Incident Reporting Policy

Document control:

Document control information

Policy Name: Incident Reporting Policy
Policy Number: C005
Version: V1.0
Status: Final – Approved
Author / lead: Governance and Risk Manager
Responsible Executive Director: Executive Director of Corporate Services
Responsible Committee: Audit Risk and Compliance Committee
Date approved by Responsible Committee: 24 March 2026
Date ratified by the ICB Board/Effective Date: 1 April 2026
Next review date: April 2028
Target audience:
– Essex ICB members and staff (including temporary/bank/agency/voluntary/work experience staff).
– Contractors engaged by the ICB.
– Staff from other Essex Integrated Care Partnership (ICP) organisations who are members of ICB committees/sub-committees and other groups.
Stakeholders engaged in development of policy (internal and external):
– Essex ICB Governance Leads.
– Audit, Risk and Compliance Committee
Impact assessments undertaken: Equality Impact Assessment (see Appendix A)

Version history:

Version: 0.1
Date: 26/02/2026
Author (Name and title): Chris Cullen – Corporate Services & Governance Support Officer
Summary of amendments made: Minor Amendments made to existing MSE ICB policy to develop a first draft for Essex ICB. Changes reflect new organisational structure and revised policy template.

Version: 0.2
Date: 27/02/2026
Author (Name and title): Chris Cullen – Corporate Services & Governance Support Officer
Summary of amendments made: Updated to reflect DCIQ online Datix reporting form, process and monitoring.  Paper referral form (Appendix B) removed.

Version: 0.3
Date: 10/03/2026
Author (Name and title): Sara O’Connor, Senior Manager Corporate Services
Summary of amendments made: Minor amendments

Version: 0.4
Date: 13/03/2026
Author (Name and title): Chris Cullen – Corporate Services & Governance Support Officer
Summary of amendments made: Updated following feedback from KF, JC and IG.

Version: 1.0
Date: 24/03/2026
Author (Name and title): Helen Chasney – Governance Senior Officer
Summary of amendments made: Final – Approved version

Introduction

The Essex Integrated Care Board (‘the ICB’) will work collaboratively across the Essex Integrated Care System (‘the ICS’) footprint to manage incidents. 

This is a controlled document. Whilst this document may be printed (please consider if this is necessary), the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled. As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the website (or requested from the Governance Lead/Team) to ensure the most up-to-date version is used.

Purpose / Policy Statement

This policy sets out the ICB’s arrangements for reporting and managing incidents, including identifying and disseminating learning to prevent recurrence.

The purpose of the policy is to establish and maintain a framework for the initial reporting, investigation and management of incidents which: 

• Encourages staff to report all incidents, including near misses, with assurance that there is an open and transparent ‘fair blame’ culture with a focus on identifying and sharing learning and implementing appropriate controls to prevent recurrence.
• Ensures there is an accurate record of the circumstances of each incident to support investigation of incidents (either by the ICB and/or other relevant agencies), including those which result in a complaint or legal proceedings.
• Supports the ICB in achieving its strategic objectives and realising the significant safety, quality, financial and other organisational benefits from effectively managing incident reporting.
• Ensures processes are based on best practice, national guidance, legislation, taking account of organisational needs so that incidents are managed systematically and consistently. 
• Supports the ICB’s integrated risk management approach across all areas of corporate and clinical/professional risk which is embedded within day-to-day operational functions across Essex.  This includes triangulation of themes identified from incidents and other processes, such as the management of complaints and legal claims. 

Incidents from system primary care providers which meet the criteria of a serious incident will be managed in accordance with the Management of Serious Incidents Policy. 

Scope

This policy applies to the following (collectively known as members of staff):

• Essex Integrated Care Board (ICB) members.
• Members of staff (including temporary/bank/agency/voluntary/work experience staff).
• Contractors engaged by the ICB.
• Members of staff from other ICS partner organisations who are members of ICB committees/sub-Committees, advisory groups/other groups or otherwise involved in ICB business.

The policy applies to all areas of the ICB’s responsibilities and activities and all ICB premises and other assets, including incidents involving ICB staff whilst they are working in premises owned or occupied by other organisations. 

The policy applies to incidents arising within external organisations where the event affects the ICB’s staff, data, systems, commissioned functions, or obligations under statutory and regulatory frameworks.

Definitions

• Incident – an occurrence or unplanned event resulting in actual or potential loss or harm to persons, property, the environment or other assets.  Examples include clinical incidents, health and safety related accidents, incidents of violence or aggression, security breaches or vandalism, information governance breaches, fire, theft and environmental damage.  Within this policy, an incident includes a ‘near miss’ (see below). 
• Near Miss – an event or circumstances that was prevented or narrowly avoided which, had it occurred, had the potential to cause injury, harm, loss, damage or other detrimental impact. 
• Serious Incident – the NHS England Serious Incident (SI) Framework published in March 2015 defines that serious incidents are events in health care* where the potential for learning is so great, or the consequence to patients, families and carers, staff or organisations are so significant that they warrant using additional resources to undertake a comprehensive response. It is emphasised that serious incidents can extend beyond incidents which affect patients directly and can include incidents that may indirectly impact patient safety or an organisation’s ability to deliver on-going healthcare e.g. electrical failure.

Whilst there is no definitive list of events/incidents that constitute a serious incident, this would include acts or omissions in care that result or could have resulted in; unexpected or avoidable death, unexpected or avoidable injury resulting in serious harm, abuse, never events, incidents that prevent an organisation’s ability to continue to deliver an acceptable quality of healthcare services and incidents that may cause widespread public concern.

Further information on what constitutes a serious incident is set out in the Management of Serious Incidents Policy.

• Patient Safety Incident Response Framework (PSIRF) – The Patient Safety Incident Response Framework (PSIRF), introduced by NHS England, sets out the national approach for responding to patient safety incidents with a focus on learning, improvement, and compassionate engagement with those affected. It replaces the previous Serious Incident Framework within NHS contracted services.  Under PSIRF, organisations use a range of response methods—such as Patient Safety Incident Investigations (PSIIs), thematic reviews, and other learning response. Within the Integrated Care Board (ICB), PSIRF supports oversight of learning and the sharing of insights across commissioned services to strengthen patient safety across the system. However, it should be noted that PSIRF is not currently a contractual requirement for primary care providers, although its principles of learning, openness, and system improvement are strongly encouraged. 
• Serious Harm – the SI framework defines serious harm as:
• Severe harm (patient safety incident that appears to have resulted in permanent harm to one or more persons receiving NHS funded care)
• Chronic pain (continuous long-term pain of more than 12 weeks or after the time that healing would have been thought to have occurred in pain after trauma or surgery)
• Psychological harm, impairment to sensory, motor, or intellectual function or impairment to normal working or personal life which is likely to be temporary (i.e., has lasted, or is likely to last for a continuous period of at least 28 days)
• Major Incidents – An event or situation with a range of serious consequences that require special arrangements to be implemented by one or more emergency responder agency. In the NHS this will cover any occurrence that presents serious threat to the health of the community or causes such numbers or types of casualties, as to require special arrangements to be implemented. Examples include communicable disease outbreaks, terrorist incidents, major transport accidents, loss of healthcare facilities.  Please refer to the Incident Response Plan.
• Business Continuity Incident – An event or occurrence that disrupts, or might disrupt, an organisation’s normal service delivery, to below acceptable predefined levels. This would require special arrangements to be put in place until services can return to an acceptable level. Examples include surge in demand requiring temporary re-deployment of resources within the organisation, breakdown of utilities, significant equipment failure or hospital acquired infections.
• Critical Incident – Any localised incident where the level of disruption results in an organisation temporarily or permanently losing its ability to deliver critical services; or where patients and staff may be at risk of harm. It could also be down to the environment potentially being unsafe, requiring special measures and support from other agencies, to restore normal operating functions. A Critical Incident is principally an internal escalation response to increased system pressures/disruption to services.
• Never Events – patient safety incidents that are wholly preventable where guidance or safety recommendations providing strong systemic protective barriers are available at a national level and have been implemented by healthcare providers.

See https://www.england.nhs.uk/publication/never-events/ for the list of never events.

• Duty of Candour – Regulations set out duty of candour with definitions of openness, transparency and candour used by Robert Francis in his report. 
• Openness – enabling concerns and complaints to be raised freely without fear and questions asked to be answered. 
• Transparency – allowing information about the truth about performance and outcomes to be shared with staff, patients, the public and regulators. 
• Candour – any patient harmed by the provision of a healthcare service is informed of the fact and an appropriate remedy offered, regardless of whether a complaint has been made or a question asked about it. 
• Root Cause – can be defined as a fundamental, underlying, system-related reason why an incident occurred that identifies one or more correctable system failures.   It can also be described as a triggering event, condition or set of circumstances, often consisting of one or more contributory factors.  

Contributory Factor – one or more factors that led to an incident occurring or affected the impact of the incident.

Roles and Responsibilities

Integrated Care Board (ICB)

The ICB Board has overall responsibility for ensuring that the organisation has a robust system in place for the management, investigation and monitoring of incidents and  

Audit, Risk and Compliance Committee

The Audit, Risk and Compliance committee has responsibility for monitoring the ICB’s compliance with this policy and is the ‘sponsoring committee’ referred to in Section 9 Below.

Commissioning, Quality and Resource Committee

The Commissioning Quality and Resource Committee is responsible for monitoring outcomes from SI investigations declared by providers for which the ICB is the lead commissioner and for escalating any concerns to the ICB as set out in the Management of Serious Incidents Policy. 

Chief Executive

The Chief Executive has overall accountability for implementing this policy.

Executive Director of Corporate Services

The Executive Director of Corporate Services is responsible for operational implementation of this policy.

Policy Author

The policy author will have responsibility for developing and updating the policy in line with Section 9.

Incident Reporting Lead

The Incident Reporting Lead has responsibility for managing incidents, including liaising with managers regarding incident investigation, identification of learning, and reporting incidents to enforcing authorities where required.   

Other Directors and Managers 

Directors and managers are responsible for ensuring that all incidents occurring within their area of responsibility are reported and investigated in accordance with this policy. 

Following an incident investigation, directors and managers must ensure that any learning identified is shared with members of their directorate/team and that appropriate action is taken to prevent recurrence, including monitoring its effectiveness. 

Where appropriate, directors and managers will be responsibility for ensuring that the Duty of Candour, as set out in the Management of Serious Incidents Policy, is discharged. 

All Staff

All members of staff are individually responsible for:

• Familiarising themselves with the content of this policy and associated procedures and following these. 
• Being aware of their duty under legislation to maintain safe working practices and to take reasonable care of their own health, safety and welfare and that of others by complying with all relevant ICB policies, procedures and guidance to prevent incidents that might cause personal injury or harm. 
• Complying with all relevant ICB policies to minimise the risk of incidents relating to loss or damage to ICB property.
• Reporting incidents/accidents and near misses using the ICB incident reporting procedure.
• Co-operating with the investigation of incidents by the ICB, auditors, the police, the Health and Safety Executive or other enforcing authorities. 

Partnership Working

The ICB will work closely with its partner organisations to ensure that incidents which are cross-organisational in nature are investigated in an open and transparent way to ensure that learning is identified and shared.

Incident Reporting and Investigation Process

Immediate Action to be Taken Following an Incident 

Following an incident, the priority is to ensure that immediate action is taken to ensure the safety of those involved and/or that the security/safety of property, other assets or the environment is achieved.   

Depending on the nature and seriousness of the incident, the police or other emergency services should be contacted.  Where appropriate, access to the site of the incident should be prevented and the scene preserved to enable investigation. 

Managers should ensure that staff who are injured or affected by an incident receive appropriate immediate and ongoing support as required.    Where an individual suffers serious harm, managers should contact the next-of-kin if the individual is unable to do this themselves.  

How to Report an Incident

Incidents should be reported using the online Datix Incident Reporting Form which is available on the ICB Intranet at the following link:

Datix DCIQ online reporting form

A list of the required fields and guidance on completion can be found in section 6.2.3.  After submission the reporting member of staff will receive confirmation of receipt via an automated email. 

Where appropriate and possible, staff who are directly involved in or affected by the incident should complete the online reporting form as soon as reasonably practicable.  Alternatively, the relevant manager should complete the online reporting form based on information provided to them by those involved. 

Where an incident results in serious injury, harm or loss, the relevant senior manager(s) and Executive Lead must be informed immediately, either face to face and/or via email/telephone, with regular updates provided.  The online incident reporting form should then be completed as above. 

The online reporting form requires the following information to be completed: 

• The type of person affected (e.g. Patient, Staff, Visitor, Contractor of Member of Public, or Organisation)
• Incident date and time. If the exact date/time is not known, this should be recorded
• Description of the incident. This should be factual (not provide opinion) and not include names of people involved as this is used for reporting.  This should include the cause of the incident and any contributing factors should be provided where these are known at the time of reporting.
• Action taken at the time of the incident
• Incident location
• ICB Directorate affected
• Category of Incident (e.g. EPRR, Fraud, Medications, Health and Safety, IG / IT / Cyber – ICB, G / IT / Cyber – GP, Infection Prevention and Control, Safeguarding, Security, Violence and Aggression)
• Result of incident (Near Miss, Harm Caused, No Harm Caused)
• Severity of incident (None, Low, Moderate, Severe or Death)
• Additional Information. Any relevant additional documents to include photos of area where accident occurred, witness statements, etc. 
• Details of person/people affected
• Details of person reporting 

Written statements from those directly involved in, or witnesses to, the incident should be sought as soon as possible and appended to the Additional Information section of the initial online Datix report.  Statements should be based on what the individual saw, heard, felt, tasted, or smelt, immediately prior to, during or after the incident occurred.  Information should be succinct and in chronological order of events.  Witness statements must be signed and dated.  Where necessary, additional witness statements or clarification may be sought by the investigating manager.

Completed online reporting forms and witness statements should be submitted as soon as possible and within 2 working days for initial triage and dissemination to other managers as required. 

Health and Safety Related Incidents (including Fire Safety)

The Health and Safety/Incident Reporting Lead will review all incidents to determine whether a report to the Health and Safety Executive (HSE) or other enforcing authority under the Reporting of Incidents, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013 must be submitted, as per the Health and Safety Policy.    

Where an incident results in death or major injury, the Health and Safety Lead/Incident Reporting Lead must be notified immediately so that a report can be submitted without delay to the Health and Safety Executive, or other enforcing authority, as per RIDDOR.

Where an incident is reported which involves circumstances such as violence or aggression, bullying and harassment, fire, manual handling, breach of security, etc. it will be referred to the appropriate manager(s) and investigated as per the relevant policy. 

Information Governance Incidents 

Information Governance (IG) incidents should be reported via the Datix online incident reporting form as described in this policy. The IG Team will be automatically notified through the Datix system.

The IG incident team will consider whether the incident should be categorised as a Serious Incident Requiring Investigation (SIRI).  If the incident is categorised as a level 2 SIRI, or meets other characteristics, a report will be submitted to the Information Commissioners Office, Department of Health or other central bodies/regulators via the Data Security & Protection Toolkit.  Details of what constitutes a reportable incident is set out within the Information Governance Framework and Policy.

The IG Team will liaise with managers and staff to investigate the incident, produce an investigation report where required, and agree any action required to prevent recurrence.   

Serious Incidents

The Incident Reporting Lead will ensure that any incidents that appear to meet the serious incident (SI) criteria are drawn to the attention of the Quality Team and/or other appropriate team/managers.

Where it is agreed that the SI criteria is met, the investigation will be conducted in accordance with the Management of Serious Incidents Policy. 

Major Incidents, Critical Incidents and Business Continuity Incidents

Managers and the Incident Reporting Lead must ensure that any incidents that appear to meet the NHS Emergency Planning, Resilience and Response (EPRR) Framework criteria for being a Business Continuity Incident, Critical Incident or Major Incident (MI), are immediately drawn to the attention of the Emergency Preparedness, Resilience and Response Team, as per the Incident Response Plan. 

Incidents involving Fraud, Bribery or Corruption

Actual or suspected incidents or fraud, bribery or corruption, must be reported to the ICB’s Local Counter Fraud Specialist and investigated in line with the Counter-Fraud, Bribery and Corruption Policy.  

Investigating Incidents 

The level of incident investigation required will depend on the nature, severity and categorisation of an incident, as set out in the preceding paragraphs. 

Where an incident is deemed to be a SIRI, SI or MI, the investigation must be undertaken in accordance with the relevant policy or procedures. 

For all other incidents, managers should ensure that an investigation is undertaken, which should be proportionate to the circumstances and impact of the incident (in terms of time and resources spent / length of report).

The investigation report, which may be included within the final version of the incident report form or submitted within a separate document, should ensure that the following information is documented: 

• The circumstances of the incident. (i.e. Who?, What?, When? Where? Why?) 
• The impact of the incident, i.e. on individuals or the property or assets of the ICB.  
• The root cause and contributory factors are identified to enable action to be implemented to prevent recurrence.  Clear timescales and identified leads should be agreed.  
• Confirmation that identified learning has been shared with relevant individuals/teams/organisations or agencies, including details of any training that will be provided.  Where necessary, the support of the Communications Lead should be sought to help disseminate learning more widely where appropriate.  
• The report should be signed-off by the relevant manager recommending that the incident is closed.  The Incident Reporting Lead will advise if they have any concerns in this regard before finalising closing the incident. 

Whilst the primary focus of incident investigation is to identify and disseminate learning to prevent recurrence, if an investigation identifies that there might be grounds for disciplinary action to be taken against one or more members of staff, advice should be sought from the Human Resources Department in line with the Disciplinary Policy immediately this becomes apparent.

Monitoring Compliance

The Incident Reporting Lead is responsible for monitoring the ongoing compliance with this policy and ensuring that a robust incident reporting culture and reporting to relevant committees/groups on the number and nature of incidents, is embedded across the ICB.

Incident reports will be monitored through the Datix DCIQ dashboard by managers and the Incident Reporting Lead with any pressing or critical themes identified escalated immediately.  Annual reporting will provide an overview of the total number of incidents/risks, broken down by category, directorate severity and theme.

Incidents and any associated risks will be reported to the appropriate committee/sub-committee/group in accordance with their remit/area of responsibility.

The Audit, Risk and Compliance Committee is accountable to the Board for ensuring that the incident reporting and management process is effective

Implementation, Staff Training and Support

All staff will be made aware of incident reporting requirements as part of their local induction by their line manager, including their role and forms of support available to them.  

The Incident Reporting Lead will provide ongoing incident reporting training to relevant staff and will offer support to those involved in the incident reporting process. 

Arrangements for Review

This policy will be reviewed no less frequently than every two years.  Input will be sought from relevant managers/stakeholders.  An earlier review will be carried out in the event of any relevant changes in legislation, national or local policy/guidance, organisational change or other circumstances which mean the policy needs to be reviewed. 

If only minor changes are required, the sponsoring committee has authority to make these changes without referral to the Integrated Care Board. If more significant or substantial changes are required, the policy will need to be ratified by the relevant committee before final approval by the Integrated Care Board.

Associated Policies, Guidance And Documents

State supplementary documents (if applicable)

Associated Policies and Procedures

• Complaints, Compliments and Concerns Policy 
• Counter-Fraud, Theft and Bribery Policy
• Disciplinary Policy 
• Health and Safety Policy
• Information Governance Framework and Policy.
• Legal Services Policy
• Risk Management Policy
• Security and Lockdown Policy 
• Management of Serious Incidents Policy
• Patient Safety Incident Response Framework (PSIRF) Policy 
• Emergency Preparedness, Resilience and Response and Business Continuity Policy
• Incident Response Plan

References

Legislation

• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 2013. 
• NHS Emergency Preparedness, Resilience and Response Framework

Equality Impact Assessment

The EIA has identified no equality issues with this policy.

The EIA has been included as Appendix A.

Appendix A – Equality Impact Assessment

Initial information

Name of policy: Incident Reporting Policy
Version number (if relevant): 1.0
Directorate/Service: Corporate Services
Assessor’s Name and Job Title: Chris Cullen – Corporate Services and Governance Support Officer
Date: 26 February 2026

Outcomes

Analysis of impact on equality

The Public Sector Equality Duty requires us to eliminate discrimination, advance equality of opportunity and foster good relations with protected groups.   Consider how this policy / service will achieve these aims.  

N.B. In some cases it is legal to treat people differently (objective justification).

• Positive outcome – the policy/service eliminates discrimination, advances equality of opportunity and fosters good relations with protected groups
• Negative outcome – protected group(s) could be disadvantaged or discriminated against
• Neutral outcome  – there is no effect currently on protected groups

Please tick to show if outcome is likely to be positive, negative or neutral.  Consider direct and indirect discrimination, harassment and victimisation.

Monitoring outcomes

Monitoring is an ongoing process to check outcomes.  It is different from a formal review which takes place at pre-agreed intervals.

Review