Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Quality or Risk Management?

Quality and safety of care is a complex concept with numerous dimensions. It can involve structures, processes and outcomes and deals with effectiveness, safety and patient centeredness. Hospitals are faced with major challenges due to increasing complexity and technological developments.

An effective quality management system is risk based. To improve quality, it is necessary to identify and control risks, e.g. the workers, the patient and the organisation. Failures and incidents can be held accountable for the fact that output does not fulfil the expectations or requirements. Output may affect continuity, finance, quality, safety standards, etc. Risk management therefore requires to have a greater impact on the policy and operations of organisations, much more than it has till now. In particular, on the operational level, hospitals are quite vulnerable for disturbances and (near) incidents with a negative effect on the efficiency and efficacy of an organisation. It is obvious that this generates a lot of waste in terms of money and capacity.

2 Risk Management Retrospective

For a long time, risks and safety have been correlated with the chemical industry, nuclear power plants, aviation and heavy industries like shipyards, construction and metal works. Common sense about safety was the human factor – reckless behaviour – which was the most important explanation for the occurrence of incidents. In a study by Greenwood and Woods, it was found that accidents were unevenly distributed among workers, with a relatively small proportion of workers accounting for most of the accidents (Greenwood et al. 1919). Their theory is known as the accident-proneness theory. Nowadays, in safety science, this theory is obsolete. However, the underlying idea that certain people attract accidents is still alive. In 1931, Heinrich reported that 88% of the accidents are caused by ‘unsafe acts of persons’. Based on his research, he developed what often is referred to as Heinrich’s accident triangle or pyramid. In a group of 330 accidents, 300 will result in no injuries, 29 will result in minor injuries and one will result in a major injury. Although there maybe reservations about Heinrich’s data and conclusions, his theories espoused 80 years ago are still considered applicable today (Heinrich 1931).

Another widely used theory for accident causation also developed by Heinrich (1931) is the ‘Domino Theory’. According to this theory, an ‘accident’ is one factor in a sequence that may lead to an injury. The factors can be visualised as a series of dominoes standing on edge; when one falls, the linkage required for a chain reaction is completed. Each of the factors is dependent on the preceding factor. Bird and Loftus developed this theory further and included the influence of management in accident causation (Jr et al. 1976).

In the early eighties, disasters in Mexico City (LPG-disaster, >500 fatalities) and Bhopal (Union Carbide India, 3787 fatalities) have given a boost to consider the performance of safety and risk management. In the same time, no serious large-scale incidents in hospitals were reported. Severe adverse events in health care in the 1980s and the 1990s concerned the pharmaceutical industries (Josefson 2003; Meers et al. 1973).

Concerning medical errors, this has been significantly addressed at individual level during the past few decades. This suits well with the obsolete thinking about safety, developed at the beginning of the last century. Patient safety however is a broader ambition that requires thinking beyond the individual patient to consider the characteristics of the whole system of health care (Vincent C. Patient safety. John Wiley and Sons 2011).

Evaluation of and research on severe industrial incidents and incidents in the transport sector reveal that organisational and managerial aspects are of imminent importance. Reason (1997) developed the Swiss cheese model (Reason 2000). This model has become one of the standards in health care. Defences, barriers, organisational procedures and administrative controls have the function to protect organisations from accidents. The model shows (Fig. 21.1) that in reality defence layers are not intact and more like Swiss cheese. Nearly always a combination of latent conditions and active failures is involved in bringing a hazard into an accident (The original source for the Swiss Cheese illustration is: “Swiss Cheese” Model – James Reason 1991).

Fig. 21.1
figure 1

“Swiss cheese” model (Reason 1991)

Full size image

In modern safety management, the system approach is leading. Tripod Delta Safety management system is an example of such an approach. Developed in the late 1990s, the approach focuses on the formal design of processes and their operational weakness. Things can be perfectly organised on paper but cannot work in ‘real life’. It seems then necessary to analyse how things are done in addition to how things are formalised. According to Cambon (and others), this aspect refers to the ‘operational’ facet of safety management systems (SMS). Building up the operational performance of a SMS actually strengthens the overall resilience of the organisation (Hollnagel and Rigaud Eric 2006).

The two methods discussed later in this chapter deal with both processes as operational weakness.

3 Risk Management in Health Care

3.1 Awareness

The publication of To Err is Human (Kohn et al. 1999) can be seen as a turning point in discussing publicly avoidable medical errors. All over the world, especially in developed counties, national initiatives and programmes have already been started, the aim being focused on the reduction of avoidable death in hospitals.

Certified bodies and accreditation institutes make requirements for patient safety as part of their schedules. Inspectorates review health-care organisations and take measures like closing down in case of severe nonconformities. Last but not least, health-care insurance companies require accountability based on quality and safety indicators. Governmental and public pressure have given a strong boost to the health-care sector to take their responsibility. Disadvantage is that a lot of organisations are more focused on ‘damage’ instead of ‘Demming’ control.

Elements of a safety policy for health care involves proactive risk analysis (what can go wrong, how severe is that and what can be done to prevent), a blame fair reporting, analysing incidents and a system to manage improvements and recommendations (quality management system).

3.2 Cultural Change

Why does it require great effort for the health-care sector to set up a risk management system? This has multiple reasons. First, the sector is confronted with complexity. Besides complex tasks and medical procedures, one can distinguish technical and organisational complexity. Technically, the health-care sector has to deal with system dependency and interactions, requirements concerning safety, reliability and continuity and technology-driven changes of medical equipment. The organisational complexity concerns aspects like increasing of multidisciplinary work, communication and training and implementation of new systems and medical technology. For example, in technical complex surgery, surgeons use more often robots. When robots were introduced, the FDA came to the conclusion that applying robots in health care is unsafe and incidents are under reported (Cooper et al. 2013). Or, an increasing high-tech E-world and the disappearance of a “Paper world” give challenges to the health-care sector but imply also risk to the patient.

Secondly, until recently, safety in the perspective of health care was the territory of the professional and has a strong operational focus. Clinical and nursing staff did not acknowledge or were not aware of the risks for patents, professionals and the health-care sector in general. In their opinion, the great majority of clinical staff have always been safety conscious in their personal practice. It is organised by professional groups, based on professional standards and not discussed publicly by health-care professionals. Medical errors were almost never addressed in medical journals (Patient 2011).

Thirdly, according to Mintzbergs structure of organisations (Mintzberg 1993), health-care organisations are defined as a professional bureaucracy. In a professional bureaucracy, the dominant factor is the operational core: the professional. The primarily mechanism of coordination is standardisation of skills. This structure is adequate in case of complex, nonroutine tasks. In contrary, in a machine bureaucracy, the dominant factor is the technostructure: experts on quality, safety, process control, etc. The primarily mechanism of coordination is standardisation of processes. Characteristic for this type of organisations are the formal rules and procedures. For the majority, a health-care organisation can be considered as a machine bureaucracy. For the (medical) professional, this is hard to accept.

Finally, for too long, the health-care sector has denied the importance of applying human factors engineering and organisational design in a way that human failure has been captured or does not result in any harm to the patient.

Finally, pitfalls and prejudices are still an obstacle in achieving an effective cultural change. Quotes like ‘we do our work well’, ‘tasks are laid down in procedures and instructions’ and ‘everybody makes a mistake sometimes’ do not change the mind-set to patient safety.

4 Risk Assessment

In the development of its business processes, health-care organisations have always considered patient safety as a dedicated part of the process. As stated earlier, the sector did believe that professional standards, a professional approach and defences were adequate. The paradigm shift to be made is that people may make mistakes and processes should be designed in a way that human failure is captured or does not result in any harm to the patient. Risk assessment techniques help professionals to get insights in the weakness of the health-care process. There are two techniques considered applicable in the health-care sector: Failure Modes and Effects Analysis and Hierarchical Task Analysis.

Failure Modes and Effects Analysis (FMEA) is an assessment approach to apply in existing situations or to analyse new chains of care on its performance and potential failure modes. Hierarchical Task Analysis (HTA) (Stanton Neville 2006) HTA is a methodology based upon the theory of human performance. HTA describes systematically how work is organised in order to meet the overall objective of the task. It is a goal-based analysis of a system. Top-down subtasks and their conditions are revealed. The result is a hierarchy of operations, including subtasks, human performance of the worker within the system and the plans and conditions which are necessary to undertake these operations.

4.1 Failure Modes and Effects Analysis (FMEA)

Risk management on the process level means identifying identification, reduction and control of predictable risks with a view to increase the chance the results wanted will be reached. Failure Modes and Effects Analysis (FMEA) is an adequate approach for risk management on the process level. It was developed in the late 1940s by the US Army and improved and extended over the decades. There are different types of FMEA Analysis. Health care is specially concerned with the process FMEA (Yue 2012).

FMEA is a systematic prospective risk analysis technique, in which processes are mapped by a team (Fig. 21.2).

Fig. 21.2
figure 2

Process FMEA

Full size image

Starting point is often the existing situation. Analysing risks to the patient in the care process is an important part of the approach and brings into focus the dependency chain. Systematically, the process and subprocesses are reviewed to identify failure modes and their causes and to assess their potential impact. The results are listed in an FMEA worksheet. Near incidents, caused by technical, organisational and human factors are detected and can be controlled by taking appropriate actions. The approach is pretty intensive and therefore specially used to assess critical processes.

A failure mode defines the ways (modes) in which an (sub)process might fail. Failures are errors or inadequate actions, especially ones that affect the patient and worker. Examples of failure modes in the sub process ‘preparing a patient for intravenous infusion with nuclide 131I’ are:

  • Wrong patient

  • Select incorrect nuclide

  • Incorrect infusion parameters

  • Connection site not sterilised

  • Inadequate protection against radiation for the worker

The failures will have a direct impact for the patient and the worker.

Based on the Swiss cheese model, adverse events are mostly the result of unexpected events or impropriate defences. Figure 21.3 gives an oversight of the different factors that contribute to the rise of an event (Henriksen et al. 2008).

Fig. 21.3
figure 3

Levels of defence (Based on Reason 1990)

Full size image

Barriers and defences are of special interest in relation to safety. Only few people understand that only physical barriers and defences are safe proof. All others are only functional or symbolic (procedure, instruction) and are vulnerable.

The FMEA team also assesses severity (S), occurrence/frequency (O) and detection (D). For conducting FMEA, there are different worksheets available. An example, based on the Dutch safety programme VMSZorg, is given in Table 21.1.

Table 21.1 FMEA Worksheet
Full size table

The multiplication of S, O and D gives the Risk Priority Number (RPN). This is a measure that helps to identify the critical failure modes related to the process. A RPN >10 implicates that action has to be taken. Although RPN is used to assess risks, it has no meaning in itself. In case of a high severity rate, action is always required. Interventions undertaken reduce the occurrence of these failure modes or limit its effect. Potts and others (Potts Henry et al. 2014) assessed the validity of prospective hazard analysis methods. Potts came to the conclusion that FMEA raised important hazards. The scope of the process included had a considerable influence on the outputs.

The HFMEA team should consist of all disciplines involved. Discussions in a multidisciplinary team about the performance of their daily tasks from a risk perspective are a valuable side effect. Data from sources, e.g. incident reports, quality and safety audits, performance indicators etc., should be used to complete the view of risk in a system.

4.2 Hierarchic Task Analysis (HTA)

Safety is dynamic and often on short-time scales in hospitals. When services and conditions in one link of the chain have limited effect on other parts of the chain of care, the system is called loosely coupled.

Tamuz and others (Tamuz and Harrison 2006) stated that loose coupling of routine activities enables providers to identify problems and intervene before they can cause harm. Similarly, changes in one unit do not necessarily affect others. A tight coupling system however is much more vulnerable for deviations and disturbances. In combination with interactive complexity, tight coupling can give rise to major system failure. Examples in health care of this type of process are the diagnostic processes using short-lived nuclides in nuclear medicine and complex medical interventions.

HTA is of added value to improve safety of the diagnostic process or intervention; firstly, because the HTA is specifically focussing on risks surrounding the patient and, secondly, because the HTA is focused to perform the task correctly. The HTA carried out provides insight into the processes and is an investment to improve processes, where possible, supported by (custom) procedures and automation. An important aspect of an HTA is to generate awareness among employees about the critical activities in their work process.

The HTA approach, developed in the 1950s, was first published by Annett et al. (1967). HTA is still frequently used for training and human reliability assessment as well as for process (re)design.

There are different ways described to conduct a HTA. The process for carrying out the HTA is the following:

  1. 1.

    What is the overall goal of the task?

  2. 2.

    Give a general description of the task which, when carried out, will achieve this goal. This will be the first level of the HTA.

  3. 3.

    What are the subtasks which, when carried out, will achieve the operation at the top level. This will form the second level of the HTA.

  4. 4.

    How are the subtasks to be carried out? (e.g. in what order). This will be the plan for the second level of the HTA.

  5. 5.

    Taking each of the subtasks in turn, what actions have to be carried out in order to complete the suboperations?

  6. 6.

    How are the actions to be carried out?

When step 6 is reached, the stop rule needs to be considered, i.e. “does the bottom level of the HTA show the activities that need to be performed to carry out the supervision”. If this criteria is reached, then further levels of the HTA are not required and a line can be drawn underneath this action to show this.

The HTA results in a schedule that can be transformed into a graphic scheme.

When a HTA is finished, observation in ‘reality’ is necessary to check the outcome. Not every observation gives rise to a recommendation. Recommendations are used to improve the HTA.

As an example, the scheme below (Fig. 21.4) shows a HTA of the insertion of a chest drain (tube thoracostomy). Modern types of chest tube are placed using the Seldinger technique, which implies that a blunt guidewire is passed over a trocar, over which the chest tube is then inserted (BTS guidelines for the insertion of a chest drain). The procedure is carried out by a medical doctor (intensivist) and an intensive care nurse. During the execution of the HTA, the medical staff became aware that they were not adequately informed about the exact working mechanism of the medical device and the necessity to apply risk assessment before starting the insertion. Also they were not aware of critical manipulations during the entire procedure. Based on the results of the HTA, it can be understood how fatalities previously occurred.

Fig. 21.4
figure 4

Results of a HTA Procedure Tube Thoracostomy

Full size image

Another representation of (a part of) the HTA is shown in Table 21.2.

Table 21.2 Tabular presentation of (a part of) a HTA (task 4)
Full size table

Conclusion

In order to achieve an adequate risk management system and to become a highly reliable organisation, a safety system approach is required. Transparency of all the included processes is a necessity to avoid operational dangers.

Nuclear medicine should be leading the way in health care. Nuclear medicine shares important characteristics with high-reliability organisations by their complexity, exact task performance, low incident rates and compliance to strict regulations. Also, they can learn a lot from the nuclear industries.

The challenge facing nuclear medicine is managing complex, demanding technologies and to avoid major failures that could paralyse the organisation and harm the patient and the workers irreversibly.

Subsequently, risk management as described above can play an important role and contribute to successfully managing the business.