Search the hub

While traditional methods such as Failure Mode and Effects Analysis (FMEA) are well-established, they often reach their limits in clinical practice. This is due in particular to the subjectivity of fault identification. I would like to propose the Hazard and Operability Study (HAZOP) as a complementary risk analysis method. HAZOP offers a structured, systematic approach to risk identification and assessment, particularly suited to analysing process risks and human factors. Unlike FMEA, HAZOP uses guide words (e.g. NO, MORE, LATE, LESS, OTHER THAN) to explicitly identify and analyse potential deviations from tasks and procedures.  A systematic approach to identifying and assessing clinical risks Despite the implementation of risk management systems, practice often falls short of expectations. This is due, among other factors, to the complexity of clinical processes, the dynamics of the work environment, and interprofessional interfaces, which make a holistic risk assessment difficult. Although traditional methods are widely used, they reach their limits in clinical practice: Subjectivity: When using traditional methods such as FMEA, which rely on the team’s spontaneous fault detection and experience, critical risks are easily overlooked as they are not recognised as ‘failure modes’. Monocausality: Traditional failure-mode-based approaches lead to a monocausal derivation of causes and effects. Human factors as ‘operator error’: Human errors are easily classified as ‘user problems’ without questioning the systemic causes (e.g. time pressure, unclear responsibilities, inadequate communication). Against this background, I propose the Hazard and Operability Study (HAZOP) as a complementary risk analysis method. The HAZOP method was originally developed in the aviation industry and has established itself there as the gold standard for analysing risks in highly complex, safety-critical environments. HAZOP enables the approach required by ISO 31000 as a structured, step-by-step approach: Risk identification Risk analysis Risk evaluation Risk identification using guide words The method uses guide words as a heuristic to systematically identify potential process deviations as a starting point for the risk analysis. These guide words are adapted to clinical reality and enable a comprehensive risk analysis: Guide Word: Possible deviation. No: Failure to perform a task. More: Excessive performance of a task. Less: Inconsistent performance of a task. Late: Delayed performance of a task. Other than: Incorrect execution of a task. Using guide words as a starting point for risk identification also helps to involve those with little experience in risk management in the process. A list of guide words can and should be adapted to the specific requirements of the specialist department. Practical application: Example 'documentation of vital signs' Task: Recording and documenting vital signs in the intensive care unit. Guide word: Possible deviation No: Blood pressure is forgotten. Late: Documentation is delayed, delaying further diagnosis. Less: Not all vital signs are measured. Other than: A mix-up of patients in the documentation. Risk analysis The identified risks can be assessed using a two-dimensional risk matrix, like in other risk tools: Probability of occurrence (scale: ‘almost impossible’ to ‘almost certain’). Impact (scale: ‘no health consequences’ to ‘life-threatening consequences’). This commonly used and well-known assessment method enables measures to be prioritised and helps hospitals to proceed in a resource-efficient way. Risk evaluation and identification of measures Preventive and corrective measures are developed during interprofessional workshops, in which representatives from all relevant professional groups (doctors, nursing staff, administration, IT) work together to evaluate risks and propose solutions. Typical measures include: Process optimisations (e.g. standardisation of documentation procedures). Training to raise awareness of human factors. Technical adjustments (e.g. introduction of digital checklists). Clarification of responsibilities (e.g. through clear SOPs). Discussion The HAZOP method offers several key advantages that are particularly relevant to clinical patient safety: The use of guide words enables risks that are often overlooked to be systematically identified. This reduces subjectivity in error detection and enables more objective prioritisation of measures. The method allows for the analysis of human and organisational factors. This enables a holistic view of incident causes and supports hospitals in developing systemic solutions. HAZOP can be seamlessly integrated into the SEIPS 2.0 approach, which enables a coherent risk assessment that accounts for all relevant factors. The approach promotes collaboration among professionals from different disciplines. This strengthens the learning culture and helps to close governance gaps. Thanks to the structured approach and the use of guide words, risk analysis can be carried out more quickly and efficiently. Conclusion The HAZOP method, with its guide words, is a proven, systematic and evidence-based tool for improving clinical patient safety. It enables a comprehensive risk analysis that takes into account technical, procedural and human factors. Do you use the HAZOP method? We would love to hear from you if you're using HAZOP in a clinical setting so we can share real-life examples of its use. Email us at [email protected] or comment below (you need to be signed into the hub; sign up here, it is free and easy to do).

Stefan Peil summarises a pilot study he has done to see whether a structured systems model can support the preparation of a morbidity and mortality (M&M) conference discussion. The example used is a coronary angiography risk scenario to explore whether a model-based representation of patient safety knowledge could serve as a reliable basis for an artificial intelligence (AI)-assisted decision template. The work was produced to address a practical problem in patient safety: relevant information for M&M preparation is often spread across diagrams, reports and team knowledge, which can slow and make shared understanding less consistent. The pilot study, therefore, examined whether systems modelling could help organise, make transparent and reuse safety relevant information in a more structured way. The full study is attached at the end of this page. The challenge The identified challenge was the lack of a structured, reusable approach to preparing patient safety discussions for M&M conferences. The aim was not to automate clinical judgement, but to test whether a model-based risk analysis derived from team knowledge could serve as a structured input for drafting an M&M decision template. M&M preparation often relies on fragmented information and informal interpretation. In complex clinical environments, such as coronary angiography, risks do not arise from a single isolated factor. They emerge from the interaction between tasks, people, technology, information flow and organisational conditions. In this specific pilot example, the safety concern was a risk scenario in coronary angiography in which cognitive overload during real-time decision-making and escalation could contribute to complications not being detected in time. This formed the basis for testing whether a structured model could provide a clearer and more traceable starting point for discussion. Method and measures To explore this, a systems model based on Systems Engineering Initiative for Patient Safety (SEIPS) 2.0 was created in Systems Modeling Language (SysML) using SPARX Enterprise Architect. The objective was to represent the work system, the contributory task factor, the resulting risk and the proposed measures in a traceable form. The model focused on one coronary angiography scenario. The critical task factor was described as cognitive density in real-time decision-making and potential escalation. In the model, this contributed to the risk that complications would not be detected in time. The text states an impact on quality of care, an occurrence rating described as relevant and an overall risk class of moderate. The proposed measures were: pre-procedure briefing risk-adapted staffing standardised laboratory layout regular simulation drills. The intended achievement was a more structured, transparent and reusable basis for M&M preparation and discussion. Outcomes and lessons learned The pilot showed that a structured model can be a useful way to organise safety-relevant knowledge. Because the model linked work system elements, risks and measures in a traceable way, it provided a clearer starting point for discussion than unstructured text alone. The practical process tested in this pilot was: defining a relevant patient safety scenario in coronary angiography modelling the work system and the contributory task factor linking this to a patient safety risk documenting possible mitigating measures using the model as the basis for an AI-assisted one-page decision template. One important observation was that the AI-generated output reflected the underlying model's content. This suggests that a structured model can support more consistent synthesis than relying only on memory or informal interpretation. The text does not describe multiple alternative technical approaches in detail, so it cannot be stated from the source whether other options were formally compared or ruled out. It also does not state direct patient involvement. Staff involvement is referenced indirectly by using team knowledge as an input to the model. The text does not report formal measurement tools, outcome metrics, time savings, patient safety indicators or model costs. Therefore, no validated impact measurement can be claimed from the source. A key lesson learnt was that AI can assist with drafting and synthesis, but cannot replace clinical judgement, governance or safety review. Any output generated from the model still needs to be checked against the source material and reviewed by responsible clinical and patient safety leads. Impact This work is only a prototype, not as a formal effectiveness study. As a result, the impact that can be claimed is limited. The main result was that the structured model appeared to support: clearer organisation of safety-relevant knowledge better traceability between work system factors, risks and proposed measures a more consistent starting point for multidisciplinary discussion reuse of modelled information for drafting a one-page M&M decision template. At the same time, the the study is explicit about what was not demonstrated. The pilot did not test whether the approach: improved patient outcomes reduced harm shortened preparation time in routine practice improved care delivery in a measurable way. A further limitation was that only a single, limited example was used, and some information was withheld for data protection reasons. This means the results were narrower than would be needed for broader implementation decisions. What worked was the structured linkage between the work system, contributory factors, risks and measures. What remains uncertain is whether this translates into measurable operational benefit in routine clinical governance. A likely barrier to improvement is the need for continued expert review, because AI-generated output cannot be used without clinical validation and governance oversight. If repeated, the next stage would need a clearer evaluation design, including defined measures of clarity, consistency, usability and possibly preparation time. Next steps The next step is a practical pilot in real clinical governance settings. A suitable next-stage comparison would be conventional M&M preparation versus model-supported preparation in a small, clearly defined pilot. The proposed questions for the next phase are: Does the approach improve clarity and shared understanding? Does it help teams identify contributory factors more systematically? Does it support consistency and traceability of measures related to patient safety? The study does not provide evidence of long-term organisational change, staff reaction, patient impact statistics or system-wide implementation results. Therefore, those elements cannot yet be stated as outcomes. However, based on insights from the pilot study, the anticipated longer-term value would be to make patient safety knowledge: more structured more reusable easier to discuss across professional groups more clearly linked to the wider work system rather than to isolated errors. A sensible next step would, therefore, be a controlled local test with defined governance, clinical review and evaluation criteria before any broader adoption.

Organised by SingHealth Duke-NUS Institute for Patient Safety & Quality (IPSQ), this webinar features the distinguished speaker, Ms Melanie Leis from Imperial College London. The session will delve into the critical role of research in patient safety improvement, exploring qualitative and quantitative methodologies. Don't miss the opportunity to gain valuable insights and engage in a Q&A session at the end of the webinar. Register

Ambulances lined up outside hospital Emergency Departments (EDs) are a vivid, and politically embarrassing, indication of inadequate capacity in the NHS. Media reports of diktats demanding that hospital CEOs meet performance targets suggest a desire for action, but are the local solutions being implemented to ease the pressure in the best interest of patient safety? The use of ‘safety cases’ in healthcare has received some interest in recent years but the conclusion drawn by, for example, Leberati and her colleagues,[1] was that while they have some potential value they are "fraught with challenge, highlighting the limitations of efforts to transfer safety management practices to healthcare from other sectors". A survey of the literature suggests that there is a danger of conflating ‘safety cases’ with ‘safety management’ or ‘quality’ systems. Part of the problem might be that safety cases are more a concept rather than a methodology: there is no script to follow. In this blog, Norman MacLeod discusses whether the the current crisis in hospital capacity can be explored through the safety case lens. What is a safety case? Safety cases are used to manage complex socio-technical systems. The goal is to provide evidence that the system described by the 'case' is safe. A safety case has three elements. First, we have some top-level, over-arching statements about the system. For example, you might say that a hospital is ‘fit for purpose.’ Another top-level statement might be that the hospital ‘meets the needs of its hinterland.’ While these examples may seem very broad, they aim to capture the essence of why the hospital exists and what its function is. Next, we need corroborating data. The top-level statement is, in effect, a logical proposition and the safety case owner must provide data to prove the proposition to be true. If a statement cannot be proven to be true then the safety case fails and the system must be considered to be unsafe. Finally, we need to declare any inference rules used to provide the data necessary to support the top-level statement. For example, direct performance measures might not be available and we might choose to use surrogates or data derived from extrapolations instead. Both direct evidence and that derived from inference rules must be valid and reliable – that is, they must be shown to measure what they claim to measure and must function consistently across time. A hospital safety case would require, as a minimum, evidence to show that the estate (design and maintenance), resources (equipment and consumables) and staff (numbers, grades, skills mix, recruitment, retention, training, etc.) were appropriate to satisfy the requirements of the top-level statement; in this case that the hospital was fit for purpose. However, the safety case is not static. It must be applicable to the lifecycle of the entity it covers. Which means that it must cope with change. And now we come to the ways hospitals are currently trying to cope with excessive demand. Hospital responses to increased demand The solutions being implemented by hospitals to cope with demand seem to fall into two groups: buffers and lubricants. Buffers are ad hoc capacity where patients can be held prior to moving to the next stage in their care. For example, EDs are creating additional spaces where patients can be held between arriving in an ambulance and entering the ED, or after treatment and being accepted on a ward. Some Trusts have made provision for discharge-ready patients to be moved to local hotels pending community care becoming available. Corridor nursing is an example of buffering. Lubricants include those measures aimed at expediting flow. The Positive Flow philosophy, where patents are force-fed from ED onto wards at fixed intervals, is one example. Discharging surgical patients from recovery rather than a discharge suite is another. A safety case would require changes to the existing system to be tested against the top-level arguments. So, we would need to understand the steady-state condition and then be able to compare the impact of any changes made. We need to assure that the new provisions are equally fit for purpose. Unfortunately, the experience to date suggests not. The creation of buffers is adding to the burden of supervision and increasing the requirement to move patients between stages of treatment. In some cases, inadequate logistical provision means that patients are in spaces with no oxygen supply or call bells. Care is being delivered in spaces where the minimum levels of dignity and privacy cannot be met. Rooms are being used that are difficult to observe and, in one case, had access to an exit allowing a patient to abscond undetected. Meeting the demands of positive flow can require additional beds in rooms or corridors. In one case, a Trust is replicating measures it had already removed because they were deemed unsafe in a previous Care Quality Commission report. Patients are being discharged without appropriate follow-up because the staff involved are untrained in the necessary procedures. It seems, then, that measures taken to solve one problem – capacity – have introduced new risks. Conclusion Applying the safety case concept requires an organisation to answer a simple question: are you configured to function in a safe way? The answer to that question must apply equally to the steady state and to any changes, no matter whether permanent or temporary. In the example of coping with excessive demand, local fixes are being implemented but it is not at all clear that solutions are safe. Perhaps it is time to look again at the safety case concept? Reference Liberati EG, Martin GP, Lamé G, et al. What can Safety Cases offer for patient safety? A multisite case study. BMJ Quality & Safety 2024 Feb 19;33(3):156-165. doi: 10.1136/bmjqs-2023-016042. Further reading on the hub: A silent safety scandal: A nurse’s first-hand account of a corridor nursing shift What is a ‘safety management system’? A blog by Norman MacLeod Can you measure safety? Part 1 - Improving patient safety Errors as clues in the search for safety measures: Measuring safety part 2