Using Root Cause Analysis to Make the Patient Care System Safe By: John Robert Dew, Ed.D. (Originally published in the Proceedings of the 56th Annual Quality Congress in Denver, CO in 2002, and in the ASQ Health Care Division Newsletter, Spring, 2003) SUMMARY: The Institute of Medicine’s Cross the Chasm Report identifies six key areas for systematic improvement in health care. One of these areas involves patient safety, ensuring that “patients should not be harmed by the care intended to help them.” This presentation examines the manner in which root cause analysis can contribute to patient safety. INTRODUCTION There should be no doubt about the need to continue to examine the causes of adverse and sentinel events that threaten the safety of patients using health care services. A quick review of the Joint Commission for Accreditation of Health Care Organizations’ Sentinel Event Alerts in 2001 provides confirmation for continued examination of this topic. JCAHO issued alerts concerning patients catching on fire using oxygen equipment in their homes, transmission of blood bourn pathogens among staff through needle sticks and sharps injuries, deaths caused by mix-ups in medical gases, cases of transmission of a rare disease due to instruments used during brain surgery, and a summary of causes of medication errors. JCAHO states that their sentinel event database includes 150 reported cases of wrong site, wrong person or wrong procedure surgery. Fifty-eight percent of the cases occurred in either a hospital-based ambulatory surgery unit or freestanding ambulatory setting, with 29 percent occurring in the inpatient operating room and 13 percent in other inpatient sites such as the Emergency Department, according to JCAHO. Seventy-six percent involved surgery on the wrong body part or site; 13 percent involved surgery on the wrong patient; and 11 percent involved the wrong surgical procedure. (1) COMPLEX ISSUES Patient safety depends on a complex system that includes appropriate and accurate testing, correct diagnosis, appropriate treatment, and avoidance of mistakes that can easily occur in administrative, laboratory, pharmaceutical, and treatment settings. Threats to patient safety are often categorized as adverse events and sentinel events. The Institute of Medicine defines adverse events as unintended injury to patients resulting from a medical intervention, which includes any action by healthcare workers, including clerical and maintenance staff. (2) JCAHO defines sentinel events as “an unexpected occurrence involving death or serious physical or psychological injury or risk thereof.”(3) The two terms describe different degrees of severity of an error, mistake, or unexpected event. It is generally
useful to think of adverse events as the small to medium errors that are the precursors to a sentinel event. Attention to the causes of the smaller problems can prevent the occurrence of a sentinel event. Adverse events, then, include a wide range of problems that are considered small when they do not involve death or serious injury. The use of an incorrect medication, incorrect dose of medication, or the misleading of a specimen are considered adverse events as long as they do not cross the threshold of causing death or serious injury. Sentinel events include the headline grabbing errors, such as mistaken amputations, sending an infant home with the wrong family, infant abduction, performing surgery on the wrong patient, and patient suicide. It is common for a sentinel event to be proceeded by smaller, adverse events and “near-miss” occurrences that should have alerted people to weaknesses in the work system. IMMEDIATE CAUSES OF ADVERSE OR SENTINEL EVENTS Charles Kepner and Benjamin Tregoe have described problems as situations where there is a deviation that has occurred between what should happen and what actually happened. According to Kepner and Tregoe, a problem exists when a deviation occurs, the cause of the deviation is unknown, and it is important to discover the cause of the deviation.(4) Regardless of the severity of the event (which classifies it as an adverse or a sentinel event), it can be regarded as a deviation between what should have occurred and what actually occurred. It is important to know the immediate cause of the deviation. To discover the immediate cause of this deviation, it is advisable to ask a structured set of questions that define the scope of the problem in terms of what occurred and when it did not occur, where the problem happened (and where it did not) and the extent of the problem. Kepner and Tregoe’s research has shown the benefits of asking questions that describe what the problem “is” and what the problem “is not” in order to rationally identify the most probable cause, which can then be verified, either thru evidence or a test.(5) It is important, for both adverse and sentinel events, to quickly identify the immediate cause of a problem in order to take corrective actions and to identify other circumstances where the same immediate cause could affect patients or staff. ROOT CAUSES In order to keep adverse events from growing into sentinel events, and in order to prevent the recurrence of both adverse and sentinel events, it is important to move beyond the understanding of the immediate cause of a deviation to understand the root cause. A root cause is the most basic casual factor, or factors, which, if corrected or removed, will prevent recurrence of a situation. There is honest disagreement as to whether or not an error can be attributed to a single root cause (something that has the absolute effect of a light switch) or whether there will be a cluster of causes. This may depend on the taxonomy of root cause definitions adopted by an organization.
The methods of inquiry that constitute root cause analysis are useful for both the diagnosis and the prevention of adverse and sentinel events. Root Cause Analysis is a questioning process that provides a structured method to enable people to recognize and discuss the beliefs and practices in an organization. Root causes reside in the values and beliefs of an organization. Until the analysis moves into this level, it has not begun to grapple with root causes. A variety of taxonomies exist to categorize root causes into headings such as less than adequate management oversight, operator inattention to detail, and other groupings. Sectors that have extensive experience with root cause analysis, such as nuclear power operations, often experience exasperation with root cause categories that simply stop with recognizing that management oversight is less than adequate. In seeking to categorize root causes, organizations often end up with a large number of causes in the management category, with no further analysis. An appropriate rule of thumb for knowing how deep to dig in conducting a root cause analysis is to dig until you reach the point of admitting something that is really embarrassing about the organization, but not to go so far that your are in the domain of theology.(6) In order to enable organizations to dig more bravely, a new taxonomy of root causes that focuses on management issues that people are rarely courageous enough to discuss until a post mortem of an organization is being conducted, would be useful. DEW’S TAXONOMY OF ROOT CAUSES 1. Placing budgetary considerations ahead of Quality. (Fundamentally the organization does not understand the cost of poor quality.) 2. Placing schedule considerations ahead of quality. (We don’t have time to do it right. Ready, Fire, Aim) 3. Placing political considerations (internal politics and external marketing) ahead of quality. 4. Arrogance. (The laws of nature and the laws of Congress should not apply to us) 5. Fundamental lack of understanding of the knowledge, research, education. (Usually supplemented by belief in magic) This taxonomy seeks to unearth the truly fundamental problems with management systems in any organizational setting. QUESTIONING TO THE VOID One approach to root cause analysis is referred to as “questioning to the void,” or as “The Five Whys” in Japan. It means to repeatedly ask how it is so that something happened. In some cases, asking, “how it is so?” five times can reveal the deeper root cause that made it possible for an event to occur. We don’t simply ask why, but pose the question in a written of ways such as “how is it that…?” EVENT AND CAUSAL FACTOR ANALYSIS Through interviews and review of logs and records, construct a time line that defines each discreet action and significant thought that led up to the adverse or
sentinel event. Then, examine each action or thought, using the five why method in order to identify the root cause. BARRIER/SAFEGUARD ANALYSIS “Barrier” analysis was introduced by engineers in the Naval Nuclear Power program to identify failures in processes and systems that led to accidents. As quality practitioners have focused on removing barriers to achieving quality, it has seemed contradictory to talking about introducing new barriers, hence, Meri Curtis suggested re-naming barrier analysis and calling it safeguard analysis for the health care sector.(7) The steps are: Identify the potential (or actual) source of the event and the target or victim. Determine which safeguards were already in place to protect the target/victim from the source, and decide which safeguards are effective and which have either failed or appear weak. Determine what additional safeguards could or will prevent the occurrence. Develop a plan to strengthen existing safeguards and/or develop new safeguards.
HIEARCHY OF SAFEGUARDS Not all safeguards are equal. Some are highly reliable and require a great deal of effort to circumvent. Others depend greatly on whether or not people are willing or able to follow rules. In terms of effectiveness and reliability, there is a hierarchy of safeguards. Physical Natural Information Measurement Knowledge Administrative Physical safeguards, such as locks and walls, are the most reliable safeguards. Natural safeguards such as distance (placing things out of reach or contact) and time (limiting exposure) can be effective. Information safeguards that caution people about hazards, such as labels, signs, and alarms, help people avoid problems, if their meaning is clearly understood. Measurement processes can become safeguards that ensure that work is being performed within safe limits. This includes tests, visual inspections, and other types of data collection. Knowledge safeguards, such as posting of information, checklists and charts, ensure that information is constantly available to staff. Administrative safeguards, such as policy statements, are only as reliable as the administrators who enforce them. Some safeguards are easier to subvert than others. Administrative safeguards can be easily rendered useless under lax management. Knowledge safeguards can be undermined due to a lack of investment in quality education and continued training.
Measurement safeguards can be circumvented when people falsify data. People can ignore information safeguards and can even cut through locks. For these reasons, health care practitioners will carefully consider potential problems and will study actual adverse and sentinel events to develop a defense in depth. It is highly advisable to have a series of different types safeguards in place to ensure an event does not occur. REFERENCES 1. “Sentinel Event Alert: Issue 24,” JCAHO, December 5, 2001. 2. Kohn, Linda et. al., To Err Is Human. Institute of Medicine, National Academy Press, 1999. 3. Sentinel Events: Evaluating Cause and Planning Improvements. JCAHO 1998. 4. Kepner, Charles and Benjamin Tregoe. Problem Analysis and Decision Making. Princeton Research Press. Princeton, N.J. 1979. 5. Ibid 6. Dew, John R. “In Search of the Root Cause.”Quality Progress. March 1991. 7. Dew, John R and Meri Curtis. Diagnosing and Preventing Adverse and Sentinel Events. Opus Communications. Marblehead, MA 2001.
Minnesota Statutes 2005, Table of Chapters Table of contents for Chapter 144 144.7065 Facility requirements to report, analyze, and correct. Subdivision 1. Reports of adverse health care events required. Each facility shall report to the commissioner the occurrence of any of the adverse health care events described in subdivisions 2 to 7 as soon as is reasonably and practically possible, but no later than 15 working days after discovery of the event. The report shall be filed in a format specified by the commissioner and shall identify the facility but shall not include any identifying information for any of the health care professionals, facility employees, or patients involved. The commissioner may consult with experts and organizations familiar with patient safety when developing the format for reporting and in further defining events in order to be consistent with industry standards. Subd. 2. Surgical events.
Events reportable under this subdivision are: (1) surgery performed on a wrong body part that is not consistent with the documented informed consent for that patient. Reportable events under this clause do not include situations requiring prompt action that occur in the course of surgery or situations whose urgency precludes obtaining informed consent; (2) surgery performed on the wrong patient; (3) the wrong surgical procedure performed on a patient that is not consistent with the documented informed consent for that patient. Reportable events under this clause do not include situations requiring prompt action that occur in the course of surgery or situations whose urgency precludes obtaining informed consent; (4) retention of a foreign object in a patient after surgery or other procedure, excluding objects intentionally implanted as part of a planned intervention and objects present prior to surgery that are intentionally retained; and (5) death during or immediately after surgery of a normal, healthy patient who has no organic, physiologic, biochemical, or psychiatric disturbance and for whom the pathologic processes for which the operation is to be performed are localized and do not entail a systemic disturbance.
Product or device events.
Events reportable under this subdivision are: (1) patient death or serious disability associated with the use of contaminated drugs, devices, or biologics provided by the facility when the contamination is the result of generally detectable contaminants in drugs, devices, or biologics regardless of the source of the contamination or the product; (2) patient death or serious disability associated with the use or function of a device in patient care in which the device is used or functions other than as intended. "Device" includes, but is not limited to, catheters, drains, and other specialized tubes, infusion pumps, and ventilators; and (3) patient death or serious disability associated with intravascular air embolism that occurs while being cared for in a facility, excluding deaths associated with neurosurgical procedures known to present a high risk of intravascular air embolism. Subd. 4. Patient protection events.
Events reportable under this subdivision are: (1) an infant discharged to the wrong person; (2) patient death or serious disability associated with patient disappearance for more than four hours, excluding events involving adults who have decision-making capacity; and (3) patient suicide or attempted suicide resulting in serious disability while being cared for in a facility due to patient actions after admission to the facility, excluding deaths resulting from self-inflicted injuries that were the reason for admission to the facility. Subd. 5. Care management events.
Events reportable under this subdivision are: (1) patient death or serious disability associated with a medication error, including, but not limited to, errors involving the wrong drug, the wrong dose, the wrong patient, the wrong time, the wrong rate, the wrong preparation, or the wrong route of administration, excluding reasonable differences in clinical judgment on drug selection and dose; (2) patient death or serious disability associated with a hemolytic reaction due to the administration of ABO-incompatible blood or blood products;
(3) maternal death or serious disability associated with labor or delivery in a lowrisk pregnancy while being cared for in a facility, including events that occur within 42 days postdelivery and excluding deaths from pulmonary or amniotic fluid embolism, acute fatty liver of pregnancy, or cardiomyopathy; (4) patient death or serious disability directly related to hypoglycemia, the onset of which occurs while the patient is being cared for in a facility; (5) death or serious disability, including kern icterus, associated with failure to identify and treat hyperbilirubinemia in neonates during the first 28 days of life. "Hyperbilirubinemia" means bilirubin levels greater than 30 milligrams per deciliter; (6) stage 3 or 4 ulcers acquired after admission to a facility, excluding progression from stage 2 to stage 3 if stage 2 was recognized upon admission; and (7) patient death or serious disability due to spinal manipulative therapy. Subd. 6. Environmental events.
Events reportable under this subdivision are: (1) patient death or serious disability associated with an electric shock while being cared for in a facility, excluding events involving planned treatments such as electric countershock; (2) any incident in which a line designated for oxygen or other gas to be delivered to a patient contains the wrong gas or is contaminated by toxic substances; (3) patient death or serious disability associated with a burn incurred from any source while being cared for in a facility; (4) patient death associated with a fall while being cared for in a facility; and (5) patient death or serious disability associated with the use or lack of restraints or bedrails while being cared for in a facility. Subd. 7. Criminal events.
Events reportable under this subdivision are: (1) any instance of care ordered by or provided by someone impersonating a physician, nurse, pharmacist, or other licensed health care provider; (2) abduction of a patient of any age; (3) sexual assault on a patient within or on the grounds of a facility; and
(4) death or significant injury of a patient or staff member resulting from a physical assault that occurs within or on the grounds of a facility. Subd. 8. Root cause analysis; corrective action plan.
Following the occurrence of an adverse health care event, the facility must conduct a root cause analysis of the event. Following the analysis, the facility must: (1) implement a corrective action plan to implement the findings of the analysis or (2) report to the commissioner any reasons for not taking corrective action. If the root cause analysis and the implementation of a corrective action plan are complete at the time an event must be reported, the findings of the analysis and the corrective action plan must be included in the report of the event. The findings of the root cause analysis and a copy of the corrective action plan must otherwise be filed with the commissioner within 60 days of the event. Subd. 9. Electronic reporting.
The commissioner must design the reporting system so that a facility may file by electronic means the reports required under this section. The commissioner shall encourage a facility to use the electronic filing option when that option is feasible for the facility. Subd. 10. Relation to other law; data classification.
(a) Adverse health events described in subdivisions 2 to 6 do not constitute "maltreatment," "neglect," or "a physical injury that is not reasonably explained" under section 626.556 or 626.557 and are excluded from the reporting requirements of sections 626.556 and 626.557, provided the facility makes a determination within 24 hours of the discovery of the event that this section is applicable and the facility files the reports required under this section in a timely fashion. (b) A facility that has determined that an event described in subdivisions 2 to 6 has occurred must inform persons who are mandated reporters under section 626.556, subdivision 3, or 626.5572, subdivision 16, of that determination. A mandated reporter otherwise required to report under section 626.556, subdivision 3, or 626.557, subdivision 3, paragraph (e), is relieved of the duty to report an event that the facility determines under paragraph (a) to be reportable under subdivisions 2 to 6.
(c) The protections and immunities applicable to voluntary reports under sections 626.556 and 626.557 are not affected by this section. (d) Notwithstanding section 626.556, 626.557, or any other provision of Minnesota statute or rule to the contrary, neither a lead agency under section 626.556,
subdivision 3c, or 626.5572, subdivision 13, the commissioner of health, nor the director of the Office of Health Facility Complaints is required to conduct an investigation of or obtain or create investigative data or reports regarding an event described in subdivisions 2 to 6. If the facility satisfies the requirements described in paragraph (a), the review or investigation shall be conducted and data or reports shall be obtained or created only under sections 144.706 to 144.7069, except as permitted or required under sections 144.50 to 144.564, or as necessary to carry out the state's certification responsibility under the provisions of sections 1864 and 1867 of the Social Security Act. (e) Data contained in the following records are nonpublic and, to the extent they contain data on individuals, confidential data on individuals, as defined in section 13.02: (1) reports provided to the commissioner under sections 147.155, 147A.155, 148.267, 151.301, and 153.255; (2) event reports, findings of root cause analyses, and corrective action plans filed by a facility under this section; and (3) records created or obtained by the commissioner in reviewing or investigating the reports, findings, and plans described in clause (2). For purposes of the nonpublic data classification contained in this paragraph, the reporting facility shall be deemed the subject of the data. HIST: 2003 c 99 s 3; 1Sp2003 c 14 art 7 s 85; 2004 c 186 s 1 Copyright 2005 by the Office of Revisor of Statutes, State of Minnesota.