Levels of Problems in Culture

When thinking about root cause analysis it is useful to think of whether the problem is stemming from a cultural level or when it may be coming from an operational. We can think of these problems as hazards stemming from three areas:

  • Culture/philosophy is the over-arching view of how the organization conducts business from top-level decision-makers on through the corporate culture of an organization.
  • Policies are the broad specifications of the manner in which operations are performed. This includes the end-to-end processes.
  • Policies lead to the development of process and procedures, which are specifications for a task or series of tasks to accomplish a predetermined goal leading to a high degree of consistency and uniformity in performance.
Hazards unrecognized (risks not known or correctly appraised)Hazards forseen (risks anticipated but response not adequate)
Culture/Philosophy
Quality not source of corporate pride
Regulatory standards seen as maxima
Culture/Philosophy
Quality seen as source of corporate pride
Regulatory standards seen as minima
Policy
Internal monitoring schemes inadequate (e.g. employee concerns not communicated upwards)
Insufficient resources allocated to quality
Managers insufficiently trained or equipped
Reliance on other organization’s criteria (e.g. equipment manufacturer)
Policy
Known deficiencies (e.g. equipment, maintenance) not addressed
Defenses not adequately monitored
Defenses compromised by other policies (e.g. adversarial employee relations, incentive systems, performance monitoring)
Procedures
No written procedures
Procedures
Documentation inadequate
Inadequate, or Loop-hole in, controls
Procedures conflict with one another or with organizational policy

This approach on problems avoids a focus on the individuals involved and avoids a blame culture, which will optimize learning culture. Blaming the individuals risks creating an unsafe culture and creates difficulties for speaking up which should be an espoused quality value. Focus on deficiencies in the system to truly address the problem.

What prevents us from improving systems?

Improvement is a process and sometimes it can feel like it is a one-step-forward-two-steps-back sort of shuffle. And just like any dance, knowing the steps to avoid can be critical. Here are some important ones to consider. In many ways they can be considered an onion, we systematically can address a problem layer and then work our way to the next.

Human-error-as-cause

The vague, ambiguous and poorly defined bucket concept called human error is just a mess. Human error is never the root cause; it is a category, an output that needs to be understood. Why did the human error occur? Was it because the technology was difficult to use or that the procedure was confusing? Those answers are things that are “actionable”—you can address them with a corrective action.

The only action you can take when you say “human error” is to get rid of the people. As an explanation the concept it widely misused and abused. 

Human performance instead of human error
AttributePerson ApproachSystem Approach
FocusErrors and violationsHumans are fallible; errors are to be expected
Presumed CauseForgetfulness, inattention, carelessness, negligence“Upstream” failures, error traps; organizational failures that contribute to these
Countermeasure to applyFear, more/longer procedures, retraining, disciplinary measures, shamingEstablish system defenses and barriers
Options to avoid human error

Human error has been a focus for a long time, and many companies have been building programmatic approaches to avoiding this pitfall. But we still have others to grapple with.

Causal Chains

We like to build our domino cascades that imply a linear ordering of cause-and-effect – look no further than the ubiquitous presence of the 5-Whys. Causal chains force people to think of complex systems by reducing them when we often need to grapple with systems for their tendency towards non-linearity, temporariness of influence, and emergence.

This is where taking risk into consideration and having robust problem-solving with adaptive techniques is critical. Approach everything like a simple problem and nothing will ever get fixed. Similarly, if every problem is considered to need a full-on approach you are paralyzed. As we mature we need to have the mindset of types of problems and the ability to easily differentiate and move between them.

Root cause(s)

We remove human error, stop overly relying on causal chains – the next layer of the onion is to take a hard look at the concept of a root cause. The idea of a root cause “that, if removed, prevents recurrence” is pretty nonsensical. Novice practitioners of root cause analysis usually go right to the problem when they ask “How do I know I reached the root cause.” To which the oft-used stopping point “that management can control” is quite frankly fairly absurd.  The concept encourages the idea of a single root cause, ignoring multiple, jointly necessary, contributory causes let alone causal loops, emergent, synergistic or holistic effects. The idea of a root cause is just an efficiency-thoroughness trade-off, and we are better off understanding that and applying risk thinking to deciding between efficiency and resource constraints.

In conclusion

Our problem solving needs to strive to drive out monolithic explanations, which act as proxies for real understanding, in the form of big ideas wrapped in simple labels. The labels are ill-defined and come in and out of fashion – poor/lack of quality culture, lack of process, human error – that tend to give some reassurance and allow the problem to be passed on and ‘managed’, for instance via training or “transformations”. And yes, maybe there is some irony in that I tend to think of the problems of problem solving in light of these ways of problem solving.

Human Performance and Data Integrity

Gilbert’s Behavior Engineering Model (BEM) presents a concise way to consider both the environmental and the individual influences on a person’s behavior. The model suggests that a person’s environment supports impact to one’s behavior through information, instrumentation, and motivation. Examples include feedback, tools, and financial incentives (respectively), to name a few. The model also suggests that an individual’s behavior is influenced by their knowledge, capacity, and motives. Examples include training/education, physical or emotional limitations, and what drives them (respectively), to name a few. Let’s look at some further examples to better understand the variability of individual behavioral influences to see how they may negatively impact data integrity.

Kip Wolf “People: The Most Persistent Risk To Data Integrity

Good article in Pharmaceutical Online last week. It cannot be stated enough, and it is good that folks like Kip keep saying it — to understand data integrity we need to understand behavior — what people do and say — and realize it is a means to an end. It is very easy to focus on the behaviors which are observable acts that can be seen and heard by management and auditors and other stakeholders but what is more critical is to design systems to drive the behaviors we want. To recognize that behavior and its causes are extremely valuable as the signal for improvement efforts to anticipate, prevent, catch, or recover from errors.

By realizing that error-provoking aspects of design, procedures, processes, and human nature exist throughout our organizations. And people cannot perform better than the organization supporting them.

Design Consideration

Human Error Considerations

Manage Controls

Define the Scope of Work

·       Identify the critical steps

·       Consider the possible errors associated with each critical step and the likely consequences.

·       Ponder the "worst that could happen."

·       Consider the appropriate human performance tool(s) to use.

·       Identify other controls, contingencies, and relevant operating experience.

When tasks are identified and prioritized, and resources

are properly allocated (e.g., supervision, tools, equipment, work control, engineering support, training), human performance can flourish.

 

These organizational factors create a unique array of job-site conditions – a good work environment – that sets people up for success. Human error increases when expectations are not set, tasks are not clearly identified, and resources are not available to carry out the job.

The error precursors – conditions that provoke error – are reduced. This includes things such as:

·       Unexpected conditions

·       Workarounds

·       Departures from the routine

·       Unclear standards

·       Need to interpret requirements

 

Properly managing controls is

dependent on the elimination of error precursors that challenge the integrity of controls and allow human error to become consequential.

Apply proactive Risk Management

When risk is properly analyzed we can take appropriate action to mitigate the risks. Include the criteria in risk assessments:

·       Adverse environmental conditions (e.g. impact of gowning, noise, temperature, etc)

·       Unclear roles/responsibilities

·       Time pressures

·       High workload

·       Confusing displays or controls

Addressing risk through engineering and administrative controls are a cornerstone of a quality system.

 

Strong administrative and cultural controls can withstand human error. Controls are weakened when conditions are present that provoke error.

 

Eliminating error precursors

in the workplace reduces

the incidences of active errors.

Perform Work

 

Utilizing error reduction tools as part of all work. Examples include:

·       Self-checking

o   Questioning attitude

o   Stop when unsure

o   Effective communication

o   Procedure use and adherence

o   Peer-checking

o   Second-person verifications

o   Turnovers

 

Engineering Controls can often take the place of some of these, for example second-person verifications can be replaced by automation.

Appropriate process and tools in place to ensure that the organizational processes and values are in place to adequately support performance.

Because people err and make mistakes, it is all the more important that controls are implemented and properly maintained.

Feedback and Improvement

 

Continuous improvement is critical. Topics should include:

·       Surprises or unexpected outcomes.

·       Usability and quality of work documents

·       Knowledge and skill shortcomings

·       Minor errors during the activity

·       Unanticipated workplace conditions

·       Adequacy of tools and Resources

·       Quality of work planning/scheduling

·       Adequacy of supervision

Errors during work are inevitable. If we strive to understand and address even inconsequential acts we can strengthen controls and make future performance better.

Vulnerabilities with controls can be found and corrected when management decides it is important enough to devote resources to the effort

 

The fundamental aim of oversight is to improve resilience to significant events triggered by active errors in the workplace—that is, to minimize the severity of events.

 

Oversight controls provide opportunities to see what is happening, to identify specific vulnerabilities or performance gaps, to take action to address those vulnerabilities and performance gaps, and to verify that they have been resolved.

 

Falsification and error

At the heart, data integrity is a lot about culture. There are technical requirements, but mostly we are returning to the same principles as quality culture and just keep coming back to Deming. A great example of this is the use of the fraud triangle and human error.

The fraud triangle was developed by Donald Cressey in the 1950s when investigating financial fraud and embezzlement. The principles Cressey identified are directly relevant to data integrity, and to quality culture as a whole.

Falsification Triangle
Element Exists When To Break
Incentive or Pressure Why commit falsification of data? Managerial pressure or financial gains are the two main drivers here to push people to commit fraud. Setting unrealistic objectives such as stretch goals, turnaround time or key performance indicators that are totally divorced from reality especially when these are linked to pay or advancement will only encourage staff to falsify data to receive rewards. These goals coupled with poor analytical instruments and methods will only ensure that corners will be cut to meet deadlines or targets. Management must lead by example – not through communication or establishing data governance structures but by ensuring the pressure to falsify data is removed. This means setting realistic expectations that are compatible with the organization’s capacity and process capability.
Rationalization or Incentive To commit fraud people must either have an incentive or can rationalize that this is an acceptable practice within an organization or department. Staff need to understand how their actions can impact the health of the patient. Ensure individuals know the importance of reliable and accurate data to the wellbeing of the patient as well as the business health of the company.
Opportunity The opportunity to falsify data can be due to encouragement by management as a means of keeping cost down or a combination of lax controls or poor oversight of activities that contribute to staff being able to commit fraud. Implement a process that is technically controlled so there is little, if any, opportunity to commit falsification of data.

Mistakes are human nature – we all have fat finger moments. This is why we build our processes and technologies to ensure we capture these errors and self-correct them. These errors should be tracked and trended, but only as a way to drive continuous improvement. It is important to have the capability in your quality systems to be able to evaluate mistakes up-to-and including fraud.

It helps to be able to classify issues and determine if there are changes to governance, management systems and behaviors necessary.

Events should be classified based on how intentional they are

Human error should be built into investigative systems. Yes, whenever possible we are looking for technical controls, but the human exists and needs to be fully taken into consideration.

The best way to ensure data integrity is the best way to build a quality culture.

System Model