BACKGROUND: In healthcare, a range of methods are used to improve patient safety through risk identification within the scope of risk management. However, there is no evidence determining what trust-level guidance exists to support risk identification in healthcare organisations. This study therefore aimed to determine such methods through the content analysis of trust-level risk management documents. METHOD: Through Freedom of Information Act, risk management documents were requested from each acute, mental health and ambulance trust in the East of England region of NHS for content analysis. Received documents were also compared with guidance from other safety-critical industries to capture differences between the documents from those industries, and learning points to the healthcare field. RESULTS: A total of forty-eight documents were received from twenty-one trusts. Incident reporting was found as the main method for risk identification. The documents provided insufficient support for the use of prospective risk identification methods, such as Prospective Hazard Analysis (PHA) methods, while the guidance from other industries extensively promoted such methods. CONCLUSION: The documents provided significant insight into prescribed risk identification practice in the chosen region. Based on the content analysis and guidance from other safety-critical industries, a number of recommendations were made; such as introducing the use of PHA methods in the creation and revision of risk management documents, and providing individual guidance on risk identification to promote patient safety further.

In healthcare, various methods are available to support risk identification in risk management process. However, there is no clear evidence on their contribution to risk identification. In this study, different methods used to support risk identification were therefore analysed to compare their contribution to overall risk identification. The study was conducted at Cambridge University Hospitals Foundation Trust, UK. Three main methods were selected to compare their support in risk identification: incident reports through their Risk Management Information System, risk registers through their Risk Registers system, and safety walkabouts through their internal patient safety assessment process. Where possible, simple comparison tests were run between the different methods of identifying risks as well as by the type of risks identified. It was found that each method has contributed to the risk identification by adding different sets of risk sources despite some overlaps. However, they produced discrete assessments from different aspects and none of them, on its own, could produce adequate results for effective risk identification. In any healthcare setting, having a system to put all risk information in one picture would help maximise the contribution of each method within the scope risk management process. Future studies may benefit from broader use of multiple and system-based risk identification approaches, and coding methods for more powerful analytical test.

Risk assessment, by itself, does nothing to reduce risk or improve safety. It can only change outcomes by informing the design and management of effective risk control interventions. But current practice in healthcare risk management suffers from an almost complete lack of support for risk control. This first installment of a 2-part series on rebalancing risk management describes a new framework to guide risk control practice: The Process for Active Risk Control.

In recent years, the healthcare sector has adopted the use of operational risk assessment tools to help understand the systems issues that lead to patient safety incidents. But although these problem-focused tools have improved the ability of healthcare organizations to identify hazards, they have not translated into measurable improvements in patient safety. One possible reason for this is a lack of support for the solution-focused process of risk control. This article describes a content analysis of the risk management strategies, policies, and procedures at all acute (i.e., hospital), mental health, and ambulance trusts (health service organizations) in the East of England area of the British National Health Service. The primary goal was to determine what organizational-level guidance exists to support risk control practice. A secondary goal was to examine the risk evaluation guidance provided by these trusts. With regard to risk control, we found an almost complete lack of useful guidance to promote good practice. With regard to risk evaluation, the trusts relied exclusively on risk matrices. A number of weaknesses were found in the use of this tool, especially related to the guidance for scoring an event's likelihood. We make a number of recommendations to address these concerns. The guidance assessed provides insufficient support for risk control and risk evaluation. This may present a significant barrier to the success of risk management approaches in improving patient safety.

Root cause analysis is perhaps the most widely used tool in healthcare risk management, but does it actually lead to successful risk control? Are there categories of risk control that are more likely to be effective? And do healthcare risk managers have the tools they need to support the risk control process? This systematic review examines how the healthcare sector translates risk analysis to risk control action plans and examines how to do better. It suggests that the hierarchy of risk controls should inform risk control action planning and that new tools should be developed to improve the risk control process.

Most risk management activity in the healthcare sector is retrospective, based on learning from experience. This is feasible where the risks are routine, but emergency operations plans (EOP) guide the response to events that are both high risk and rare. Under these circumstances, it is important to get the response right the first time, but learning from experience is usually not an option. This case study presents the rationale for taking a proactive approach to improving healthcare organizations' EOP. It demonstrates how the Prospective Hazard Analysis (PHA) Toolkit can drive organizational learning and argues that this toolkit may lead to more efficient improvement than drills and exercises.

Although it is probably the best-known prospective hazard analysis (PHA) tool, failure mode and effects analysis (FMEA) is far from the only option available. This article introduces one of the alternatives: The structured what-if technique (SWIFT). SWIFT is a flexible, high-level risk identification technique that can be used on a stand-alone basis, or as part of a staged approach to make more efficient use of bottom-up methods like FMEA. In this article we describe the method, assess the evidence related to its use in healthcare with the use of a systematic literature review, and suggest ways in which it could be better adapted for use in the healthcare industry. Based on the limited evidence available, it appears that healthcare workers find it easy to learn, easy to use, and credible. Especially when used as part of a staged approach, SWIFT appears capable of playing a useful role as component of the PHA armamentarium.

In this article we call for a new approach to patient safety improvement, one based on the emerging field of evidence-based healthcare risk management (EBHRM). We explore EBHRM in the broader context of the evidence-based healthcare movement, assess the benefits and challenges that might arise in adopting an evidence-based approach, and make recommendations for meeting those challenges and realizing the benefits of a more scientific approach.