Professional Documents
Culture Documents
Using safety
cases in industry
and healthcare
A pragmatic review of the use of safety cases in safety-
critical industries – lessons and prerequisites for their
application in healthcare
December 2012
jonathan.bamber@health.org.uk
020 7257 8000
Prof Robin Bloomfield, Centre for Dr Floor Koornneef, Safety Science Dr George Cleland, Adelard LLP,
Software Reliability, City University, Group, TU Delft, Netherlands London
London; Adelard LLP, London
Alberto Pasquini, Deep Blue Research & Ibrahim Habli, Department of
Dr Nick Chozos, Adelard LLP, London Consulting srl, Rome, Italy Computer Science, University of York
Dr David Embrey, Human Reliability Dr Simone Pozzi, Deep Blue Research & Dr John Medhurst, Human Reliability
Associates, Wigan Consulting srl, Rome, Italy Associates, Wigan
m-a.sujan@warwick.ac.uk
Abbreviations iv
Executive summary v
Chapter 7: Conclusion 31
References 32
The twelve years since the publication of An against national and local targets by both
Organisation with a Memory* have seen important commissioners and regulators; however, a number
steps in the development of practices to improve of recent high-profile failures within the NHS have
patient safety in the UK. There has been an demonstrated that measuring compliance with
increased recognition of the responsibility for standards is not enough. The publication of the Mid
improving patient safety at every level of the Staffordshire NHS Foundation Trust Public Inquiry,
system. Work done across the UK, supported by the due in 2013, will trigger a discussion about how
Health Foundation and others, has challenged the we can be sure that care is actually safe, rather than
view that some patient harms are inevitable. waiting for errors to occur.
Healthcare is a process, with a number of Having learned from running safety improvement
interrelated interventions leading to a particular programmes, such as the Safer Patients Initiative
outcome. For example, for a patient to receive the and Safer Clinical Systems, the Health Foundation
correct medication there is a process in which knows that safety is the product of complex
a drug is first prescribed, then dispensed and interactions of attitudes, behaviours and resources.
then administered. In order for safe medication Examining a single element in isolation can lead to
treatment to occur, each of these steps must be false assurance of safety. Moving from an approach
completed correctly. However, as shown by the that largely looks at what we can learn when
Health Foundation’s report, How safe are clinical something goes wrong to one that looks at how
systems?, the reliability of care pathways can vary we can make sure whole systems go right in the
even within the same organisation, with between first place will be critical to shifting attention from
13% and 19% of care processes failing to be measuring errors to designing for safety. To do this
completed to the agreed standard every time.† we need a way of examining how well a healthcare
system is designed to guarantee safety.
Over one hundred years ago Florence Nightingale
collected evidence of mortality during the Crimean As this report demonstrates, other safety-critical
war to determine which hospitals were safe. industries have responded to their own inquiries
Currently the National Reporting and Learning into safety failures by the development of ‘safety
System (NRLS) provides invaluable information cases’. For example, the inquiry into the explosion
about hazards, risks and actual cases of patient of the Piper Alpha offshore oil production platform
harm across the NHS in England and Wales. Such in the North Sea in 1988 led to the Offshore
measures have been used to assess performance Installations (Safety Case) Regulations 2005, which
require petrochemical installations to proactively
* Department of Health. An Organisation with a memory. The Stationery
assess potential risks and so design systems to
Office, 2000. reliably prevent them from being realised.
† The Health Foundation. How safe are clinical systems? The Health
Foundation, 2011.
This report presents the findings of the study, A mixed economy). Previously, manufacturers and
pragmatic review of the use of safety cases in industry operators claimed safety through satisfaction of
– lessons and prerequisites for their application in specific standards and technical requirements
healthcare, carried out from February to June 2011. specified by the regulator. However, this has proven
to be an ineffective and inefficient method of
Supplements to this report are available to download safety management. Current approaches require
from www.health.org.uk/safetycasesreport that manufacturers and operators demonstrate
The supplements contain: that they have adopted a thorough and systematic
process to proactively understand the risks
–– details of surveys on the use of safety cases in six associated with their systems and to control these
safety-critical industries (Supplements A-F) risks appropriately. They still need to demonstrate
–– a review of the application of safety cases to compliance with any applicable requirements
medical devices (Supplement G) specified by the regulator, but this approach goes
beyond the reactive and standards-based approach
–– a systematic review of published literature for to safety management.
evidence of the purposeful adoption of safety
cases in healthcare (Supplement H). In the UK, these duties are often fulfilled through
the use of safety cases. The purpose of a safety case
is to provide a structured argument, supported by
Aims a body of evidence, that provides a compelling,
The aims of the project were to describe safety case comprehensible and valid case that a system is
use in selected safety-critical industries, to make acceptably safe for a given application in a given
pragmatic recommendations for the adoption of context. The core of the safety case is typically
safety cases in healthcare and to outline possible a risk-based argument and corresponding
healthcare application scenarios. evidence to demonstrate that all risks associated
with a particular system have been identified, that
Background appropriate risk controls have been put in place,
and that there are appropriate processes in place
In safety-critical industries, manufacturers and to monitor the effectiveness of the risk controls
operators of systems have to provide evidence and the safety performance of the system on an
of adequate safety performance of their systems ongoing basis. The use of safety cases is an accepted
to the respective regulatory authorities. The best practice in UK safety-critical industries and is
way this is done has changed significantly over adopted by companies as a means of providing rigour
the past 20 years, predominantly in response to and structure to their safety management systems.
major accidents and changes to the economic
environment (for example, the privatisation of
railways leading to a fragmented industry and
USING SAFETY CASES IN INDUSTRY AND HEALTHCARE v
Project overview approach may lead to greater clinical engagement
in the regulatory process by ensuring that the
The project aims were realised through three work
programmes. learning derived is clinically relevant and the
process is understandable to frontline staff. Safety
–– Work programme 1 (WP1) surveyed safety cases may also facilitate communication between
case practices in six safety-critical industries, different stakeholders in complex healthcare
assessed the main drivers and barriers and made environments and provide structure to the safety
recommendations for the adoption of safety activities of healthcare organisations.
cases in healthcare. The surveys were produced
through selective, expert-driven reviews. Safety Key lessons
case use is common in the industries surveyed
and reflects a shared understanding of safety and Benefits
a mature safety culture. Care needs to be taken A distinguishing feature of all the industries
that the development of safety cases does not reviewed is the implementation of highly
become a bureaucratic exercise without actual structured approaches to safety management
safety benefit. to ensure that organisations are proactively
–– Work programme 2 (WP2) provided a identifying, assessing, mitigating and monitoring
description of emerging applications of safety risk. The safety case regime is a means of
cases in healthcare. A systematic review of the establishing a formal structure for these activities
published literature identified three application and ensuring that a disciplined and standardised
domains: medical devices, health informatics approach to managing risk is adopted. In
and health systems. Most literature related to healthcare, safety cases could be a useful tool
to promote structured thinking about risk
the adoption of safety cases in the medical
among clinicians, to foster multidisciplinary
devices domain, with some publications
communication about safety and to enhance
starting to address the area of networked
clinical engagement in the regulatory process.
medical devices and general health informatics
Further benefits of safety cases identified in the
applications. Connecting for Health has issued review include the following.
guidance on the development of clinical safety
cases for the National Programme for IT. Safety –– Integrating evidence sources. Safety cases
case use for general health systems has not provide a structured means of integrating safety
been addressed to any significant extent in the evidence from diverse sources such as trials,
literature thus far. The main drivers for the human factors analysis, testing and operational
adoption of safety cases in healthcare appear experience. They facilitate assessment of the
to be the current standardisation activities extent to which the assembled set of diverse
promoted by bodies such as the International evidence is comprehensive and complete and
Organization for Standardization (ISO), whether it covers all identified safety issues.
International Electrotechnical Commission –– Aiding communication among stakeholders.
(IEC) and the US Food and Drug Administration Stakeholders in safety-critical systems include
(FDA). A selective, expert-driven review was diverse actors such as system designers,
conducted specifically for medical devices to manufacturers, operators, maintainers,
provide further insights. managers, regulators and the public. Safety
–– Work programme 3 (WP3) identified cases act as a focus for discussion between
possible application scenarios for safety cases these stakeholders by allowing critical review
in healthcare and suggested corresponding of the beliefs and evidence as to why a system
research areas. Central to this is the notion of an is acceptably safe. Stakeholders can provide
operational or clinical safety case: a structured input and raise concerns, and they can query the
argument constructed from a clinical perspective resulting safety case to see how their issues have
about why a particular service is safe. Such an been addressed.
A distinguishing feature of safety-critical industries Within the Health Foundation’s Safer Clinical
is the implementation of highly structured Systems (SCS) programme, the safety case concept
approaches to safety management to ensure that has been introduced as a way of structuring
organisations are proactively identifying, assessing, thinking around patient safety and as a means of
mitigating and monitoring risk. These lessons integrating different sources of evidence (both
have been learned following major industrial quantitative and qualitative).
accidents and this is accepted best practice across
industries. The safety case regime is an accepted This report presents the results of a study that
means of establishing a formal structure for reviewed the use of safety cases in six safety-
these activities and ensuring that a disciplined critical industries, as well as emerging use of safety
and standardised approach to managing risk is cases in healthcare, in order to identify lessons
adopted. In healthcare, safety cases could be a and prerequisites for the more widespread and
useful tool to promote structured thinking about systematic application of safety cases in healthcare.
risk among clinicians, to foster multidisciplinary
communication about safety and to enhance Aims
clinical engagement in the regulatory process. The aims of this study were to provide:
The purpose of a safety case (also, more generically, –– a clear description of safety case use in selected
known as an assurance case) can be defined
safety-critical industries
as communicating a clear, comprehensive and
defensible argument that a system is acceptably –– pragmatic recommendations for the adoption of
safe to operate in a particular context. In addition, safety cases in healthcare
a safety case is a valuable tool for bringing about a –– outlines of possible healthcare application
systematic approach to safety and for providing a scenarios.
record of management’s commitment to safety. In
many UK safety-critical industries, the use of safety
cases is a regulatory requirement. In healthcare,
there have been first attempts at adopting the safety
case concept for medical devices, promoted by the
US Food and Drug Administration (FDA).
Figure 1: Generic high-level argument for demonstrating safety of air traffic management
services, articulated in GSN5
1957 Windscale fire (nuclear) Graphite core of a nuclear reactor at Windscale, Cumberland
(now Sellafield, Cumbria) caught fire, releasing substantial
amounts of radioactive contamination into the surrounding
area.
1959 Establishment of the Required that the civil nuclear power stations would be licensed
Nuclear Installations Act by the newly formed Nuclear Installations Inspectorate (NII).
(nuclear)
1979 Three Mile Island accident Partial core meltdown in Unit 2 of the Three Mile Island Nuclear
(nuclear) Generating Station in Dauphin County, Pennsylvania, USA.
1982 Seveso Directive is adopted Council Directive 82/501/EEC on the major accident hazards of
(petrochemical) certain industrial activities – the so-called Seveso Directive – is
adopted. Required substances to be identified and processes
described. No requirement to include major accident prevention
policy (MAPP) or safety management system (SMS).
1983– Public inquiry into Sizewell Long-running review into the acceptability of a novel kind of
1985 B reactor (nuclear) reactor prior to construction. The review was based on the
Pre-Construction Safety Case.
1984 Bhopal disaster A leak of gas and other chemicals from a plant in India resulted
(petrochemical) in the exposure of hundreds of thousands of people. Estimates
on the death toll varied from 2,000 to as many as 15,000 people.
Gave rise to an increased focus on safety culture.
1984 Control of Industrial Major Superseded by COMAH Regulations in 1999. Similar to Seveso I
Accident Hazards (CIMAH) requirements with an emphasis on description.
Regulations adopted in
UK for onshore facilities
(petrochemical)
1986 Chernobyl accident Reactor vessel rupture and a series of explosions that followed
(nuclear) resulted in the deaths of 30 power plant employees and firemen.
It also brought about the evacuation of about 116,000 people
from areas surrounding the reactor during 1986.
1987 King’s Cross Station Fire Radical reform of management on the Underground, including
(London Underground) – the introduction of a safety management system (SMS) and the
31 deaths (railways) first system-wide quantified risk assessment (by 1991).
1988 Clapham derailment – 35 Major reforms within British Rail reflecting the response to
deaths (railways) King’s Cross on London Underground.
1988 Piper Alpha disaster An oil platform that was later converted to gas production. An
(petrochemical) explosion on the platform and the resulting fire killed 167 men
with only 59 survivors.
1992 Safety Case Regulations (SCR) The publication in 1990 of Lord Cullen’s report into the Piper
adopted for UK offshore Alpha disaster paved the way for the introduction of formal
industry (petrochemical) safety case requirements in the UK offshore industry.
1992 UK government white paper The principal driver for the subsequent safety case regime.
announcing formal proposals
for the privatisation of
British Rail (railways)
1994 Privatisation of British First introduction of a mandatory safety case regime in the UK.
Rail and enactment of the
Railways (Safety Case)
Regulations, 1994 (railways)
1997 Southall collision – seven Signal operated by the infrastructure controller passed at danger
deaths (railways) by a driver employed by a train operating company.
1999 Ladbroke Grove collision Also a signal passed at danger (SPAD) incident. Southall and
and fire – 31 deaths Ladbroke Grove accidents led directly to (inter alia) a review of
(railways) the safety case regime.
1999 Control of Major Accident Replaced the CIMAH Regulations and introduced a greater
Hazards (COMAH) degree of uniformity with the offshore SCR. The regulations
Regulations adopted in brought a number of smaller sites under the legislation and
UK for onshore facilities introduced a number of new features, including the MAPP and
(petrochemical) SMS requirements. Also brought an increased emphasis on
demonstration rather than description.
2000 Enactment of Railways New regulations directly reflect the analysis and
(Safety Case) Regulations recommendations of the inquiries into Southall and Ladbroke
2000 and 2001 amendments, Grove.
revising the Safety Case
regime (railways)
–– Health informatics. Within healthcare, there are There were also some examples where the safety
also an increasing number of health informatics case concept has been applied to the wider health
products that are not strictly speaking medical informatics field; Connecting for Health is leading
devices, but which may still present risks to in this domain. Unfortunately, despite encouraging
the patient. In the UK, Connecting for Health findings, there appears to be little awareness
has issued guidance about the development of of these developments within the wider health
clinical safety cases to manufacturers of health informatics or patient safety community.
informatics systems and organisations that use Apart from a position paper, there is no evidence
these products.17,18 This was in response to the that safety cases have been applied to the wider
perception that the National Programme for IT health system where the focus has not been on the
was not addressing safety in a structured and introduction of technology.
proactive manner. Connecting for Health reports
positive experiences with the safety case approach, The reviews carried out as part of this work
programme suggest that the main drivers for
but points out that education and support are
developments currently are the standardisation
vital and that there are still problems with the
efforts of organisations such as the FDA. This appears
uptake by manufacturers.19 A similar approach
to be an important factor in securing the attention of
is followed in the recent standard IEC 80001-1,
the industry. The literature reviews further suggest
which deals with networks of medical devices.20 that healthcare organisations need to take greater
–– Health systems. Finally, as the discipline of patient responsibility for actively compiling evidence that the
safety matures and organisations are gaining complex systems they operate to provide patient care
experiences and expertise in the application of are, in fact, safe. This, however, will only be possible
systematic methods for identifying and managing when adequate resources and training opportunities
risks to patient safety, the use of safety cases or are provided to these organisations to enable them to
structured safety arguments may be a useful way of build up the required capability. As can be seen with
documenting and guiding an organisation’s safety the FDA and its efforts, training needs for regulators
efforts. Only one position paper was identified and manufacturers must also be met in the form of
in this category.21 This is not surprising, since the expert input, technical guidance documentation and
appropriate tool support.
safety case concept has been developed within
the engineering communities and is traditionally
applied to hardware and software products first. Summary box 3: Current safety case use in
As the safety case concept takes hold in the healthcare
domains of medical devices and health informatics
Medical devices – The FDA is recommending
applications, we may expect to see more work in
the adoption of assurance cases as part of the pre-
this category of general health systems in the future. market notification submission for infusion pumps.
Health informatics – Connecting for Health has
Discussion issued guidance on the preparation of a clinical
The systematic literature review demonstrated safety case for health informatics products.
that research on, and application of, safety cases to
Education – Education and training need to be
healthcare is scarce. The majority of papers identified
provided to the organisations producing safety
described different aspects relating to safety assurance
cases as well as the bodies reviewing them.
of medical devices. Within the standardisation
community there is currently a lively debate around
USING SAFETY CASES IN INDUSTRY AND HEALTHCARE 15
Chapter 5:
Application scenario and
research directions
Before proceeding to the safety argument and the Figure 2 illustrates the top-level claim and the main
evidence, the scope of the clinical safety case needs to argument we envisage would support it.
be defined. We therefore need to identify and record:
Safety promotion
Human factors integration
Safety promotion refers to the continuous promotion
The role of human factors in healthcare is of great
of safety as a core value in the organisation.
importance. The delivery of care relies to a large
Typical activities include the dissemination extent on personal skills, professionalism and
of lessons learned and the active involvement teamwork. The importance of human factors will
of operators and staff in a proactive learning increase as care pathways and systems become
process, to foster the bottom-up identification and more complex and involve an increasing number
management of safety issues (safety improvement). of professions and disciplines working together
seamlessly. It is, therefore, important that human
Emergency response factors are addressed systematically through
Being able to provide adequate response to a structured process that allows identification
emergencies is an integral part of the SMS. The risk and management of issues related to human
to be mitigated is not what led to the emergency, performance on an ongoing basis.
but rather the risk associated with handling the Human factors can be integrated into SMS activities
emergency itself. The purpose of emergency if the analysis of human issues is structured in a
response plans (in aviation) is to ensure: disciplined process for (i) gathering information
–– orderly and efficient transition from normal to on the human component, (ii) identifying and
emergency operations prioritising relevant human factors issues, (iii)
developing and implementing appropriate actions
–– delegation of emergency authority and (iv) monitoring the effectiveness of any actions
–– assignment of emergency responsibilities taken.
–– authorisation by key personnel for actions Relevant human factors issues include:
contained within the plan
–– working environment
–– coordination of efforts to cope with the emergency
–– organisation and staffing
–– safe continuation of operations or return to
–– procedures, roles, responsibilities
normal operations as soon as possible.
–– training
–– teamwork and communication
–– interaction with equipment.
Recommendations: Safety
management systems
Five main recommendations can be made to
healthcare professionals.
–– Structure existing safety activities (and use of
techniques) into a clear safety strategy and SMS.
The best safety results are achieved by deploying a
comprehensive and consistent safety strategy, not
by the application of just one or more techniques.
The SMS should collate all the existing activities,
make interfaces and links between them clear,
and highlight gaps or missing actions.
–– Use safety cases to ensure systematic collection,
integration and documentation of the evidence
produced by all the SMS activities.
–– Safety management is a process. Structuring an
SMS ensures that a consistent strategy stays in
place in the long term, but safety activities should
provide a different focus and should be combined
(or rotated) in the short to medium term. This
ensures an effective use of resources and that no
single safety activity drains all the resources.
–– Integrate human factors considerations from the
very beginning. The human contribution is crucial
for healthcare so it cannot be left as a residual part,
even though it may appear hard to manage.
–– Use the SMS to clarify the internal and external
interfaces – to ensure that safety people get
the required input and provide the required
output. This provides protection against
undue interference and keeps the required
communication channels open – for example, for
staff feedback or input from the regulator.
In practical terms, the first things to be done are
to (i) clearly define the safety policy, (ii) organise
all the safety achievement activities, (iii) ensure
the production of a clear documentation (safety
case reports), and (iv) put in place safety assurance
activities (the oversight function).
From the existing experience of safety case requiring developers and operators to demonstrate
practice in the reviewed domains, it is clear that their systematic thought processes, and their
the use of safety cases in healthcare carries both systematic justification, is so important in striving
potential benefits and risks and challenges. These for a comprehensive and holistic account of safety.
are explored below, followed by a discussion about
issues deserving further investigation. Integration of evidence sources
It is commonplace in existing practice that a
Potential benefits diversity of evidence sources and types are required
to demonstrate system safety – such as trials,
Systematic, holistic thinking human factors analysis, testing and operational
Safety cases were explicitly introduced in a experience. However, this diversity and amount
number of domains to encourage systematic and of evidence can create difficulties. It can be
holistic thinking about safety issues. Prior to the difficult to judge completeness. Is the evidence
introduction of safety cases, many domains relied set comprehensive? Does it cover all the issues?
upon prescriptive safety regimes whereby regulators It can also be difficult to understand the distinct
(through safety standards) dictated the specific role and purpose served by each form of evidence.
measures to be adopted to ensure system safety. Safety cases help in this regard, by presenting the
argument that explains how the overall safety
Safety cases provide a contrast to this approach. objectives can be seen to be addressed through the
Firstly, this is through shifting responsibility for the assembled items of evidence.
justification and demonstration of safety clearly to
the primary developers and operators of systems.
Secondly, safety cases are often introduced hand- Aiding communication
in-hand with a ‘goal-setting’ approach whereby among stakeholders
high-level objectives are provided by regulators, In existing safety case practice, at a minimum
but developers and operators are given freedom safety cases are developed by one organisation to
in establishing suitable arguments and evidence to be reviewed by another (a regulator). They enable
demonstrate the achievement of those objectives. the explicit documentation and communication
of the beliefs and evidence as to why a system
Regulators will always struggle to be complete in is acceptably safe. For most safety-critical and
prescribing regulations and requirements that are safety-related systems there are many stakeholders
intended to apply to a large number and variety – for example, designers, operators, maintainers,
of applications. Regulators inevitably struggle in managers, evidence providers and the public. Safety
writing regulations that engage in the specifics of cases can act as a focus of discussion between these
the day-to-day operation of every system to which stakeholders. Each can provide input relating to
the regulation applies. This is why the shift towards
26 THE HEALTH FOUNDATION
their understanding and concerns. Each can query Being produced by the wrong people
the resulting safety case to see how their issues have It is important that safety case development
been addressed. involves all the relevant stakeholders with an
understanding of, and involvement in, what
Making the implicit, explicit actually makes systems safe (or unsafe). It cannot
The act of establishing and documenting a simply be produced by safety consultants or
safety case can help expose existing implicit professional authors – even though they may be
assumptions and risk acceptance judgements. experienced in establishing apparently credible
Having documented a case, it becomes easier to cases.
review the arguments, question the evidence and
challenge the adequacy of the approach presented. Issues requiring further
Aiding safety management
consideration
The review of existing safety case practice, and
and governance the subsequent workshop, highlighted a number
Without an explicit safety case that attempts to of issues that require further consideration as
pull together all the threads of the safety argument part of any move to adopt safety cases within the
and ensure that appropriate evidence has been healthcare domain.
presented, there is a significantly greater risk of
safety issues ‘falling down the cracks’ that can exist
between existing safety assessments, metrics and
Understanding the motivation for the
arrangements representing the specific concerns of adoption of safety cases in healthcare
individual stakeholders or addressing single issues. Safety cases have typically been introduced
Without the ‘big picture’ of a safety case, it is also easy in domains where there has been a perceived
for wildly varying and disproportionate amounts of weakness in the current safety assurance
effort to be spent on risk management. Alongside arrangements or where there have been significant
these safety risks, there is also the efficiency risk of safety problems (such as a major accident or – in
duplication of effort in existing initiatives. the case of the FDA – a significant number of safety
recalls). In order to provide a compelling case
to those who may be involved in the production
Potential risks and challenges of a safety case, it is necessary to gain a clear
understanding of where current practice falls short.
Becoming a paper exercise
Safety cases must not become just another ‘filed
return’. The production of a safety case is an
Identifying the owners of the
opportunity for gaining greater understanding of safety case ‘requirement’
the current picture of safety, and for potentially In many of the existing domains, it can be seen
making safety improvements. However, to do this, that the development, review and acceptance
it is important to ensure that appropriate time and of safety cases is mandated through regulators,
effort is allowed for the development and review of regulations and standards. For example, safety
safety cases. It is particularly important that a safety cases are required as part of the licensing regime
case review is thorough and systematic. for petrochemical plants. While it is not unheard
of for safety cases to have been developed by
Being removed from everyday practice organisations without a regulatory requirement
to do so, it is more common for them to become
Safety cases are supposed to address the realities of established practice through strong regulation and
everyday system operation. It is important that they clear safety standards. It is, therefore, necessary to
do not become a desk exercise that relates only dimly consider both the authorities and mechanisms (for
to actual practice. The primary concern of a safety example, standards, licences, contracts) that could
case should lie in demonstrating safety, rather than potentially be involved in instituting a requirement
being an exercise in attempting to shift liability or in for safety cases within the healthcare domain.
merely demonstrating compliance with ‘due practice’.
This project reviewed current safety and regulatory successful adoption, such as a lack of transparency,
practices in six safety-critical industries. A lack of feedback and lack of ownership felt by
distinguishing feature of all the industries reviewed frontline staff. We believe that the adoption
is the implementation of highly-structured of safety cases can foster multidisciplinary
approaches to safety management to ensure that communication around patient safety issues and
organisations are proactively identifying, assessing, enhance clinical engagement. This claim needs
mitigating and monitoring risk. The safety case to be validated through appropriate pilot and
regime is a means of establishing a formal structure demonstration studies.
for these activities and ensuring that a disciplined
and standardised approach to managing risk is Safety cases are a way of providing structure to
adopted. In healthcare, safety cases could be a safety activities and integrating different types of
useful tool to promote structured thinking about evidence to provide safety assurance. However, this
risk among clinicians, foster multidisciplinary can only succeed when relevant stakeholders, such
communication about safety and enhance clinical as clinicians, managers and regulators, possess a
engagement in the regulatory process. sufficient understanding of systematic and proactive
approaches to safety management. With the Safer
The UK is one of the leading countries in terms Clinical Systems programme, the Health Foundation
of technical expertise and practical experiences is already leading the way in involving healthcare
in the development and use of safety cases in organisations in the development and adoption of
safety-critical industries. There is an opportunity structured, system-based patient safety approaches.
to provide thought leadership in patient safety
through the transfer and appropriate adaptation of Collaboration and communication among the
such practices in a healthcare context. Connecting different stakeholders in patient safety is another
for Health has already set an example with the important driver behind innovative approaches
production of guidance for the development and solutions. The workshop held as part of this
of clinical safety cases as part of the National project brought together academics and experts
Programme for IT. In the USA, the Food and in industrial safety with clinicians, patient safety
Drug Administration (FDA) is also promoting the managers and regulators. The dialogue that resulted
adoption of safety cases for certain types of medical brought new insights and helped to identify
devices. enablers and barriers to the useful adoption of
safety cases in healthcare. This dialogue should
With all safety activities, the involvement and continue in order to ensure that proposed solutions
engagement of clinicians and frontline staff is an remain practicable and clinically relevant.
essential prerequisite, but often difficult to achieve
in practice. For example, incident reporting – an
important mechanism for organisational learning
– has met with well-documented barriers to its
USING SAFETY CASES IN INDUSTRY AND HEALTHCARE 31
References
1 Ministry of Defence. Defence Standard 00-56: Safety 14 Haddon-Cave C. The Nimrod Review: An independent review into
Management Requirements for Defence Systems. Defence the broader issues surrounding the loss of the RAF Nimrod MR2
Standard; Issue 4: June 2007. aircraft XV230 in Afghanistan in 2006. The Stationery Office,
ISBN 9780102962659.
2 The Honourable Lord Cullen. The Public Inquiry into the Piper
Alpha Disaster. London: HM Stationery Office; 1990. 15 Food and Drug Administration. Guidance for Industry and
FDA Staff – Total Product Life Cycle: Infusion Pump – Premarket
3 Kelly T. A Systematic Approach to Safety Case Management. SAE Notification [510(K)] submissions. www.fda.gov/MedicalDevices/
International; 2003. DeviceRegulationandGuidance/GuidanceDocuments/
ucm206153.htm#6
4 Maguire R. Safety Cases and Safety Reports. Ashgate; 2006.
16 ISO 14971 Application of Risk Management to Medical Devices.
5 EUROCONTROL. Safety Case Development Manual (V2.1). 2007.
2006.
17 ISB 0160 Health Informatics – Application of clinical risk
6 The Offshore Installations (Safety Case) Regulations 2005 No.3117. management to the manufacture of health software. DSCN
www.legislation.gov.uk/uksi/2005/3117/contents/made (accessed 14/2009.
February 2011).
18 ISB 0129 Health Informatics – Guidance on the management of
7 The Control of Major Accident Hazards (Amendment) Regulations clinical risk relating to the deployment and use of health software.
2005 No.1088. www.legislation.gov.uk/uksi/2005/1088/contents/ DSCN 18/2009.
made (accessed February 2011).
19 Baker M and Harrison S. Lessons from NHS Connecting for
8 Health and Safety Executive. Safety Assessment Principles for Health. 2011. Presentation available at: www2.warwick.ac.uk/fac/
Nuclear Facilities. HSE; 2006. www.hse.gov.uk/nuclear/SAPs/ med/staff/sujan/research/safety_case_review/wp3_workshop/
SAPs2006.pdf baker_harrison_scr.pdf
9 The Railways and Other Guided Transport Systems (Safety) 20 IEC 80001-1 Application of Risk Management for IT Networks
Regulations 2006. UK Statutory Instrument 2006 No.599. Incorporating Medical Devices – Part 1: Roles, responsibilities and
activities. 2010.
10 EC Directive 91/440/EEC. On the development of the community’s
railways. 29 July 1991. 21 Sujan MA, Harrison MD, Steven A, Pearson PH, Vernon SJ.
Demonstration of safety in healthcare organisations. In Gorski J
11 Health and Safety Executive. COMAH Safety Report Assessment (ed) Computer Safety, Reliability, and Security. Safecomp 2006.
Manual (V2). HSE; 2006. www.hse.gov.uk/comah/sram/ LNCS 4166;219-232, Springer Verlag.
(accessed February 2011).
22 Programme and presentations available at: www2.warwick.
12 Ministry of Defence. Joint Service Publication JSP 430: MoD Ship ac.uk/fac/med/staff/sujan/research/safety_case_review/wp3_
Safety Management. Ministry of Defence; Issue 1: January 1996. workshop/
13 International Organization for Standardization. ISO 26262: Road
Vehicles – Functional Safety. BL 9 2007-07-20, 2007.