A Safety-II Perspective on Organisational Learning in Healthcare Organisations Comment on “False Dawns and New Horizons in Patient Safety Research and Practice”

Abstract In their recent editorial Mannion and Braithwaite provide an insightful critique of traditional patient safety improvement efforts, and offer a powerful alternative vision based on Safety-II thinking that has the potential to radically transform the way we approach patient safety. In this commentary, I explore how the Safety-II perspective points to new directions for organisational learning in healthcare organisations. Current approaches to organisational learning adopted by healthcare organisations have had limited success in improving patient safety. I argue that these approaches learn about the wrong things, and in the wrong way. I conclude that organisational learning in healthcare organisations should provide deeper understanding of the adaptations healthcare workers make in their everyday clinical work, and that learning and improvement approaches should be more democratic by promoting participation and ownership among a broader range of stakeholders as well as patients

Operationalising FRAM in Healthcare: A critical reflection on practice

Resilience Engineering principles are becoming increasingly popular in healthcare to improve patient safety. FRAM is the best-known Resilience Engineering method with several examples of its application in healthcare available. However, the guidance on how to apply FRAM leaves gaps, and this can be a potential barrier to its adoption and potentially lead to misuse and disappointing results. The article provides a self-reflective analysis of FRAM use cases to provide further methodological guidance for successful application of FRAM to improve patient safety. Five FRAM use cases in a range of healthcare settings are described in a structured way including critical reflection by the original authors of those studies. Individual reflections are synthesised through group discussion to identify lessons for the operationalisation of FRAM in healthcare. Four themes are developed: (1) core characteristics of a FRAM study, (2) flexibility regarding the underlying epistemological paradigm, (3) diversity with respect to the development of interventions, and (4) model complexity. FRAM is a systems analysis method that offers considerable flexibility to accommodate different epistemological positions, ranging from realism to phenomenology. We refer to these as computational FRAM and reflexive FRAM, respectively. Prac-titioners need to be clear about their analysis aims and their analysis position. Further guidance is needed to support practitioners to tell a convincing and meaningful "system story" through the lens of FRAM

What kinds of insights do Safety-I and Safety-II approaches provide? a critical reflection on the use of SHERPA and FRAM in healthcare

Over the past decade, the field of healthcare has seen a significant shift in its approach to patient safety. Traditionally, safety efforts focused on understanding past harm and preventing errors, primarily through the use of standardisation and the introduction of barriers and safeguards, such as standardised communication protocols (e.g., SBAR (Haig et al., 2006)), checklists (e.g., WHO surgical safety checklist (Haynes et al., 2009)) and technology with safety features (e.g., smart infusion pumps (Taxis and Franklin, 2011)). This type of thinking about patient safety in terms of past harm and errors is also referred to as Safety-I (Hollnagel, 2014), even though this terminology has been criticised as it does not reflect adequately the diversity in safety science thinking (Leveson, 2020). However, the evidence for whether interventions based on this (Safety-I) thinking lead to improvements in patient safety is mixed at best (Kellogg et al., 2017, Wears and Sutcliffe, 2019), and critics have argued that the additional “safety clutter” produced as a result of such interventions might be counterproductive (Rae et al., 2018, Halligan et al., 2023).This work was funded by the National Institute for Health Research (NIHR) [Programme Grant for Applied Research NIHR200868

Medical Device Interoperability With Provable Safety Properties

Applications that can communicate with and control multiple medical devices have the potential to radically improve patient safety and the effectiveness of medical treatment. Medical device interoperability requires devices to have an open, standards-based interface that allows communication with any other device that implements the same interface. This will enable applications and functionality that can improve patient safety and outcomes. To build interoperable systems, we need to match up the capabilities of the medical devices with the needs of the application. An application that requires heart rate as an input and provides a control signal to an infusion pump requires a source of heart rate and a pump that will accept the control signal. We present means for devices to describe their capabilities and a methodology for automatically checking an application’s device requirements against the device capabilities. If such applications are going to be used for patient care, there needs to be convincing proof of their safety. The safety of a medical device is closely tied to its intended use and use environment. Medical device manufacturers create a hazard analysis of their device, where they explore the hazards associated with its intended use. We describe hazard analysis for interoperable devices and how to create system safety properties from these hazard analyses. The use environment of the application includes the application, connected devices, patient, and clinical workflow. The patient model is specific to each application and represents the patient’s response to treatment. We introduce Clinical Application Modeling Language (CAML), based on Extended Finite State Machines, and use model checking to test safety properties from the hazard analysis against the parallel composition of the application, patient model, clinical workflow, and the device models of connected devices