Background In Reason's safety model, high-reliability healthcare organisations are characterised by multiple layers of defensive barriers in depth associated with increased levels of safety in the care delivery system. However, there is very little empirical evidence describing and defining defensive barriers in healthcare settings or systematic analysis documenting the nature of breaches in these barriers. This study uses in situ simulation to identify defensive barriers and classify the nature of active and latent breaches in these barriers.
Methods An in situ simulation methodology was used to study team performance during obstetrics emergencies. The authors conducted 46 trials of in situ simulated obstetrics emergencies in two phases at six different hospitals involving 823 physicians, nurses and support staff from January 2006 to February 2008. These six hospitals included a university teaching hospital, two suburban community hospitals and three rural hospitals. The authors created a high-fidelity simulation by developing scenarios based on actual sentinel events.
Results A total of 965 breaches were identified by participants in 46 simulation trials. Of the 965 breaches, 461 (47.8%) were classified as latent conditions, and 494 (51.2%) were classified as active failures.
Conclusions In Reason's model, all sentinel events involve a breached protective layer. Understanding how protective layers breakdown is the first step to ensure patient safety and establish a high reliability. These findings suggest where to invest resources to help achieve a high reliability. In situ simulation helps recognise and remedy both active failures and latent conditions before they combine to cause bad outcomes.
- Human error
- patient safety
- team training
Statistics from Altmetric.com
Landmark reports from the Institute of Medicine1 2 have led to an unprecedented interest in understanding the nature of error in medical care organisations and in transforming hospitals into high-reliability organisations (HROs) that provide safe care and minimise errors.3 Reason's accident model has become one of the dominant paradigms for analysing medical errors and patient safety incidents.4
High-reliability healthcare organisations are characterised by multiple layers of defensive barriers associated with increased levels of safety in the care delivery system.5 However, there is very little empirical evidence describing and defining defensive barriers in healthcare settings or systematic analysis documenting the nature of breaches in these barriers. Simulation training has emerged as an important strategy for improving patient safety and quality in healthcare.6 This article describes a study using in situ simulation to identify defensive barriers and classify the nature of active and latent breaches in these barriers.
In situ simulation is a team-based simulation strategy that occurs in patient care units involving interdisciplinary team members working within their own environments. In contrast to simulation laboratories, in situ simulation methods can be useful in uncovering latent conditions in a hospital setting that would not be detectible in a laboratory setting.7 In situ simulation aims to achieve high-fidelity realism by performing the training in the setting where patient care is delivered, where organisational processes exist and real errors occur.8 Fidelity is the clinical and psychological degree to which the simulator or simulation scenario represents the real system.6
Methods and design
An in situ simulation methodology was used to study team performance during obstetrics emergencies.7 We created a high-fidelity simulation by developing scenarios based on actual sentinel events. All simulations were video-recorded.
Study design: scenarios and event sets
A total of three sentinel event clinical scenarios were developed based on medical record review, postevent investigation and interviews with selected persons involved in the actual event. These were placental abruption, ruptured uterus and postpartum haemorrhage. The scenarios were segmented into scenes or ‘event-sets,’9 a method used to stress the care delivery team and to interrogate the system for both active failures and latent conditions. The event set methodology was developed in aviation in the mid-1990s and was introduced to healthcare a decade later.9 Four to six event sets are embedded in a scenario and occur in chronological sequence. Each event set has a specific trigger (sudden clinical change) and distracter (element designed to divert the team's attention). The scenario and event sets were designed to prompt specific observable behavioural markers including situational awareness, standardised communication techniques of situation, background, assessment, recommendation, response (SBAR-R) or closed loop communication, shared mental model and leadership. The beginning of each event set is distinguished by critical junctures (especially a change in team composition) characterised by a greater chance for a breach in communication or teamwork behaviour.7 8 The average time per simulation was 3 h, with the three components averaging 15 min for the briefing, 45 min for the simulation event and 2 h for the facilitated debriefing.
We conducted 46 trials of in situ simulated obstetrics emergencies in two phases at six different hospitals within one healthcare system serving a comparable rural/suburban population in the Midwest. The participants were 823 obstetric, anaesthesia, family practice, neonatal and paediatric physicians, nurses and support staff from January 2006 to February 2008. These six hospitals included a university tertiary hospital, two level II suburban community hospitals and three rural primary care hospitals. Together, the six hospitals represent about 11 000 deliveries per year. IRB approval was secured from the University of Minnesota to conduct this study.
In situ simulation
We used in situ simulation and two directional feedback to assess the performance of healthcare systems and individual team members in the patient care setting at the microsystem level.10 Each simulation session for perinatal critical events consisted of four components: (1) a briefing for participants and staff in the care unit immediately prior to the simulation; (2) a simulation scenario event that utilised confederates for a live patient (standardised patient) accompanied by a family member and later a manikin for physiological fidelity; (3) an expert-facilitated, structured debriefing designed to identify latent process issues and active human factors failures self-described by the participants; (4) follow-up to correct systems issues identified in the simulation trial. In each simulation, the patient was followed from triage through labour and the operating room. The simulation began with a handoff consisting of a brief history from one provider to another. The simulation continued with clinical conditions (triggers) transmitted to the receiving team by confederates, a manikin or the participating physician being fed information through a remote headset. Video cameras captured all interactions of the surgical and paediatric teams. Immediately following the simulation scenario, a debriefing session was held. The participants discussed what went well, what did not go well and why, and what could have been better. The debriefing closed the gap between the experience and the making sense of it, and allowed for self discovery for individuals to express their own experiential learning. Follow-up from the lessons learnt about communication, teamwork, safety and any changes made to the unit were communicated as a key outcome of in situ simulation.
Data collection and analysis
All data were collected during the facilitated debriefing stage of the simulation with participants deconstructing their own experiences using the grounded theory approach, a qualitative research methodology that emphasises the iterative nature of discovery, especially in the study of human performance. Grounded theory is based on a textual database (such as field notes or video recording) to identify construct categories and their interrelationship 11 with a focus on discovering themes that emerge from this research rather than hypothesis testing.12 Selected segments of the video were used by the facilitators during the debriefing to clarify certain behaviours or to assist when recollections by participants were vague or uncertain.
The debriefing team consisted of two facilitators and one note taker. The note taker captured the real-time comments from participants. A breach was enumerated when a participant identified a team behaviour necessary for safety that was not performed or performed poorly, or when a system process did not perform to the fullest extent and thus could contribute to an injury. Each element contributed to the qualitative database of breaches and was subsequently analysed and categorised as either (a) an active failure or (b) a latent condition as described by Reason's organisational accident model.13 14 We classified an active failure as an unsafe act committed by those at the patient/provider interface where the damaging consequences are immediately apparent, and a latent condition as something created as a result of decisions at higher echelons whose damaging consequences may lie dormant for a long time until triggered by local conditions. A defensive barrier is a system element—facility, equipment, policy, procedure, human behaviour or other that is either intentionally designed or unintentionally evolves over time. In either circumstance, the defensive behaviour is a metaphor that serves to prevent hazard from contributing to injury—which serves to prevent system errors from causing injury—to interdict the ‘accident trajectory.’ A breach in a defensive barrier occurs when no defensive barrier existed or when the existing defensive barrier did not work as intended by the system design. A breach is judged to have the potential to allow the progress of accident trajectory towards patient injury. Six separate categories of breaches are listed and defined in table 1.
Table 2 shows the results of trials in six hospitals with two types of breaches: latent conditions and active failures. There were a total of 965 breaches identified by participants over 46 simulation trials, ranging from a low of four trials (Hospitals 4 and 5) to a high of 14 trials (Hospital 6). There was an average of 20.8 breaches per trial, ranging from a low of 17.8 breaches (Hospital 2) to a high of 26 breaches (Hospital 4). Of the 965 breaches, 461 (47.8%) were classified as latent conditions, and 494 (51.2%) were classified as active failures.
We calculated the proportion of active breaches and latent conditions for each facility, as well as for the combined hospital condition. Examination of the 95% CI for the proportion of active failures indicates that while five of the six hospitals showed no significant difference in the proportion of active breaches and latent conditions, one hospital (Hospital 4) had significantly more latent conditions than active breaches (95% CI for active failures is 56.5–76.2%).
Table 3 shows the percentage of breaches for three categories of latent conditions: (a) failure to comply with policy and procedure (such as no hard stop prior to incision), (b) breaches caused by equipment or the physical environment (such as two operating rooms in different locations of the hospital with the same numbering system) and (c) breaches caused by established system processes (such as inadequate blood ordering protocols during emergencies). The three latent condition categories of policy, equipment, and system processes account for 23.2%, 9.3% and 16.3%, respectively, of total breaches. The three categories of active failures are: (a) loss of situational awareness (such as failing to note non-reassuring fetal heart sounds), (b) failure to establish a shared mental model (not communicating a decision to the care team) and (c) communication breakdown (not performing a closed-loop communication) respectively of the total breaches associated with active failures in the six hospitals. The three active failure categories of situational awareness, shared mental model, and communication breakdown accounted for 13.0%, 16.0% and 22.3%, respectively, of total breaches.
This study shows a high number of participant reported breaches in defensive barriers to protect patients from injury during simulated obstetrics emergencies conducted in six separate hospitals. A total of 955 breaches were reported by 823 persons from seven professions and occupations who participated in 46 separate healthcare teams with an average of 20.8 breaches identified by the participants during the debriefings. The active failures and latent conditions occurred with comparable frequency (51.7% and 48.3% respectively) with no significant difference between these two categories. Two components of the six categories accounted for approximately 45% of the breaches: (1) failure to comply with organisational policies (a latent condition), which implies inadequate training, orientation or disregard of known procedure under the circumstances, and (2) ineffective communication among team members (an active failure), which implies mistakes or errors of omission and commission by the individual. In order to make these findings actionable, additional follow-up research is needed to determine why policies and procedures were not followed. For example, they may be outdated, irrelevant or in need of change.
Differences between hospitals are noteworthy. The average number of breaches reported for all hospitals is 20.8 (ranging from a low of 17.8 to a high of 26). This compact range clustered around the overall average. It is not clear whether differences in the number of breaches reported between hospitals are related to hospital structural features, team dynamics or both influences. Moreover, only Hospital 4 had significant differences between the proportion of latent conditions (66%) and active failures (44%). The constant proportion of latent conditions and active failures in five hospitals underscores the importance of both factors, as predicted by Reason's model. The larger proportion of latent conditions in hospital four needs further exploration.
In Reason's model, all sentinel events involve a breached protective layer. Understanding how protective layers breakdown is the first step to ensure patient safety and establish high reliability.13 Defences in depth have successive layers of protection, one behind the other, each guarding against the possible breakdown of the one in front. The holes in Reason's Swiss cheese model represent breaches or weaknesses in the defensive barriers. The findings from this study can be used to give meaning to the type and context of the breaches in defensive barriers described by Reason. There have been no systematic investigations of defensive barriers in depth in healthcare settings, and we advance understanding of Reason's accident model in healthcare settings by: (1) identifying the defensive barriers in place, (2) exposing the weaknesses in the defensive layers and (3) identifying where error proofing and safeguarding may be most needed.
These findings suggest two areas in which to invest resources to help achieve high reliability: interdisciplinary teamwork and removing latent conditions. In situ simulation helps recognise and remedy both active and latent conditions before they combine to cause bad outcomes. It is their combined lack of recognition and discoverability that make it important for healthcare organisations that want to approach high reliability.
While building strong defensive barriers is considered the best protection against patient injury,4 there has been very little empirical evidence or systematic analysis about how to identify defensive barriers, the nature and location of defensive barriers as well as the breaches. We selected voluntary reporting of active failures and latent conditions by participants in order to interrogate the care delivery process. Many of the breaches are not observable unless identified by the participants, and the in situ simulation method facilitates the study of breaches as experienced by the clinician.
The findings from this study can be used to understand better how injury occurs and develop more rigorous safety design. The findings support Reason's model that neither errors nor breaches in defensive barriers necessarily work in a linear two-dimensional, progressive, accident trajectory. Our study underscores the dynamic and unpredictable interplay of multiple dimensions of errors and breaches. While Reason's model is highly relevant for healthcare and has been widely adopted, there has been little evidence to identify the frequency and nature of breaches in defensive barriers. Identifying and reducing breaches in defensive barriers requires interdisciplinary team training to create high-performing care teams16 17 and of well-designed care processes18 to achieve highly reliable care in healthcare settings.6 Our findings provide further understanding of the defensive barriers in depth needed for HROs and their breaches with respect to system design and team performance. The in situ simulation methodology allows organisations to identify breaches as well as classify communication and teamwork skills to help prevent breaches that may lead to injury.
We would like to acknowledge P Ranallo and M McCullough for their assistance in data analysis and preparation of the manuscript.
Funding Agency for Healthcare Research and Quality, Fairview Health Services, and the University of Minnesota Academic Health Center.
Competing interests None.
Ethics approval Ethics approval was provided by the University of Minnesota Institutional Review Board.
Provenance and peer review Not commissioned; externally peer reviewed.
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.