SIST-TP CEN/TR 15299:2006

SLOVENSKI STANDARD
01-november-2006
=GUDYVWYHQDLQIRUPDWLND±9DUQRVWQLSRVWRSNL]DLGHQWLILNDFLMRSDFLHQWRYLQ
SULSDGDMRþLKSRGDWNRYQLKREMHNWRY
Health informatics - Safety procedures for identification of patients and related objects
Medizinische Informatik - Sicherheitsvorschriften für die Identifikation von Patienten und
dazugehörigen Objekten
Informatique de Santé - Procédures de sureté pour l'identification des patients et des
objets associés
Ta slovenski standard je istoveten z: CEN/TR 15299:2006
ICS:
35.240.80
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT
CEN/TR 15299
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
September 2006
ICS 35.240.80
English Version
Health informatics - Safety procedures for identification of
patients and related objects
Informatique de Santé - Procédures de sûreté pour Sicherheitsvorschriften für die Identifikation von Patienten
l'identification des patients et des objets associés und dazugehörigen Objekten
This Technical Report was approved by CEN on 5 December 2005. It has been drawn up by the Technical Committee CEN/TC 251.
CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2006 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 15299:2006: E
worldwide for CEN national Members.

Contents Page
Foreword.3
0 Executive summary .4
1 Adverse events in the health care system .5
1.1 Background.5
1.2 Healthcare professional’s errors and Patient safety risk .7
2 Performances of the human operator in the healthcare system .10
2.1 General.10
2.2 The human activity space .10
2.3 Human errors and violations.11
2.4 The organizational accident .13
2.5 The area of intervention .15
3 The healthcare system and process framework .15
3.1 The organization hierarchy.15
3.2 The process hierarchy .15
3.3 The healthcare process in the IDEF framework .18
3.4 Productive and protective controls .20
4 The Patient safety framework.21
4.1 The process Minimum Object Set.21
4.2 The process Minimum Data Set .22
4.3 The protective control .23
5 Role of health informatics in the protective control .24
5.1 The MOS Identification and the MDS Retrieval.24
safe
5.2 The automatic Data Capture Technologies.24
5.3 The MDS processing and the consensus to execution .27
5.4 How far to go in the ICT Systems Integration.28
6 The Patient Safety Paradigm .29
7 Conclusions .36
8 List of abbreviations.38
9 Terms and definitions .39

Foreword
This document (CEN/TR 15299:2006) has been prepared by Technical Committee CEN/TC 251 “Health
informatics”, the secretariat of which is held by NEN.
This document has been prepared by working group (WG) III - Safety, Security and Quality. The authors of
this document were A. Sanna, M. Wilikens, A. Borio di Tigliole, G. Klein and P.A. Bonini.
This work addresses how the procedures for identification of Patient and Patient Related Objects can be
carried out in the healthcare process with the active support of Information Technologies, in order to minimize
the risk of errors with potential serious safety hazards.
The Patient Related Objects include:
 pure information objects (i.e. electronic/physical records as physiological data or prescriptions), and
 physical objects obtained from the Patients (i.e., blood samples or other biological materials) and
intended to be used for a specific Patient (i.e., medications or prostheses).
The overall aim of this document is to provide a road map for the development of Patient safety related
standards in the domain of health informatics that will actively support Patient safety in the healthcare process.
0 Executive summary
The increasing organizational complexity of the healthcare system is widely recognized as a factor of risk for
the Patient in the healthcare process. Thus, Patient safety is becoming an emerging issue for the professional
and social community. Healthcare professionals and Citizens are both calling for appropriate solutions, as it is
evident when considering the high frequency and the contents of Patient Safety related articles in the scientific
literature and in the mass media.
US President Clinton on December 7, 1999 “… took strong new steps to ensure Patient safety through the
prevention of medical errors…” according to the results of a study released by the US Institute of Medicine
estimating that “… more than half of the adverse medical events occurring each year are due to preventable
medical errors, placing as many as 98 000 Americans at unnecessary risk. In addition to the severe health
consequences these errors can cause, their cost in lost income, disability, and health care is as much as
$29 billion annually.”
President Clinton’s initiatives include the creation of a task force to submit recommendations, the emission of
a directive to federal agencies which administer health plans (serving over 85 million Americans) to implement
error reduction techniques, the approval of a multi-million dollar investment in research and additional budget
for error prevention initiatives in 2001.
It is important to highlight that the adverse medical events can be generated in the healthcare process either
as a result of the overwhelming complexity of a specific clinical case and as a result of trivial errors in a well
known procedure (e.g. the mix up of medications, biological samples and Patient records, the
misinterpretation of objective data).
In this respect, the healthcare system performance in a given clinical case is but the result of the system as a
whole, i.e. the result of interdependent performances of innumerable co-operating subsystems, most of them
being, or depending from, the performances of human operators.
The system performance (a very complex issue indeed) includes the risk of failure due to the human
component, i.e. the operator performance: in order to minimise the impact of human fallibility in the safety
critical environment of the healthcare system, it is important to design processes that addresses the positive
control of Patient safety critical data.
The procedures of identification of Patient and Patient Related Objects is the unique intervention point with the
highest potential for minimising the risk of human errors and violations in the healthcare system and for
deploying an appropriate infrastructure for maximising the performance of the interaction of the health
informatics systems with the real world.
In order to obtain such a result, the present CEN/TR defines a framework for:
 the definition of safety critical objects in the healthcare process (MOS: Minimum Object Set) and the
related safety critical data (MDS: Minimum Data Set) according to modelling methodologies as IDEF or
UML,
 the definition of the rules of interaction among safety critical objects in the process, and
 the acquisition and processing of safety critical data by health informatics systems.
Finally, the present CEN/TR defines a possible roadmap for a stepwise approach for an effective
standardisation activity in the area of Patient Safety, including the main health sub-processes that involve the
hospitalised Patient as: Laboratory Medicine and Pathology, Bio-imaging, Drug Therapy Management, Blood
Transfusion Management, Surgery Management. Such sub-processes can be considered, from a process
modelling perspective, a case-mix that covers most of the process requirements of Patient safety for the
hospitalised Patient and an appropriate starting point for the health processes that involve non-hospitalised
Patients.
1 Adverse events in the health care system
1.1 Background
The healthcare sector is the largest single service sector, accounting for approximately 600 billion Euro in the
European Union (approximately 9 % of the GDP): a remarkable and unique feature of this market is
represented by the relevant social and political attention on the healthcare system, which is an obvious
consequence of its mission to protect the health of millions of citizens.
The complexity of the healthcare system is rapidly growing, due to the concurrent increase in medical
knowledge, biomedical technologies and age of population. This results in an exponentially increasing number
of individuals undergoing a greater number of medical acts (either preventive or therapeutic) during their
lifetime. In a typical case of hospitalization, the number of medical events, as well as the number of healthcare
professionals taking care of a single Patient, is much higher today than it was in the past. In addition, because
of financial constraints, hospital management is pressured to reduce the Patient stay. Thus, not only the
number of medical events per Patient increases significantly, but they are also concentrated in a shorter time.
In such a tremendous increase of organisational complexity, the human operator performance in the
healthcare system is becoming a key issue. In fact, the Patient life is at stake in the healthcare system:
unexpected negative Patient outcomes can be generated not only as a result of erroneous application of
complex clinical cognitive processes (e.g. diagnosis in a clinically complex case), but also as a result of a
single, trivial error in a well known procedure (e.g. the mix up of biological samples).
In order to gain an insight on the role of human performances in the healthcare system, we will refer to the
Medical Practice Study that has been carried out by the Harvard School of Public Health. This comprehensive
study focuses on the concept of Adverse Event (AE) on the Patient, where an AE is to be intended as «… an
injury that was caused by medical management (rather than underlying disease) and that prolonged the
hospitalization, produced a disability at the time of discharge, or both.». The investigators reviewed 30 121
randomly selected records from 51 randomly selected acute-care, non-psychiatric hospitals in New York State.
Adverse events were found in 3,7 % of hospitalizations. Of these, 70,5 % of events led to disabilities of up to 6
months duration; 2,6 % caused permanent disability and 13,6 % led to death. Technical errors or flaws in an
operation procedure, or test were the most frequent (44,4%). It has noteworthy been pointed out by the
authors that, extrapolating these data to the population of the United States, this situation would be the
equivalent of three jumbo jet crashes every two days. The use of a comparative risk approach, i.e. comparison
with other systems having safety concerns in term of Customer/third parties risks as aviation, is a very delicate
matter indeed, but it is necessary from a cultural point of view, not to consider healthcare as an absolute term
of reference.
In comparing the healthcare and the aviation systems, the two basic differences are:
 pilot and crew share the same risks as Customer - Passengers, that it is not the case for doctors, nurses
and Customer - Patients.
 Passengers are generally in normal health conditions, while Patients are not.
The first point, i.e. Operator and Customer risk sharing, is an element that forces systems toward a
“synchronous” attention to the problem from either Customer and Operator perspective or, in other words,
forces systems toward a more general safety problem individuation and solving.
As far as the particular health state of the Customer/Patient is concerned, it should be pointed out that such
an element does not justify differences in system performance: in fact, increased severity of consequences
should call for increasing system defences versus hazards.
Both in the Aviation and the Healthcare systems Customer safety represents a relevant interest. The following
Table 1 compares the main differences between the two systems.
Table 1 — Aviation and Healthcare system differences with respect to Customer safety
Aviation System Healthcare System
Customer vs. operator Pilot and crew share the safety Caregiver does not share the
risk with passengers safety risk with Patient
Safety vs. Market demand Safety increases the business Safety does not increase business
(non-safety decreases the but it affects market competition
business)
Customer health conditions during Passenger is in normal health Patient is in particular health
system performance conditions conditions
Error reporting policy Anonymous Punitive
Near-miss accidents Incrementing system safety Incrementing operator expertise
database
Accident outcomes Evident Wide range that varies from no
effect to evident
Chance for camouflage of Not realistic/minimal Existing
accident outcomes
Private interest in accident
Not realistic/minimal High, both at the operator and
camouflage enterprise level
Accident lawsuit impact vs. Relevant impact Marginal impact
enterprise profitability
Role in Military Strategy Offensive Marginal/Defensive
Synergy with military driven Relevant Marginal
investment and spin off in past 50
years
European market Not available 600 billions Euro/year (9 % EU-
Gross Domestic Product)
History 150 years 2000+ years
Human Bias Fear of accident Expectation of miracles
1.2 Healthcare professional’s errors and Patient safety risk
Patient safety in the healthcare process is an emerging issue. The growing number of scientific as well as
mass media information produced in the recent years is producing awareness of the problem both in the
healthcare professional and in the man-of-the-street. Distinctive initiatives in this area have been launched by:
 The American Medical Association (AMA) in 1997. This initiative, the National Patient Safety Foundation
(NPSF) has the mission of improving Patient safety in the delivery of health care. Distinct literature is
available in the NPSF Web Bibliography, grouped in categories such as: “Administration, legal and policy”,
“Anesthesia”, “Core”, “ Critical care, Intensive Care Units”, “Diagnostic decision making”, “Drug,
medication”, “Effects of error on doctors, patients, and their Relationships”, “Ergonomics and cognitive
factors”, “General adverse events”, “Human-machine interface”, “Laboratory”, “Pediatrics”, “Radiology”,
“Reporting systems”, “Surgery”.
 The Italian Tribunale dei Diritti del Malato (Court for the Patients’ Rights) together with the unions of
hospital doctors (ANAAO ASSOMED) and of general practitioners (FIMMG) in 1999. This initiative, the
Carta della Sicurezza nella Pratica Medica (Chart of Safety in Medical Practice) resulted in a guideline
document that has been presented in Rome April 8, 2000.
In the following, some excerpts from scientific literature and mass media are given to illustrate the problem.
In a study by Gopher on errors in Intensive Care Unit (ICU), it was reported an average of 1,7 errors per day
per Patient out of an average 178 “activities” per day; 29 % of these errors were reported as potentially
responsible for serious or fatal injuries. The resulting 99 % proficiency level, i.e. 1% failure rate, is
substantially higher than what is tolerated in industry, particularly in hazardous fields such as aviation and
nuclear power. As W. E. Deming points out: ". even 99,9 % may not be enough. If we had to live with 99,9 %,
we would have: 2 unsafe plane landings per day at O’Hare, 16 000 pieces of lost mail every hour, 32 000
bank cheques deducted from the wrong bank account every hour!".
In recent studies Adverse Drug Events (ADE), that are clinical events suffered by Patients as a result of
inappropriate drug therapy management, have been identified as the single major cause (19 %) of error in
hospital settings. Examples of inappropriateness includes both decision making errors (inappropriate drug
prescriptions with relation to patient clinical state) as well as organizational errors (e.g. wrong drug -
administration of drug different from the prescribed one, wrong dose - administration of a dose of drug
different form the prescribed one, incorrect drug prescription – prescription of drug to a Patient which is known
to be allergic to it).
Recent quantitative studies report 2,43 ADEs per 100 hospitalized Patients. Patients affected by ADEs almost
double (1,88) death risk and prolonged hospital stays (average +1,91 days). In considering occurrence of
ADEs in the management of drug therapy, a study indicated 49 % errors in the “Ordering stage”, 26 % errors
in the “Administration stage”, 14 % errors in the “Dispensing stage” and 11 % in the “Transcription stage”. In
order to have an insight of the general trend of the problem, a 9 year study concerning medication prescribing
errors in a teaching hospital is quoted in the following chart (Figure 1) refers to an hospital in the 631-674
beds range during the study timeframe.
Errors per 100 admission
12,00
Errors per 1000 patient-days
10,00
8,00
Errors per 1000 medication orders
6,00
4,00
Severe and serious errors per 1000
admission
2,00
Severe and serious errors per 1000
0,00
patient-days
1987 1988 1989 1990 1991 1992 1993 1994 1995
Severe and serious errors per 1000
Years
orders
Figure 1 — Drug related errors in hospital
Patient and related biological sample misidentification is also a significant cause of serious or fatal injuries. As
an example, it is noteworthy that in blood transfusions (one of the most safety critical healthcare processes),
in spite of the rigorous blood administration policy, ABO incompatible transfusion results in a fatal transfusion
error rate of 1/600 000 (ref. 2,2 million units of red cells are transfused each year in Great Britain) and the
major sources of error are due to the Failure to identify patient (43 %) and Blood issued for another patient -
error not detected at the bedside (15 %); in manually operating clinical laboratories reports 1 sample mix-up
out of 200 is reported.
Another safety critical field of the healthcare system is nuclear medicine that involves the purposeful injection,
ingestion or inhalation of material containing a small amount of radioactivity (i.e. a radio-pharmaceutical),
mainly for diagnostic purposes. A commonly accepted misadministration rate is 1 per 10 000 administrations,
resulting in an average nuclear medicine facility to experience less than one such event per year. It is
important to notice that not all errors lead to misadministration. One reason is that nuclear medicine, like many
other systems, is tolerant to some errors. For example, the specified standard of performance for dosage of
some radio-pharmaceuticals is ± 50 % of the prescribed dose. An error leading to a smaller deviation from the
prescribed dose would not be considered as a misadministration. The United States Nuclear Regulatory
Commission (USNRC) built a database of information derived from Diagnostic Misadministration Reports
submitted by licensees (850 reports occurring in 1989 and 1990): wrong radio pharmaceutical and wrong
Patient administration accounted for more than 92 % of the reports. Extrapolating from data about the
European nuclear medicine diagnostic activity (an average of 19 examinations per 1 000 Citizens, with peaks
of 47 in Germany and 40 in Belgium) an estimated 500 cases of misadministration of radio-pharmaceuticals
occur in Europe each year.
As general information, in the United States 1 % of hospitalized Patients are victims of healthcare system
organizational avoidable errors.
Such information that is available in the scientific literature testify the interest of the scientific community for
the matter. It is quite obvious though, that the man of the street has direct interest on the matter.
Hereinafter, excerpts from Italian and US news are listed, but similar news is common place in every country.
USA Today - January 22, 1997 - titles “Hospitals’ drug errors cost lives, drain resources” doubling a person’s
risk of death in the hospital and costing an estimate $ 2 billion a year.
Error Rate
USA Today - August 3, 1998 - reports the dramatic story of two girls switched at birth in 1995: such a late
discovery has been triggered by a traffic accident in which one was orphaned: such a case created a very
complex human and legal dispute.
Corriere della Sera – March 28, 1999 – reports that in New Jersey a white couple gave birth to a black baby,
after an assisted artificial insemination.
New York Times - June 3, 1999 - comments that the injuries due to the improper use of drugs can be
considered as a “medical progress disease”. Except surgical risks, Patient drug administration is one of the
most dangerous care event and “we aren’t investing the necessary resources to protect the Patient”.
Corriere della sera – February 20, 1999 – reports that a woman affected by diabetes died probably due to the
administration of a glucose phleboclysis.
Il Giornale – April 16, 1999 – reports that an elderly man was forced to wrong care as a result of radiography
mix up.
Corriere della sera – May 8, 1999 - reports that a woman fell into coma, probably due to a pharmacist who
erroneously read a prescription that resulted in the wrong drug delivery.
Corriere della sera – July 18, 1999 – reports that a woman affected by leukemia died probably due to the
administration of a wrong phleboclysis.
Corriere della sera – August 22, 1999 – reports that a young boy resulted pregnant as a result of lab tests mix
up.
These few examples are just the tip of the iceberg, i.e. the events that are intercepted because of the
exceptionality of the cases. Nonetheless, such examples clearly show how healthcare enterprises are facing
the need for specific organizational and structural changes, satisfying the urge of systems able to minimize the
incidence of human errors in the process. The political and social impact of healthcare can potentially play a
strong role in requiring the introduction of healthcare systems and related standards that support
improvements in safety and reliability in the healthcare processes.
A comprehensive study about error in medicine in the overall healthcare system carried out by the U.S.
Institute of Medicine reports “… When extrapolated to the over 33,6 million admissions to U.S. hospitals in
1997, the results of the study in Colorado and Utah imply that at least 44 000 Americans die each year as a
result of medical errors. The result of the New York study suggests the number may be as high as 98 000.
Even when using the lower estimate, deaths due to medical errors exceed the number attributable to the 8th
leading cause of death. More people die in a given year as a result of medical errors than from motor vehicle
accidents (43 458), breast cancer (42 297), or AIDS (16 516).
Total national costs (lost income, lost household production, disability and health care costs) of preventable
adverse events (medical errors resulting in injury) are estimated to be between $17 billion and $29 billion, of
which health care costs represent over one-half.
In terms of lives lost, patient safety is an important issue just as worker safety. Every year, over 6 000
Americans die from workplace injuries. Medication errors alone, occurring either in or out of the hospital, are
estimated to account for over 7 000 deaths annually.
The study recommends a comprehensive approach to improving patient safety aimed at a threshold
improvement in quality over the next ten years.
Given the social and political relevance of such a study, December 7, 1999 the U.S. President Bill Clinton
declared: “Ensuring patient safety is not about fixing blame. It’s about fixing problems in an increasingly
complex system; about creating a culture of safety and an environment where medical errors are not
tolerated.”
The White House communicate informs that: “Today, at the White House, President Clinton took strong new
steps to ensure patient safety through the prevention of medical errors. The President held a meeting with
health providers and consumers; signed an executive memorandum directing a federal task force to submit
recommendations on improving health care quality and patient safety initiatives. Under the President actions,
the over 300 private health plans participating in the Federal Employee Health Benefits Program will be
required to institute quality improvement and patient safety initiatives…”.
2 Performances of the human operator in the healthcare system
2.1 General
Healthcare is (and will be in the future) a human-machine system, i.e. a technological organization, in which
human, technical and organizational factors interact in order to deliver healthcare. In such a context, a Patient
centered vision of healthcare delivery calls for the evaluation of human performance within the more general
context of system performance. This chapter is based on James Reason’s book: Managing the risk of
Organizational Accident, 1998 Ashgate edition. For more details on the topic of this chapter and more in
general on the topics of the organizational accident, the authors invite us to read this fundamental book.
2.2 The human activity space
Human performances and associated errors can be classified in many ways, but the most common is the
classification of error related consequences for the system. A causal taxonomy helps in focusing on errors as
consequences of underlying mental processes that are common to individuals acting in a system. To this
purpose, we will refer to some basic concepts on human performances (Figure 2) according to cognitive
science.
Figure 2 — Human activity space
The three main performance levels can be classified as:
 skill-based (SB);
 rule-based (RB);
 knowledge-based (KB).
A given human performance is the result of the combination of two factors: one depending on the individual
(the individual control mode) and the other on the situation in which the individual is acting. These two
dimensions define the so-called human activity space.
Human beings control their actions through various combinations of two control modes:
 conscious;
 automatic.
The conscious mode is limited in capacity, slow, sequential, error-prone, but potentially very smart. The
automatic control mode is the opposite: largely unconscious and effortless, it is necessary to manage
recurrence of everyday life. Naturally, human beings prefer to operate in the automatic mode whenever it is
possible.
The nature of the situation in which an individual acts ranges from highly familiar everyday situations to
entirely novel problems. In the middle range, situations require problem solving based on pre-training or
documented procedures.
At the skill-based level, individuals carry on routine and highly practiced processes in largely automatic ways
with occasional conscious checks on progress. The skill-based level includes the Patient and Patient related
objects (medication, blood tube, medical report etc.) identification and tracking. The switch to the rule-based
level happens when individuals need to apply memorized or written rules of the kind «if…then…do»: thus,
they need conscious thinking to verify whether or not the solution is appropriate. The rule-based level includes
for example known drug-drug interaction, drug-Patient allergy control, product lot/expiry data control, activity
time scheduling and control, etc. Generally, there is a resistance to come to the knowledge-based level and
usually after repeatedly failing to find some pre-existing, effortless solution, individuals need time and
concentration to come up with solutions. The knowledge-based level refers to all complex organizational and
clinical knowledge applied to unpredictable states.
2.3 Human errors and violations
Human actions can be classified with respect to:
  the goal intended to be achieved;
  the behaviour with respect to procedures or rules to be followed;
  the risk perception in the context of the action.
The intended goal discriminates between errors and successful actions: human error can be defined as the
failure of planned actions to achieve their desired ends – without the intervention of some unforeseeable
events (Figure 3). We are concerned with human errors: attentional slips of action, lapses of memory and rule-
based mistakes, highlighted in Figure 3.
Figure 3 — Human errors
The adherence of human behaviour to rules discriminates between violations and compliant actions.
Violations are defined as deviations from operating procedures and rules. Such deviations can be either
deliberate or erroneous: the deliberate violations we are concerned with are the non-malevolent acts that
should be distinguished from sabotage (in which both the act and the damage are intended). Three major
categories of violations can be identified: routine, optimizing and necessary violations, depending on the
relationship between organizational and individual factors (Figure 4).
Routine violations typically involve short-cuts at the skill-based level of performance: they can become part of
the person’s behaviour repertoire, particularly when the sanctioning/rewarding policy of the work environment
is non-aggressive.
Optimizing violations – or violating for the thrill of doing it – reflect the fact that human actions serve a variety
of motivational goals and that some of these are not necessarily related to the functional aspects of the
processes. Tendencies to optimize non-functional goals can become part of an individual performance style.
Routine and optimizing violations are triggered by the compromise between personal (least effort and thrills)
and process goal.
The present technical report is concerned with the human violations: routine, optimizing and erroneous,
highlighted in Figure 4.
Figure 4 — Human violations
Necessary violations are the individual compensation to organizational failings with regard to the site, tools or
equipment. In addition, they can provide an easier way of working. Both effects combined result in violations
becoming routine rather then exceptional.
2.4 The organizational accident
2.4.1 General
Human performance is a complex issue indeed that includes risk of error and violation: human fallibility can be
moderated up to a point, but it can never be eliminated. Assuming that the failure of a human operator is a
causal effect of a non-intended system performance, the a posteriori approach of the tort liability system is
neither efficient as previously indicated – nor helpful, as it enhances conflict of interests among involved
parties to the detriment of process transparency and comprehension. In fact resulting sanctions, threat and
fear have transient effects in the process and formal requests to pay more attention or to strictly follow a given
procedure are often incompatible with the pressure on productivity goals.
System performance failures with respect to Patient Safety will be investigated by means of a model - the
organizational accident model - which is believed to be appropriate to represent the healthcare system
complexity.
2.4.2 Human operator failures and latent conditions
In general terms, the organizational accident is an event in which damaging or injurious hazards breach
system defenses and reach vulnerable people or assets - collectively termed losses. In principle, the event is
triggered by the combination of active failures of the human operator and latent conditions that are the result
of top-level decisions made by regulators, manufacturers, designers, organizational managers.
The causal story of an organizational accident starts with the organizational factor: strategic decisions, generic
organizational processes - forecasting, budgeting, allocating resources, planning, scheduling, communicating,
managing, auditing etc. These processes will be coloured and shaped by the corporate culture, or the
unspoken attitudes or unwritten rules concerning the way an organization carries out its business.
The consequences of these activities are then distributed throughout the organization to reach individual
workplaces where they reveal themselves as factors likely to promote unsafe acts (i.e. errors and violations).
These include undue time pressure, inadequate tools and equipment, poor human-machine interfaces,
insufficient training, under-manning, poor supervisor-worker ratios, low pay, low status, macho culture,
unworkable or ambiguous procedures, poor communication etc.
Within the workplace, these local factors combine with the natural human tendencies to produce errors and
violations committed by individuals and teams. A large number of these unsafe acts will be made, but only
very few of them will create holes in the defenses.
On the other end, unsafe acts are implicated in most organizational accidents, but they are not a necessary
condition. In fact, on some occasions, the defenses fail simply as the result of latent conditions. This is
indicated by the latent condition pathway, connecting workplace and organizational factors directly to failed
defenses (Figure 5).
Figure 5 — An accident trajectory passing through corresponding holes in the layers of defenses,
barriers and safeguards
Latent conditions are always present in complex systems: they are by-products of generic organizational and
managerial processes like defining strategies, allocating resources, setting priorities, planning investments,
defining requirements. Latent conditions are a mix of intentional and non-intentional by-products of designing
and managing systems, within blurred-by-complexity boundaries.
Guidelines or standards in the Patient safety domain should provide best practices that limit latent conditions
in the healthcare process. For a successful deployment in the real enterprise environment, such guidelines or
standards should be considered by enterprise managers as a form of innovation in the core business and
evaluated in terms of return on investment.
Thus, it is important to approach the problem of the organizational accident from a system perspective. Such
an approach is needed in order to assess enterprise costs of non-quality/non-safety and eventually paybacks
of standard introduction.
As it has been previously pointed out in the initial part of the document, awareness of the structural weakness
of the healthcare systems and associated economical and ethical costs is raising both in the healthcare
professional and in the man-of-the-street perception. From the health informatics standardization point of view,
it is important to bring to the party a system approach to the problem of Patient safety, in order to limit/avoid
the risk of a jeopardized map of hyper-specific needs. Such a system-oriented perspective helps focusing the
underpinning role of a trusted identification in the more general framework of process control for Patient safety
purposes. In fact, trusted controls applied to safety critical processes imply trusted identification of critical
process objects as Patients, Patient related objects, products, professionals and time as they interact during
the process.
2.5 The area of intervention
In order to increase system performances in the healthcare process in the Patient safety domain, the areas of
intervention for Patient safety procedures and supporting technologies are:
 human errors, generated either by skill-based slips and lapses (attentional slips of actions and lapses of
memory) or by memory due to rule-based mistakes;
 human violations, generated either by errors or deliberate, non-malevolent behaviours (tolerated as
considered routine or process optimization)
3 The healthcare system and process framework
3.1 The organization hierarchy
The healthcare system is based on a multi-level customer/supplier chain model in which the Patient is the
main customer. At the top level the customer-Patient has access to one or more insurance products offered by
insurance enterprises (either public or private) that are legally established in the healthcare risk market.
Insurance enterprises, in turn, sign specific contracts with healthcare delivery enterprises (e.g. multi-hospital
healthcare enterprises, hospitals, diagnostic services, GPs, consultants, nurses) legally established in the
healthcare delivery market.
Depending on the organizational complexity of a given healthcare delivery enterprise, sub-enterprises can be
legally established, resulting in healthcare enterprises themselves (e.g. a single hospital in a hospital network).
Within a given enterprise, healthcare sub-organizations can be hierarchically established (e.g. departments,
teams) and managed on intra-enterprise contract basis. Contract lowest level in hierarchy are the specific
activities performed by single healthcare professionals (e.g. employees, consultants, grants) which can be
considered as the lowest sub-organization.
For the purpose of this document we define enterprises, sub-enterprises and sub-organizations simply as
organizations of different levels (see Figure 6), i.e. the healthcare system as a whole can be considered as the
top level organization (organization level 0) while the healthcare professional as the lowest level organization
(organization level -4). Besides, since healthcare processes involving the hospitalized Patients are the unique
intervention points with the highest potential of success for a Patient safety standard initiative, the whole
discussion will focus exclusively on this sector, i.e. the hospital healthcare framework. It is clear though, that
such an approach and such initiative can be used for the ambulatory sector as well, provided that an
appropriate concept revision is carried out to cope with the intrinsic characteristics of the ambulatory
healthcare framework.
3.2 The process hierarchy
From a productive process perspective, the healthcare system consists of innumerable co-operating different
level processes linked together by customer/supplier relationship. Processes are hierarchically connected one
to the other according to the level of the organization that performs them, i.e. an organization of level -2 (e.g. a
blood diagnostic laboratory) performs a process of level -2 (e.g. the blood analysis process). Each healthcare
productive process is performed by the relative organization in order to deliver the appropriate healthcare
product/service to the Patient (see Figure 6).
The healthcare process is managed by means of cascade contracts between organizations of different levels
down to the basic contract element relative to the activity performed by the lowest level organization.
Progressive completion of basic contract elements in the contract hierarchy feeds the process forward up to
the completion of the contract hierarchy, i.e. the specific contract issued with the Patient.
LEVEL 0
HC System
HC delivery process
LEVEL -1
Hospital 1 ( H 1 ) H 2 Patient Patient
management (H1) management (H2)
Pharmacy Ward
Laboratory Drug. Diagnostic Blood
LEVEL -2
Analysis Management Processes Analysis
Doctors ward Nurses ward Nurses ward Lab. Analysis Tubes Phlebotomy
Doctors and nurses Patient Anamnesis
LEVEL -3
team team team prescription preparation execution
ward team Diagnosis
Nurse Nurse Nurse Syringe Blood Tubes
Nurse
Patient
handling withdrawal replenishing LEVEL -4
Identification
Figure 6 — Organisation levels and process

3.3 The healthcare process in the IDEF framework
3.3.1 General
A generic healthcare process, whatever the performing level, can be described according to the IDEF model
(see Figure 7). Other modelling techniques can be applied as for example UML (Unified Modeling Language).
According to the IDEF model, each generic process (that is a dynamical event) takes place when at least one
input is offered. In the healthcare context the input is represented by a Patient and/or a
...