A continuación aparece una instantánea de la página web tal y como aparecía en 21/04/2024 (la última vez que nuestro rastreador la visitó). Esta es la versión de la página que se usó para la clasificación de los resultados de búsqueda. Puede que la página haya cambiado desde la última vez que la guardamos en caché. Para ver lo que puede haber cambiado (sin la información destacada), ve a la página actual.
Bing no se hace responsable del contenido de esta página.
Application of Systemic Accident Analysis (SAA) Approaches in Telemedicine/Telehealth | IntechOpen
Open Access is an initiative that aims to make scientific research freely available to all. To date our community has made over 100 million downloads. It’s based on principles of collaboration, unobstructed discovery, and, most importantly, scientific progression. As PhD students, we found it difficult to access the research we needed, so we decided to create a new Open Access publisher that levels the playing field for scientists across the world. How? By making research easy to access, and puts the academic needs of the researchers before the business interests of publishers.
We are a community of more than 103,000 authors and editors from 3,291 institutions spanning 160 countries, including Nobel Prize winners and some of the world’s most-cited researchers. Publishing on IntechOpen allows authors to earn citations and find new collaborators, meaning more people see your work not only from your own field of study, but from other related fields too.
To purchase hard copies of this book, please contact the representative in India:
CBS Publishers & Distributors Pvt. Ltd.
www.cbspd.com
|
customercare@cbspd.com
This chapter discusses the importance of applying methods based on the systems thinking paradigm in analysing accidents that may occur in a complex healthcare system involving telemedicine/telehealth. Different accident analysis approaches (models and methods) have been utilised to analyse incidents/accidents in different safety-critical domains, including healthcare, to identify weaknesses and to be able to propose safety recommendations. With the advent of systemic accident analysis (SAA) approaches based on the systems thinking paradigm, can they be feasibly and practically applied to incidents resulting from unintended issues relating to telemedicine/telehealth? This chapter discusses three popular SAA approaches, benefits and limitations, including their necessity for improving safety and even security relating to telemedicine processes.
*Address all correspondence to: oseigene@hotmail.com
1. Introduction
Telemedicine/telehealth are terms often used interchangeably to describe the use of digital technologies to provide healthcare services remotely [1]. It comprises a diverse collection of technologies (e.g., telephone, video, software, apps, instant messaging, email, online forms) and clinical applications (e.g., providing routine consultations remotely; monitoring patients at home; remote consultations, remote monitoring of symptoms, robotic surgery with a surgeon in another location). Most operational telemedicine processes/services that focus on diagnosis and clinical management remotely are carried out in industrialised countries (e.g., USA, Canada, United Kingdom, and Australia). Telemedicine has provided benefits for both patients and healthcare professionals. For patients, this includes better access to healthcare, including primary care (communication with GP and home monitoring) and secondary care (emergency specialist support, intra & inter-hospital access, shared case for diagnosis and treatment) [2], especially if they live rurally, and may be unable to attend to ill health or other commitments (e.g., work, caring). For healthcare professionals, telemedicine allows them to connect with other clinical specialists/colleagues to assist with consultations regarding a patient. Telemedicine is also expected and helps to improve the quality of care, equity of healthcare access and delivery efficiency in this regard [3]. The two main reasons telemedicine is utilised is because there is no alternative to this process, and it is considered better than conventional healthcare services [3].
Heinzeleman, Lugan and Kvedar noted in their paper that the future of telemedicine depended on three major aspects, including human factors, economic factors and technology [4]. Human factors comprise behaviours relating to how technology influences existing policies, culture, knowledge, and attitudes which can fundamentally affect changes at different levels in a complex socio-technical system like healthcare [4]. These levels consist of individual, organisational and societal levels. Individuals include patients who appreciate and expect high-quality, technology-enabled healthcare and healthcare providers (where their perceptions and behaviours are considered very important). At the organisational level, there is a focus on providing continuous care rather than episodic care and using less skilled and less costly providers as part of a multidisciplinary healthcare delivery approach. More critically, organisations support technology-enabled health care reflected in practices and policies regarding the future use of Information and Communications Technology (ICT). At the societal level, the acceptance of a patient-centred and technology-enabled healthcare delivery method is promoted. This promotion involves adapting new interventions (telemedicine) to create environments that reduce defensive medicine [4]. Although the concept of telemedicine is not a recent invention, the global COVID-19 pandemic was a catalyst for the widespread adoption of telemedicine in all areas of healthcare.
While considerable strides have been made regarding telemedicine and its impact on patient and community care, there is a need to proactively (and in some cases retrospectively) ensure patient and system safety, including the security of patient medical data and technologies. As earlier noted, despite the telemedicine processes being implemented quickly considering COVID-19, there is a need to consider if technologies are being utilised safely (e.g., This is very critical, especially when healthcare practitioners handle computing technologies, and while they help provide efficient healthcare, there is always a possibility of either human or software errors to occur. There have not been any studies exploring the application of systemic accident analysis approaches to telemedicine. This chapter explores this gap in addressing the importance of incorporating systems thinking and associated approaches to telemedicine in analysing potential incidents/accidents that may occur using systemic accident analysis (SAA) approaches. The proceeding sections will focus on elaborating three of the most popular SAA approaches applied across different safety-critical industries, including healthcare. Their applications, benefits and limitations will also be discussed.
Safety is considered one of the emergent properties of a complex socio-technical system, including the healthcare system [5]. This property is also considered to be very important because of the importance of ensuring the system safety and well-being of patients, professionals, and assets of a health organisation. Different analytical tools have been used to analyse risks and potential hazards that might occur, forming the process of incident/accident analysis [6]. These tools include the popular Root Cause Analysis (RCA) techniques, including Cause and Effect fishbone diagrams, the 5-Whys technique, Change Analysis and Barrier Analysis [7, 8]. However, these linear-based tools have been considered inadequate and unsuitable for analysing complex socio-technical systems [7, 9]. This realisation brought about the development of different systemic accident analysis (SAA) approaches, each based on various safety perspectives, methodologies and theories of accident causation [10, 11]. Some of the most popular examples of this type of approach include AcciMap (Accident Mapping) [12, 13], STAMP/STPA (Systems Theoretic Accident Model and Process) [14, 15], and FRAM (Functional Resonance Accident Model) [16, 17]. These approaches are considered more suitable for analysing incidents that are typically non-linear and involve complex causal relationships stemming from activities at the front line to decisions taken both with and outside health organisations [9]. They have been extensively applied in analysing major incidents within healthcare and other safety-critical domains [7, 18, 19, 20, 21]. However, compared to other industries like Aviation, Railway, Nuclear, and Aerospace, the application of these approaches for incident investigation and analysis is still growing in the healthcare industry [7, 22]. These systemic approaches are further elaborated in the proceeding subsections.
2.1 AcciMap mapping (AcciMap)
Svedung and Rasmussen developed this approach as a graphical tool for creating a multi-causal diagram of events and decisions across different socio-technical levels, as shown in Figure 1 [13, 18, 23, 24, 25]. This approach is also based on Rasmussen’s theory of accident causation and can be applied either as a standalone method or as a part of a broader Risk Management Framework (RMF) [12, 23]. While there have been different variations of the AcciMap approach, Branford, in her thesis, developed a standardised AcciMap format with a set of guidelines for determining causal/contributing factors, causal relationships between them (linking causal connections within and between socio-technical levels) and formulating safety recommendations [23]. This systemic approach essentially provides the benefit of providing a graphical representation of actions/activities committed at the front end (where clinical practitioners and patients are involved with patients using computing and network technologies) and latent conditions within the health organisation that may have facilitated the events to occur at the front end [21, 26]. Appendix A shows an example application of the AcciMap approach on a medication dosing error relating to a Computerised Order Entry System (CPOE) [21, 27, 28]. The AcciMap approach is based on the safety-I perspective, which essentially involves analysing what went wrong and why it happened so that recommendations can be made to prevent future occurrences.
Figure 1.
The standardised AcciMap format [23].
2.2 Systems theoretic accident modelling process (STAMP)
STAMP is a systemic-based accident approach developed by Leveson (MIT). It is based on systems and control theory regarding safety constraints between various components and determining any disturbances that can potentially affect system safety [9, 15]. As shown in Figure 2, the STAMP model consists of a generic socio-technical system safety control structure and a high-level taxonomy of safety constraints for system hazards. An example of the application of the STAMP approach for modelling a high-level control structure relating to the medication dosing error [21, 27] is shown in Appendix B. The STAMP approach also consists of two aspects of analysis; System Theoretic Process Analysis (STPA), which is a STAMP-based hazard analysis used for defining accidents, control structure and system hazards and Causal Analysis using System Theory (CAST) [15, 29]. This model is also based on the traditional safety-I perspective. Table 1 describes the STAMP's control failure taxonomy of control flaws relating to how they lead to hazards in the system.
Figure 2.
Generic complex sociotechnical control structure (STAMP Model) [9].
1.
Inadequate Enforcements of Constraints (Control Actions)
1.1
Unidentified hazards
1.2
Inappropriate, ineffective, or missing control actions for identified hazards
1.2.1
Design of the control algorithm (process) does not enforce constraints
Flaws in the creation process
Process changes without an appropriate change in the control algorithm (asynchronous evolution)
Incorrect modification or adaptation
1.2.2
Process models inconsistent, incomplete or incorrect (lack of linkup)
Flaws in the creation process
Flaws in updating process (asynchronous evolution)
Time lags and measurement in accuracies not accounted for
1.2.3
Inadequate coordination among controllers and decision-makers
2.
Inadequate Execution of Control Action
2.1
Communication flaw
2.2
Inadequate actuator operation
2.3
Time lag
3.
Inadequate or Missing Feedback
3.1
Not provided in system design
3.2
Communication flow
3.3
Time lag
3.4
Inadequate sensor operation (incorrect or no information provided)
Table 1.
STAMP’s control failure taxonomy of control flaws leading to hazards [14, 15].
STAMP and AcciMap approaches are based on the traditional safety-I perspective, which considers “safety as the absence of failure or the state in which the fewest number of things go wrong” [30]. From this safety perspective, there is a shift in blaming the frontline level (actions/activities) to determining existing causal/contributing factors based on decisions at both organisational and external levels.
2.3 Functional resonance accident method (FRAM)
A systemic model was developed by Erik Hollnagel [31], and it’s based on “Safety II” perspective that “identifies and defines systems functions and variability determining how variability may interact within a system in a manner leading to adverse outcomes” [16]. The development of this model type was motivated by the authors’ dissatisfaction with existing approaches like Fault Tree Analysis (FTA) for addressing safety issues [32]. The FRAM model essentially relies on four principles, (a.) Equivalence of successes and failures where they both have the same origin (i.e., performance variability), (b.) Approximate adjustments where people and organisations continually adjust their performances to cope with daily operating challenges, (c.) Emergence, where identifying a sequence of events is considered impossible because many events are seen as emergent rather than a combination of conditions (i.e., latent), and (d.) Functional resonance representing signals coming from unintended interactions of variability (human, organisational and technical behaviours) of multiple signals [33]. A typical representation of the FRAM function is shown in Figure 3.
Figure 3.
The FRAM function and associated components [34].
Each FRAM function consists of six [6] components which are briefly highlighted below:
Time: Focuses on temporal aspects affecting how the function is accomplished.
Input: Triggers the function and can be utilised or transformed to output and linking to upstream functions.
Preconditions: Describes conditions of the system that must be carried out before the function is carried out.
Control: Focuses on supervision or regulation of a function, including guidelines, procedures, or other functions.
Resources (Execution Conditions): Resources, including software, manpower, energy etc., that are utilised or needed by the function.
Output: Consists of links to downstream functions, which essentially is the result of the function.
This systemic approach, unlike the last two mentioned (safety-I perspective), is based on the safety-II perspective, which focuses on “ensuring that as many things as possible go right” in considering both accidents and outcomes [35]. Based on this safety perspective, human beings are regarded as a resource necessary for system resilience and flexibility, especially when responding to varying conditions [35]. The safety-II view is also considered a proactive approach for anticipating events and allows clinicians’ ability to adapt to pressures to be understood. Incident investigations using this perspective (applying the FRAM model) focus on how processes go right and serve as a basis for determining what went wrong [35, 36].
These systemic accident approaches elaborated in the previous section show their analysis methodology and safety perspective on which they are built for accident analysis. While these SAA approaches are graphically oriented in modelling interactions and relationships within a system, AcciMap and STAMP (STPA and CAST) focus mainly on determining weaknesses or loss of control so that safety recommendations can be developed to prevent their reoccurrence (Safety-I). These approaches differ from the FRAM approach, focusing on ensuring that things go right (Safety-II). Their steps regarding how each approach is applied in analysing an incident are highlighted.
3.1 AcciMap analysis process
Regarding applying the AcciMap approach to any incidents to analyse severe outcomes or near-misses, a set of guidelines was formally developed based on Branford’s thesis [23, 24] after creating a standardised AcciMap format based on the original AcciMap structure. A graphic template is prepared, which consists of different AcciMap levels and includes the following processes:
Identifying the adverse outcome.
Determining causal/contributing factors that led to the outcome.
Placing contributing factors at the appropriate AcciMap level.
Inserting causal links depicting “cause and effect” between causal/contributing factors.
Filling any missing gaps in the causal chain where there is missing information.
Assessing the causal logic and making sense of any sequence of events.
Generating practical and feasible safety recommendations
3.2. STAMP analysis process
There are nine stages involved in applying STAMP, as identified by Leveson [19]. The first eight stages can be carried out, not necessarily in a strict order. When specifically using the Causal Analysis, which is based on STAMP, these stages are summarised as follows:
Identify systems and hazards associated with the loss.
Identify system safety constraints and requirements relating to the hazard detected.
Detail control structures to control the hazard and enforce safety constraints.
Determine proximal events that led to the loss.
Evaluate the loss at the physical system level.
Evaluate the control structure(s) at higher levels.
Assess the overall contributors (communication and coordination) to the loss.
Determine the changes and dynamics to the control structure and system over time.
Develop safety recommendations
3.3 FRAM analysis process
Applying the FRAM method allows positive and negative consequences from work adjustments rather than focusing on causes or contributing factors [37]. There are four processes involved in analysing and developing a FRAM model as follows:
Identifying and explaining critical system functions and characterising each one using the six aspects (see Figure 3).
Distinguish the functions’ potential and actual variabilities in multiple model implementations.
Determine possible functional resonance based on dependencies with other functions considering their potential/actual variability.
Generate safety recommendations that focus on monitoring and influencing the variability. This is achieved either by enhancing the variability leading to desired outcomes or attenuating the variability that can lead to undesired results.
Each of the SAA approaches addressed in this chapter has been grouped into nine [9] specific categories according to authors Karanikas and Roelen to distinguish them from one another based on their strengths and weaknesses [38]. Table 2 indicates the SAA approaches strengths (green) and limitations (orange). The subsections will further elaborate on the benefits, demerits and necessity of applying these systemic approaches.
Category
AcciMap
STAMP
FRAM
Graphical Representation
This approach shows causal relationships (links) vertically from the external to the Physical/actor level and can be described in a single diagram. Software tools like Microsoft Vision, Powerpoint and other graphical software can be used to create AcciMap diagrams.
Graphically depicts different system components and processes, including feedback loops between these components to determine any loss of control. A software-specific STAMP visualiser (STAMP workbench) and other graphical tools can be used to create STAMP models.
Graphically creates and analyses different functions and linkages between each function (output to the input of another function), and the accident scene can be represented with a single diagram. Hollnagel developed a FRAM visualiser for this purpose.
The findings are mostly text-based, with the graphical representation spread across multiple pages.
Timeline
A proximal sequence of events and influences exists.
Due to the lack of a single graphical representation, there is no clear timeline.
A proximal sequence of events and influences exists. A better timeline can be shown by including time resources and preconditions.
System structure
Rather than system components, this section describes events and actions.
Presents a visual representation of the system hierarchy.
Actions and system components are described.
There is little information available about the system’s structure and boundaries.
Safety constraints define the boundaries of systems.
System boundaries can still be ambiguous.
System component relationships
Only indicates component relationship outputs and how they minimise safety.
Full relationships between components are outlined to determine how dysfunctional interactions lead to decisions/unsafe actions.
Relationships between components are outlined to determine how dysfunctional interactions lead to unsafe system states.
System behaviour
Process details are not provided.
Describes what happened and why unsafe control actions occurred.
Process details are provided.
Safety objectives are only stated implicitly.
Clearly defines the system and component-level safety objectives at various stages of the analysis.
The objectives for safety are stated explicitly.
Validity
Aims to investigate the dynamic behaviour that exists within a system and how it contributes to accidents
Addresses how the complexity of a system influences the occurrence of accidents.
Clearly states how system variances can contribute to accidents.
Usability
The lack of guidance material makes learning the model a bit more challenging.
Associated guidance materials are substantial
Guidance materials can be very complicated to apply, depending on the analysed incident/accident report.
Guidance materials can be relatively challenging to apply, depending on the analysed incident/accident report.
Lack of jargon language in the analysis
Jargon language is extensively implemented in the analysis.
The system levels and columns are specified explicitly.
The system levels are only stated implicitly.
Feedback
No feedback channels
Feedback channels are outlined explicitly
Feedback channels are outlined implicitly.
Table 2.
Strengths and weaknesses of AcciMap, STAMP and FRAM [38].
4.1 Benefits of SAA approaches
Application and comparative studies across different safety-critical industries have highlighted the benefits of applying systemic accident approaches compared to the linear-based approaches in their ability to graphically highlights weaknesses in complex systems and how these systemic issues can create scenarios where actions/activities are committed that could potentially lead to patient harm. The health industry can only continually reap the benefits of using these approaches for incident analysis. Each approach will be further elaborated in specifically examining the benefits of SAA approaches already highlighted in Section 2. For the AcciMap method, its ability to graphically present causal relationships that exist between multiple causal/contributing factors will allow analysts to not only determine causal flows within different socio-technical levels but will also let systemic issues be traced back to the higher levels (organisational and external) and to determine any existing policies and processes that need to be reviewed. The AcciMap approach can be applied by a single analyst but has more benefits when used by a group of analysts (especially having different specialisations within healthcare). The latter process will help foster brainstorming when analysing incidents and producing the initial AcciMap output to the final result after several iterations. Hypotheses can also be drawn based on the AcciMap analysis, and counterfactual reasoning can also be applied when considering sufficient and necessary causes. The STAMP model allows analysts to portray feedback loops between different components within the system graphically. These feedback loops include communication between practitioners and patients (remote connections), as well as with higher bodies and determine any loss of control. Based on the outputs (Appendices A and B), applying both AcciMap and STAMP approaches was used to illustrate and determine systemic factors and any loss of control between system components using a conventional medical scenario. If these approaches were to be applied in a telemedicine scenario, the links between the patient and medical practitioners (communication) would have to be considered. These analyses will also include issues associated with computing technologies applied remotely for communication or administration. When using the AcciMap method, these aspects can be analysed at the physical/actor level to determine if there was any miscommunication between staff and patient, defects in technology used, and what conditions precipitated it. The STAMP model can also be applied in a telemedical scenario when feedback loops can be analysed to determine any loss of control when looking into issues regarding remote administration and communication (or lack of) between patients and staff. The FRAM model can also be applied in a telemedical situation. However, compared to conventional medicine, the difference is that aspects regarding how technology is “remotely” implemented in communicating and providing patient care will need to be analysed if there are any accidents, near-misses or loss of control. Other aspects can also include patient or medical staff misapplication and accessibility of technology.
4.2 Demerits of SAA approaches
It is also important that while there are benefits to applying systemic approaches, the demerits must also be highlighted. Major drawbacks of using systemic models for incident analysis as applied to telemedicine are resources required in terms of personnel, time, and knowledge needed to apply them effectively. Depending on the approach used, it can take considerable time and effort to understand the causation theory and methodology behind each approach and to apply them to analyse any major incident(s) in healthcare. Also, about this point, it is very important to take into consideration when it comes to each systemic approach’s validity, reliability and usability in producing results that will allow effective safety recommendations to be formulated (retrospectively) and that these safety measures can then be tracked and assessed to ensure that any weaknesses detected will not occur again. While each approach can be applied individually, as each analytical iteration can be reviewed, it is usually recommended that multiple users (team-based) apply the approach to the same incident. This step will allow brainstorming and discussions to produce the final outcome. Health organisations will also require training of staff associated with risk management and computing technology in applying different systemic approaches, which could also take a considerable amount of time. These points highlight why Root Cause Analysis (RCA) techniques are still being used because they do not require as much time in terms of training and application. Still, as stated earlier in this chapter, their underlying methodologies are not considered suitable for analysing complex systems. However, this limitation is somewhat circumvented when using software-based modelling tools based on some systemic approaches. For instance, there are a FRAM visualiser and STAMP Workbench applications for FRAM and STAMP/STPA analyses, respectively. Microsoft Visio application or other graphic tools can construct AcciMap outputs during analysis.
4.3 The Necessity of SAA approaches
Considering the benefits and demerits discussed in previous subsections, it stands to reason that health organisations will need to weigh these benefits versus the limitations of applying these approaches for incident analysis relating to telemedicine. Based on previous studies comparing systemic approaches with other linear-based and systemic-based models [7, 11, 21], there is a clear conclusion that applying the systems thinking paradigm is the way forward in analysing, understanding, and improving system safety relating to telemedicine. This point also encompasses processes that are involved when it comes to telemedicine as far as healthcare professionals and patients are concerned. It is very important to acknowledge the general limitations of these approaches mentioned and understand that there are tangible benefits depending on which systemic approach is implemented. While there have been studies investigating how the “research-practice gap” as coined by Underwood and Waterson [39], can be reduced in terms of applying these approaches in healthcare, there is still a need for providing awareness to clinical safety and risk managers. Aside from the need to improve system safety by ensuring that whatever safety recommendations or mitigating processes are set in place relating to telemedicine processes, there is also a need to protect patient medical data from hacking and other breaches. This issue of patient data being hacked relates to cyber security, especially when the connection is over an unencrypted or public network [40]. The STAMP model can also be applied to analyse this type of security-related incident by implementing an STPA analysis specifically for cyber security analysis called STPA-SafeSec (System-Theoretic Process Analysis for Safety and Security) [41, 42, 43]. The authors added that STPA could be applied to analyse system safety and security and systems regarding emerging properties. Security analysis using STPA-Sec serves as a means of ensuring the safety of patient medical data for telemedicine, according to Young and Leveson. They also indicated that safety and security must be addressed collectively [41, 42].
There is a need to consider the importance of incident analysis relating to telemedicine to improve practices/processes and ultimately improve safety and security relating to patients, medical data, health professionals and health organisations. Applying systems thinking by utilising systemic approaches will help to graphically model interactions in complex socio-technical systems and detect weaknesses by examining causal/contributing factors, causal relationships, and any communication and feedback loops within the system. However, applying these approaches requires considerable resources regarding awareness, training, and proper application of guidelines to realise their necessary benefits and improve the process of telemedicine.
1.Perednia DA, Allen A. Telemedicine technology and clinical applications. Journal of the American Medical Association. 1995;273(6):483-488
2.Hjelm NM. Benefits and drawbacks of telemedicine. Journal of Telemedicine and Telecare. 2005;11(2):60-70
3.Craig J, Petterson V. Introduction to the Practice of Telemedicine. 2016;11(1):3-9. DOI: 101177/1357633X0501100102
4.Heinzelmann PJ, Lugn NE, Kvedar JC. Telemedicine in the future. Journal of Telemedicine and Telecare. 2005;11(8):384-390
5.Leveson NG. Rasmussen’s legacy: A paradigm change in engineering for safety. Applied Ergonomics. 2017;59:581-591
6.Johnson CW. An introduction to Root Cause Analysis in healthcare. 2004. p. 1–47. Available from: http://www.dcs.gla.ac.uk/∼johnson/papers/Pascale_book/incident_analysis.PDF
7.Canham A, Thomas Jun G, Waterson PE, Khalid S. Integrating systemic accident analysis into patient safety incident investigation practices. Applied Ergonomics. 2018;72:1-9
8.Dixon K, Waterson PE, Barnes J. A comparison of three systemic accident analysis methods using 46 SPAD (Signals passed at danger) incidents. In: Advances in Intelligent Systems and Computing. Los Angeles, USA: Springer Verlag; 2018. pp. 1097-1108
9.Leveson NG. Applying systems thinking to analyse and learn from events. Safety Science. 2011;49(1):55-64
10.Underwood P., Waterson PE. Accident analysis models and methods: Guidance for safety professionals. 2013
11.Underwood P, Waterson P. A critical review of the stamp, fram and accimap systemic accident analysis models. In: Advances in Human Aspects of Road and Rail Transportation. 2012
12.Rasmussen J, Svedung I. Proactive risk management in a dynamic society. In: Swedish Rescue Services Agency. Karlstad, Sweden: Risk and Environmental Department; 2000. pp. 1-160. Available from: http://rib.msb.se/Filer/pdf%5C16252.pdf
13.Svedung I, Rasmussen J. Graphic representation of accident scenarios: Mapping system structure and the causation of accidents. Safety Science. 2002;40(5):397-417
14.Leveson NG. System safety engineering: Back to the future. Aeronautics and Astronautics Massachusetts Institute of Technology; Cambridge. 2002. p. 1–320. Available from: http://sunnyday.mit.edu/book2.pdf
15.Leveson NG. A new accident model for engineering safer systems. Safety Science. 2004;42(4):237-270
16.Hollnagel E. FRAM, the Functional Resonance Analysis Method: Modelling Complex Socio-Technical Systems. Farnham, Surrey, UK: Ashgate Publishing Ltd; 2012
17.Hollnagel E. An application of Functional Resonance Analysis Method (FRAM) to Risk Assessment of Organisational Change. Stockholm: Strålskyddsnämnden (SSN). 2013
18.Salmon PM, Cornelissen M, Trotter MJ. Systems-based accident analysis methods: A comparison of Accimap, HFACS, and STAMP. Elsevier Ltd. 2012;50(4):1158-1170
19.Underwood P, Waterson PE. Systems thinking, the Swiss Cheese Model and accident analysis: A comparative systemic analysis of the Grayrigg train derailment using the ATSB, AcciMap and STAMP models. Accident; Analysis and Prevention. 2014;68:75-94
20.Kee D, Jun GT, Waterson P, Haslam R. A systemic analysis of South Korea Sewol ferry accident – Striking a balance between learning and accountability. Applied Ergonomics. Mar 2017;1(59):504-516
21.Igene OO, Johnson C. Analysis of medication dosing error related to computerised provider order entry system: A comparison of ECF, HFACS, STAMP and AcciMap approaches. Health Informatics Journal. 2019;26(2):1017-1042
22.Igene OO, Johnson C. To computerised provider order entry system: A comparison of ECF, HFACS, STAMP and AcciMap approaches. Health Informatics Journal. 2020;26(2):1017-1042
23.Branford K. An Investigation into the Validity and Reliability of the AcciMap Approach. Australia: The Australian National University; 2007
24.Branford K, Naikar N, Hopkins A. Guidelines for AcciMap analysis. In: Hopkins A, editor. Learn from High Reliab Organ Sydney CCH. 2009. pp. 193-212
25.Lee S, Moh YB, Tabibzadeh M, Meshkati N. Applying the AcciMap methodology to investigate the tragic Sewol Ferry accident in South Korea. Applied Ergonomics. 2017;59:517-525
26.Igene OO, Johnson CW, Long J. An evaluation of the formalised AcciMap approach for accident analysis in healthcare. Cognition, Technology & Work. 2021:1-21
27.Horsky J, Kuperman GJ, Patel VL. Comprehensive analysis of a medication dosing error related to CPOE. Journal of the American Medical Informatics Association. 2005;12(4):377-382
28.Igene OO, Johnson CW. Comparing HFACS and AcciMaps in a health informatics case study - The analysis of a medication dosing error. In: Safety and Reliability - Safe Societies in a Changing World. ESREL 2018: Proceedings of the 28th International European Safety and Reliability Conference; 2018. pp. 3-10
29.Leveson N, Daouk M, Dulac N, Marais K. Applying STAMP in accident analysis. NASA Conference. 2003:177-198. Available from: https://ntrs.nasa.gov/api/citations/20030111708/downloads/20030111708.pdf
30.Smaggus A. Safety-I, Safety-II and Burnout: How Complexity Science Can Help Clinician Wellness. Vol. 28. BMJ Quality and Safety. BMJ Publishing Group; 2019. pp. 667-671
31.Hollnagel E. Barriers and Accident Prevention. London, Aldershot, UK: Ashgate; 2004
32.Grant E, Salmon PM, Stevens NJ, Goode N, Read GJ. Back to the Future: What do Accident Causation Models tell us About Accident Prediction? Vol. 104. Safety Science. Elsevier B.V; 2018. pp. 99-109
33.Riccardo P, Gianluca DP, Giulio DG, Francesco C. FRAM for Systemic accident analysis: A matrix representation of functional resonance. International Journal of Reliability, Quality and Safety Engineering. 2018 Feb;25(1):1, 1-29
34.Flin R, Winter J, Cakil Sarac MR. Human factors in patient safety: Review of topics and tools. World Health. 2009;2
35.Hollnagel E, Wears R, Braithwaite J. From safety-i to safety-II: A white paper from safety-I to safety-II: A white paper. In: Safety-II: A White Paper From Safety-I to Safety-II: A White. 2015:1-43. DOI: 10.13140/RG.2.1.4051.5282.o
36.Finkel M. On Flexibility: Recovery from Technological and Doctrinal Surprise on the Battlefield. Stanford, CA: Stanford University Press; 2011
37.Hollnagel E, Hounsgaard J, Colligan L. FRAM-the Functional Resonance Analysis Method-a Handbook for the Practical Use of the Method. 2014. p. 75
38.Karanikas N, Roelen A. The Concept Towards a Standard Safety Model (STASAM). MATEC Web Conf; 2019
39.Underwood P, Waterson PE. Systemic accident analysis: Examining the gap between research and practice. Accident; Analysis and Prevention. 2013;1(55):154-164
40.Haleem A, Javaid M, Singh RP, Suman R. Telemedicine for healthcare: Capabilities, features, barriers, and applications. Sensors International. 2021;1(2):100117
41.Young W, Leveson N. Systems thinking for safety and security. Proceedings of the 29th Annual Computer Security Applications Conference. 2013
42.Young W, Leveson NG. An integrated approach to safety and security based on systems theory. Communications of the ACM. 2014;57(2):31-35
43.Friedberg I, McLaughlin K, Smith P, Laverty D, Sezer S. STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of Information Security and Applications. 2017;34:183-196
Written By
Oseghale Igene and Aimee Ferguson
Submitted: 15 July 2022Reviewed: 19 October 2022Published: 25 January 2023
Open access peer-reviewed chapter
