’s definitely there. I also worry that I wouldn’t be able to step away from work and would therefore make it worse. I never give myself the time to be ill because in my head ‘I’m the sick girl’ and therefore I feel I always have to drive myself harder and prove myself more. This is definitely a ‘me’ thing and fighting through when I should stop is how I’ve managed to get where I am instead of spending my life on the sofa under a duvet, but not knowing when and how to stop is something that means I break myself further when all I needed to do was rest. We work in an NHS that drives these bad traits, between the Bradford Score that determines whether I can be sick and the 600 emails a day, stepping away feels nigh on impossible.

Not just about me

I have the best family, we have each others backs, but we have suffered some real loss and a lot of it is based around our collective health. When I talk about how health privilege and comments linked to symptoms not being simple, it’s not just I’m a healthcare worker. My husband and brother both have ulcerative colitis (their own auto immune conditions) and my mum has similar infection issues to me. We are just one family and there must be thousands like us. We have avoided getting COVID-19 by stopping our lives and relying on public health measures to protect us. With the government moving away from stopping that protection we feel more at risk than ever. Even if symptom based diagnosis worked how many people would adhere to them? I’m lucky, for all that I’ve talked about I have a job with sick pay, I’m not on zero hour contracts where if I don’t work I don’t pay my bills. There are huge groups within our society who will feel true pressure to attend work and leave the house if we change away from diagnostics and isolation supported by sick pay, even more than they already are. That pressure then moves risk onto people like my family who are potentially being condemned to continue to have restrictions on their every day life long term. There are no easy answers to this, as I said in my IPC post someone always has to pay, but as healthcare professionals please lets stop claiming that this is straight forward.

So I will do a better job of managing my condition, I will try and not work weekends, I will leave on time and try to get some sleep. In return if you could try to remember that none of this stuff is ‘simple’ or ‘easy’ and that it only feels that way to if you are fortunate enough to not realise that feeling ‘well’ is a privilege that not all of us are fortunate enough to enjoy.

All opinions on this blog are my own