Industries safety-critical

In order to deal with the characteristics of modern transportation systems as well as other industrial safety-critical systems, paradigm changes to the existing safety engineering approaches have been proposed [3, 4]. Proponents of resilience engineering,... 

We have already seen elements of the CA approach when considering the costs due to safety critical failures. A further insight into the way that failure costs can be estimated for non-safety critical failures is also used to support the CA methodology. Estimates for the costs of failure in this category are based on the experiences of a sample of industrial businesses and published material as follows. 

Introduction The chemical processing industry relies on many types of instrumented systems, e.g., the basic process control systems (BPCSs) and safety instrumented system (SIS). The BPCS controls the process on a continuous basis to maintain it within prescribed control limits. Operators supervise the process and, when necessary, take action on the process through the BPCS or other independent operator interface. The SIS detects the existence of unacceptable process conditions and takes action on the process to bring it to a safe state. In the past, these systems have also been called emergency shutdown systems, safety interlock systems, and safety critical systems. 

This approach is expensive. It is attractive for particularly complex products which cannot be tested in real service conditions, and for those where the consequences of malfunction justify the costs of testing. It applies particularly to safety-critical products in the nuclear industry which could be subjected to abnormally harsh conditions, either for the environmental exposure or the end assessment or both. 

Since automotive industry is the driver for safety-critical, advanced application of embedded systems with extremely high impact on the public and economy (mass deployment, cost driven), this sector is chosen as an example. 

Unfortunately, the gap has not been spanned by these approaches. As far as I know, only JRC Ispra has once financed a project of EWICS TC7 (European Workshop on Industrial Computer Systems, TC7, Safety, Reliability and Security, an expert group in this area), on Study of the Applicability of ISO/IEC 17799 and the German Baseline Protection Manual to the needs of safety critical systems (March 2003)(www.ewics.org) (3), where the gaps between the security standards and the safety-related system evaluation requirements have been analyzed for several sectors (medical, railways, nuclear, electric power networks) and in general. 

I, Chapters 2 and 3 deal with the general backgrounds of industrial safety (e,g, models of accident causation and of human behaviour) and with the contributions that near miss reporting could make in understanding and controlling accidents and incidents, Also theoretical criticisms of the near miss reporting efforts are discussed here,... 

Section 13.3 outiines the principles of modeling packaging and food, using two simple but effective examples. They illustrate the concepts of critical steps, or materials or substances critical for food safety via a quantitative failure mode, effects and criticahty analysis (FMECA) approach, derived from concepts used by the aviation or electronic industry for critical systems. It is a systematic approach which today facilitates the risk management at the sector scale, of several thousand references or complex assemblies integrating various materials and dozens of substances [NGU13] via an expert distributable and modifiable system FMECAengine [VIT 11b]. 

This situation is all in stark contrast to other safety critical industries. For example in aerospace there is a more open and transparent culture of learning which crosses organisational and otherwise commercially competitive boundaries. lu aerospace stakeholders are aware that improvements in safety are for the greata good of the industty and that in the long term a safe product drives revenues for aU players. HIT suppliers have some way to catch up and it is largely the responsibility of their customers to call for the transparency that is required to enable a rigorous and practical assurance process. 

The debate about what is acceptable risk has existed outside of HIT for decades and was famously tested in the UK court of appeal in 1949 [4], The case related to an industrial accident rather than healthcare delivery but the ruling by Lord Asquith of Bishopstone had far reaching consequences across many safety-critical industries. The judgement concluded that it was appropriate to consider the sacrifice in money, time or trouble in the measures necessary for averting an incident. 

The International Electrotechnical Commission (lEC) set up studies to investigate solutions to this growing problem. By the mid-1990s the makings of a standard was produced which introduced the idea of a risk-based approach to drive out specific safety requirements alongside general system requirements. By the year 2000 lEC 61508 [4] had been ratified and since then has been gradually adopted in a number of safety critical industries. 

Cleland G, Sujan M, HabU I, Medhurst J. Using safety cases in industry and healthcare. A pragmatic review of the use of safety cases in safety-critical industries - lessons and prerequisites for their application in healthcare. The Health Eoundation. London, UK 2012. 

The SWIFT technique has been commonly applied to HIT in the UK and is taught on a number of training courses to support compliance with ISB 0129/0160 [2, 3]. Other techniques inherited from traditional safety-critical industries may be equally effective when used appropriately by experienced individuals. A selection are provided here to inform further adoption in healthcare. 

Fault trees are commonly used in safety critical industries such as aerospace. Their power is in being able to communicate complex failures in a simple graphical format which is relatively easy to learn. They can be applied to either potential failures or retrospectively in investigating actual failures. FTA has subtle limitations however especially when one needs to systematically identify aU possible causes of a particular hazard - for this, an alternative technique needs to supplement the analysis. Fault trees are also notoriously difficult to apply to complex software. 

There are a number of well-described, formal analytical techniques which can be adopted from other safety-critical industries. However some can be challenging to apply in HIT due to the extent to which human factors influence the risk. 

One of the contributors to rigorous design is the incorporation of lessons learnt from previous projects and similar implementations. Unfortunately, unlike other safety critical industries, manufacturers of HIT systems tend to be reluctant to share their experiences across commercially competitive boundaries. Each system is often built from a standing start at the risk of duplicating faults already discovered and designed out by other manufacturers. 

Testing can be more than manual operation of the system under simulated conditions. Inspection of key artefacts such as requirements, designs and specifications by snitable experts is a widely used technique in other safety critical industries and offers valuable evidence for the safety case. 

I wrote this book to fill a gap. There is much in the literature about patient safety, medical informatics and the engineering of safety critical systems, but outside of medical device regulation little is said about how we manufacture and implement Health IT safely. In this book I have attempted to consolidate what the industry has learnt over a 10-15-year period. As technologies and techniques evolve it is clear that this is just the start of an exciting journey, the birth of an academic discipline which brings together learnings from many disparate sources. 

Currently in the United Kingdom, the HSE is deemed to have a sophisticated inspection regime with independent third-party verification system for well design and safety-critical elements offshore. Interestingly, these verifications are conducted not by another governmental agency but by entities in the industry such as... 

Cooper and Leape are not the only authors to understand the importance of human factors and psychology to medical harm and medical error at an early stage. For instance, Marilyn Bogner s 1994 book Human error in medicine contained many insightful and important chapters by David Woods, Richard Cook, NevUle Moray and others James Reason articulated his theory of accidents and discussed its apphcation in medicine in Medical Accidents (Vincent, Ennis and Audley, 1993). Cooper and Leape were, however, particularly important influences and they Ulustrate the more general point that some of the defining characteristics of patient safety are its acceptance of the importance of psychology and the lessons to be learnt from other safety critical industries. 

We interpret this as support for our notion that expertise in anaesthesia brings with it the authority to define the boundaries between routine and critical but also between acceptable and unacceptable practice. However, we suggest that such variability in what is considered critical, reportable and acceptable is a product of the culture of medicine. In other safety-critical industries, professional experience and judgement are not allowed to dictate reporting behaviour. In aviation, for instance, all pilots, regardless of rank or experience, are expected and required to describe and report even the most subtle and minor events, not just those deemed critical or serious by individual pilots. 

Are clinical staff particularly poor at following procedures compared with staff in other safety-critical industries Healthcare is possibly more lax, but certainly... 

---