Margaret Hambleton (Margaret@hambletoncompliance.com) is President of Hambleton Compliance in Valencia, California.
High reliability organizations (HROs) are those organizations that are able to sustain error-free performance even though they operate in highly complex environments where the consequences of errors could produce catastrophic results. Typical examples of HROs include organizations such as aircraft carriers, nuclear power plants, airlines, and air traffic control. More and more healthcare organizations are adopting the principles of HROs to promote quality and safety and prevent patient harm. The characteristics of HROs are surprisingly similar to highly effective compliance and ethics programs, so it would seem logical then that HROs should have similarly reliable compliance and ethics programs. In my review of the literature, however, I see little evidence that adopting HRO principles has much effect on an organization’s compliance and ethics program.
The objective of this article is to understand the characteristics of HROs, compare these with the characteristics of an effective compliance and ethics programs, and explore why HROs don’t necessarily leverage these characteristics to improve the effectiveness of their compliance and ethics programs, nor do effective compliance and ethics programs necessarily leverage these characteristics to ensure highly reliable safety systems.
Characteristics of high reliability organizations
HROs share a number of common principles, which are typically categorized into 5 – 7 specific traits. I will use the Weick and Sutcliffe’s (2007) work to discuss the characteristics of HRO, because they nicely line up with the elements of an effective compliance and ethics program.
HROs effectively anticipate potential failures
One of the most important features of an HRO is the ability to anticipate potential failures. This includes talking with frontline staff to understand operations and processes, testing processes to see where slight variations may be occurring that could give rise to larger problems, looking at and evaluating data, and evaluating potential areas of risk by looking at the entire system rather than individual performance.
In an effective compliance and ethics program, we would refer to this as assessing risks and controls. Periodically, compliance and ethics programs will conduct a risk assessment to proactively identify program weaknesses and provide an assessment of potential ethical violations, fraud, waste, and abuse matters. Generally, risk assessments include identifying areas of potential risk by talking with leaders and frontline staff, reviewing audits and monitoring results, looking at external sources to identify potential areas of risk, and evaluating the effectiveness of controls already in place. In the most effective compliance programs, these risk assessments are nimble and continuously scan the environment for potential emerging areas of vulnerability. Work plans are adjusted to ensure that the risks to which the organization is most vulnerable are addressed.
HROs successfully contain unexpected events
HROs have developed a certain amount of redundancy in their systems. They employ back-up systems and have checks and balances to make sure that when there is an unexpected event, the system (including people, processes, and technology) will quickly identify it and make necessary corrections so the event doesn’t result in harm. HROs allow for individuals at any level of the organization to make safety-related decisions to address a potentially impending safety failure. HROs rely on the experts actually doing the work to make the decisions and take the actions necessary to avert harm during a potential emergency situation. Interestingly, HROs are often organizations that have strong hierarchical structures to develop policies, assess risk, provide education, and direct activities, but when it comes to a potential emergency situation, these organizations convert to flat authority structures. The person with the best information at the time of an emerging issue, regardless of their position in the organization, becomes the decision-maker.
In compliance and ethics programs, we would call this ability to spot and contain unexpected events “controls and safeguards.” As compliance officers, we evaluate areas of potential vulnerability and put in place the controls necessary to safeguard the organization against ethics or compliance failures. We develop processes to make sure that anyone in the organization can report problems and that those concerns are taken seriously, adequately investigated, and corrective action is implemented to prevent failures.
HROs have open reporting systems
In HROs, staff are encouraged, in fact obligated, to report problems and can do so without fear of retaliation or punishment. Reports made are taken seriously, investigated thoroughly, and appropriate corrective action is taken in response. Failures are seen as system issues rather than issues of individual blame. HROs foster a sense of personal responsibility and accountability for safety. Safety is everyone responsibility.
In ethics and compliance programs, we too establish open and transparent reporting systems and encourage reporting of issues or concerns. We celebrate those individuals who bring problems to our attention so that we can correct issues before they become problems. Effective compliance programs widely publicize available reporting mechanisms and compliance and ethics are a component of every individual’s job responsibility. Individuals recognize their compliance obligations and responsibility for compliance.
HROs are learning organizations
An important characteristic of HROs is the emphasis on continuous learning. Employees are provided regular training on technical issues and potential areas of risk. Every near miss or potential failure is analyzed to identify the root causes and follow up with additional education when necessary. Near misses and potential failures are widely shared in the organization to ensure individuals understand the causes for potential and real failures. Policies, procedures, and processes are updated and disseminated, and individuals are given education to ensure that the organization’s practices are well understood.
Our compliance and ethics programs strongly encourage reporting of real and potential problems. Many avenues for reporting are provided to employees. Reports are taken seriously, and employees trust the organization will fully investigate and determine potential root causes of failures and potential failures. In addition to formal reporting systems in place, compliance officers use “compliance by walking around” to informally give employees the opportunity to talk about any issues or concerns. These “compliance rounds” allow ethics and compliance officers to see how the work is done and where process variation may be occurring and to correct these variations. There is continuous feedback to find and fix problems, learn from them, improve performance, and adapt to new information.
HROs rigorously examine failures
HROs don’t take the “simple” explanation for a failure as the only or even the predominate cause of a failure or near miss. The simple answers are generally those that assume failures are the result of an individual failing to follow policy or established procedure, or a failure in an individual’s training. Individuals in HROs are accountable for safety, but HROs recognize that failures are more often the result of a variety of human factors and that processes are tightly coupled with people, processes, and technology. HROs look at each failure, near miss, and potential failure in the context of the entire system. They continually evaluate the primary and contributing factors that allowed the entire system to fail or come close to a failure. HROs recognize that blaming individuals and addressing individual variation will not address the root cause of failures.
Effective compliance and ethics programs use the same tools and techniques to evaluate the root cause of failures. As noted in the recent U.S. Department of Justice guidance on the Evaluation of Corporate Compliance Programs, there is an expectation that organizations use investigations to identify root causes, system vulnerabilities, and accountability lapses. As in HROs, ethics and compliance officers rigorously examine failures by looking past the simple answer, engaging all levels of the organization, and evaluating the interaction between people, processes, and technology to determine the root cause.
HRO leaders support a culture of safety
The leaders of HROs support a culture of safety by providing the resources necessary for the organization to develop effective systems for auditing and monitoring, providing education, evaluating risks, investigating failures, establishing effective reporting structures, and correcting problems. They ensure that the safety programs are overseen by high-level executives who have the authority to make high-level decisions. Senior leaders and the governing body take seriously their responsibility for safety. Senior leaders engage with frontline staff on matters of safety.
Similarly, effective compliance and ethics programs demonstrate a culture of compliance. Senior leaders encourage compliance, they role-model compliant and ethical behavior, and they provide the investments necessary to ensure effective compliance programs. Compliance leaders have a “seat at the table” and are seen in the organization as having the same stature as other executives. There is a commitment to compliance and ethics throughout the organization at all levels.