Risk assessment is formed of three steps. The first step is to identify the hazards (what may go wrong?). Second, to know what are the consequences of this risk and how often could this risk happen. Third, involves a decision regarding the need for further action to be taken against the specific risk based on quantitative or a qualitative description.
|
1. |
Hazard Identification (What may go wrong?) |
|
There are several methods that can be used in identifying hazardous clinical processes that carry high risk to patient safety (see table below). Once a process is identified, it is mapped and broken down into its component steps. In doing so, the events that may lead to patient harm (hazards) can be further identified and related to each step. |
|
|
|
Hazard identification
Adverse event reporting
Complaints and law suits
Medical records review
Observation of practice (work space and procedures performed)
Mortality and morbidity meetings
Patient and health care staff interviews
Patient safety organizations
|
|
|
|
|
|
2. |
Risk analysis (How serious and how often?) |
|
Risk analysis is the estimation of the risk associated with the identified hazard. Each step of the chosen process is analyzed by answering the following three questions. First, what are the consequences of the event if it happens and second how often is it expected to recur and third how easily can it be detected?
In answering the first question the next consequence table can be used.
|
|
|
|
|
Consequence Rating |
|
Descriptor |
Impact |
5 – Catastrophic |
Death
Continued ongoing long-term effects at time of discharge
Many > 50: Vaccination error |
4 – Major |
Permanent injury
Increase in length of hospital stay by > 15 days
Moderate 16 – 50: Lost specimens |
3 – Moderate |
Semi-permanent injury
Increase in length of hospital stay by 4-15 days
Small 3 – 15 |
2 – Minor |
Short term injury
Increase in length of hospital stay by 1-3 days
1 – 2 |
1 – Insignificant |
No injury
No increase in hospital stay
N/A |
|
|
|
|
|
Other factors can be taken into account and integrated into the consequence table such as cost of the risk, impact on the service, impact on the organization, etc.
In answering the second question the following likelihood table can be used.
|
|
|
|
|
Likelihood Rating |
|
Descriptor |
Description |
5 – Certain |
Will undoubtedly happen / recur
Expected to occur at least daily
>50 percent |
4 – Likely |
Will probably happen / recur
Expected to occur at least weekly
10-50 percent |
3 – Possible |
Might happen or recur occasionally
Expected to occur at least monthly
1-10 percent |
2 – Unlikely |
Do not expect it to happen / recur but it is a possible it may do so
Expected to occur at least annually
0.1-1 percent |
1 – Rare |
This will probably never happen / recur
Not expected to occur for years
<0.1 percent |
|
|
|
|
|
In answering the third question the following detection table can be used. |
|
Descriptor
|
Description
|
5 – Remote |
Detection not possible at any point in the system
0-5 percent |
4 – Low |
Error rarely detected before reaching patient
6-39 percent |
3 – Moderate |
Error infrequently detected before reaching patient
40-74 percent |
2 – High |
Error frequently detected before reaching patient
75-94 percent |
1 - Very high |
Error will almost always be detected
95-100 percent |
|
|
|
|
|
3. |
Risk evaluation (Do we need to do something?) |
|
Risk evaluation considers the evidence presented through the previous step (risk analysis) and a decision is taken either to take action to control the risk if considered high enough or no action if the risk is considered low. In addition, risk evaluation can help safety teams prioritize a set of risks that have been identified thus facilitating the selection of the most significant ones for their treatment (risk control). There are two methods that can be used for risk evaluation |
|
|
|
Risk Matrix
A risk matrix will plot risk consequence against risk likelihood to reach an estimate or grade for the risk. Each institution should decide on the level (grade) at which the risk is considered unacceptable and that necessary measures are needed. Furthermore, such a matrix can aid in deciding what management level should be involved in the risk control and how rapid should the response be.
The following risk table can be used to help reach a decision: |
|
|
Consequence |
Likelihood |
1
Insignificant |
2
Minor |
3
Moderate |
4
Major |
5
Catastrophic |
5 - Certain |
5 |
10 |
15 |
20 |
25 |
4 - Likely |
4 |
8 |
12 |
16 |
20 |
3 - Possible |
3 |
6 |
9 |
12 |
15 |
2 - Unlikely |
2 |
4 |
6 |
8 |
10 |
1 - Rare |
1 |
2 |
3 |
4 |
5 |
|
|
|
|
|
|
Risk |
Low |
Moderate |
High |
Extreme |
|
|
1-3 |
4-6 |
8-12 |
15-25 |
|
|
|
|
|
|
Criticality Index
The Criticality Index (CI) also known as the Risk Priority Number (RPN) is a numerical grading of the risk and can be used in prioritizing risks prior to the selection of the most significant ones for control. The CI can be calculated using the following formula:
CI = L X C X D
|
|
|
where |
L: likelihood |
|
|
|
C: Consequence |
|
|
|
D: Detectability |
|
|
|
|
|
|
|
|
|
|
|
|
|