The World Health Organization (WHO) defines patient safety as “the absence of preventable harm to a patient and reduction of risk of unnecessary harm associated with health care to an acceptable minimum” (asamonitor.pub/3tof93o). There are three philosophical approaches to safety engineering, referred to as Safety-I, Safety-II and Safety-III, that clinicians should be familiar with in order to better understand how safety in health care is managed (Table).

Table: Three philosophical approaches to safety engineering referred to as Safety-I, Safety-II and Safety-III. Adapted from: Reliability Engineering & System Safety 2022;217:108077; Safety Science 2004;42:237-70.

Table: Three philosophical approaches to safety engineering referred to as Safety-I, Safety-II and Safety-III. Adapted from: Reliability Engineering & System Safety 2022;217:108077; Safety Science 2004;42:237-70.

The Safety-I perspective assumes that accidents/errors happen because systems or their components malfunction or fail. This places attention on unsafe activities and systems (asamonitor.pub/2LDjb43). Variability is seen as a threat to be eliminated or mitigated as much as possible. Safety-I assumes a linear cause-and-effect relationship between hazards and harms such that harms can be prevented if a hazard is identified and eliminated (Reliability Engineering & System Safety 2022;217:108077). In Safety-I, it is common to search for “root causes” based on the assumption that all errors are caused by discrete events. The Safety-I response to safety is reactive in nature, and learning is based on what went wrong. In order to avoid things that go wrong, Safety-I policies attempt to create barriers, standardize work procedures, and eliminate variability (Int J Occup Saf Ergon 2019;25:66-75).

In contrast to Safety-I, the Safety-II perspective shifts from ensuring that “as few things as possible go wrong” to ensuring that “as many things as possible go right” (Reliability Engineering & System Safety 2022;217:108077). Safety-II assumes that things go right because of variability in systems that forces systems to be adaptive and responsive to variation. Safety-II rejects the “root cause” idea that all errors are caused by a discrete event. Instead, errors are assumed to be the result of a combination of variables, in which the individual variables themselves are not causative. Safety-II accounts for the unpredictable interaction between humans and technology, also referred to as the “sociotechnical” aspect of systems. This is in contrast to Safety-I, which does not account for this important variable in systems. Safety-II takes a proactive approach to safety, and learning is based on what went right. Safety-II policies attempt to build adaptability and resiliency into systems to produce the desired result regardless of variability.

Safety-III is grounded in systems theory, which posits that accidents occur when safety controls within the system fail to adequately handle threats or disturbances (Safety Science 2004;42:237-70). The focus is on prevention of risk/errors while also learning from risk/errors when they occur. Efforts are made to limit variability in systems while at the same time recognizing that variability is unavoidable. Safety-III states that systems must be flexible and adaptive to allow for unexpected events introduced by variability. Accidents in Safety-III are caused by failure to control for hazards and/or failure of safety controls. Errors and accidents in Safety-III are considered to have linear components (similar to Safety-I) and nonlinear, variable components (similar to Safety-II). Safety-III adopts both a reactive and proactive approach to safety, but most learning comes from previous mistakes and failures.

Where does patient safety fit among these safety philosophies? There are aspects of patient safety that still subscribe to Safety-I – think root cause analyses searching for the one cause of an error or for the holes in the Swiss cheese. Then there are other elements of patient safety that resemble Safety-II, such as when we consider the interaction between clinicians and technology and acknowledge human fallibility as the cause of an accident. Safety-III is where we aspire to be. It suggests that we focus on designing safety into our health care systems from the beginning and that we carefully design our systems so that accidents are largely prevented; but when accidents do arise, our systems are designed in such a way that humans have the tools needed to successfully mitigate the threats. In order for safety in health care to evolve and approach Safety-III, all clinicians need to understand safety engineering and take an active role in designing health care systems.