Jusletter IT

In the context of my dissertation an enhanced risk assessment method has been developed, named HFdFMEA (Human Factor dependent FMEA). Based on dependency of used parameters and observation of human factors, it is proposed to address the known drawbacks caused by traditional FMEA. HFdFMEA does not only increase risk level of failures based on the inclusion of human-factors but also gives the possibility to reduce the risk level of failures.

The paper is organized as follows: Section 1.2 gives an introduction into the healthcare area while section 2 provides an overview on the background and related work. Section 3 is used to present the Human-Factor-based Risk Management (HFdFMEA) approach, where the model of RiDeM in Healthcare is briefly described. The evaluation of HFdFMEA with actual data from a healthcare system is described shortly in section 4 and the evaluation results are discussed in section 5. Finally, a conclusion and outline is given in section 6, where among others restrictions, limitations and implications especially according to the use of sensitive data in healthcare, data privacy and data security are discussed.

In the healthcare sector, patient safety has become one of the major quality targets, with aim in reducing risks. However, it has been recognized that the patient safety risks are evolving over time and for this they have been analysed in depth on an ongoing basis, [Institute of Medicine, 1999], [Paula, 2007]. Vincent et al. suggested that «the patient’s safety needs to be addressed on the basis of a broad assessment of a system’s health» [Vincent, Taylor-Adams & Stanhope, 1998], meaning that Quality and Risk Management need to be addressed together in order to improve patient safety.

Human errors are one main source for accidents in any industry, including healthcare [Institute of Medicine, 1999]. According to Reason [WHO, 2005], particularly important is the identification of cognitive processes common to a wide variety of human error types [Reason, 1990]. These errors are differentiated into variable and constant [Reason, 1990] errors and are classified as active and latent failures [Reason, 1990], [Vincent, Taylor-Adams & Stanhope, 1998].

Risk Management implies the systematic handling of risks with the intent of identification and avoidance of risks [Ennker, Pietrowski & Kleine, 2007]. Professional Risk Management starts before failures that would have caused any damage, happen.

One of the most established risk assessment methods in healthcare is the Failure Mode and Effect Analysis (FMEA), which is used to demonstrate how a Risk Management methodology can be used to improve patient safety [Institute of Medicine, 1999], [Marx & Slonim, 2003], [Ennker, Pietrowski & Kleine, 2007]. The FMEA approach with its failure ratings based on an ordinal scale for occurrence, severity and detection of an event is simple, but there are some shortcomings in obtaining an accurate estimate of the failure ratings [Vikramjit, Harish, Sarabjeet & Simranpreet, 2013], [EN 60812 – FMEA, 2006], [DeRosier, Stalhandske, Bagian & Nudell, 2002]. In a healthcare system, different risks can occur simultaneously. A problem in the measurement and rating of such risks is that unrelated individual events often influence each other [Ennker, Pietrowski & Kleine, 2007], [Marx & Slonim, 2003]. Furthermore, the dependency between the internal and external risks, and risks indicators respectively, as well as the dependency with human factors, is not taken into consideration in the current approaches. A new risk assessment method based on the dependency of risks and extended by the human factors has the potential to deal with these shortcomings.

In general, human factors can increase risk levels and the associated Risk Priority Number (RPN). Therefore, I propose the enhanced Failure Mode and Effect Analysis, named HFdFMEA method. This is a human factor-dependent FMEA, to model the dependency between different risk factors expressed by human factors and assess the risk level of failures based on human factors. The extension of the FMEA method is done by adding the Human-Factor-based Risk Management (RiDeM) system. The model has been validated (showing that it enables to increase the patient safety) with real world data acquitted from a Critical-Incident-Reporting-System (CIRS) [Streimelweger, 2016].

In this section, Quality Management and Risk Management are explained at large, and focusing specifically in healthcare. Further FMEA and the «human factor» approach and the different roles of human factors and their impact on risks related to investigations are briefly explained [Streimelweger, Wac & Seiringer, 2016].

Quality Management: In general, quality is defined as «degree to which a set of inherent characteristics fulfil requirements» [ÖNORM EN 15224, 2012]. In the last years, different quality standards and systems, as well as «best practice models» have been developed and established in the healthcare area, like KTQ (Cooperation for Transparency and Quality in healthcare, www.ktq.de), EFQM (European Foundation for Quality Management, www.efqm.org) or EPA (European Doctor’s Surgery Assessment, www.europaeisches-praxisassessment.at).

Risk Management: Quality Management and Risk Management are independent but related terms. «Risk Management aims to conscious dealing with opportunities and risks» [Ennker, Pietrowski & Kleine, 2007]. Quality Management, also deals with risks, serves as a platform base for the Risk Management. The significance of risk has changed radically over the last century; «Until the first decades of the 19th century, risks were accepted as more or less natural in the sense that they were directly associated with human activity rather than with failures of systems or equipment» [Hollnagel, de Paris & Antipolis, 2008]. With the beginning of industrialization in the 19th century a crucial change took place, where failures of systems were included in the risks to be faced.

FMEA: Failure Mode and Effect Analysis (FMEA) is as a systematic method for identifying failure modes of a system, item or function, and tries to evaluate and identify the effects before they occur [Stamatis, 1995]. The purpose of the FMEA is to seek answers for questions like: «what could go wrong with [the system or process] involved in creating [the system]; how badly might it go wrong; and what needs to be done to prevent failures?» [Vikramjit, Harish, Sarabjeet & Simranpreet, 2013]. The traditional FMEA is based on the three factors: severity (S), occurrence (O) and detection (D), to determine the Risk-Priority-Number (RPN) [EN 60812 – FMEA, 2006], [Vikramjit, Harish, Sarabjeet & Simranpreet, 2013], [Kmenta & Ishii, 2000]. The FMEA was recommended by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) for the annual risk assessment since July 2001 [Marx & Slonim, 2003]. Unfortunately, this official accreditation does not specify if and how the human factors shall be included.

«Human Factors»: In most sectors the conception of the error-free working employee is no longer valid. Rather efforts are made to understand the human error as a «human factor», to plan and to control it by the use of appropriate strategies [Paula, 2007]. Vincent for example describes the «human factors» approach «as a hybrid discipline that focuses on the human component within complex sociotechnical systems» [Vincent, Taylor-Adams & Stanhope, 1998]. Research in the area of human factors is just beginning to be applied to healthcare since 2005 [Institute of Medicine, 1999], borrowing from industrial engineering and psychology.

Human Factors in Clinical Practice: Errors in medicine are among the ten most common causes of death in healthcare [Brennen, Leape, Laird, Herbert, Localio & et al., 1994], [Com Q of HC in A, 2001], [Kohn, Corrigan & Donaldson, 2000], [Ennker, Pietrowski & Kleine, 2007]. Risk Management in clinical practice considers errors, failures and adverse events. Leape [Leape, 1994] emphasized that safer practice can only come from acknowledging the potential for error and building in error reduction strategies at every stage of the clinical practice. Reason [Reason, 1995] pointed out, that «human factors problems are a product of a chain of causes in which the individual psychological factors (that is, momentary inattention, forgetting, etc.) are the last and least manageable links…». This means, not all errors lead to serious harm. In fact, it usually requires a string of errors to result in harm to patients. Yet it is important to consider these human factors.

Management of Human Factors in Clinical Practice: To mitigate errors in healthcare, CIRSs (Critical Incidents Reporting Systems) are used. Their goal is to gather enough data about incidents/events such that one can predict errors before they occur. Countries such as, e.g., Germany, Switzerland, Sweden, England, USA, and a number of others, have already established voluntary, national CIRS systems. In some countries, e.g., USA and Sweden, the use of such a system is compulsory, which results in more accurate and meaningful reports based on the investigated data. WHO provides a guideline of defining the content and implementation of CIRS [Institute of Medicine, 1999]. However, none of the existing CIRS systems automatically enables to leverage human factors in Risk Management.

This paper addresses the challenge of increasing the patient safety through active Risk Management by classifying human factors and by taking into consideration those human factors for risk assessments using FMEA. The proposed approach is based on the three components: (1) CIRS, (2) human factors and their weighting and (3) derived risk factors HFdFMEA. On the other hand, the challenge to get access to sensitive data for validation and analysis will be highlighted.

The concept for the proposed RiDeM is based on eight phases as shown in Figure 1: Phase one to three represent component (1), CIRS, phase four is equal to component (2), weighting, and phase five and six represent component (3), derived risk factors HFdFMEA. Phase seven deals with the evaluation settings and results of the enhanced FMEA technique. For the evaluation of the derived human factors regression analysis has been used. In addition, the concept includes an eighth phase not discussed in this paper, which points out the importance of monitoring and supervising. «To manage risk means more than just to identify, evaluate, analyse and rate risks, as well as to define appropriate measures to minimize the risk. It is also important to follow the whole Risk Management process and to control and monitor risks and of course to go one step further and to supervise the implemented model» [Streimelweger, 2016].

Figure 1: Eight phases to Risk-Dependent-Management (RiDeM) in Healthcare [Streimelweger, 2016]

(1) A CIRS as described in the previous section is required to derive (2) human factors and weight them for the human-based risk determination later on. This is done once, over the frequency of all reported events per a human factor category (according to the column in CIRS) and once per each reported event over all human factors (according to the rows in CIRS). In practice, the human factor evaluation of the available CIRS data and risk-scoring need to be done by an expert team; scores of different experts must be evaluated for inter-expert agreement. (3) An expert team defines for each event the risk factors in terms of its severity (S), occurrence (O), and detection (D), all three on a scale from 1..10 in traditional FMEA, and from 1..5 in HFdFMEA. A scale from 1..5 allows the experts to have a clearer allocation of risk factors for O, S, and D. Furthermore, a Risk Priority Number (RPN) is assigned per each event in CIRS (RPN = S*O*D) [EN 60812 – FMEA, 2006], [Vikramjit, Harish, Sarabjeet & Simranpreet, 2013], [Kmenta & Ishii, 2000].

Therefore, the inputs of HFdFMEA method are weighted human factors derived from all the CIRS-contributory factors. The outputs of HFdFMEA are human-factor based RPNs assigned by each event in the CIRS.

The HFdFMEA approach is evaluated by a multiple regression analysis where the traditional (FMEA-based) RPN will be defined as the dependent variable and the weighted human factors are defined as independent variables. For further information see chapter 4.

In order to derive human factors from a CIRS, the framework by Vincent [Vincent, Taylor-Adams & Stanhope, 1998] is employed which is used for analysing critical incidents/events. This framework includes factors of relevance to clinical practice and outcome by combining the strengths of Reason’s model of organizational accidents [Reason, 1990], [Reason, 1995] with socio-technical pyramid of Hurst and Radcliffe [Hurst & Radcliffe, 1994]. In this framework, the hierarchy of factors consists of three levels: Patients (patient factors) and staff (task factors) as individuals are at the bottom, team factors and working conditions in the middle, and organizational and institutional factors at the top.

Given the contributory factors, similar to Vincent’s framework, from CIRS, the human factors can be derived by their encodings. More than one contributory factor can be assigned to the same event. If a contributory factor is assigned to an event, it can be yes (HF=1=present) or no (HF=0=not present). Events with non-assigned contributory factors are classified under «not assigned.»

The human factor (HF) for an event (E) is expressed in terms as follows:

in which HF_j is the cumulated human factor consisting of a number of different contributory human factors. HF_Ei is the human factor of an event i, expressed in terms as

There are two possibilities to weight the contributory human factors for the human factor HFj.

(A) Weighting over frequency of ONE human factor over all events (weighted per column).

(B) Weighting on the frequency of ALL human factors per each event (weighted per row).

As I have indicated, the objective of the FMEA is to compute the Risk-Priority-Number RPN= S* O* D. The event with a higher RPN will have a higher priority for corrective action or preventive measure. The RPN of an event i is expressed in terms as

For the extended FMEA, the traditional calculation of RPN is enhanced by the human factors HF_j, what results in the human-factor-based RPN of an event (RPN'_{Ei, HFj} ).

To evaluate the approach, I could rely on data acquired from cirs-health-care.de (developed by Inworks GmbH), a public, not compulsory, representative CIRS for Germany and Austria where currently 400 medical institutions take part and report their critical incidents and events. The database entries are anonymous. Each listed event entry is assigned to one or more of 32 expertise areas, e.g. surgery or neurology. Additional data about the professional category (doctor, nursing staff, other staff), a place (e.g., hospital, preclinical / emergency medical service, ambulance) and, e.g., a professional category, time of day, area of supply, gender of the patient, and state of an event, as well as (optionally provided) «contributory factors» are stored. There are nine main categorised contributory factors: (1) patient, (2) organisation, (3) task, (4) person/individual, (5) communication, (6) working environment, (7) equipment/material, (8) team & social factors, (9) education. These entries provide the basis for the human factor evaluation. The CIRS uses up to 9 pre-defined categories for the contributory factors. From 2013 to November 2015, 289 top events out of more than 6’000 events were used for the analyses. These top-events are the evaluated and risk-rated events by an expert team, consisting of healthcare professionals. Furthermore, the experts define necessary measures to help to avoid and minimize such risks in the future. The O, S and D ratings of an event range from 1…5, with RPN_max = O*S*D = 5*5*5 =125.

The above mentioned contributory factors simultaneously form the nine human factors for each event (HF_j,Ei). Due to the contributory factors as well as other factors e.g. professionals, places etc. are provided as text, they need to be encoded before they can be used for further analysis, in that way 1=present/true and 0=not present/false.

The derived nine human factors are weighted. Given the two approaches possible (A), (B), both approaches are selected to compare the impact on the accuracy human-factor-based RPN.

Comparing the reported events with weighting over frequency of one human factor over all events (approach A) and with weighting on the frequency of all human factors per each event (approach B) shows that in the first case, the weighted human factors are significantly lower compared to approach (B). That means, on the one hand, approach (B) emphasizes the human factors more, and, on the other hand, that the risk depends on the number of human factors assigned to an event.

To test the validity of the proposed HFdFMEA model the multiple regression analysis has been used. This was done to evaluate the statistical significance of the relation between dependent variable RPN and the human factors. Three special measurements can indicate the significance of a regression «R», «adjusted R square» (R²). The final output of a multiple regression is an equation derived from the computed coefficients, which can be used to predict a new value for the dependent variable only using the independent variables in my case the human factors. The validation process will not be described in more detail in this paper. For in depth details see [Streimelweger, 2016].

In the following questions to discuss the importance of the data source, the approach and the implications for the health system as well as for the practitioners and patients are developed [Streimelweger, Wac & Seiringer, 2015], [Streimelweger, 2016].

Based on my research, I conclude that it is important that all fields of a CIRS database are filled with informative, real data. Otherwise each kind of evaluation result becomes vague and inconclusive. Furthermore, it is necessary to define the required information in a way, that there is no space for giving answer like «all», «other» or a blank field. A concrete assignment is absolutely necessary, since this leads to more accurate results for subsequent analysis. To be able to compare with other hospitals also over their own national borders, it is necessary to use similar contributory factors, which results in human factors. Therefore, Vincent’s framework or available ISO standards could be used as guideline and best practice models to define categories and factors. Of course it is possible to define up to 10 main contributory factors and to define up to 10 subcategories for each contributory factor.

The derived human factors from a CIRS database are only valid for the analysed database and for the given period of the data made available. A CIRS database can only provide national data. Ideally all healthcare facilities are obligated to provide information for a CIRS database. However it makes sense to perform it within an individual hospital. In this case the hospital can profit mostly because this will help hospitals to improve their individual standards for patient safety.

In order to make to proposed model working it is important to catch the core-stakeholders attention. These stakeholders include government, the hospital’s management, representatives of health care facilities, provider of CIRS database, medical experts and other staff, investors and patients. Looking at the stakeholders’ interests and the benefits they get from the model, HFdFMEA could definitely help in handling risks and as consequence to improve patient safety. On the other hand, each of the stakeholders is affected by regulations and laws. In order for the model to work a perfect and self-aligned all together is necessary.

The government as the key-player par excellence simply has the possibility to intervene when it comes to data privacy and data protection.

The proposed HFdFMEA method allows improving patient safety by means of enabling better understanding and management of human-factors influencing risks and the Risk Priority Number (RPN), which in turn is of importance for the patient. Investigations in the relation between risks and human factors help healthcare professionals to identify potential problems, to improve processes, to minimize risk and respectively to avoid adverse events and incidents by putting proactive and predictive measures. An open communication regarding the reporting shall be encouraged. Anonymity should help the practitioners to ensure that they have no fear of negative consequences when reporting an event.

The HFdFMEA can be implemented by hospitals using a CIRS database and through this the human-factor-based RPN (RPNEi, HFj) can be evaluated per event, and depending on the assigned human factors, it would be possible to take appropriate measures to minimize risks. In addition, it offers also the possibility to handle chances (positive impacts).

To be able to validate a newly designed and developed model in general it is necessary to get access to the required data which in most cases is very sensitive information.

In my case, it was necessary to get access to sensitive and confidential information about adverse events and incidents which are gathered by medical experts in hospitals. Based on this data it is possible to run different analyses with regard to hospitals or different areas of expertise within a hospital, down to the level of individual actions by medical experts. In my case those data are used to identify the risks and their risk level and to verify the impact of human factors. To get access to such information is hard due to internal regulations of hospitals which, in turn, refer to the current law. It might be easier if you are employed in the respective hospital and just doing analysis for this one but it becomes still complicated in case of access data of different hospitals. So the government as the key-player par excellence simply has the possibility to intervene here, for example by creating laws and regulations.

The aim of this research was to answer the question «Is it possible to increase patient safety through active Risk Management by classifying human factors and by taking into consideration human factors for risk assessments based on FMEA?» The answer can be summarized as follows [Streimelweger, Wac & Seiringer, 2016], [Streimelweger, Wac & Seiringer, 2015]:

The proposed enhanced HFdFMEA embraces the human factor approach. The data recorded in the CIRS database on an event can be used for this purpose. Therefore, the event-specific contributory factors are converted into the human factors, which are used in this model, by decoding into 1=present/true and 0=not present/false. As a result, those human factors are weighted. The HFdFMEA does not only reveal risk level of failures based on the human factor but also gives the possibility to reduce the risk level of failures through means of human factor interactions, like trainings, motivation, etc. This allows considering negative impacts, known as the «typically risk», and positive impacts, known as «chance». Furthermore, the results of the regression analysis show that human factors, inter alia, may be interdependent.

Based on the provided data it is possible to differentiate between the different areas of expertise and to do the described analyses per area of expertise. The results will enable hospitals to focus on defined areas and to mitigate risks and increase patient safety.

The controlling, monitoring and supervisory part of the RiDeM-H model constitutes the phase 8 of the model which is essential to practice the model but also so that it can become a living model.

Finally to make the model working it is necessary to get access to all sensitive data as required for the analysis and described above. Data privacy and data protection might be and could be a show-stopper from a legal point of view. In this case, the government as one of the main stakeholders could become the key player to make this model available for any medical institution, e.g. hospitals or other representatives of healthcare facilities. At least the government could be able to set measures e.g. by providing new laws or regulations which provides and allows access to those sensitive data for the purpose of such analysis.

Brennen, T., Leape, L., Laird, N., Herbert, L., Localio, A. L. & et al. (1994). Incidence of adverse events and negligence in hopsitalized patients: results of the Harvard Medical Practice Study I. Qual Saf Health care 13:145–152; originally in New Engl. J Med 324:370–376.

Com Q of HC in A. (2001). Institute of Medicine (IOM) – Committee on Quality of Health care in America: Crossing the Quality Chasm – A New Health System for the 21st Century. National Academy Press, Washington.

DeRosier, J., Stalhandske, E., Bagian, J. P. & Nudell, T. (2002). Using Health Care Failure Mode and Effect Analysis; The VA National Center for Patient Safety’s Prospective Risk Analysis System. Joint Commission on Accreditation of Healthcare Organizations; Vol 28 No 5; pp. 248–267.

EN 60812 – FMEA. (2006, 12 01). ÖVE/ÖNORM EN 60812. Analysetechniken für die Funktionsfähigkeit von Systemen – Verfahren für die Fehlzustandsart und -auswirkungsanalyse (FMEA) (IEC 60812:2006); (Analysis techniques for system reliability – Procedure for failure mode and effects). Österreichisches Normungsinstitut (ON).

Ennker, J., Pietrowski, D. & Kleine, P. (2007). Risikomanagement in der operativen Medizin. Germany: Steinkopff Verlag Darmstadt.

Hollnagel, E., de Paris, E. d. & Antipolis, S. (2008). The Changing Nature Of Risks. Ergonomics Australia Journal 22, 1–2 (2008), pp. 33-46.

Hurst, N. & Radcliffe, K. (1994). Development and application of a structured audit technique for the assessment of safety management systems (STATAS). Hazards XII. European advances in process safety. Rugby: Institute of Chemical Engineers.

Institute of Medicine. (1999). To Err is Human – Building a Safer Health System. U.S.: Committee on Quality of Health Care in America, Institute of Medicine (IOM).

Kmenta, S. & Ishii, K. (2000). Scenario-based FMEA: A Life Cycle Cost Perspective. Conference Paper: 2000 ASME Design Engineering Technical Conf.; Sept. 10–14, 2000; Baltimore, Maryland; DETC2000/RSAFP-14478.

Kohn, L., Corrigan, J. & Donaldson, M. (2000). eds. Institute of Medicine: To err is human: building a safer health system. Washington, DC: National Academy Press, 2000.

Leape, L. (1994). Error in medicine. Journal of the American Medical Association (JAMA) 1994; Vol. 272; pp. 1851–1857.

Marx, D. & Slonim, A. (2003). Assessing patient safety risk before the injury occurs: an introduction to sociotechnical probabilistic risk modelling in health care. Qual Saf Health Care 2003;12 (Suppl II): pp. 33–38.

ÖNORM EN 15224. (2012). ÖNORM EN 15224:2012-12-01 – Health care services — Quality management systems — Requirements based on EN ISO 9001:2008. Austrian Standards Institute – Österreichisches Normungsinstitut (ON).

Paula, H. (2007). Patientensicherheit und Risikomanagement im Pflege- und Krankenhausalltag. Deutschland: Springer Medizin Verlag.

Reason, J. (1990). Human Error. Cambridge University Press, republished 2009.

Reason, J. (1995). Understanding adverse events: human factors. Quality in Health Care 1995; 4: 80–89.

Reason, J. (1995). Understanding adverse events: human factors. In: Vincent CA, ed. Clinical Risk Management. London: BMJ Publications, 1995; pp. 31–54.

Stamatis, D. (1995). Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQC Quality Press, Milwaukee, WI: ASQC Quality Press.

Streimelweger, B. (2016). Human-Factor-based Risk Management to improve Patient Safety – Managing risks and chances with RiDeM by using HFdFMEA. Unpublished doctoral dissertation, University of Geneva, Switzerland.

Streimelweger, B., Wac, K. & Seiringer, W. (2015). Improving Patient Safety Through Human-Factor-Based Risk Management. Journal title: Procedia Computer Science (2015) pp. 79–86; DOI: 10.1016/j.procs.2015.08.466.

Streimelweger, B., Wac, K. & Seiringer, W. (2016). Human-Factor-Based Risk Management in the Healthcare to Improve Patient Safety. International Journal of E-Health and Medical Communications (IJEHMC), Volume 7, Issue 3, July-September 2016; DOI: 10.4018/IJEHMC.2016070102.

Vikramjit, S., Harish, P., Sarabjeet, S. & Simranpreet, S. G. (2013). Prioritization of Failure Modes in Process FMEA using Fuzzy Logic. International Journal of Enhanced Research in Science Technology & Engineering; Vol. 2 Issue 2, February 2013.

Vincent, C., Taylor-Adams, S. & Stanhope, N. (11. 04 1998). Framework for analysing risk and safety in clinical medicine. BMJ 1998, Vol. 316, pp. 1154–1157.

WHO. (2005). Draft Guidelines for Adverse Event Reporting and Learning Systems, http://www.who.int/patientsafety/implementation/reporting_and_learning/en/ (last visited on 31 Mai 2014).