Running head: ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 1

Root Cause Analysis of a Safety Problem

Kelley Schlosshan

Bon Secours Memorial College of Nursing

Quality and Safety in Nursing I

NUR 3206

Tamarah Pearson, MSN, RN, CEN, CN IV

June 25, 2017

Honor Code: I Pledge...

ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 2

Root Cause Analysis of a Safety Problem

A root cause analysis is a systemic method used to review close calls or adverse events to

identify future preventative measures (Charles et al., 2016, p. 1-2). In conducting a root cause

analysis of a problem it is important to identify underlying issues that can increase the likelihood

of errors and avoid focusing on mistakes made by individuals. There are three main goals or

objectives to focus on when doing a root cause analysis; identify the error, why it happened and

what can be done to prevent it occurring again. In conducting a root cause analysis it is generally

found that multiple factors contributed to the issue or problem. A root cause analysis is

extremely beneficial to organizations and can aid in increasing profitability, safety, reliability

and culture change. (Latino, 2015, p. 21).

In the pre-admission testing department the issue identified is a HIPAA violation. On a

Tuesday afternoon around 4 pm a patient was in our department for their pre-surgical testing

appointment. The following day the patient called and informed a nurse in our department that

another patients labs were attached to their instruction sheet. As part of all pre-admission

testing appointments every patient is provided with written instructions for their procedure.

Ensuring patients are not given another patients data, even accidentally is critical to our

department.

The information accidentally attached included the other patients labs and other

identifying patient health information (PHI) such as; name, date of birth and medical record

number. In reviewing recent HIPAA amendments, a breach is acquisition, access, use or

disclosure of PHI compromising the security or privacy of patient information. In healthcare, it

has been noted in more than 75 percent of the cases, the root cause of a data breach is usually
ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 3

theft (39.1%) or loss (36.3%) (Sage, p. 87). It is our duty as nurses to ensure patient information

remains confidential.

HIPAA privacy rules are designed to keep patient information protected and confidential.

The Department of Health and Human Services studied all data breaches involving 500 or more

patients from 2011 to 2012. In their published report it was found that approximately 15 million

people had their PHI compromised (Tamburello, 2014, p. 37). In more closely reviewing data

breaches occurring over this two year time frame, there were trends identified as areas

companies could invest in to ensure the security of PHI. Types of unsecured protected health

information breaches include the following: theft, unauthorized access, lost media or paper,

hacking, IT incident, improper disposal, emails, desktop computers or laptop computers, other

electronics, network server, EMR's (Electronic Medical Record's), and other causes. The type of

security breach identified in the pre-admission testing department was paper or written

documentation. All data breaches of protected health information must be reported to both the

Department of Health and Human Services and to the patients involved. (Tamburello, 2014, p.

37).

The factors contributing to the HIPAA breach include; a high volume of patients, time of

day, approximately 4 pm and a combined fax and printer. Additionally a phone nurse calls

patients who do not need to come in-person for an appointment, these patients have already had

their required tests and the tests are faxed to the department. Also each nurse has multiple patient

charts, tests and papers to follow up on.

It is our process when seeing patients, to print two copies of patient instructions. A signed

copy is placed in the patients file and the other is given to the patient. We have a combined

copier, scanning, printing and fax machine used by all members of the department. All members
ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 4

of our department using the same machine for multiple purposes can lead to failure. In our

incident a patients labs were faxed at the same time as a nurse printed copies of the patients

pre-surgical instruction sheet. This led to the other patients labs printing between copies of the

first patients pre-surgical instructions. The other patients labs which were faxed were between

the instruction sheets and the patients lab results were stapled to the other patients instruction

sheet. This is known as a causal factor caused by human error and component failures (Menon,

Kamath, & Shabaraya, 2016, p. 22).

In conducting the root cause analysis of this incident the charge nurse, nurse manager,

risk manager, HIPAA privacy analyst were all involved in analyzing the decisions leading to the

error to ensure this type of incident does not occur in the future. The nurse involved was also

interviewed. By analyzing the errors it helped detect the flaws, vulnerabilities and weaknesses in

our system leading to the data breach. A root cause analysis helps identify deficiencies and

weaknesses in a system that lead to human errors, evidence shows that in organizations with high

trust systemic errors can reveal deficient system flaws, the need to learn from incidents and

errors occurring in the past, events and adverse occurrences are the symptoms of pathological

disasters in the organizations, disease in an organization can affect the various working systems

and accurate analysis of critical incident or error is a very useful. (Abdollahi, 2014, p. 82)

The outcome of this analysis was a learning process for all nurses in the pre-admission

testing department. At this time the copier and fax machine are operating on a dual process and

the only way to prevent faxes and copies from becoming mixed is to have a separate machine for

each, which we do not have. To solution to help prevent this error from occurring again is nurses

are taking extra time to review information with the patient and reviewing all documentation
ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 5

given to the patient is that patients information. Protecting all patient information is vital and

essential to maintaining HIPAA compliance.

ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM 6

References

Abdollahi, A. (2014). Root Cause and Error Analysis. Iranian Journal of Pathology, 9(2), 81-88.

Retrieved from

http://web.a.ebscohost.com/ehost/pdfviewer/pdfviewer?vid=9&sid=8ef6c7a6-5651-4165-

874f-7b095ab6c692%40sessionmgr4008&hid=4207

Charles, R., Hood, B., Derosier, J. M., Gosbee, J. W., Li, Y., Caird, M. S., ... Hake, M. E. (2016).

How to perform a root cause analysis for workup and future prevention of medical errors:

a review. BioMed Central, 10(20), 1-5. http://dx.doi.org/10.1186/s13037-016-0107-8

Latino, R. J. (2015). How is the effectiveness of root cause analysis measured in healthcare?

American Society for Healthcare Risk Management, 35(2), 21-30.

http://dx.doi.org/10.1002/jhrm.21198

Menon, N., Kamath, K., & Shabaraya, A. (2016, September). Conducting root cause analysis and

its implementation: a perspective. Manipal Journal of Pharmaceutical Sciences, 2(2), 21-

25. Retrieved from http://web.a.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=8ef6c7a6-

5651-4165-874f-7b095ab6c692%40sessionmgr4008&vid=4&hid=4207

Sage, A. (2014). Physical security, HIPAA, and the HHS wall of shame. Journal of Healthcare

Protection Management, 30(1), 85-90. Retrieved from

http://web.a.ebscohost.com/ehost/pdfviewer/pdfviewer?vid=32&sid=2a5453fa-50e3-

45ea-bd17-2b13c02c40b9%40sessionmgr4006&hid=4207

Tamburello, L. M. (2014). Report on HIPAA Breaches of Unsecured PHI. A Journal For New

Jersey Medical Community, 7(4), 37-41. Retrieved from

http://web.a.ebscohost.com/ehost/pdfviewer/pdfviewer?vid=31&sid=2a5453fa-50e3-

45ea-bd17-2b13c02c40b9%40sessionmgr4006&hid=4207
ROOT CAUSE ANALYSIS OF A SAFETY PROBLEM
APPENDIX: A

PROCESS PEOPLE

PRINTED TWO NURSE

COPIES OF
INSTRUCTIONS FOR
PATIENT
CHARGE
STAPLED BOTH NURSE
INSTRUCTIONS
SHEETS
TOGETHER
ONE COPY OF MANAGER
INSTRUCTIONS
GIVEN TO
PATIENT
RISK
REVIEWED INSTRUCTIONS WITH MANAGER
PATIENT AND SIGNED COPY
HIPPA PRIVACY ONE PATIENT WENT
PLACED ON CHART
ANALYST
HOME WITH ANOTHER
PATIENTS LABS
ATTACHED TO
USUALLY COMBINED COPIER
DEPARTMENT AND FAX MACHINE INSTRUCTION SHEET
SEES
APPROXIMATELY
FAXED PAPERS
3-4 PATIENT
VISITS PER HOUR

PHONE NURSE
SECRETARY
SECRETARY
DISTRACTIONS
DEPARTMENT
PHONE CALLS
MULTIPLE PATIENT CHARTS
AND PAPERS

c
a
u
s ENVIRONMENT EQUIPMENT
e