Healthcare regulators and risk: assessing the evidence

Introduction

What is the role of professional regulators in managing clinical risk? We take a variety of risks, as citizens, consumers and patients, and few would argue that it is the role of the state to regulate each and every one of those risks. However, some risks have a wider profile. We, as a society, agree that these risks are public risks, and should not be left solely to the individual. We agree the level of risk we are prepared to tolerate individually, and we look to ‘the authorities’ to manage the rest.

The General Dental Council (GDC) is one such authority, set up by Parliament more than 50 years ago to regulate dental professionals in the UK. To work in the UK, all dentists, dental nurses, dental technicians, dental hygienists, dental therapists, clinical dental technicians and orthodontic therapists – the dental team – must be registered with us.

‘Protecting patients by regulating the dental team’ sums us up. We manage risk on behalf of the public. Those risks are both localized and globalized. Re-validation can be seen as an example of localized risk management – managing the risk of a dental professional dropping below acceptable standards years after qualifying. Other localized risks include tooth whitening and Botox. How should we manage the risks involved in botched tooth whitening? Should dentists be allowed to administer Botox – why not, if they are qualified and skilled in the physiology of the face? What about other parts of the body?

The movements of dental patients and appliances across international boundaries are two examples of globalized risk. How do we manage the risks involved in ‘dental tourism’? To what extent can we assure the safety of dental appliances arriving here from overseas? (Professional regulators don't operate in isolation, of course, and these complex risks require joined-up action by a variety of agencies and organizations.)

Assessing whether a dental professional is fit to practise; deciding whether we list dentists' additional qualifications on the relevant Register; how we examine dental professionals from overseas who want to practise in the UK – everything we do, and don't do, may be analysed in terms of regulating risk.

Evidence-based risk assessment

Knowing how people feel about risk is more than useful: it is an essential aspect of effective regulation. And we certainly cannot second-guess how people feel. Increasingly we are recognizing that, in many spheres of life, people are prepared to tolerate risk, and that any proposals to seek to protect against such risks need to be tested thoroughly to ensure they are not over-burdensome and that they do not unduly limit innovation and local and individual freedom of action.

For instance, weights and measures is one of the oldest areas of consumer regulation, dating back to the Magna Carta. Complex UK and European Union rules apply. But research ¹ by the National Consumer Council (now part of Consumer Focus) found that shoppers were far from convinced that such complex rules were in their interests. They were willing to tolerate the risk of being ripped off because they had an important sanction: they had choice. They could go elsewhere.

There are differences, of course, between going to the dentist and buying a punnet of strawberries from a supermarket. Trust is at the heart of regulating healthcare. Our system was originally based on a perceived binary split, between the professional who had experience, training and knowledge, and the lay patient, who had none of these. We have largely moved beyond this ‘Trust me, I'm a doctor/dentist/et cetera’ paradigm to something more like ‘Trust me, I'm regulated’. Evidence of public attitudes collected recently by the GDC makes a link between patients' trust in dental professionals and patients' assumptions (whether they've heard of the GDC or not) that someone behind the scenes is ‘checking up on them’.

In healthcare, this need for confidence is legally recognized. In all walks of life, some people need, and get, more protection than others – vulnerable groups, for instance. This isn't discrimination. It is pragmatic.

However, in the realm of healthcare, everyone is deemed vulnerable, because even the most articulate and resourceful individuals can fail to muster their articulacy and resourcefulness in the face of healthcare professionals. The Safeguarding Vulnerable Groups Act 2006 defines regulated activities and those who might be vulnerable to them. Vulnerable adults include those who are in sheltered accommodation or prison, or receive a welfare service, for instance. But a person is also defined as a vulnerable adult if he or she ‘receives any form of healthcare’. (The equivalent Scottish legislation takes a similar line.)

Does it follow that healthcare regulators must more heavily regulate risk than regulators in other walks of life? Not if we are to apply what are known as the ‘principles of better regulation’, which provide a checklist for better regulation: proportionality, accountability, consistency, transparency and targeting. All these are crucial in regulating risk effectively.

However, to take the last of these principles specifically, if we are to target areas of risk more effectively, does that not mean being tougher – applying new rules, or applying the existing rules more rigorously? Perhaps. But the risk then is that more and more complex rules end up actually sabotaging effective regulation. The more complex rules are, the greater the chance they will be flouted, deliberately or inadvertently. There is a tension between targeting regulation and simplicity in regulation that has yet to be resolved. Basing how we manage risk on how we assess risk – systematically – is crucial. A risk-based approach serves our principles of better regulation, and is wholly consistent with them. How is this new?

Traditionally, we have decided that something is a risk because someone authoritative says it is, or public opinion identifies it. There has been no systematic way for identifying risks. This can work. Some years ago, the GDC banned general anaesthesia in general dental surgeries following a small number of highly-publicized serious cases. This was clearly the right decision – involving a certain amount of intuitive but nevertheless valid wisdom. But making policy on the basis of ‘noise’ – the more there is, the bigger the issue, the greater the need for a policy – carries inherent dangers. It can result in policy-making led by ‘moral panic’, reinforced by tabloid bluster of the ‘something must be done’ type. Messy and intuitive regulation, by what has been dubbed an ‘ad-hocracy’, looks like the antithesis of regulation based on systematically assessing risk in the light of the facts, and then consciously deciding what risk management action (if any) to take, in the light of: (i) the risk assessment; and (ii) an agreed set of values and principles defining risk tolerance. Can we systematize the wisdom too, and have the best of both worlds?

Government appetite for risk

As the Better Regulation Commission, the predecessor to today's Risk and Regulation Advisory Council, put it: ²

Where public risk is not correctly understood and managed, citizens (in general, but especially those who are already disadvantaged) are not properly protected from high risks; they are not enabled to take appropriate decisions themselves about risk; they do not experience the benefits of a more entrepreneurial and resilient society; and they lack trust in regulatory decisions. Businesses and public services face greater constraints on their ability to innovate and focus on customer needs. Voluntary organizations can be crowded out by bureaucracy. Policy-makers do not achieve their objectives because they are insufficiently prioritized, do not focus on outcomes, waste scarce regulatory resources and reflect a lack of understanding of how service providers and customers really behave.

Back in February 2007, the Government White Paper Trust, Assurance, Safety – The Regulation of Health Professionals in the 21st Century ³ identified a growing focus in Government on a more rigorous approach to regulation generally. The White Paper duly exhorted a move to a more risk-based approach in the regulation of professional healthcare: in other words, as the Hampton Report on the issue put it, ‘setting standards of regulation on the basis of assessments of risk to health, safety, environment, etc of the activity’. ⁴ Risk-based regulation was a common theme in responses to consultation, it said, and was ‘at the heart of the development of the proposals in this White Paper’.

Risk-based regulation applied as much to public sector services as it did to the private sector, the paper went on:

The costs of professional time in meeting the requirements of regulation are opportunity costs for patients. Every hour that a highly-trained and costly health professional spends demonstrating objectively their continuing competence is an hour lost to patient care. The Government itself therefore has an in-built incentive to ensure that the expenditure of that time adds real value to patient care, providing the assurance and peace of mind that allows patients to take the quality of their care for granted, confident that they are being treated in a way that maximizes their safety. In a health service facing demanding challenges to deliver for the public, these judgements are critical.

The White Paper set out some significant, measurable risks and benefits in the field of professional regulation. However, it admitted that there were ‘real challenges’ in accurately costing risks and benefits. There was little or no empirical information on the prevalence of death, injury, disability and mental distress caused by inadequate professional competence or malicious, discourteous or abusive conduct, the White Paper pointed out:

Even if it were, it would be difficult to cost. What price do we put on the benefits of patients' peace of mind and public confidence? How do we cost lives scarred by grief in families who have lost those they love? Can we measure the frustration and anxiety of health professionals enmeshed unnecessarily in national professional regulatory procedures? How do we measure the costs of a sense of having been unjustly treated? Would the costs and burdens of accurately collecting these data be justified?

However, urged the White Paper, we could measure factors such as public and professional confidence, the costs of litigation, clinical accidents, addiction rates among health professionals, complaints or the number of referrals to regulators. In doing so, we would be pursuing a ‘policy-making environment in which a sustained commitment to evidence-based, high quality, flexible process leads to public risk being tackled in a systemic, targeted, and proportionate manner with good intentions leading routinely to good outcomes’. That was the vision of the Better Regulation Council in January 2008, when it recommended a new Risk and Regulation Advisory Council to champion just such a regulatory regime.

Gathering evidence

It is early days, but at the GDC at least, we have taken some steps towards creating just such an ‘evidence-based, high quality, flexible process’ of regulation. To carry out our UK-wide role we already work closely with stakeholders, including patient and consumer groups, professional groups, government, devolved administrations and other healthcare regulators. We are committed to being open, inclusive and accountable, and consulting widely on new initiatives. By doing so we draw on the experience of key stakeholders in healthcare who help us to ensure that GDC policies and procedures are as robust as possible, and protect the public effectively. Consultation and involvement can now more clearly be seen not as fluffy or politically correct but as essential components of a systematic risk management process.

A recent key move has been actively to seek the views of patients and dental professionals, consulting them face to face on issues ranging from awareness and views of the GDC to the future direction of the Council. These views will help us to make better decisions and deliver better services, and for the first time give us an explicit evidence base when it comes to the public's approach to risk in dentistry.

For instance, we invited 111 members of the public to a day-long conference entitled ‘Dental check-up – your views on protecting dental patients’. We asked them, among other things:

What are your dental professionals good at and what could they do better?

However, when we asked dental professionals whether they felt that the information currently provided on our Registers was appropriate, they saw no need for change. Clearly, there is not a lot of consensus between public and professionals over the purpose of the Registers. Assessing risk is one thing: managing it may be more fraught than previously recognized, where different values and priorities are played in from very different points of view.

Without labouring the point, a further recent example of how we are constructing an evidence base for regulating risk was a series of five workshops last year organized by our Quality Assurance Team, attracting around 150 attendees, all dental professionals. The evidence we gathered is directly helping us to size the different risks of different options for the potential restructuring of the professional lifecycle in dentistry.

All this is, of course, on top of ‘traditional’ methods of consulting on how and what we regulate: issuing consultation documents and gathering views on them. Two recent consultations launched have been on the issues of revalidation – ‘how?’ rather than ‘should we?’ – and indemnity (a classic example of managing public risk).

All this is a start, and no more. The point is that we are not operating on our own behalf. We are managing risk on behalf of the public – ‘protecting patients, regulating the dental team’. To do that effectively, we must be able to assess the public's appetite for risk. We must do this carefully, though. As we develop more rigorous and robust processes to gather material to inform our risk-based regulatory approach, we must be alert to perverse interpretations of the information we gather. For instance, a dental surgery that attracts many complaints may be providing suboptimal care, or may actively (and laudably) be soliciting complaints in order to develop an even better service. Which? It could be tough to make that call.

Conclusion

We as healthcare regulators are moving from where we take decisions on the basis of opinion, anecdote and assumptions about the public's appetite for risk to assessment on the basis of the evidence.

We are, in short, being asked to develop evidence-based regulation. We need to ask how much risk the public will tolerate, and to regulate accordingly. A fair wind, a solid evidence base, and more rigorous, robust and transparent criteria for assessing and managing risk should give us healthcare regulation more in line with the vision of ‘public risk being tackled in a systemic, targeted, and proportionate manner with good intentions leading routinely to good outcomes’.