Aviation, nuclear power, chemical and petroleum industries are, like healthcare, hazardous activities carried out in large, complex organizations by, for the most part, dedicated and highly trained people. Commercial, political, social and humanitarian pressures have compelled these industries to raise their game and make sustained efforts to improve and maintain safety. Healthcare, in contrast, has relied on the intrinsic motivation and professionalism of clinical and managerial staff which, while vital, is not sufficient to ensure safety. Hearing other people working in dangerous environments talk about how they treat safety as something to be discussed, analysed, managed and resourced tells us that safety is not just a by-product of people doing their best, but a far more complex and elusive phenomenon.

We should, however, be cautious about drawing parallels between healthcare and other industries. The high technology monitoring and vigilance of anaesthetists and the work of pilots in commercial aviation are similar in some respects, but the work of surgeons and pilots is very different. Emergency medicine may find better models and parallels in the military or in fire fighting than in aviation, and so on. The easy equation of the work of doctors and pilots has certainly been overstated, even though many useful ideas and practices have transferred from aviation to medicine. For instance, simulation and team training in anaesthesia and other specialties was strongly influenced by crew resource management in aviation. However, surgical team training has to be grounded in the particular tasks and challenges faced by surgical teams. We cannot just import aviation team training wholesale. Aviation acts as a motivator and source of ideas, but the actual training has to be developed and tested within the healthcare setting.

What differences can be identified between healthcare and other industries? First, healthcare encompasses an extraordinarily diverse set of activities. Healthcare encompasses the mostly routine, but sometimes highly unpredictable and hazardous world of surgery; primary care, where patients may have relationships with their doctors over many years; the treatment of acute psychosis, requiring rapid response and considerable tolerance of bizarre behaviour; some highly organized and ultrasafe processes, such as radiotherapy or the management of blood products; and the inherently unpredictable, constantly changing environment of emergency medicine. To this list we can add hospital medicine, care in the community, patients who monitor and treat their own condition and, by far the most important in poorer cultures, care given in people’s homes. Even with the most cursory glance at the diversity of healthcare, the easy parallels with the comparatively predictable high-hazard industries, with a relatively limited set of activities, begins to break down.

Work in many hazardous industries, such as nuclear power is, ideally, routine and predictable. Emergencies and departures from usual practice are unusual and to be avoided. Many aspects of healthcare are also largely routine and would, for the most part, be much better organized on a production line basis. Much of the care of chronic conditions, such as asthma and diabetes, is also routine and predictable, which is not to say that the people suffering from these conditions should be treated in a routine standardized manner. However, in some areas, healthcare staff face very high levels of uncertainty. In hospital medicine, for example, the patient’s disease may be masked, difficult to diagnose, the results of investigations not clear cut, the treatment complicated by multiple comorbidities and so on. Here, a tolerance for uncertainty on the part of the staff, and indeed the patient, is vital. The nature of the work is very different from most industrial settings.

A related issue is that pilots and nuclear power plant operators spend most of their time performing routine control and monitoring activities, rather than actually doing things. For the most part the plane or the plant runs itself, and the pilot or operator is simply checking and watching. Pilots do, of course, take over manual control and need to be highly skilled, but actual ‘hands on’ work is a relatively small part of their work (Reason, 1997). In contrast, much of healthcare work is very ‘hands on’ and, in consequence, much more liable to error. The most routine tasks, putting up drips, putting lines in to deliver drugs, all require skill and carry an element of risk. Finally, and most obviously, passengers in trains and planes are generally in reasonable health. Many patients are very young, very old, very sick or very disturbed, and in different ways vulnerable to even small problems in their care.

As well as comparing specific work activities, we can also consider more general organizational similarities and differences. David Gaba (2000) has identified a number of ways in which the approach to safety in healthcare differs from other safety-critical industries. First, most high risk industries are very centralized with a clear control structure; healthcare, even national systems such as in England, is fragmented and decentralized in comparison. This makes it very difficult to regulate and standardize equipment and basic procedures; standardizing the design of infusion pumps, for instance, is highly desirable but very difficult to achieve in practice. Second, other industries put much more emphasis on standardizing both the training and the work process. Rene Amalberti (2001) has pointed out that it is a mark of the success and safety of commercial aviation that we do not worry about who the pilot is on a particular flight; we assume they, in his phrase, are ‘equivalent actors’, who are interchangeable. This is not an insult, but a compliment to their training and professionalism. In healthcare the autonomy of the individual physician, while absolutely necessary at a clinical level, can also be a threat to safety (Gaba, 2000; Amalberti et al., 2005). If nurses, for instance, are constantly responding to different practices of senior physicians in intensive care, unnecessary variability and potential for error is introduced.

Third, safe organizations devote a great deal of attention and resources to ensuring that workers have the necessary preparation and skills for the job; medical school is a long and intensive training, but a young doctor will still arrive on a new ward and be expected to pick up local procedures informally – sometimes with catastrophic consequences, as we will see in the next chapter. Finally, Gaba points out that healthcare is comparatively unregulated compared to other industries. In many countries there is a host of regulatory bodies, each with responsibility for some aspect of education, training or clinical practice. However, regulation still has very little effect day to day on clinical practice. All of these issues are complex and we will return to many of them later in the book. For now however, it is sufficient to note there are many differences, as well as some similarities, between healthcare and other industries in both activity and organization.

I kept my tea in the right hand side of a tea caddy for some months and when that was finished kept it in the left, but I always for a week took off the cover of the right hand side, though my hand would sometimes vibrate. Seeing no tea brought back memory.
(CHARLES DARWIN NOTEBOOKS C217 QUOTED IN BROWNE, 2003)

Patient safety is beset by difficulties with terminology and the most intractable problems occur when the term error is used. For instance, you might think that it would be relatively easy to define the term ‘prescribing error’. Surely, either a drug is prescribed correctly or not? Yet, achieving a consensus on this term required a full study and several iterations of definitions amongst a group of clinicians,with still room for disagreement (Dean, Barber and Schachter, 2000). Such definitional and classification problems are longstanding and certainly not confined to healthcare. Regrettably, we are not going to resolve the problems here. However, we can at least draw some distinctions and show the different ways that error is defined and discussed. Hopefully this will clear some of the fog that envelops the term and allow us to discern the various uses and misuses in the patient safety literature.

In everyday life, recognizing error seems quite straightforward, though admitting it may be harder. My own daily life is accompanied by a plethora of slips, lapses of memory and other ‘senior moments’, in the charming American phrase, that are often the subject of critical comment from those around me. (How can you have forgotten already?). Immediate slips, such as Darwin’s example shown above, are quickly recognized. Other errors may only be recognized long after they occur. You may only realize you took a wrong turning some time later when it becomes clear that you are irretrievably lost. Some errors, such as marrying the wrong person, may only become apparent years later. An important common theme running through all these examples is that an action is only recognized as an error after the event. Human error is a judgement made in hindsight (Woods and Cook, 2002). There is no special class of things we do or don’t do that we can designate as errors; it is just that some of the things we do turn out to have undesirable or unwanted consequences. This does not mean that we cannot study error or examine how our otherwise efficient brains lead us astray in some circumstances, but it does suggest that there will not be specific cognitive mechanisms to explain error that are different from those that explain other human thinking and behaviour.

Eric Hollnagel (1998) points out that the term error has historically been used in three different senses: as a cause of something (plane crash due to human error), as the action or event itself (giving the wrong drug) or as the outcome of an action (the death of a patient). The distinctions are not absolute in that many uses of the term involve both cause and consequence to different degrees, but they do have a very different emphasis. For instance, the UK National Patient Safety Agency has found that patients equate ‘medical error’ with a preventable adverse outcome for the patient. Terms like ‘adverse event’, although technically much clearer, just seem like an evasion or a way of masking the fact that someone was responsible.

The most precise definition of error, and most in accord with everyday usage, is one that ties it to observable behaviours and actions. As a working definition, Senders and Moray (1991) proposed that an error means that something has been done which:

• was not desired by a set of rules or an external observer;
  
• led the task or system outside acceptable limits;
  
• was not intended by the actor.

This definition of error, and other similar ones (Hollnagel, 1998), imply a set of criteria for defining an error. First, there must be a set of rules or standards, either explicitly defined or at least implied and accepted in that environment; second, there must be some kind of failure or ‘performance shortfall’; third, the person involved did not intend this and must, at least potentially, have been able to act in a different way. All three of these criteria can be challenged, or at least prove difficult to pin down in practice. Much clinical medicine, for instance, is inherently uncertain and there are frequently no guidelines or protocols to guide treatment. In addition, the failure is not necessarily easy to identify; it is certainly not always clear, at least at the time, when a diagnosis is wrong or when at what point blood levels of a drug become dangerously high. Finally, the notion of intention, and in theory at least being able to act differently, is challenged by the fact that people’s behaviour is often influenced by factors, such as fatigue or peer pressure, which they may not be aware of and have little control over. So, while the working definition is reasonable, we should be aware of its limitations and the difficulties of applying it in practice.

Classifications of error can be approached from several different perspectives. An error can be described in terms of the behaviour involved, the underlying psychological processes, and in terms of the factors that contributed to it. Giving the wrong drug, for instance, can be classified in terms of the behaviour (the act of giving the drug), in psychological terms as a slip (discussed below) and be due, at least in part, to fatigue. To have any hope of a coherent classification systems these distinctions have to be kept firmly in mind, as some schemes developed in healthcare mix these perspectives together indiscriminately.

Generic error classification schemes may seem very remote from healthcare, too abstract, too conceptual and only of interest to researchers. However, PHEA maps quite easily onto many standard clinical practices. Consider the checking of anaesthetic equipment before an operation; there are several different types of check to be made, but all the ways of failing to check probably fall into one of the five types listed in PHEA. In operating the anaesthetic equipment, anaesthetic drugs can be given for too long, at the wrong time, the dials can be turned in the wrong direction, the wrong dial can be turned and so on. Communication between the surgeon and anaesthetist about, say, blood loss might not occur, might be incomplete or be misleading. Realizing the importance of clarity and classification, some researchers have sought to clarify the definitions in use and build classification schemes that everyone can agree on. We will briefly examine work on prescribing error and diagnostic error, which present contrasting challenges of both classification and understanding.

In the preceding two sections error has mainly been examined in terms of behaviour and outcome. However, errors can also be examined from a psychological perspective. The psychological analyses to be described are mainly concerned with failures at a particular time and probe the underlying mechanisms of error. There is therefore not necessarily a simple correspondence with medical errors which, as discussed, may refer to events happening over a period of time. In his analysis of different types of error, James Reason (1990) divides them into two broad types of error: slips and lapses, which are errors of action, and mistakes which are, broadly speaking, errors of knowledge or planning. Reason also discusses violations which, as distinct from error, are intentional acts which, for one reason or another, deviate from the usual or expected course of action.

Slips and lapses occur when a person knows what they want to do, but the action does not turn out as they intended. Slips relate to observable actions and are associated with attentional failures, whereas lapses are internal events and associated with failures of memory. Slips and lapses occur during the largely automatic performance of some routine task, usually in familiar surroundings. They are almost invariably associated with some form of distraction, either from the person’s surrounding or their own preoccupation with something in mind. When Charles Darwin went to the wrong tea caddy, he had a lapse of memory. If, on the other hand, he had remembered where the tea was but had been momentarily distracted and knocked the caddy over rather than opening it, he would have made a slip.

Slips and lapses are errors of action; you intend to do something, but it does not go according to plan. With mistakes, the actions may go entirely as planned but the plan itself deviates from some adequate path towards its intended goal. Here the failure lies at a higher level: with the mental processes involved in planning, formulating intentions, judging and problem solving (Reason,1990). If a doctor treats someone with chest pain as if they have a myocardial infarction, when in fact they do not, then this is a mistake. The intention is clear, the action corresponds with the intention, but the plan was wrong.

Rule based mistakes occur when the person already knows some rule or procedure, acquired as the result of training or experience. Rule based mistakes may occur through applying the wrong rule, such as treating someone for asthma when you should follow the guidelines for pneumonia. Alternatively, the mistake may occur because the procedure itself is faulty; deficient clinical guidelines for instance.

Knowledge based mistakes occur in novel situations, where the solution to a problem has to be worked out on the spot. For instance, a doctor may simply be unfamiliar with the clinical presentation of a particular disease, or there may be multiple diagnostic possibilities and no clear way at the time of choosing between them; a surgeon may have to guess at the source of the bleeding and make an understandable mistake in their assessment in the face of considerable stress and uncertainty. In none of these cases does the clinician have a good ‘mental model’ of what is happening to base their decisions on, still less a specific rule or procedure to follow.

Errors are, by definition, unintended in the sense that we do not want to make errors. Violations, in contrast, are deliberate deviations from safe operating practices, procedures, standards or rules. This is not to say that people intend that there should be a bad outcome, as when someone deliberately sabotages a piece of equipment; usually people hope that the violation of procedures won’t matter on this occasion or will actually help get the job done. Violations differ from errors in several important ways. Whereas errors are primarily due to our human limitations in thinking and remembering, violations are more closely linked with our attitudes, motivation or the work environment. The social context of violations is very important and understanding them, and if necessary curbing them, requires attention to the culture of the wider organization, as well as the attitudes of the people concerned.

Reason (1990) distinguishes three types of violations:

• A routine violation is basically cutting corners for one reason or another, perhaps to save time or simply to get on to another more urgent task.
  
• A necessary violation occurs when a person flouts a rule because it seems the only way to get the job done. For example, a nurse may give a drug which should be double checked by another nurse, but there is no one else available. The nurse will probably give the drug, knowingly violating procedure, but in the patient’s interest. This can, of course, have disastrous consequences, as we will see in the next chapter.
  
• Optimizing violations which are for personal gain, sometimes just to get off work early or, more sinister, to alleviate boredom, ‘for kicks’. Think of a young surgeon carrying out a difficult operation in the middle of the night, without supervision, when the case could easily wait until morning. The motivation is partly to gain experience, to test oneself out, but there may be a strong element of the excitement of sailing close to the wind in defiance of the senior surgeon’s instructions.

The psychological perspective on error has been very influential in medicine, forming a central plank of one of the most important papers in the patient safety literature (Leape, 1994). Errors and violations are also a component of the organizational accident model, discussed in the next chapter. However, attempts to use these concepts in practice in healthcare, in reporting systems for instance, have often foundered. Why is this? One important reason is that in practice the distinction between slips, mistakes and violations is not always clear, either to an observer or the person concerned. The relationship between the observed behaviour, which can be easily described, and the psychological mechanism, are often hard to discern. Giving the wrong drug might be a slip (attention wandered and picked up the wrong syringe), a mistake (misunderstanding about the drug to be given) or even a violation (deliberate over-sedation of a difficult patient). The concepts are not easy to put into practice, except in circumstances where the action, context and personal characteristics of those involved can be quite carefully explored.

As must now be clear, error has many different facets and the subject of error, and how to reduce error, can be approached in different ways. While there are a multitude of different taxonomies and error reduction systems, we can discern some broad general perspectives or ‘error paradigms’ as they are sometimes called. Following Deborah Lucas (1997) and James Reason (1997) four perspectives can be distinguished: the engineering perspective, psychological, individual and organizational. The psychological perspective has already been discussed and we will not consider it further here. The various perspectives are seldom explicitly discussed in medicine but, once you have read about them, you will certainly have seen them in action in discussions of safety in healthcare. Each perspective leads to different kinds of solutions to the problem of error. Some people just blame doctors for errors and think discipline and retraining is the answer; some want to automate everything; others put everything down to ‘the system’. Each perspective has useful features, but unthinking adherence to any particular one is unlikely to be productive.

The central characteristic of the engineering perspective is that human beings are viewed as potentially unreliable components of the system. In its extreme form, this perspective implies that humans should be engineered out of a system by increasing automation, so avoiding the problem of human error. In its less extreme form, the engineering approach regards human beings as important parts of complex systems, but places a great deal of emphasis on the ways people and technology interact. For instance, the design of anaesthetic monitors needs to be carefully considered if the wealth of information displayed is not to lead to misinterpretation and errors at times of crisis.

In the manufacture of computers and cars on assembly lines, less human involvement in repetitive tasks has undoubtedly led to higher reliability. However, automation does not always lead to improvements in safety and may actually introduce new problems – the ‘ironies of automation’ as Lisanne Bainbridge expressed it (Bainbridge, 1987). In particular, the operators of equipment become much less ‘hands on’ and spend more time monitoring and checking. This is well expressed in the apocryphal story of the pilot of a commercial airliner who turned to his co-pilot and said, of the onboard computer controlling the plane, ‘I wonder what it’s doing now?’ There have, however, been some real life tragedies in which automation led human beings astray with tragic consequences (Box 7.3).