Medical Device Reps Are Not Risk Managed?

November 21, 2018by jagworldwide0

Why Hospitals Are Liable If Their Medical Device Reps Are Not Risk Managed

Ethical and legal minefield could cost £28billion annually.


WHILE uncertainty continues over how exactly to manage external health professionals who are required to be present in hospital clinical areas, here is an insight into the legal and ethical position as it stands right now.

“Anyone who is invited into hospitals or areas of clinical care in an advisory capacity is bound by the same legal and ethical obligations as those employed within the NHS.”

Department of Health, Confidentiality: NHS Code of Practice, July 2003.

For years, there have been inadequate guidelines and no regulations setting out the exact standards of professional practice required of non-clinical individuals that would ensure they comply with accepted or implied standards.

Clearly, given the NHS Code of Practice (above), there is a need for a national standard for hospital/theatre access for external contractors/ company representatives who require professional face-to-face interaction with patients.

The primary aim is to safeguard patients and staff, by risk managing access to sensitive areas, improving infection control, ensuring that the right people have the right qualification and standard of training to be in a hospital setting.

What is the extent of this risk? For example, in one of the major UK teaching hospitals, there are in excess of 12,000 company representatives present in patient care areas every year. Most UK hospitals have not yet implemented a specific policy compliance and national standard approach – and that could leave them open to legal negligence settlements amounting to £28billion.

They will possibly have introduced a learning and education framework for employees that doesn’t extend to external contractors or company representatives who require to provide support to medical and nursing staff in their delivery of care to patients.

For Hospitals to effectively risk manage this situation the medical device/pharmaceutical company representative should show evidence of competence to be admitted to and to work within a clinical environment.

Currently all liability is carried by the hospital because:

  • NO contractual link exists between the individual representative and the hospital
  • NO contractual link exists between the company (supplier) and the hospital

This is further complicated as medical device and pharma company representatives are the only external service providers who are admitted to clinical areas without having first signed a contract.

It is also interesting to note that the product they promote will carry a master indemnity. However, no such indemnifying agreement exists for medical device company representative supporting the product in the clinical environment.

Without qualifications, patient safety can be compromised, and unsatisfactory surgical outcomes that are linked to the presence of unqualified individuals in clinical areas can be shown to be the responsibility of hospital managements who failed to act to address the presence of an unquantifiable legal risk.

As the NHS Code of Practice states, commercial visitors effectively become members of staff in the eyes of the law. As a result, the hospital is potentially liable for their behaviour and actions, and the impact of these, on the safety of staff and patients.

The legal view that commercial visitors are members of staff while on site also places a responsibility on the hospital as an “employer” to ensure their security and safety.

The Management of Health and Safety at Work regulations (1999) therefore apply. They state that every employer shall make a suitable and sufficient assessment of:

  • The risk to health and safety of persons not in his employment, arising out of or in connection with the conduct by him or his undertakings
  • The risks to the health and safety of his employees to which they are exposed while at work

Not only does the law require that employers carry out risk management assessments, but they must also provide clear written evidence that they have done so.

In the eyes of the law, therefore, hospitals have a duty of care for commercial visitors and are vicariously liable for their actions while these visitors are on site. Vicarious liability refers to a situation where someone is held responsible for the actions or omissions of another person.

In this context, the hospital as “employer” is liable for the acts or omissions of commercial visitors as “employees”, provided it can be shown that these acts or omissions took place in the course of their employment (i.e. visit to the hospital).

In view of this, it is vital that hospital managers ask themselves:

  • Do I know, at all times, what visitors we have on the premises?
  • What is the extent of their activities?
  • Given that hospitals have a legal obligation to assess risk and prevent commercial visitors from harming others or themselves, are the risks really that great?

Potentially, yes.

Representatives often have very close contact with patients, and work in sensitive hospital areas where following decontamination protocols or having access to sensitive data information can significantly impact patient outcomes.


In the UK it is common practice for representatives from medical device firms to attend and verbally assist, in a technical capacity, procedures involving their products.

For example, medical device reps may be present in theatre to assist with a surgeon’s use of a particular instrument, implant or other product. The level of expertise offered can be such that procedures may be cancelled if the appropriate product specialist is not present.

But risk is not restricted to the operating theatre. Any commercial visitor on site has the potential to directly influence patient health outcomes through their actions, omissions or health status. That is why training is so important.

In admitting a patient, hospitals immediately take on a duty of care for that individual. Medical negligence claims are valid when both of the following parameters are established:

  • A breach in that duty of care is established
  • The breach is proven to have caused harm to the patient

So, what has this to do with policy compliance and national standards? Consider the following scenario.

A patient is admitted to surgery for a hip implant that is new to the market. Though the surgeon has received training, it is the first time that he has used this implant, and so a product specialist from the medical device company is present for consultation during the procedure. The surgery goes well but the patient develops an infection during the post-operative recovery phase.

On investigation, it is found that the representative did not follow theatre protocols for decontamination and hand hygiene and is the likely source of infection. The infection occurred during surgery and would have been avoided had correct protocols been followed.

Applying the first of the above parameters, by not following protocols, a breach in duty of care can be established. The second parameter is established by the fact that the infection developed by the patient during the post-operative recovery phase has harmed the patient.

This is therefore a case of medical negligence. However a secondary question now arises – namely who is liable?

As we have previously established, while on hospital property and working in a consultative capacity, the representative is the responsibility of the hospital. Because the hospital failed to check that the representative – effectively an employee here – had the appropriate training in theatre protocols, a patient was harmed while in the hospital’s care.

It was a foreseeable risk that could have been avoided. Therefore, the hospital is deemed liable.

Furthermore, tackling preventable infections such as MRSA is a key priority. Therefore, ensuring commercial visitors have received training on infection control/decontamination policies and procedures are vital.

The annual amount set aside for NHS negligence claims is now standing at £28billion – alarmingly, an amount exceeding the entire non-pay budget of the NHS in England. This sum alone makes a compelling case for reducing risk.
A “Gold Standard” risk management policy is the answer. It would:

  • Assist the hospital to demonstrably execute on its duty of care obligations
  • Ensure that commercial visitors meet the hospital’s requirements for access to patient-sensitive or restricted areas
  • Ensure that commercial visitors meet the hospital’s requirements for access to patient-sensitive or restricted areas
  • Guarantee that hospital management know who is on site at any time, and why
  • Provide an audit trail of activity

In effect, it is a vital safety umbrella that can not only reduce risk to patients but also reduce risk for the hospital.

Negligence and liability are sometimes overused words in healthcare settings, and can lose their meaning – until a theoretical case becomes reality.

Effective risk management is essential to protect patients and healthcare providers – and so policy compliance and national standards are important considerations that everyone should address.
Find out more by contacting us or commenting below.

Leave a Reply

Your email address will not be published. Required fields are marked *