Electronic prescribing and medicines administration: procurement and safety learning in acute hospitals

We would like to thank the healthcare staff who engaged with the investigation for sharing their experiences, and for their openness and willingness to support improvements in this area of care.

This report looks at electronic prescribing and medicines administration (ePMA), which are digital systems used to prescribe and record the medication: given to a patient, or due and not given to a patient. In particular it focuses on procurement of new ePMA functionality and/or upgrades of existing ePMA functionality and how patient safety learning related to ePMA is identified and shared across the healthcare system. The investigation explored this in the context of the national legislative, regulatory, standards and assurance mechanisms relating to the safe use of ePMA that were in place up to April 2026.

The report is intended for healthcare organisations, policymakers and the public to help improve patient safety in relation to the procurement of, and safety learning from, ePMA functionality in acute NHS hospitals.

While it focuses solely on ePMA procurement and safety learning in acute NHS hospital settings, the investigation’s findings may be applicable to other care settings and other digital health technologies.

This report notes the close similarity between the NHS definitions of ‘digital health technology’ and ‘health IT system’ which are contained is some standards documents (NHS England n.d.a; 2025a; NHS Innovation Service, n.d.). For consistency, the term digital health technology is used in this report. See section 7 for a detailed glossary of terminology used in this report.

Electronic prescribing and medicines administration (ePMA) can help to reduce patient harm by preventing avoidable medication errors (Cattell et al, 2024). However, ePMA can also be associated with patient safety events and patient harm.

This section shares examples of risks and safety concerns related to ePMA that have been identified in previous Healthcare Safety Investigation Branch (HSIB) and HSSIB work. It also sets out wider national safety concerns that have been identified.

Previous investigations

2.1 A review of the 18 investigation reports by HSSIB, and its predecessor organisation HSIB, that included consideration of medication safety, was completed in 2024. Five out of 18 reports related to the use of ePMA (Health Services Safety Investigations Body, 2019; 2020; 2022a; 2022b; 2022c). Safety concerns related to ePMA configuration, use and interoperability with other health IT systems were identified that had the potential to cause harm if not recognised and managed. Some examples are given below.

Medication not given: administration of time critical medication in the emergency department

2.2 This investigation focused on a man with Parkinson’s who did not receive all of his Parkinson’s medication during a 3-day stay in the emergency department. As a result of the missed medications, he lost his ability to swallow and required feeding by a naso-gastric tube (a tube inserted into his stomach). The investigation found that the ePMA did not include a function to alert staff about patients who needed time critical medications to be prescribed or administered. The investigation also highlighted challenges in how staff had to adapt their practice to use the ePMA in some clinical environments, and the training and support in place for staff once the ePMA was deployed (Health Services Safety Investigations Body, 2024b).

Medication not given: anticoagulation before and after a procedure

2.3 An older man was admitted to hospital and his regular anticoagulant (medication that reduces the ability of a patient’s blood to clot) was temporarily paused as he had a nose bleed. The anticoagulant remained paused while he waited for a procedure. After the procedure, the anticoagulant was not restarted as intended. Two days after the procedure the patient had a stroke and died. The investigation found that there was no prompt within the ePMA to remind staff to review the paused anticoagulant and there was a delay to restarting the patient’s anticoagulant after the procedure. The investigation also highlighted how considerations about available equipment may affect the successful implementation of ePMA functionality (Health Services Safety Investigations Body, 2025a).

Medication not given: discharge from an acute hospital to the community

2.4 A man who had type 2 diabetes and used medications to manage his blood glucose levels was admitted to hospital and discharged home a week later. While he was in hospital the medication for managing his diabetes was changed and he was started on insulin. Seventeen days later it was identified that the man had not taken any insulin since he was discharged from hospital. He had high blood glucose and was admitted to hospital overnight for monitoring. The investigation found that there were multiple providers involved in the patient’s care; they used different ePMAs that did not interact to share information about his care (Health Services Safety Investigations Body, 2025b).

Electronic prescribing and medicines administration systems and safe discharge

2.5 Ann, a woman aged 75, took two anticoagulant medications at the same time, possibly causing an episode of gastrointestinal (digestive tract) bleeding. Ann was admitted to a hospice and died. One anticoagulant had been provided by the hospital when she was discharged home after a previous admission, and the other was a regular repeat supply provided by her community pharmacy. The investigation found that the hospital discharge summary did not interface with the ePMA and that the trust, primary care and community ePMA systems were not interoperable (Health Services Safety Investigations Body, 2019).

Weight-based medication errors in children

2.6 Felicity, a girl aged 4, received 10 times the intended dose of an anticoagulant medication on 5 occasions over one weekend. A subsequent scan showed she had a new bleed in the brain. The trust had made changes to their local ePMA configuration that was used for adult patients to allow its use for children. However, there was not a clear and consistent understanding of the potential hazards this introduced, meaning that adequate mitigation was not put in place. The investigation found gaps in local governance processes for ePMA functionality and digital clinical safety requirements (Health Services Safety Investigations Body, 2022b).

National patient safety concerns

2.7 The NHS Electronic Prescribing Risk and Safety Evaluation (ePRaSE) programme has found wide variation in how effectively ePMA functionality detects and prevents prescribing‑related harm across the NHS. Patient safety performance was strongly influenced by local configuration, optimisation, and ongoing maintenance, rather than by the manufacturers design of the ePMA functionality. This highlights the importance of local leadership and governance.

Different trusts using the same manufacturer’s ePMA showed markedly different abilities to mitigate prescribing risks, indicating that digital safety controls were not consistently implemented or sustained over time (Klein et al, 2025). The programme concluded that regular, structured testing of ePMA functionality is essential to identify latent digital safety risks and support continuous improvement (ePRaSE, n.d.a).

2.8 The Royal College of Paediatrics and Child Health (RCPCH) and Neonatal and Paediatric Pharmacy Group (NPPG) Medicines Committee have raised ongoing concerns about the safety of medication dosing with ePMA software in children. Specifically, ‘for frontline prescribers and the patients they treat, nothing has materially changed’ since the weigh-based medication errors in children report’s publication (see 2.6) and subsequent organisational responses. The committee describes this as ‘a systemic issue with EPMA adoption’ and calls a structured approach to integrate safety standards in paediatric EPMA; making recommendations on how this could be achieved (Bamber, 2026a; b).

2.9 A national patient safety alert was issued after incidents where penicillin allergies were incorrectly recorded as penicillamine allergies in ePMA, putting patients at risk of serious harm (NHS England, 2025f). This meant some patients with a penicillin allergy were prescribed penicillin‑based antibiotics, resulting in life‑threatening anaphylaxis and at least one reported death. The risk is increased by ePMA design features such as alphabetical listing of medication in drop‑down menus and allergy search results.

The alert required organisations to identify affected patients, correct allergy records, strengthen training, and work with digital health technology suppliers to reduce the risk of recurrence (NHS England, 2025f). It took time for this safety issue to be shared nationally, having previously been reported in 2019 by an acute hospital medication safety pharmacist (Willis, 2025).

Summary

2.10 The investigations and safety concerns set out above demonstrate examples of ePMA functionality and configuration impacting on patient safety once an ePMA has been implemented. However, HSSIB’s investigations have not explored in depth how ePMA are initially procured, or upgraded, to help ensure and improve patient safety.

2.11 The HSSIB investigation ‘Patient safety issues associated with EPR (electronic patient record) systems – a thematic review’ identified patient safety risks when ‘choosing an EPR system capable of meeting the needs of an organisation’ (Health Services Safety Investigations Body, 2025c). This consideration also applies to ePMA functionality.

2.12 This investigation considered there was an opportunity to explore whether problems reported at later stages of implementation could have been identified and mitigated had these been considered earlier on when procuring ePMA functionality. The investigation also considered how safety learning about ePMA functionality was shared, once an ePMA was being used, to influence future design, procurement decisions and ongoing optimisation.

The investigation explored the roles and responsibilities of key organisations involved in setting and regulating relevant patient safety standards. It also looked at how co-ordination and collaboration to improve the safety of electronic prescribing and medicines administration (ePMA) functionality could be achieved.

This section sets out the findings for each organisation in turn and describes the mechanisms for identifying and sharing learning about ePMA-related patient safety issues. The investigation used the foundations of System-Theoretic Accident Model and Processes (STAMP) and its tools (both STPA Hazard Analysis and CAST Accident Analysis) (see section 6/appendix) to map out organisations responsible for fulfilling safety constraints, and how they interact, make decisions and gain feedback about ePMA safety. Details of this approach are set out in the appendix and a high-level Control Safety Structure is shown at figure 3.

Figure 3 High-level overview of the main legislation, regulations and standards involved with ePMA procurement and safety learning

The investigation considered:

• the standards that ensure patient safety is included in ePMA design
• how an ePMA is procured
• how patient safety legal, regulatory and assurance functions operate in relation to ePMA
• how patient safety concerns and good practice are identified, addressed and shared to support improvements in the design of ePMA.

The investigation acknowledges that the digital healthcare space is rapidly evolving and that several of the national safety standards were under review during the investigation and at the time of publication. Therefore, the investigation’s findings relate to the landscape as it was up to April 2026.

This section summarises the findings from section 3. It also describes safety learning to support improvements in electronic prescribing and medicines administration (ePMA) procurement and learning at national and acute hospital trust level.

Legislation and regulation

4.1 The underpinning legislation, regulation and standards relevant to digital health technologies (DHTs), including ePMA were developed over a decade ago and might not have kept up to date with software advances. While legislation will always lag behind technology, the safety risks associated with software are complex. Manufacturers and trust staff said that ePMA software can change rapidly compared to a traditional medical device or simple software or IT systems developed many years ago (for example continuously updated compared with quarterly updates).

4.2 The Medicines and Healthcare products Regulatory Agency (MHRA) told the investigation that it had undertaken consultations on changes to the UK device regulations in 2021 (Medicines and Healthcare products Regulatory Agency and Javid), 2024 and 2026. Additionally, the MHRA said that ePMA may or may not be a medical device depending on its intended purpose. However, software including ePMA is increasingly complex and some manufacturers choose to consider their ePMA as a medical device.

4.3 The investigation asked the Care Quality Commission (CQC), MHRA and NHS England about feedback mechanisms to the Department of Health and Social Care to monitor when legislation may need updating. The CQC said they have feedback mechanisms in place with regards potential updates to the CQC legislation. None were described by the MHRA or NHS England, yet many of those interviewed highlighted that the underpinning legislation needed revising.

4.4 A lack of clarity about when ePMA functionality may be a medical device, and a move from some manufacturers to treat ePMA as a medical device even when they may not be, can create confusion for acute hospital trusts. This can impact on procurement decisions and the ability to share safety learning about ePMA. The MHRA said that manufacturers are able to contact them for advice on the qualification and classification using the routes available.

4.5 The investigation heard from healthcare organisations that if ePMA software were considered to be a medical device it would give them improved confidence and assurance regarding its safety and development due to the quality and assurance processes associated with medical devices. They said that there would be greater assurance of systems and confidence to users around the development and assessment of system safety.

HSSIB makes the following safety recommendation

HSSIB makes the following safety observation

Support for acute hospital trusts

4.6 The investigation identified a wide range of standards, frameworks and guidance about digital safety, produced across decades, in many different places on the internet and NHS Futures platform. It was difficult to identify which standards and legislation were required because of the large amount of information and many cross-references to other webpages.

4.7 In addition, there were roadmaps for implementing EPRs as well as ePMA roadmaps, and these are not aligned in terms of function at each stage of the relevant roadmap (NHS Futures, 2024; 2025). NHS England told the investigation that both applied if ePMA functionality was part of a wider EPR implementation. This created confusion for NHS acute trusts making procurement decisions about ePMA.

4.8 There are legally mandated standards relating to digital clinical safety and interoperability of digital health technology (DHT). However, there is variation in compliance with the standards by acute hospitals trusts and there is no national oversight or enforcement of healthcare providers’ compliance.

4.9 Individual trusts are relied on to determine whether ePMA manufacturers have interpreted the medical device regulations appropriately and to assure themselves that manufacturers have complied with relevant standards. Some trusts do not have the resources, skills, and expertise to do this effectively. Staff described longstanding financial and workforce challenges which impacted on trusts’ ability to recruit staff with the necessary clinical and/or digital skills. It was also challenging to release clinical staff from their clinical duties to contribute to an ePMA project.

4.10 The investigation heard support for minimising unnecessary duplication wherever possible so that staff could focus on other tasks; currently “each organisation seems to have to reinvent the wheel”. Suggestions included a national draft hazard log for trusts to use as a starting point for their risk assessments and function specifications, which included the relevant patient safety alerts and Never Events framework.

4.11 A recurrent theme that arose was the impact of staff cuts and redundancies, especially in non-patient facing roles. This affected digital staff and staff in roles involved with the pre-implementation stage of ePMA procurement, where not resourcing and prioritising patient safety may lead to unintended consequences.

Additional support from national organisations may help to support NHS acute trusts in understanding and making decisions about ePMA, to reduce variation and support safe and effective ePMA procurement.

HSSIB makes the following safety recommendations

4.12 Due to significant changes across NHS England and the Department of Health and Social Care, the resources in national teams responsible for regulation and standards that affect ePMA is uncertain. This comes at a time when ‘digital by default’ is promoted as a national priority; however, external resources are having to be sought to enable NHS England to meet the 10-Year Health Plan’s key digital requirements (Serle, 2026).

4.13 Staff commented that there were other enablers that were key to improving the safe use of ePMA that needed to happen in tandem with regulation, legislation, standards and assurance. These included a range of considerations that could be had by NHS acute trusts to help better procure and share learning about ePMA. Examples included embedding a learning culture, and seeing clinical and technical involvement as a “strategic enabler to both quality and safety within the organisation”. Many staff told the investigation that collaborative working between the trust and manufacturer was essential to improving patient safety.

4.14 HSSIB investigations include local-level learning where this may help organisations and staff to identify and think about how to respond to specific patient safety concerns at the local level. HSSIB has identified local-level learning to help organisations consider and mitigate risks around procuring ePMA, identifying and sharing learning from patient safety issues once it is in use.

Standards for ePMA functionality

4.15 The investigation was told of differences of opinion in whether it would be helpful to have core national ePMA safety standards, given the wide array of standards already in place for DHT. This was because medication management is a safety critical task and the existing standards do not focus specifically on ePMA functionality. A standard would reduce duplication by each acute hospital trust and ensure core standardisation across trusts.

4.16 Several national bodies, manufacturers and healthcare organisations said that core national safety standards would have been useful while ePMA was in its infancy, but could constrain manufacturers who had spent time and resources developing their product for a global market. There were also concerns that overly stringent safety standards could mean that some commercial manufacturers may choose to withdraw their product from sale in England.

4.17 In contrast, others said national standards would be beneficial, providing a level of standardisation that would be helpful when organisations sought to procure ePMA functionality. The current flexibility in ePMA functionality meant that a large amount of local configuration was needed to build the product, and the time and resources necessary to do this were often underestimated. Some degree of national standardisation would mean this configuration could be done by the manufacturer, or at least make the pre-implementation processes less time and resource intensive.

4.18 The investigation was told that trusts were tending to opt for an EPR with integrated ePMA. In this situation, ePMA safety requirements were one of many wider considerations. Some staff felt that, with no national minimum safety standards for ePMA functionality, ePMA safety may not be prioritised in decision making as part of a larger project.

4.19 On balance there was support for having mandatory core national safety standards (see 1.2.12) for ePMA that could be applied across healthcare settings, with the option for organisations to add to these as needed. This would enable NHS procurement framework providers to require compliance with such a standard to be eligible for inclusion on the clinical digital health solutions procurement framework. The investigation was told that some settings have different requirements, such as newborn critical care and maternity, where it is important that their needs can be met. These requirements are ‘over and above normal ePMA functionality’ and may have to be locally agreed. One example of national safety standards is those developed for weight based doing for children with ePMA (see 2.8).

HSSIB makes the following safety recommendation

Learning about ePMA functionality

4.20 The investigation found that the MHRA Yellow Card scheme (see 3.1.9) and Learn From Patient Safety Events (LFPSE) service (see 1.2.7) only partly meets the needs of a feedback system to identify patient safety concerns with ePMA. Manufacturers, NHS acute trusts, and national bodies relied on informal routes, such as ePMA user groups and professional networks, to share this information, meaning that safety learning is not consistently and reliably captured.

4.21 The investigation acknowledges the limitations with the current formal feedback mechanisms, such as Yellow Card reporting and organisational safety event reporting and input to LFPSE. Improved sharing of information and collaboration within and across healthcare staff, organisations and ePMA manufacturers can improve safety learning so that potential hazards can be reviewed and any risks managed.

4.22 Acute hospital trusts can use the ePRaSE (ePrescribing Risk and Safety Evaluation) tool to support their assessment of whether their ePMA is functioning as they would want. This aligns with a recommendation that HSIB made to NHSX (now part of NHS England) in 2019 to ‘consider making ePRaSE a mandatory annual reporting requirement for the assessment and assurance of electronic prescribing and medicines administration safety’ (Health Services Safety Investigations Body, 2019).

4.23 The ePRaSE team launched the Electronic Prescribing Learning Lab in March 2026. This ‘interactive learning resource developed to support digital and pharmacy teams to optimise their electronic prescribing systems’ (ePRaSE, n.d.b).

4.24 A number of people and organisations who commented on the draft of this report recommended using tools such as ePRaSE to “test whether the ePMA system, as configured locally, effectively supports safe prescribing and administration” in practice. NHS England digital staff commented at consultation that “Results from ePRaSE testing would provide objective evidence of whether key risks are being mitigated, identify variability between organisations using the same [ePMA] system, and inform targeted improvement where controls are weak. Repeat testing would be expected following significant configuration changes, workflow redesign or system upgrades, recognising that ePMA safety performance can change over time". Safety assurance is “based on demonstrated safety performance rather than supplier self‑declaration”.

HSSIB makes the following safety observations

Bamber, J. (2026a) Safe and effective dose management in electronic prescribing and medicines administration systems. Available at https://www.rcpch.ac.uk/resources/safe-effective-dose-management-electronic-prescribing-medicines-administration-systems (Accessed 11 May 2026).

Bamber, J. (2026b) Optimising electronic prescribing and medicine administration (ePMA) systems – patient safety spotlight. Available at https://www.rcpch.ac.uk/news-events/news/2026-04/optimising-electronic-prescribing-medicine-administration-epma-systems (Accessed 11 May 2026).

Cattell, M., Hyde, K., et al. (2024) Retrospective review of medication-related incidents at a major teaching hospital and the potential mitigation of these incidents with electronic prescribing and medicines administration, European Journal of Hospital Pharmacy, 31(4), pp. 295–300. Available at https://ejhp.bmj.com/content/31/4/295 (Accessed 30 March 2026).

Chartered Institute of Ergonomics and Human Factors (2023) Demystifying ergonomic standards. Available at https://www.youtube.com/watch?v=sQ0B0tKZXKE (Accessed 30 March 2026).

Civil Aviation Authority (2024) Unmanned aircraft system operations in UK airspace. CAP 722. Ninth edition amendment 2. Available at https://www.caa.co.uk/publication/download/21784 (Accessed 30 March 2026).

Darzi, A. (2024) Independent investigation of the NHS in England. Available at https://www.gov.uk/government/publications/independent-investigation-of-the-nhs-in-england (Accessed 30 March 2026).

Data (Use and Access) Act (2025) Available at https://www.legislation.gov.uk/ukpga/2025/18/contents (Accessed 30 March 2026).

Department of Health and Social Care (2018) The future of healthcare: our vision for digital, data and technology in health and care. Available at https://www.gov.uk/government/publications/the-future-of-healthcare-our-vision-for-digital-data-and-technology-in-health-and-care/the-future-of-healthcare-our-vision-for-digital-data-and-technology-in-health-and-care (Accessed 30 March 2026).

Department of Health and Social Care (2022) A plan for digital health and social care. Available at https://www.gov.uk/government/publications/a-plan-for-digital-health-and-social-care/a-plan-for-digital-health-and-social-care (Accessed 30 March 2026).

Department of Health and Social Care (2024) Medical technology strategy. Available at https://www.gov.uk/government/publications/medical-technology-strategy/medical-technology-strategy (Accessed 30 March 2026).

ePRaSE (n.d.a) About ePRaSE. Available at https://eprase.info/about/ (Accessed 11 May 2026).

ePRaSE (n.d.b) EP Learning Lab. Electronic Prescribing Risk and Safety Evaluation Programme. Available at https://eprase.info/lab/ (Accessed 11 May 2026).

ePrescribing Research Programme (n.d.a) ePrescribing Toolkit. Available at www.eprescribingtoolkit.com (Accessed 30 March 2026).

ePrescribing Research Programme (n.d.b) ePrescribing Toolkit: consolidation and optimisation Available at https://www.eprescribingtoolkit.com/planner/consolidation-and-optimisation/ (Accessed 30 March 2026).

ePrescribing Research Programme (n.d.c) ePrescribing Toolkit: pre-implementation. Available at https://www.eprescribingtoolkit.com/planner/pre-implementation/ (Accessed 30 March 2026).

Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. Available at https://www.legislation.gov.uk/uksi/2014/2936/contents (Accessed 7 May 2026).

Health Services Safety Investigations Body (2019) Electronic prescribing and medicines administration systems and safe discharge (Originally published by the Healthcare Safety Investigation Branch). Available at https://www.hssib.org.uk/patient-safety-investigations/electronic-prescribing-and-medicines-administration-systems-and-safe-discharge/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2020) The role of clinical pharmacy services in helping to identify and reduce high-risk prescribing errors in hospital (Originally published by the Healthcare Safety Investigation Branch). Available at https://www.hssib.org.uk/patient-safety-investigations/the-role-of-clinical-pharmacy-services-in-helping-to-identify-and-reduce-high-risk-prescribing-errors-in-hospital/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2022a) The use of an appropriate flush fluid with arterial lines (Originally published by the Healthcare Safety Investigation Branch). Available at https://www.hssib.org.uk/patient-safety-investigations/the-use-of-an-appropriate-flush-fluid-with-arterial-lines/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2022b) Weight-based medication errors in children (Originally published by the Healthcare Safety Investigation Branch). Available at https://www.hssib.org.uk/patient-safety-investigations/weight-based-medication-errors-in-children/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2022c) Medicine omissions in learning disability secure units (Originally published by the Healthcare Safety Investigation Branch). Available at https://www.hssib.org.uk/patient-safety-investigations/medicine-omissions-in-learning-disability-secure-units/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2024a) Medication related harm. Available at https://www.hssib.org.uk/patient-safety-investigations/medication-related-harm/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2024b) Medication not given: administration of time critical medication in the emergency department. Available at https://www.hssib.org.uk/patient-safety-investigations/medication-related-harm/investigation-report/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2025a) Medication not given: anticoagulation before and after a procedure. Available at https://www.hssib.org.uk/patient-safety-investigations/medication-related-harm/second-investigation-report/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2025b) Medication not given: discharge from an acute hospital to the community. Available at https://www.hssib.org.uk/patient-safety-investigations/medication-related-harm/third-investigation-report/ (Accessed 30 March 2026).

Health Services Safety Investigations Body (2025c) Patient safety issues associated with electronic patient record (EPR) systems – a thematic review. Available at https://www.hssib.org.uk/patient-safety-investigations/electronic-patient-record-epr-systems-thematic-review/investigation-report/ (Accessed 30 March 2026).

International Organization for Standardization (n.d.) Standards. Available at https://www.iso.org/standards.html (Accessed 30 March 2026).

International Organization for Standardization (2021) Health informatics – Interoperability and integration reference architecture – Model and framework. ISO 23903:2021. Available at https://www.iso.org/obp/ui/#iso:std:iso:23903:ed-1:v2:en (Accessed 7 April 2026).

Jeeves, B., Mullen, S., et al. (2025) CSO Council white paper. Digital clinical safety in the UK, an open and informed position: supporting CSOs to foster a culture of compliance with standards. Available at https://digitalhealthnetworks.net/wp-content/uploads/2025/03/CSO-Council-White-Paper-Digital-Clinical-Safety-in-the-UK-March-2025.pdf (Accessed 30 March 2026).

Klein, S., Tsanas, A., et al. (2025) A simulation study to quantitatively assess the performance of electronic prescribing systems in English NHS hospital trusts, Scientific Reports, 15, 2120. doi: 10.1038/s41598-025-86112-w

Leveson, N.G. and Thomas, J.T. (2018) STPA handbook. Available at https://psas.scripts.mit.edu/home/get_file.php?name=STPA_Handbook.pdf (Accessed 30 March 2026).

Leveson, N. (2024) CAST handbook. A “systems thinking” approach to the investigation of healthcare adverse events. Available at https://psas.scripts.mit.edu/home/get_file10.php?name=CAST_Handbook_Healthcare.pdf (Accessed 30 March 2026).

Macrae, C. (2016) The problem with incident reporting, BMJ Quality & Safety, 25(2), pp. 71–75. doi: 10.1136/bmjqs-2015-004732

Medicines and Healthcare products Regulatory Agency and Javid, S. (2021) Consultation outcome: Consultation on the future regulation of medical devices in the United Kingdom. Available at https://www.gov.uk/government/consultations/consultation-on-the-future-regulation-of-medical-devices-in-the-united-kingdom (Accessed 12 May 2026).

Medicines and Healthcare products Regulatory Agency (2023a) Borderline products: classifying medical devices and risk. Available at https://www.gov.uk/guidance/borderline-products-how-to-tell-if-your-product-is-a-medical-device (Accessed 13 May 2026).

Medicines and Healthcare products Regulatory Agency (2023b) Guidance: medical device stand-alone software including apps (including IVDMDs). Available at https://assets.publishing.service.gov.uk/media/64a7d22d7a4c230013bba33c/Medical_device_stand-alone_software_including_apps__including_IVDMDs_.pdf (Accessed 30 March 2026).

Medicines and Healthcare products Regulatory Agency (2023c) Drug safety Update: Electronic Prescribing and Medicines Administration Systems: report adverse incidents on a Yellow Card. Available at https://www.gov.uk/drug-safety-update/electronic-prescribing-and-medicines-administration-systems-report-adverse-incidents-on-a-yellow-card (Accessed 13 May 2026).

Medicines and Healthcare products Regulatory Agency (2025) Health Institution Exemption – Stakeholder survey: Call for Evidence Analysis Summaries. Available at https://www.gov.uk/government/calls-for-evidence/health-institution-exemption-stakeholder-survey/outcome/health-institution-exemption-stakeholder-survey-call-for-evidence-analysis-summaries (Accessed 12 May 2026).

Medicines and Healthcare products Regulatory Agency (2026a) Health Institution Exemption for general medical devices. Available at https://www.gov.uk/government/publications/health-institution-exemption-for-general-medical-devices (Accessed 12 May 2026).

Medicines and Healthcare products Regulatory Agency (2026b) Regulating medical devices in the UK. Available at https://www.gov.uk/guidance/regulating-medical-devices-in-the-uk#requirements-for-those-manufacturing-and-supplying-devices-in-great-britain (Accessed 12 May 2026).

Napier, J. and Youndberg, B.J. (2008) ‘Risk management and patient safety: The synergy and the tension’. In: Youngberg, B.J. (ed.) Patient Safety Handbook. 2nd edn. Sudbury, MA: Jones and Bartlett Publishers, pp. 3–21.

NHS Connecting for Health (2009) Electronic prescribing in hospitals. Challenges and lessons learned. Available at https://webarchive.nationalarchives.gov.uk/ukgwa/20130502102046/http:/www.connectingforhealth.nhs.uk/systemsandservices/eprescribing/challenges/Final_report.pdf (Accessed 30 March 2026).

NHS England (n.d.a) Progress against digital clinical safety strategic commitments Available at https://www.england.nhs.uk/patient-safety/patient-safety-systems/digital-clinical-safety-strategy/progress/ (Accessed 30 March 2026).

NHS England (n.d.b) Online version of the NHS Long Term Plan. Chapter 5: Digitally-enabled care will go mainstream across the NHS. Available at https://webarchive.nationalarchives.gov.uk/ukgwa/20250506042209/https://www.longtermplan.nhs.uk/online-version/chapter-5-digitally-enabled-care-will-go-mainstream-across-the-nhs/ (Accessed 30 March 2026).

NHS England (n.d.c) The NHS Patient Safety Strategy. Available at https://www.england.nhs.uk/patient-safety/the-nhs-patient-safety-strategy/ (Accessed 30 March 2026).

NHS England (n.d.d) Learn from patient safety events (LFPSE) service. Available at https://www.england.nhs.uk/patient-safety/patient-safety-insight/learning-from-patient-safety-events/learn-from-patient-safety-events-service/ (Accessed 11 May 2026).

NHS England (n.d.e) Digital Technology Assessment Criteria (DTAC): guidance for buyers and suppliers. Available at https://transform.england.nhs.uk/key-tools-and-info/digital-technology-assessment-criteria-dtac/ (Accessed 11 May 2026).

NHS England (2021) Digital Clinical Safety Strategy. Available at https://transform.england.nhs.uk/key-tools-and-info/digital-clinical-safety-strategy/ (Accessed 30 March 2026).

NHS England (2023) DCB0160: Clinical risk management: its application in the deployment and use of health IT systems. Available at https://digital.nhs.uk/data-and-information/information-standards/governance/latest-activity/standards-and-collections/dcb0160-clinical-risk-management-its-application-in-the-deployment-and-use-of-health-it-systems/ (Accessed 30 March 2026).

NHS England (2024) Building healthcare software – acute, community and mental health care. Available at https://digital.nhs.uk/developer/guides-and-documentation/building-healthcare-software/acute-community-and-mental-health-care (Accessed 30 March 2026).

NHS England (2025a) Applicability of DCB0129 and DCB0160. Terms and definitions. Available at https://digital.nhs.uk/services/clinical-safety/applicability-of-dcb-0129-and-dcb-0160/terms-and-definitions#:~:text=81001%2D1:2021-,Health%20IT%20system,hardware%2C%20software%20or%20a%20combination (Accessed 30 March 2026).

NHS England (2025b) NHS Standard Contract 2025/26. Technical guidance. Available at https://www.england.nhs.uk/wp-content/uploads/2025/04/08-nhssc-2526-technical-guidance.pdf (Accessed 30 March 2026).

NHS England (2025c) Information standards for health and care. Available at https://digital.nhs.uk/data-and-information/information-standards (Accessed 30 March 2026).

NHS England (2025d) DCB0129: Clinical risk management: its application in the manufacture of health IT systems. Available at https://digital.nhs.uk/data-and-information/information-standards/governance/latest-activity/standards-and-collections/dcb0129-clinical-risk-management-its-application-in-the-manufacture-of-health-it-systems (Accessed 30 March 2026).

NHS England (2025e) Digital clinical safety assurance. Available at https://www.england.nhs.uk/long-read/digital-clinical-safety-assurance/#:~:text=Hazards%20are%20documented%20in%20the,system%20is%20safe%20for%20release (Accessed 30 March 2026).

NHS England (2025f) National patient safety alert – harm from incorrect recording of a penicillin allergy as a penicillamine allergy. Available at https://www.england.nhs.uk/long-read/national-patient-safety-alert-harm-from-incorrect-recording-of-a-penicillin-allergy-as-a-penicillamine-allergy/ (Accessed 30 March 2026).

NHS England (2026a) Record a patient safety event. Available at https://www.england.nhs.uk/long-read/policy-guidance-on-recording-patient-safety-events-and-levels-of-harm/ (Accessed 11 May 2026).

NHS England (2026b) Digital clinical safety training. Available at https://digital.nhs.uk/services/clinical-safety/clinical-risk-management-training (Accessed 30 March 2026).

NHS Futures (2024) ePMA resource roadmap v2. Available at https://future.nhs.uk/EPRSupportHub/viewdocument?docid=197998885 (Accessed 30 March 2026).

NHS Futures (2025) EPR programme roadmap v1.71. Available at https://future.nhs.uk/connect.ti/EPRSupportHub/view?objectid=154241093 (Accessed 30 March 2026).

NHS Innovation Service (n.d.) Regulation. Digital healthcare technologies Available at https://innovation.nhs.uk/innovation-guides/regulation/digital-product-or-service/ (Accessed 30 March 2026).

NHS Learning Hub (2021) An introduction to clinical informatics. Available at https://learninghub.nhs.uk/resource/5983 (Accessed 30 March 2026).

Nuffield Trust (2019) Achieving a digital NHS. Lessons for national policy from the acute sector. Available at https://www.nuffieldtrust.org.uk/sites/default/files/2019-05/digital-report-br1902-final.pdf (Accessed 30 March 2026).

Oskrochi, Y., Roy-Highley, E., et al. (2025) Digital health technology compliance with clinical safety standards in the National Health Service in England: national cross-sectional study, Journal of Medical Internet Research, 27, e80076. doi: 10.2196/80076

Peerally, M.F., Carr, S., et al. (2017) The problem with root cause analysis, BMJ Quality & Safety, 26(5), pp. 417–422. doi: 10.1136/bmjqs-2016-005511

Pfeiffer, Y., Manser, T., et al. (2010) Conceptualising barriers to incident reporting: a psychological framework, Quality and Safety in Health Care, 19, e60. doi: 10.1136/qshc.2008.030445

Relihan, E.C. and Kelly, S.M. (2025) EPMA-related contributory factors to medication errors: development of a taxonomy to inform the optimisation strategy for an electronic patient record. International Journal of Medical Informatics 203. doi: org/10.1016/j.ijmedinf.2025.105990

Serle, J. (2026) NHSE seeks external digital support as job cuts continue. Available at https://www.hsj.co.uk/finance-and-efficiency/nhse-seeks-external-digital-support-as-job-cuts-continue/7041117.article (Accessed 30 March 2026).

Sujan, M. and Habli, I. (2021) Safety cases for digital health innovations: can they work?, BMJ Quality & Safety, 30, pp. 1047–1050. doi: 10.1136/bmjqs-2021-012983

The Health Foundation (2025) Digitising the NHS and adult social care. What could it cost? Available at https://www.health.org.uk/reports-and-analysis/analysis/digitising-the-nhs-and-adult-social-care-what-could-it-cost (Accessed 30 March 2026).

The Medical Devices Regulations (2002) Available at https://www.legislation.gov.uk/uksi/2002/618/contents (Accessed 30 March 2026).

UK Chemotherapy Board (2022) Standards for the safer use of electronic prescribing and medicines administration (ePMA) systems for use in systemic anti-cancer therapy (SACT) services. Available at https://www.uksactboard.org/_files/ugd/638ee8_5613776913e5415f81f31610e4a4a862.pdf?index=true (Accessed 30 March 2026).

UK Government (n.d.) Report a problem with a medicine or medical device. Available at https://www.gov.uk/report-problem-medicine-medical-device (Accessed 30 March 2026).

UK Government (2025) Fit for the future – 10 Year Health Plan for England. Available at https://assets.publishing.service.gov.uk/media/6888a0b1a11f859994409147/fit-for-the-future-10-year-health-plan-for-england.pdf (Accessed 12 January 2026).

Watcher, R.M. (2016) Making IT work: harnessing the power of health information technology to improve care in England. Report of the National Advisory Group on Health Information Technology in England. Available at https://assets.publishing.service.gov.uk/media/5a8091afe5274a2e87dba8f2/Wachter_Review_Accessible.pdf (Accessed 30 March 2026).

Willis, S. (2025) Patient safety alert issued after penicillin allergies incorrectly recorded, The Pharmaceutical Journal, 315(8003). doi: 10.1211/PJ.2025.1.386805