A comparison of the methods used to support risk identification for patient safety in one UK NHS foundation trust

Abstract

In healthcare, various methods are available to support risk identification in risk management process. However, there is no clear evidence on their contribution to risk identification. In this study, different methods used to support risk identification were therefore analysed to compare their contribution to overall risk identification. The study was conducted at Cambridge University Hospitals Foundation Trust, UK. Three main methods were selected to compare their support in risk identification: incident reports through their Risk Management Information System, risk registers through their Risk Registers system, and safety walkabouts through their internal patient safety assessment process. Where possible, simple comparison tests were run between the different methods of identifying risks as well as by the type of risks identified. It was found that each method has contributed to the risk identification by adding different sets of risk sources despite some overlaps. However, they produced discrete assessments from different aspects and none of them, on its own, could produce adequate results for effective risk identification. In any healthcare setting, having a system to put all risk information in one picture would help maximise the contribution of each method within the scope risk management process. Future studies may benefit from broader use of multiple and system-based risk identification approaches, and coding methods for more powerful analytical test.

Keywords

Risk identification incident investigation risk registers safety walkabouts patient safety

Introduction

There is a growing awareness that the high rate of errors in the practice of medicine has a serious effect on patient safety.^1–4 This fact was brought to light in the US Institute of Medicine (IOM) report, ‘To err is human: building a safer healthcare system’ (1999), which showed that between 44,000 and 98,000 deaths each year were due to medical errors, such as incorrect drug administration and wrong-site surgery.⁵ Other recent studies in the US also showed that the rate of harm may be as high as 25–33%,^6–9 and preventable harm in hospitals may contribute to more than 400,000 deaths per year in the US.¹⁰

Common recommendations for improving patient safety include continuous monitoring of healthcare institutions’ patient care processes, and learning from incident reports and other sources of information about what could go wrong. Risk identification is a key step in the process of investigating actual or potential harm, and serves as a necessary prerequisite for any effort aimed at substantially reducing errors.¹¹ Risk identification is defined as the process of finding, recognising, and describing risks.¹² Using a number of different tools and methods, the aim of robust risk identification is to identify a comprehensive list of risks within the scope of risk management. Risk identification plays a vital role in the risk management process, since no actions can be taken to avoid or diminish the effects of unintended hazards.^11,13–15

In order to have a better understanding of risks in any systems, basically, information and experience are needed to be available through different approaches such as (1) knowledge of people, (2) incident reports and (3) process models and layouts.¹⁶ In order to use such inputs, there are around a hundred risk identification methods broadly and successfully used in safety-critical industries such as aviation and chemical industries.^13,17,18 However, only a few of them have been used in healthcare so far.^11,19 For instance, while a wide range of process models have been used in other safety-critical industries, only a few of them have been used in healthcare.^20–22

In healthcare, traditionally, managing patient safety risk to identify hazards and risks is retrospective.²³ It was shown that the use of incident reports and safety walkabouts (also known as safety walkarounds) are the main methods used in healthcare environments to support risk identification.^11,24 While these two methods are the most common ones, risk registers (RR) are also used to gather risk information from different areas such as reports, patient complaints, claims, and internal and external audits. Therefore, it can be said that RRs include sources of risks identified through a mix of both prospective and retrospective means, while incident reporting is almost exclusively retrospective and safety walkabouts almost exclusively prospective. Although these methods and few others have been used in healthcare, their contribution to risk identification is still not clear. Due to their nature, they can identify different types of risks, but there is no clear picture showing what they identify, and whether there is any overlap in identifying risks between these methods. In order to address these issues, a framework showing a range of inputs and outputs in risk identification process can be helpful.

In order to categorise hazards and possible contributory factors, there are a number of classification schemes for presenting the system factors and potential hazards in various working environments.^13,25–27 Classifications have also been derived in patient-safety–related studies. Niel-Lainé et al.²⁸ produced a generic hazard classification, giving a general picture of 10 types of hazards particularly relevant to the quality of the overall system of the healthcare environment: regulation, medical, material, technical, human, professional, information system, management, logistics, and commercial hazards. Jun²¹ also suggested three different types of hazards relevant to patient safety in healthcare systems: task-related hazards, human-resource–related hazards, and information/material-resource–related hazards. There are also a number of frameworks showing the system components that can lead to situations harmful to patients as shown in Table 1. Some of these also classified the error-producing conditions and contributory factors influencing clinical practice.^3,29–33

Table 1.

Range of frameworks showing the sources of risks.

Vincent³⁰	Reason⁴⁵	Rogers³²	AHRQ⁴⁶	Runciman et al.³	Carayon et al.³³	NPSA⁴⁷
-Patient factors -Task and technology factors -Individual (staff) factors -Work environmental factors -Organisational factors	-Task factors -Team factors -Situation factors -Organisational factors	-Patient factors -Individual factors -Task factors -Team factors -Work environment factors -Organisational management and institutional factors	-Communication Inadequate information flow -Human problems -Patient-related issues -Staffing patterns work flow -Technical failures -Inadequate policies and procedures	-Environmental factors -Organisational factors -Subject of incident -Drugs, equipment, documentation	-Person -Tasks -Technology and tools -Organisation -Environment	-Patient factors -Staff factors -Task factors -Communication factors -Equipment factors -Work environmental factors -Organisational factors -Education and training factors -Team factors

The ultimate aim of each framework in Table 1 is to help understand healthcare systems and consider as many different elements as possible in the patient safety research environment. While the frameworks are broadly similar, they also differ in their listings of main components. These factors show the potential sources of risk that might trigger hazardous situations, possibly resulting in harm to patients in healthcare systems; such classifications are therefore helpful in risk identification.

Drawing on each framework and classification, it can be seen that a number of hazards and contributing factors interact within the system, and can influence the outcome of patient care delivered. It is therefore important to know how thoroughly the system and its elements are described; their interaction is understood and applied in a dynamic and complex healthcare context to identify a comprehensive list of risks. As is shown with each model in Table 1, each factor also allows us to see ‘what could go wrong’ in the overall system, and in which situations hazardous situations to patients can arise; the use of such classifications can therefore be helpful in understanding the system in risk identification.³⁴

These factors mainly show the potential sources of risks that might trigger hazardous situations with the result of harm to patients in healthcare systems. Hence, the frameworks shown in Table 1 can be used as a reference for possible categorisation of risk outputs. The NPSA contributing factors classification framework and its components, in particular, were preferred and used in this study, as the study was conducted within the NHS. However, after reviewing a number of incident reports and RRs, difficulties were observed in some cases in differentiating the education and training, and team factors, from organisational and staff-sourced risks. To produce a more accurate categorisation, these factors were therefore considered subordinate to other types of risk sources based on their given situations. Figure 1 was produced to illustrate a risk identification process that includes a range of inputs and outputs, as a result of these considerations.

Figure 1.

Risk identification process.

In Figure 1, we indicate a range of inputs, such as (1) knowledge of people, (2) previous incidents, and (3) process models and layouts.

With the help of the risk identification process in Figure 1, we compared different methods to see the extent to which different methods (incident investigation, RR and safety walkabout) support the identification of patient safety risks. We also analysed if there might be any patterns in the types of risk sources each method identified.

Methods

Background

This study was carried out in the Medicine Division at Cambridge University Hospitals Foundation Trust (CUHFT). Having approximately 1000 beds and over 7000 staff, the Trust provides accessible high-quality healthcare in seven areas, including cancer, children’s and women’s emergency and perioperative care, investigative sciences, medicine, neurosciences, and surgery.³⁵

In Medicine Division, three departments were selected – Dermatology (Derm), Rehabilitation (Rehab), and Respiratory (Resp) – to capture risks identified using the three most common methods: incident investigation through the Risk Management Information System (RMIS), RRs through the RR system and safety walkabouts through an internal patient safety assessment process called the Clinical Area Safety Assessment (CASA).

In order to assess the relative contributions of these methods, the risk identification process illustrated earlier was used (Figure 1). While inputs could be taken directly from Figure 1 (knowledge of people, previous incidents, and process models and layouts), outputs needed to be considered at this stage, and were therefore categorised to compare the contributions of each method.

Three methods were compared in this study, to determine to what extent they facilitate the identification of patient safety risks. Further, the analysis considered whether any one method is sufficient to provide a comprehensive list of risks. Therefore, the following procedure was applied to reach a conclusion:

Evaluating the risk outputs identified using each method: incident investigation, RRs, and safety walkabout;

Comparing the risk outputs through a framework as shown in Figure 1;

Recognising the value each method brought to risk identification overall;

Synthesising the overall understanding of risk identification in a given healthcare context, using the chosen methods throughout.

As mentioned earlier, the following three methods were used for the comparison.

Incident investigation

The CUHFT has an online incident reporting system, called RMIS, and a green incident reporting book for submitting incidents (including near misses) as soon as possible after an incident has occurred. The online form is available on the Risk and Patient Safety Department page. Online forms are typically preferred when cases are submitted, since they are processed more quickly than green reporting book entries. The goal of the reporting system is to provide a means to report and investigate incidents, and to analyse trends to identify weak areas, to improve them and make them safer. Once a report has been submitted, it is automatically sent to the Patient Safety and Risk Unit where incidents are analysed using the RMIS for learning and improvement. An extensive dataset on each incident is captured, including the date of the incident, the incident ward/department, incident details, incident classes, a number of contributing factors, and so forth.³⁶

Risk registers

The CUHFT’s RR is available on the Intranet Homepage under Non-clinical Applications, can also be accessed via the Risk Management web page. The RR is a proactive means of updating and reviewing the seriousness of risks, to determine whether changes in the workplace could lead to new hazards and risks. For risk identification, there is a generic list of hazards which provides prompts for the user to identify which hazards might be relevant. Moreover, there is an option for assessors to add new hazard types, not already appearing on the list.

Safety walkabout

As an internal assessment process, the Clinical Area Safety Assessment (CASA) is done proactively, to ascertain areas of good practice and other areas where changes are needed to improve patient safety in the Trust. The objective of the safety walkabout using CASA is to identify a range of risks to safety across all clinical areas.³⁷ Safety walkabouts are embedded in the CASA process, to help staff to be more proactive in identifying safety hazards. During the clinical and ward area visits, each assessor – medical staff, nurse, and manager – is required to respond to different sets of questions, which potentially enable them to identify any areas of significant concern, or minor issues in the chosen area. Negative comments and positive comments are also noted during these visits.

Data collection

In order to capture the sources of risk in given healthcare departments, the following numbers of incident reports, RRs, and safety walkabout reports were evaluated. Time spans, as shown in Table 2, were also considered in the study.

Table 2.

Number of the reports and time period selected.

Division	RMIS	RR	CASA
Medicine (Derm + rehab + resp)	265 reports (133 Actual + 132 Near misses)	120 risk registers	143 comments to the predefined questions + 20 additional issues noted in total
Time period	Jan 2010–Dec 2010	Feb 2004–Sep 2011	Jan 2010–Dec 2010

To capture as many relevant risks as possible, all levels of harm (ranging from insignificant to catastrophic) were included without considering their actual or potential impact on patients and their status (open/closed incidents). Taking ethical issues into consideration, identifying patient data was filtered and removed prior to the analysis of the methods.

These methods have their own strengths and weaknesses in risk identification. However, in this research context, the main difference between methods is their different ways of identifying risks. RRs include hazards identified using a mix of both prospective and retrospective means, while RMIS is almost exclusively retrospective, and CASA almost exclusively prospective. Such differences were important in this study to determine the contribution of each method to the overall risk identification process in given healthcare divisions.

In the analysis of incident reports using RMIS, incidents occurring between January and December 2010 were examined. There were no hazard logs used in the RMIS to capture sources of risks directly, hence capturing risk sources was conducted by reading through the details of the incidents. The classification of the contributing factors in incident reporting was also helpful in risk identification, although it was noted that contributing factors were not identified in some incidents. Details and sub-classes of the incidents were therefore analysed one by one, to gain a comprehensive picture of the sources of risks.

With RRs, the number of registered risks was very limited. In order to increase the sample size in Rehab, Derm, and Resp, the time period was expanded; thus, risks registered between February 2004 and September 2011 were considered. These CASAs carried out in 2010 were assessed: Rehab (14 January 2010), Derm (13 April 2010), and Resp (8 November 2010). As seen with RMIS, the lack of hazard logs made it difficult to capture sources of risks. Risk sources were therefore identified by reading through the assessors’ comments to the predefined questions, or by studying further comments on safety issues.

In capturing risk sources, this study faced two main challenges with the chosen methods. The first was to capture risk sources directly from the current state of the methods. Although the list of hazards in RR provided information to help capture risk sources directly, there were no direct data or hazard logs to aid in capturing risk sources in incident reports in RMIS and safety walkabouts in CASA. Hence, details of the incidents and the contributing factors were studied to capture the sources of risks in RMIS, while analysing the comments of medical staff, managers, and nurses was helpful in CASA. Another challenge was experienced, as a consequence of the first, when comparing the sources of risks among the three methods chosen. As previously stated, RMIS and CASA do not use logs or similar systems to register hazards or risks directly. Therefore, the risk categorisation framework (Figure 1) was used in order to synthesize the results. Although the framework covers a range of inputs in the risk identification process, only staff knowledge (through RR and CASA) and previous incidents (through RMIS) were used in this study – process models and layouts were not used, as they have not been previously used for risk identification in the given settings.

Analysis

In any generic risk assessment process, risk identification should, ideally, identify as many relevant risks as possible in order to not neglect any unintended risks that could ultimately lead to patient harm if not mitigated. However, in this study, the focus was on determining how often different types of risk sources were identified using the chosen methods.

As the data are generally categorical, most results are presented as descriptive with general discussion. However, where possible, chi-square tests have been used to establish whether differences between groups, even in simplified format, may be considered significant. These have been provided as supporting insight for the topics reviewed.

Results

There was a clear significant difference in identified risk sources by type of method: χ² (1) = 19.431, p < .001. Further, this study almost exclusively captured distinct risk sources using each method, generating an extensive list for individual discussion, which was also unique across the three methods. When sorted into the seven categories described below, this process also highlighted significant differences in rates of risks identified across the methods, though the statistical usefulness of this test is limited, given the low number of cells in some instances: χ² (12) = 203.537, p < .001.

Figure 2 shows the major results obtained from review of the incident investigation reports. Figure 2(a) shows that falls (31%) were the main risk sources identified via incident investigation. As seen in Figure 2(b), the salient majority in RMIS included task-related risks (30%), patient-sourced risks (29%), and staff-sourced risks (13%). Another important type of risk source, the high rate of staff-sourced risks (13%), was found to affect the overall results. Not to be overlooked is one of the most important points in Figure 2, the percentage of ‘others’: 29%. This is an indication that a wide range of risks can be identified through incident investigation. Overall, these differences in identifying the different types are significant: χ² (6) = 179.514, p < .001.

Figure 2.

(a) Risks and (b) types of risk sources identified in incident investigation.

Figure 3 shows the main results obtained from reviewing RRs. As can be seen in this figure, environmental risks (38%), task-related risks (20%), and equipment-related risks (19%) were the leading items in the categorization. With RRs, medical staff can choose risk sources from a predefined list of hazards. Further, there is an option to add new types of hazards in the RR system which increased the diversity of risks cited in risk identification. It was also observed that the healthcare staff often defined more than one risk for each entry in the RR. This may account for the large number of different risks – a full 57% was classified as ‘others’. This category includes a range of risks (e.g. food poisoning, poor cleaning regime, poor data quality, poor IT data, etc.) each identified less than 1% of the total risks identified via RRs. Figure 3(a) shows that this was the main risk type chosen more than five times as often as the next highest category that is lack of training. As seen in Figure 3(a), after ‘others’, lack of training (10%), inadequate staffing/skill mix (7%), and poor communication (6%) were the main risk types identified in RRs. Overall, these differences in identifying the different types are significant: χ² (6) = 172.494, p < .001.

Figure 3.

(a) Risks and (b) types of risk sources identified in risk registers.

Figure 4 shows the main results obtained from review of the safety walkabouts. As can be seen in this figure, environmental risks (56%), equipment-related risks (18%), and task-related risks (15%) were the leading risk types identified in this classification. Lack of cleaning (27%), lack of equipment (11%), and failure to preserve medicines (7%) were the leading risk types identified using safety walkabouts as shown in Figure 4(a).

Figure 4.

(a) Risks and (b) types of risk sources identified in safety walkabout.

This study shows that no risks were reported as being directly attributable to patients. Hence, no patient-sourced risks were identified as shown in Figure 4(b). Overall, the difference in identifying each of these types is significant, though limitations to the analysis exist, given the small cell sizes: χ² (5) = 83.588, p < .001.

Discussion

The main finding of this study was that each method produced different sets of risk sources in different pictures, despite some overlap. Such limited overlap was also found, between the methods used to assess the same risk assessment systems, in earlier studies.^38–41

Analysis and comparison of the results of each method was difficult, since there is no comprehensive perspective that incorporates all the risk sources from different methods into one picture. Thus, the framework used in Figure 1 was helpful in analysing and comparing the results of the risk sources. Using this framework, it was observed that each method contributes to the overall risk identification process by making reference to different sets of risk sources within the chosen healthcare division. Therefore, each method added value in risk identification. However, as shown in Figure 5, these methods produced pictures from different perspectives, and none of them, on its own, could produce comprehensive results for effective risk identification, which detects the greatest variety of risks. This supports an emerging consensus in the healthcare risk management community that an accurate profile of an organization’s risks can only be achieved by synthesizing the results of multiple risk identification approaches.

Figure 5.

Comparison of the types of risk sources identified by the chosen methods.

Some preliminary results were nevertheless found at this stage. For instance, safety walkabouts through CASA seem to be better at catching environmental risks, but are not capable of identifying patient-sourced risks at the time of observation. It was also found that the nature of safety walkabout method limits the identification of communication risks, as it was observed that it is not possible to identify communication issues using this method. Despite these issues, the prospective nature of safety walkabouts offered the opportunity for a more proactive system in identifying potential safety risks prior to significant incidents occurring. In another example from RRs, the main risk type – others (57%) – demonstrated the variation in risk identification, and therefore the need for a better pre-defined hazard categorisation, to capture risks and their sources in a clearer manner. The extent to which unique risks were identified limited the power of statistical comparisons, though clear differences are still seen.

A number of recommendations can be made based on the findings of this study. The careful use of inputs is one of the most important aspects of making the risk identification process complete. As indicated in Figure 1, a range of inputs can be used in risk identification; by employing multiple methods, the potential exists to identify a comprehensive list of risks, one that will not unintentionally omit inputs. In this study, only previous RMIS incidents along with staff knowledge as recorded in RR and CASA were used. Therefore, the potential contributions of process models and layouts are still a matter for consideration in future work.

Fully exposing the identified risks is another important aspect of the risk identification process. As seen in the list of risks captured, falls and lack of training can be good examples, as they are also important safety issues in healthcare. With such examples, it is important to know the initiating mechanism or sequence of events that pose risks to patients; falls, for instance, are risks that materialize when a person interacts with one or more sources of risks (e.g. hard floors, dizziness, or understaffing – which can, for instance, imply a lack of help with toilet visits, etc.). Therefore, the description of each risk should include a number of components that trigger the hazardous element, causing it to appear as a risk in the system, rather than a generic list of hazardous elements.⁴² In general, a hazard becomes a risk when people (e.g. healthcare staff, patients, etc.) interact with it. It can therefore be noted that hazards, by themselves, might not lead to harmful situations, but sequences of events, taken together with hazards, trigger hazardous situations, with harm a possible result. It is therefore important to identify these sequences of events and effects, as well as the sources of risks in the risk identification process. Identification of such components (e.g. hazard, cause, event, and effect) in the risk identification stage is also suggested in ISO 31000,⁴³ within the scope of risk assessment.

As discussed earlier, the methods chosen in this study have different structures and capture different sources of risks. As a recommendation, hazard logs can be added to report forms used in incident reporting systems and walkabouts, so that incident investigators can record risks directly; such a practice could enable the investigation stage to be more accurate. Since reporting is the primary concern, reports can be provided as straightforwardly as possible, to encourage staff to report incidents as soon as they occur. However, it is also suggested that adding a risk log might increase the understanding of risks (as the source of harm) by providing clues about the background behind errors. Likewise RR, which includes a hazard log in its reporting system, might encourage healthcare workers to identify multiple risk sources, which can trigger hazardous situations through their interactions.

Another recommendation is to create a common structure for different methods. Since the goal is to identify as many relevant risks as possible, and not leave any unidentified, risk sources identified using different methods could be combined in one report. To achieve this, each method should have similar risk categorisations, in order to allow easy combination of their distinct risk data. Figure 1 and Table 1 can be helpful in deciding which categorisations to use.

During the study, it was noted that a number of risk sources interacted in the system, and may have influenced the outcome of care delivered. It is therefore important to know how fully systems and their elements are described; their interaction is understood and applied in a dynamic and complex healthcare context. Despite the necessity of using systems approaches, such as Prospective Hazard Analysis (PHA) methods, to investigate systemic issues, the methods used in this study are not likely to help; they may, however, encourage the identification of patient safety risks caused by the system. Therefore, in addition to the methods already mentioned, applying and possibly combining a range of different prospective hazard analysis methods – such as Failure Modes and Effect Analysis⁴⁴ and Structured What-if Technique (SWIFT)²³ – and therefore process models and layouts would potentially provide better results for risk identification.

Conclusion

Three methods that are incident reports (265 reports), RRs (120 RRs) and safety walkabouts (163 comments), were analysed in order to observe their support in risk identification. During the course of the study, there were two main challenges we faced in terms of risk identification. Firstly, there were no data set or risk logs to capture sources of risks directly through incident reports and safety walkabouts, while RRs represented a list of hazards. Because of the first challenge, we secondly encountered problems when trying to integrate the information from the three methods into one system. Although it was recognized that each method added value for risk identification in chosen areas, they were not utilised to combine the risk information together. They produced different pictures that were not easy to correlate and analyse. In order to compare the results of each method, we used a risk identification process including a set of risk type for classification. We therefore found that each method added value to risk identification by adding different types of sources of risks, but none provided a comprehensive picture of risks. It can be suggested that possible amalgamation of all risk sources in one picture seems to be a good way to encapsulate all risk information captured by multiple methods.

Footnotes

Acknowledgement

This study was suggested as a ‘Service Evaluation’ by the NRES Committee East of England – Cambridge East. The study was registered as a Service Evaluation by the Cambridge University Hospitals Foundation Trust (CUHFT) Addenbrooke’s Hospital with the Project Registration No. 2621.

The authors would like to respectfully thank all the hospital staff working in Patient Safety and Risk Management Unit at the CUHFT Addenbrooke’s Hospital.

Conflict of interest

None declared.

Funding

The research was funded/supported by the National Institute for Health Research (NIHR) Collaboration for Leadership in Applied Health Research and Care East of England at Cambridgeshire and Peterborough NHS Foundation Trust. The views expressed are those of the author(s) and not necessarily those of the NHS, the NIHR or the Department of Health.

References

Department of Health. Department of Health – Departmental report: the health and personal social services programmes. London: Department of Health, 2009.

NPSA. Seven steps to patient safety: full reference guide, http://www.nrls.npsa.nhs.uk/resources/?entryid45=5978 (2004, accessed 7 November 2013).

Runciman

Williamson

JAH

Deakin

. An integrated framework for safety, quality and risk management: an information and incident management system based on a universal patient safety classification. Qual Saf Health Care 2006; 15(suppl 1): i82–i90.

Vincent

. Patient safety, Edinburgh: Elsevier, 2006.

IOM. To err is human: building a safer health system Washington: National Academy Press, 2000. http://www.iom.edu/Reports/1999/To-Err-is-Human-Building-A-Safer-Health-System.aspx (2000, accessed 1 November 2013).

Classen

Resar

Griffin

. ‘Global trigger tool’ shows that adverse events in hospitals may be ten times greater than previously measured. Health Aff Proj Hope 2011; 30: 581–589.

HHS OIG. Adverse events in hospitals: incidence among medicare beneficiaries, Washington DC: Author, 2010.

Landrigan

Parry

Bones

. Temporal trends in rates of patient harm resulting from medical care. N Engl J Med 2010; 363: 2124–2134.

Unbeck

Schildmeijer

Henriksson

. Is detection of adverse events affected by record review methodology? An evaluation of the ‘Harvard medical practice study’ method and the ‘global trigger tool’. Patient Saf Surg 2013; 7: 10–10.

10.

James

. A new, evidence-based estimate of patient harms associated with hospital care. J Patient Saf 2013; 9: 122–128.

11.

Battles

Lilford

. Organizing patient safety research to identify risks and hazards. Qual Saf Health Care 2003; 12(suppl 2): ii2–ii7.

12.

ISO Guide 73. ISO guide 73: 2009 Risk management – vocabulary. Switzerland: The International Organization for Standardization, 2009.

13.

Gould J, Glossop M and Ioannides A. Review of hazard identification techniques. Sheffield: Health & Safety Laboratory (An agency of the health and safety executive), 2005.

14.

Hardy TL. Using accident report to improve the hazard identification process. 28th International System Safety Conference, Minneapolis, USA, 2010.

15.

Leveson NG. Safeware: system safety and computers. 1st ed. New York: Addison Wesley, 1995.

16.

NOPSEMA. NOPSEMA hazard identification guidance note. Australia: National Offshore Petroleum Safety and Environmental Management Authority, 2012. Report no. N-04300-GN0107.

17.

ESSI/ECAST. Guidance on hazard identification. ECAST safety management system and safety culture working group. Cologne: ESSI/ECAST, 2009.

18.

Redmill

Chudleigh

Catmur

. System safety: hazop and software hazop, Chichester: Wiley, 1999.

19.

NPSA. Risk assessment programme overview, London: NPSA, 2006.

20.

Beuscart-Zéphir

M-C

Pelayo

Anceaux

. Cognitive analysis of physicians and nurses cooperation in the medication ordering and administration process. Int J Med Inf 2007; 76(Suppl 1): S65–S77.

21.

Jun TG. Design for patient safety: a systematic evaluation of process modelling approaches for healthcare system safety improvement. PhD Thesis, Cambridge University, Cambridge, 2007.

22.

Pradhan

Edmonds

Runciman

. Quality in healthcare: process. Best Pract Res Clin Anaesthesiol 2001; 15: 555–571.

23.

Card

Ward

Clarkson

. Beyond FMEA: the structured what-if technique (SWIFT). J Healthc Risk Manag 2012; 31: 23–29.

24.

Ward JR, Clarkson PJ, Buckle P, et al. Prospective hazard analysis: tailoring prospective methods to a healthcare context. Cambridge: patient safety research programme of the department of health, http://publications.eng.cam.ac.uk/323930/ (2010, accessed 1 November 2013).

25.

Gould

SYZ

. A methodology for hazard identification on EER assessments, Oxon: HSE, 1995.

26.

AAMI/ANSI/ISO 14971:2007. Medical Devices—Application of risk management to medical devices. Geneva, Switzerland: International Organization for Standardization.

27.

CDRH. Guidance for industry and FDA staff – total product life cycle: infusion pump, http://www.fda.gov/medicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm206153.htm#6 (2010, accessed 22 December 2013).

28.

Niel-Lainé

Martelli

Bonan

. Interest of the preliminary risk analysis method in a central sterile supply department. BMJ Qual Saf 2011; 20: 698–703.

29.

Beuzekom

van, Boer

Akerboom

. Patient safety: latent risk factors. Br J Anaesth 2010; 105: 52–59.

30.

Vincent

Taylor-Adams

Stanhope

. Framework for analysing risk and safety in clinical medicine. BMJ 1998; 316: 1154–1157.

31.

Scanlon MC, Karsh B-T and Saran KA. Risk-based patient safety metrics. In: Henriksen K, Battles JB, Keyes MA and Grady ML (eds) Advances in patient safety: new directions and alternative approaches (Vol 1: Assessment). Rockville, MD: Agency for Healthcare Research and Quality, http://www.ncbi.nlm.nih.gov/books/NBK43628/ (2008, accessed 1 November 2013).

32.

Rogers

. A structured approach for the investigation of clinical incidents in health care: application in a general practice setting. Br J Gen Pract 2002; 52(Suppl): S30–S32.

33.

Carayon

Schoofs Hundt

Karsh

B-T

. Work system design for patient safety: the SEIPS model. Qual Saf Health Care 2006; 15(Suppl 1): i50–i58.

34.

Card

. A new tool for hazard analysis and force-field analysis: the lovebug diagram. Clin Risk 2013; 19(4–5): 87–92.

35.

CUHFT. Corporate information: facts and figures, http://www.cuh.org.uk/cms/corporate-information/about-us/our-profile/facts-and-figures (2014, accessed 17 February 2014).

36.

CUHFT. Policy and procedure incident reporting and investigation, Cambridge: Cambridge University Hospitals NHS Foundation Trust, 2010.

37.

Robinson S, Ward J, Baglin T, et al. The clinical area safety assessment, a peer review of safety across an acute trust. J Hosp Adm 2(2), http://www.sciedu.ca/journal/index.php/jha/article/view/1863/0 (2012, accessed 20 January 2014).

38.

Levtzion-Korach

Frankel

Alcalai

. Integrating incident data from five reporting systems to assess patient safety: making sense of the elephant. Jt Comm J Qual Patient Saf Jt Comm Resour 2010; 36: 402–410.

39.

Potts

Anderson

Colligan

. Assessing the validity of prospective hazard analysis methods: a comparison of two techniques. BMC Health Serv Res 2014; 14: 41–41.

40.

Olsen

Neale

Schwab

. Hospital staff should use more than one method to detect adverse events and potential adverse events: incident reporting, pharmacist surveillance and local real-time record review may all have a place. Qual Saf Health Care 2007; 16: 40–44.

41.

Sari

AB-A

Sheldon

Cracknell

. Sensitivity of routine system for reporting patient safety incidents in an NHS hospital: retrospective patient case note review. BMJ 2007; 334: 79–79.

42.

Ericson CA. Hazard analysis techniques for system safety. New Jersey: Wiley-Blackwell, 2005.

43.

ISO 31000. ISO 31000:2009 – risk management – principles and guidelines. Geneva: The International Organization for Standardization, 2008.

44.

Brodie

Kinross

Bailey

. Using failure mode and effects analysis to identify hazards within resuscitation. Int J Risk Saf Med 2009; 21: 201–215.

45.

Reason J. Human Error. Cambridge University Press, Cambridge, 1990.

46.

AHRQ. AHRQ’s Patient Safety Initiative: Building Foundations, Reducing Risk. Rockville: Agency for Healthcare Research and Quality, 2003.

47.

NPSA. Root Cause Analysis Investigation Tools Contributory Factors Classification Framework. NPSA, London, 2009.