Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Blood Safety Transcripts

DEPARTMENT OF HEALTH AND HUMAN SERVICES
ADVISORY COMMITTEE ON BLOOD SAFETY AND AVAILABILITY

Eleventh Meeting

Volume I

8:11 a.m.

Tuesday, April 25, 2000

Hyatt Regency Capitol Hill Hotel

400 New Jersey Avenue

Washington, D.C. 20001

P A R T I C I P A N T S

Arthur Caplan, Ph.D.
Stephen D. Nightingale, M.D., Executive Secretary

Larry Allen
James P. AuBuchon, M.D.
Michael P. Busch, M.D., Ph.D.
Richard J. Davey, M.D.
Ronald Gilcher, M.D.
Edward D. Gomperts, M.D.
Fernando Guerra, M.D.
Paul F. Haas, Ph.D.
William Hoots, M.D.
Dana Kuhn, Ph.D.
Karen Shoos Lipton, J.D.
Gargi Pahuja
John Penner, M.D.
Jane A. Piliavin, Ph.D.
Marian Gray Secundy, Ph.D.
John Walsh
Jerry Winkelstein, M.D.
Mary E. Chamberland, M.D.
Jay Epstein, M.D.
Paul R. McCurdy, M.D.
Eric Goosby, M.D.
David Snyder, R.Ph., D.D.S.

C O N T E N T S

AGENDA ITEM& PAGE NUMBER

Welcome, Roll Call, Conflict of Interest Announcement, P.5

Comments by the Assistant Secretary for
Health and Surgeon General, David Satcher,
M.D., Ph.D., Department of Health and Human
Services, P.10

The Duty to Inform under Canadian Law -
Honorable Mr. Justice Horace Krever
(Retired), Toronto, Ontario, Canada, P.20

The Scientific Foundation of Modern Error
Management - Ronald M. Westrum, Ph.D.,
Professor of Sociology, Eastern Michigan
University, P.46

Challenges to the Development of the Aviation
Safety Reporting System (ASRS) - National
Aeronautics and Space Administration, and
Challenges to the Development of American
Airlines Aviation Safety System, Captain K.
Scott Griffith, Chief Pilot, American Airlines, P.63

The Application of Error Management
Principles to the Operating Room - Robert
Helmreich, Ph.D., Professor of Psychology,
University of Texas, P.138

Extension of Error Management Principles
throughout Clinical Medicine - Stephen D.
Small, M.D., Association Professor of
Anesthesiology, Harvard Medical School, P.179

Lunch, P. 240

What Is Needed to Support Error Management
Systems in Transfusion Medicine?
Jeanne Linden, M.D., M.P.H.
New York State Department of Health, P.267

James Battles, Ph.D., University of Texas
Southwester Medical Center --
Harold Kaplan, M.D., Columbia University, P. 264

Robert Francis, The Farragut Group --

Public Comment, P.241

Committee Discussion, P.256

Break

Committee Resolutions

Adjournment, P.418

PROCEEDINGS

DR. NIGHTINGALE: Good morning. I am Dr. Stephen Nightingale, the Executive Secretary of the Advisory Committee on Blood Safety and Availability, and it gives me great pleasure to welcome you on this, the second day of National Secretaries' Week, to the Advisory Committee on Blood Safety and Availability's Eleventh Meeting.

Let me begin by calling the roll. Mr. Allen?

MR. ALLEN: Here.

DR. NIGHTINGALE: Dr. AuBuchon?

DR. AUBUCHON: Here.

DR. NIGHTINGALE: Dr. Busch?

DR. BUSCH: Here.

DR. NIGHTINGALE: Dr. Caplan?

DR. CAPLAN: Here.

DR. NIGHTINGALE: Dr. Davey?

DR. DAVEY: Here.

DR. NIGHTINGALE: Dr. Gilcher?

DR. GILCHER: Here.

DR. NIGHTINGALE: Dr. Gomperts?

DR. GOMPERTS: Here.

DR. NIGHTINGALE: Dr. Guerra?

DR. GUERRA: Here.

DR. NIGHTINGALE: Dr. Haas?

DR. HAAS: Here.

DR. NIGHTINGALE: Dr. Hoots?

DR. HOOTS: Here.

DR. NIGHTINGALE: Dr. Kuhn?

DR. KUHN: Here.

DR. NIGHTINGALE: Ms. Lipton?

MS. LIPTON: Here.

DR. NIGHTINGALE: Ms. Pahuja?

MS. PAHUJA: Here.

DR. NIGHTINGALE: Dr. Penner?

DR. PENNER: Here.

DR. NIGHTINGALE: Dr. Piliavin?

DR. PILIAVIN: Here.

DR. NIGHTINGALE: Dr. Secundy?

DR. SECUNDY: Here.

DR. NIGHTINGALE: Mr. Walsh?

MR. WALSH: Here.

DR. NIGHTINGALE: Dr. Winkelstein is in transit, I believe. Dr. Chamberland?

DR. CHAMBERLAND: Here.

DR. NIGHTINGALE: Dr. Epstein? Dr. Epstein is in transit. Captain Fitzpatrick?

[No response.]

DR. NIGHTINGALE: Dr. Goosby?

DR. GOOSBY: Here.

DR. NIGHTINGALE: Dr. McCurdy?

DR. McCURDY: Here.

DR. NIGHTINGALE: Dr. Snyder? I believe he's in transit.

The following announcement is made as part of the public record to preclude even the appearance of a conflict of interest at this meeting. General applicability has been approved for all committee members. This means that unless a particular matter is brought before this committee that deals with a specific product or firm, it has been determined that all interests reported by the committee members present no potential conflict of interest when evaluated against the agenda. In particular, as specified in Title 18 of the U.S. Code 208(b)(2), a special government employee, which all committee members are, may participate in a matter of general applicability, for example, advising the government about its policies relating to the hepatitis C epidemic, even if they are presently employed or have the prospect of being employed by an entity, including themselves if they are self-employed, that might be affected by a decision of the committee provided that the matter will not have a special or distinct effect on the employer or the employee other than as part of the class.

In the event that discussions involved a specific product or a specific firm from which a member has a financial interest, that member should exclude him- or herself from the discussion, and that exclusion will be noted for the public record.

With respect to the other meeting participants, we ask in the interest of fairness that they disclose any current or previous financial arrangements with any specific product or specific firm upon which they plan to comment.

One announcement of a change in the agenda. It is a small one. Ms. Connell is unable to attend the meeting today.

For those in the audience who wish to address the committee, we should have ample time to hear your views in full. If you would identify yourselves to me in the break immediately before the time when your public comment is scheduled, I would appreciate it.

Dr. Caplan does have a conflict. I don't believe it is an ethical one, but during the course of the meeting, he had to go over to the Senate, and during that time Mr. Allen has agreed to chair the meeting.

Dr. Caplan?

DR. CAPLAN: You're not going to read the thing about the chemists?

DR. NIGHTINGALE: Next time.

[Laughter.]

DR. CAPLAN: Well, in the interest of time, let me say that our deliberations today are aimed at trying to, first, come back to the problem of managing error and the reduction of accidents, and we hope that in many ways not only can we do what needs to be done with respect to blood, but perhaps we can set out a paradigm as the nation attempts to struggle with this problem.

We have a visit from the distinguished Dr. David Satcher, who is going to begin with some opening remarks, and then the Honorable Justice Horace Krever is going to talk a little bit about the Canadian situation, how they've been dealing with the problem of error, informed consent, and misadventure in their blood world. Then we'll have a break. That's when I'll ask Larry to take over.

So let me turn to Dr. Satcher. I know his schedule is a busy one, and I will turn the floor over to him.

DR. SATCHER: Thank you very much, Dr. Caplan. Let me begin by thanking you for--I'm sorry. Let me start over.

Thank you very much, Dr. Caplan. I want to begin by thanking you for really the exceptional effort that you made the last time you met to overcome the weather and to attend the Advisory Committee meeting. We all know that public service can be very challenging, but last January you met those challenges in really a great way.

You know, in fact, it was a day when the government was officially closed because of the weather, and yet you were here, and I want to commend you for that.

It's interesting because I think you remember that at the same time we were in the process of launching Health People 2010, the nation's health plan for the next 10 years, and, fortunately, that also went well.

We made a very important announcement yesterday in that regard. One of the two goals of Health People 2010 is the elimination of disparities in health on the basis of race and ethnicity, and yesterday we announced the partnership between our Department and the American Public Health Association to work together over the next 10 years. The 55,000 members of APHA voted to make the elimination of disparities in health its number one priority for the next 10 years, so this will result in a national steering committee being formed and an implementation plan.

I think more importantly it means that this is not a Federal program. It's a program that's national in scope, but it's public and private, it's Federal, state, and local. It's not dependent upon any administration or any given Surgeon General or Assistant Secretary for Health, for that matter. And I think that is encouraging as we move forward.

Let me say to you that the Department has carefully considered the recommendations you made at the last meeting, and I also want to say that I really agree with Dr. Caplan. I think what's happening here is really significant. It is certainly the major effort within our Department to deal with issues related to managing our errors and accidents and responsibilities for reporting, so this could indeed be the model for all of our efforts in this area. So we appreciate the hard work that you're doing.

Let me say we agree that all blood establishments should have a quality assurance program. As you know, the Food and Drug Administration already considers such programs to be essential components of good marketing practice. At the same time, FDA is re-examining its current guidance to determine if additional recommendations are needed to address investigation and reporting of errors and accidents associated with blood and plasma treatment.

We also agree that error and accident reporting requirements should be extended to all blood establishments. FDA will publish a final rule on this subject in the near future.

We concur and accept as well that quality assurance programs in all blood establishments should capture, analyze, and respond to all errors and accidents, even if the affected blood unit were not distributed or even if their use caused no adverse effects.

FDA is considering recommending the medical event reporting system for transfusion medicine, which Dr. Harold Kaplan described to you at your last meeting for the management of transfusion medicine errors and accident investigations and reports.

You recommended that a confidential, non-punitive system for the collection, analysis, and dissemination of data on errors and accidents be established for those errors and accidents not subject to regulatory review. However, regulatory review of transfusion medicine is, as you know, very broad, and it includes errors and accidents that do not cause actual harm as well as those that do. So it is somewhat unclear that an error management system excluded from these events could achieve its stated purpose. And for this reason, we are asking that you return to the issue of error management and advise us how to accommodate the right of patients to know the consequences of any treatment received, provide regulatory agencies with the information necessary for them to fulfill their statutory oversight responsibilities, and support initiatives that identify and correct latent flaws in complex and critical systems such as blood establishments before these latent flaws cause actual harm or even death.

We're not alone in this search, as you know. Even as we speak, the National Transportation Safety Board is convening at another Hyatt Hotel near here, and this is a symposium on transportation safety and law. And they, too, are trying to balance the rights and needs of consumers, providers, regulators, and the public at large to information on the one hand and the goal we all share of reducing morbidity and mortality of errors and accidents that we should and, in fact, we must prevent. And I understand that Captain Griffith will be participating in that meeting as well as this one, so we ought to thank him for doing double duty today.

We will follow the deliberations of our colleagues at the National Transportation Safety Board with a lot of interest, and we suspect that interest will be reciprocated.

This morning it is truly an honor to have Justice Horace Krever, recently retired from the Supreme Court of Canada. Justice Krever will open our meeting by discussing the duty to inform patients of medical mistakes under Canadian law. This will provide an exceptional opportunity for us to re-examine and perhaps clarify our own recognition of this duty, and we do thank Justice Krever for joining us here today.

The second part of this morning's program will provide us with additional opportunities to understand the rationale for modern error management systems, the results they have achieved so far, and the remaining challenges they face, and we appreciate those who will be participating in that discussion.

The third part of this morning's program will be a discussion of the application of error management principles to medicine, and we're delighted to have here today Dr. Helmreich, who was not able to join us before, as well as Dr. Stephen Small from Harvard.

I understand this afternoon's discussion you will welcome back Drs. Battles, Francis, Kaplan, and Linden, and they will continue their participation in these deliberations.

Last August, the Advisory committee conducted a vigorous discussion of the potential impact on blood safety and availability of the proposed Medicare outpatient pesticide payment system. The concerned raised at that meeting have been very carefully considered by the Department, and they are reflected in the final rule that was published earlier this month; I believe April 7th was the date of the publication in the Federal Register. And tomorrow morning, we invite comments from interested parties on this final rule, and on other matters related to reimbursement for blood and plasma product. I think this is really critical that you give us vital input at this point in time.

Last fall, the Department approved an expansion of the Food and Drug Administration's Blood Action Plan for a set of initiatives, including some recommended by this committee, to assure the adequacy of the United States blood supply. And one of these initiatives was to address the economic concerns of the blood industry. So tomorrow's first agenda item is in a sense a continuation of our commitment to this process. But also on the agenda tomorrow are status reports on efforts initiated by this committee to monitor the availability of blood products and plasma derivatives.

Finally, the committee will hear tomorrow a presentation by Dr. Jean Emmanuel, the Director of Blood Safety and Clinical Technology Section at the World Health Organization, on WHO's proposed global collaboration for blood safety. So it is a pleasure for us to welcome Dr. Emmanuel to Washington, and I look forward to discussions with him and his colleagues. In addition to this meeting, we'll be meeting later, because we really want to view our role from a global perspective.

Thank you very much. I'd be happy to respond to any comments or questions.

DR. CAPLAN: Thank you, Dr. Satcher.

DR. SATCHER: Okay.

DR. CAPLAN: I think you know--and I think Steve had this letter from Secretary Shalala out in front of you, and you'll see that she echoes some of what Dr. Satcher said to us about what she hopes to achieve in terms of receiving advice from the Advisory Committee and the balance between the right of the patient to know and the need of regulatory agencies to get accurate information on error and to have oversight and society's interest in having a system that can find flaws. And we thought that one way to get us into or revisit this question of balancing values was to have someone address us who has struggled with this problem, and we have asked Justice Horace Krever, retired from the Canadian Supreme Court, if he would get us underway in terms of trying to wrestle with these problems. Canada has tried to wrestle with them, sometimes I think on the mat a little more than we have. But I think we can look to this distinguished jurist for some insight as to how to make the balance and compromise that's going to be necessary here. So let me ask you to step forward, please.

JUSTICE KREVER: Thank you, Mr. Chairman. I think the expectations are too high for what I'm about to do. But I want to thank you for the invitation--the honor and the invitation to be here and for giving me the opportunity to revisit Washington. The last time I was here was some 20 years ago, I hate to tell you, to testify before a congressional subcommittee deliberating over a proposed bill, the Federal Privacy of Medical Information Act, which was introduced in the House in November of 1979. I've forgotten the name of the Congressman who sponsored it. Senator Kennedy was the sponsor in the Senate. The bill was, however, unfortunately, never enacted, as far as I know.

I was then conducting a public inquiry into the confidentiality of health information in respect of which I submitted my three-volume report in September of 1980. I will have occasion in a few minutes to say something about that subject.

Just as a matter of housekeeping, I want to make a correction. I am not a former member of the Supreme Court of Canada. I never attained such heights. I am a former trial judge of the Ontario Superior Court, and after that--that was 10 years. After that, for the next 14 years, I was a member of the Court of Appeal for Ontario, which is the highest court in Ontario, but not in Canada. And when I speak of the law, I will not be speaking of the law of Canada. As in the United States, there are provincial interests and Federal interests. My inquiry into the blood system was, in fact, Federal, but when I refer to the legal decision, as I shall in a moment, that was a decision that's binding in Ontario. However, I should add, the text writers have accepted it as an accurate statement of the law in the common-law provinces. As you perhaps know, all of our provinces except Quebec are common-law provinces. Quebec has, as in the case of Louisiana, a civil code. So I don't want to pretend to be talking about something that's formally beyond my judicial competence.

Now, I'm not sure that what I have to say is directly relevant to the agenda for this meeting, but I am confident that it is not entirely irrelevant and may be of interest if only by analogy. My subject is the health care professions and, by extension, health care facilities. I start from the premise that one of the important characteristics of a profession, a true profession, that distinguishes it from, say, a trade or other occupations is the adoption of and adherence to a code of ethics embodying high ethical standards which in most cases exceed legal standards.

Unfortunately, as I shall show, legal concerns sometimes tend to act as impediments in the way of observing one's ethical obligations. But on the whole, there is today a congruence of ethical and legal standards in professional life.

In North America, that is to say, in the United States and Canada, the concept of informed consent is the norm. I should point out that, strangely enough, it is not necessarily the same--the law is not necessarily the same in England. In high judicial authority in England, the court has referred to the idea of informed consent as a transatlantic concept. The idea in England of medical prerogative has not entirely yet disappeared.

From the material, I think, that has been distributed to the members of the committee, you will see in a judgment I had occasion to deliver some years ago, in 1985, to be precise, I held that in law the failure of a physician to inform his patient of an error he had committed in the course of treatment was a breach of duty, though in the circumstances of that case, it did not--the breach of duty did not amount to negligence.

Just a brief description of the case. What happened was a physician was conducting a lung biopsy on a patient, and after the biopsy was performed, the physician told the patient that he had not got a specimen, a lung specimen. Problems occurred with the patient later on, and he was readmitted to the hospital. It turned out that his spleen had been pierced during the biopsy, and eventually a splenectomy had to be performed.

So in the litigation that followed, the question was whether or not liability should follow from the failure to--that was one of the issues, the failure to inform the patient. There was no causal connection between the failure and the loss of the spleen, so that couldn't be negligence. But I held that it was a duty. Nevertheless, I found liability on another basis, on the way in which the operation had been--the procedure had been performed.

But that statement has, I think, been accepted--I was then only a trial judge and not an appellate court judge, and you know enough about our systems of law to know that the higher the court, the more authoritative the pronouncement. But as I say, the concept, I think, is accepted in Canada that there is such a duty.

Now, this standard is not a traditional one. In a new biography of William Osler, who was one of the founders, one of the charter members of Johns Hopkins Hospital and Medical School, and whose name I think is probably familiar to people who know the history of medicine, this is a new biography just published a few months ago by Michael Bliss entitled, "William Osler: A Life in Medicine." One finds this illuminating paragraph. The reference is to the time when Osler was a member of the faculty of medicine at McGill University in Montreal. And it says, "The young professor had effectively become pathologist for the whole city and medical community. As such, he was sometimes consulted by colleagues"--by the way, you're going to hear a terrible grammatical error here, but forgive me, it's not mine.

"As such, he was sometimes consulted by colleagues. A close friend remembered an occasion when a distinguished older surgeon asked Osler to examine a young adult's hand that he had amputated above the wrist for a supposedly malignant cancer. Osler realized the diagnosis was wrong. Rather than show up the old man, he submitted no report, foregoing the fee. When Osler told his friend about the case years later, he said, `No one but you and me ever knew of the unfortunate circumstances, and we have both forgotten it.'"

Now, that's a little over a hundred years ago, and today I think that probably is a bit shocking, especially coming from someone who had the reputation as being one of the greats.

I refer to the intrusion of legal concerns into the observance of what I consider to be ethical obligations resulting in conflicts of interest. If I am right in my view that the fiduciary relationship between physician and patient--by the way, it is now clear in Canada, not just Ontario, because the Supreme Court of Canada has spoken on this, that the relationship is a fiduciary one, not simply a contractual one. But if I am right in that, that relationship obliges the physician to be completely frank with and confide fully in the patient, the potential for conflict is real. Because of the understandable, in today's climate, indeed, reasonable fear of legal liability, the physician contracts with an insurer for protection against liability to a third party, the patient, to whom he or she has an obligation to be frank.

The contract of insurance, however, on pain of loss of protection prohibits the physician from saying anything that would be tantamount to an admission of liability.

This is one of the several reasons why in my report on the blood system in Canada I recommend a no-fault system of compensation.

At the risk of repetition, let me say that the ethical standards at the heart of a true profession are necessarily, I believe, higher than those arising out of a mere contractual relationship and inevitably doomed the paternalism that has traditional characterized professions.

Please indulge me for a minute or two as I quote myself from my confidentiality report of 1980. During the inquiry, the most emotional issue was whether patients should be entitled to access to their own health information. This was a very extensive inquiry lasting a long period of time and arising out of allegations of terrible abuses of patient information. And it turned out that everybody had access to patient information except patients themselves.

So I say in my report, "Perhaps in no other field dealt with in this inquiry have such apparent anomalies arisen than that of patients' access to information about themselves. Certainly no other issue has aroused such intense emotional reactions on the part of persons accustomed by their own admission to the paternalism of protecting patients from precise information."

Then I say: Historically, and even today in Ontario, this issue has been determined by the paternalism of those in possession of the records or other information, but that information was obtained from the patient or, as a result of an examination of the patient, with his or her consent. Only as much information as the professional person felt ought to be imparted to the patient was imparted. Why, many ask, should a patient who wants to know everything that has been recorded about him or her not be entitled to see what has been recorded? The acquirer of that information, after all, did not come upon it as part of a general education or as a result of academic research, but on the contrary, obtained it because of his or her physician-patient relationship with the individual to whom the data relate.

Knowledge is power. Knowledge about another person, knowledge, that is, that the other person does not have, is surely power over that person. Does the therapeutic relationship truly require that a physician have power over his or her patient? Should a physician's judgment that I may be harmed by the information or that I will be unable to handle the information be decisive?

If I, informed by my physician of the risks of reading my chart because of, for example, my lack of familiarity with the medical terminology, choose to run that risk, should I be denied the opportunity? Indeed, is it really true in this era of specialization and subspecialization that every member of the medical profession who sees a patient has such an intimate knowledge and genuine understanding of that patient psychologically and intellectually, no matter how brief the contact, that he or she can have the necessary knowledge to be able to judge whether the patient can cope with the information? Does that accurately describe, as I was told it does, the relationship to the patient of the consultant, the surgeon, the anesthetist, the physician in the emergency department of a large urban general hospital, and the radiologist? And how can depriving the patient of the opportunity of reviewing his or her record be reconciled with respect for the dignity of every adult and mentally competent member of the community that our society wants to be respected--wants to see respected, rather.

The question arises whether preferring insistence on the performance of the ethical obligation over the less onerous legal obligation would not result in a removal of a meaningful sanction, the potential damage award, for compliance with the standard. In other words, if there is a duty the breach of which may act in law--I'm sorry, may not in law amount to negligence, where is the sanction to be found to compel accountability? My answer to that is that it's to be found in the power of the licensing or regulatory body of the profession to discipline members for professional misconduct. And I regard the possibility of losing one's license as a pretty serious sanction.

Now, I seek a further indulgence, and I'm almost finished. A word about the field of risk management. It relates to my no-fault compensation recommendation. I discovered, not really having any knowledge of the field of risk management, which had become, I guess everywhere, even an academic field, I discovered that risk management measures, including third-party liability, in a context in which there can be no zero risk--there's always some risk. Where there is some risk, it's very certain that someone is going to be affected by its occurrence. And third-party liability insurance is thought to be one way of protecting those persons. I don't think it does, but the measures that protect the risk creators but, in my view, not sufficiently the persons to whom the risk accrues.

We all know, as I said, that zero risk is not attainable. I am going to quote myself again, if I may, and take the liberty now of referring to my more recent report on the blood system in Canada. And in a chapter on financial assistance for blood-associated injury, I say this: "The compassion of a society can be judged by the measures it takes to reduce the impact of tragedy on its members. Although the risks to the users of blood components and blood products today maybe low, serious disease and some deaths will continue to occur as a result of the therapeutic user of blood. There is, moreover, always the likelihood that a new and mysterious bloodborne pathogen may strike. As I pointed out in my interim report, it is of little consolation or even relevance to those unfortunate members of our society who suffer from infection caused by blood transfusions or blood products that the blood supply now is adjudged relatively safe. A system that knows that these consequences will occur and what brings them about has, at the very least, a moral obligation to give some thought to the question of appropriate relief for those affected by the inevitable events." And I don't think the tort system in my country and in your country, with respect, is adequate.

I had occasion--again, I'm going to quote myself. I had occasion many years ago as a trial judge in a malpractice action, in a very sad malpractice action, a man was advised who had been in perfect health, an elderly man was advised to have an angiogram. He'd never been in the hospital before, never had any kind of a procedure before. He had the angiogram and became a quadriplegic within an hour and there was, understandably, litigation. And I--it was a long trial and difficult trial, and I was required by the use of what I thought was intellectual honesty to find that there was, in fact, no negligence in the performance of the procedure or in the aftercare. And I, therefore, had to dismiss the action.

This was an elderly man whose wife was even older, she was in her 70s, and they couldn't afford any aid. He needed 24-hour care, and she had to get up twice a night to turn him over. They couldn't afford to enlarge the bathroom to allow a wheelchair to go in. It was a very tragic case. And, unfortunately, the requirement that negligence be shown--that's important--be shown, not whether in all truth that exists we depend on fallible human beings to give evidence in our systems. In any event, I dismissed the action.

In my report on the blood system in Canada, I say this: "The view I expressed in 1983"--and I name the case, Ferguson and Hamilton v. Civic Hospital--"is pertinent here. That was a medical malpractice action involving a previously healthy man who had become quadriplegic immediately after undergoing an angiogram, a diagnostic test. His action was dismissed because he was unable to prove negligence in the performance of the test or in his aftercare. The need for compensation was palpable, but could not be awarded."

I concluded in my reasons for judgment with the following statement: "I confess to a feeling of discomfort over a state of affairs in an enlightened and compassionate society in which a patient who undergoes a necessary procedure and who cannot afford to bear the entire loss through no fault of his and reposing full confidence in our system of medical care suffers catastrophic disability but is not entitled to be compensated because of the absence of fault on the part of those involved in his care. While it may be that there's no remedy for this unfortunate and brave plaintiff and that this shortcoming should not be corrected judicially, there is in my view an urgent need for correction."

My judgment was appealed to the Ontario Court of Appeal, and that appeal was dismissed, but the court also felt obliged to say something about the sadness of the situation and ended their judgment by saying, "We are in complete sympathy and agreement with the penultimate paragraph of the learned trial judge's reasons. The Ontario Health Insurance Plan is the product of a socially conscious society, but we agree that in situations such as the instant one an enlightened and compassionate society, to use the words of the learned trial judge, should do more."

I think we've got a long way to go in our concept of proper measures for risk management.

May I just say a word--I may be trespassing on a subject that isn't mine, but I found it interesting, the discussion, the consideration of a mandatory requirement to report near misses, which I think probably are more accurately called near hits. I found that difficult. I had occasion in my earlier report to deal with mandatory reporting because, of course, mandatory reporting is an invasion of patient confidentiality. So I was interested to see this discussion.

I wondered, though, how one would define near misses that must be disclosed in the medical context, that is to say, where no harm results to the patient. I can see it as being more feasible in the hospital or institutional context. And air traffic seems to me to be possibly different.

How confidential can that information be made, the reporting of the near miss? It would, I think, have to be made inadmissible in evidence in a court of law. Yet in legal proceedings, that evidence may not be irrelevant. If I were acting for a plaintiff suing for damages and alleging negligence, I think I might be interested in subpoenaing records to see if they contained reports of near misses to show that the defendant's act was not an isolated one but part of a pattern.

I don't think I should add anything more to that. I certainly will be interested in following your deliberations.

I think there may be some time for some questions, if there are any, but I think that's all I have to say.

DR. CAPLAN: Thank you very, very much.

Let's open the floor for questions, comments.

DR. HOOTS: Justice Krever, thank you very much, and I think, at least in my own kind of cogitations about this, those issues that you raise are exactly the ones that are most troubling. I'm intrigued by where things stand in terms of the no-fault compensation system in Canada. Is there some near-term prospect for development of such a system, something that we could perhaps learn or emulate here in the U.S.?

JUSTICE KREVER: I think the short answer is no. There has been complete silence. It's perhaps understandable. I see no discussion among the legal profession in legal journals or meetings of lawyers. It's not something I think the legal profession, for, I guess, obvious reasons, have absolute conviction that our system is right. The fact that there are material interests involved I don't think they recognize. I think they're saying--I think they're being objective when they say that, that they're worried about the rights of the injured plaintiff who, under the litigation system, will almost inevitably recover a huger--I shouldn't say huger--a much larger award than a no-fault system would provide. But not all plaintiffs' actions are successful. I gave you an example of the kind that I think causes a lot of problem.

Some of the persons who came to grief over the infected blood during that terrible period have received as an act of grace from the government compensation. But my recommendation was for compensation not only to them, it was a recommendation that they be compensated, but that the legislation in the provinces should be amended to provide for another mechanism for giving financial assistance than the tort system.

DR. CAPLAN: Jim?

DR. AuBUCHON: If we could return to the last situation you mentioned, Justice Krever, about disclosure and the conflicts between what may be most appropriate or in the best interest of a particular party versus the best interest of the system, if I could frame this in the aviation industry mode that we are going to be discussing later today, there has been some discussion lately in this country about the design of the tail of the Boeing 737 and whether or not it is as safe as it should be.

If the designers--and I know no particulars about that aircraft, but if the designers of that aircraft or someone working on it thought that the tail was potentially flawed and if the manufacturer could report that or individuals using the aircraft could report it without fear that they ultimately would be sued because they had some information and didn't act on it, it is that not more likely to yield the situation that we are ultimately hoping for, and that's a safer aircraft, as opposed to the individual plaintiff's ability to get hold of the information that someone knew something at some point and, therefore, they can be held liable.

It seems that our society's desire to find someone who's at fault and pillory that person and gain some financial benefit from that at times prevents us from really doing what we would like to do, and that is, not have the accident in the first place.

JUSTICE KREVER: Well, I think the use of the word "pillory" is unfortunate. I don't think the purpose of litigation is to pillory anyone. It's to spread the loss, usually by the insurance principle. But I don't disagree. I mentioned that in my report on confidentiality I had to deal with a number of occasions in which there is an obligation on persons, very often physicians but not only physicians, to report. In Ontario, there's an obligation on a physician to report child abuse, for example, if it's suspected, the condition of a person who has a driver's license that suggests it should be somehow modified or shouldn't exist at all, or of a pilot, or sexually transmitted diseases and other diseases.

Those are all breaches of confidentiality, but there's a transcending interest in society that that information be made available to authorities. And so I don't--as I said a few minutes ago, I can see it in aviation safety, but I don't know--one of the most frequent errors in medicine, I am told, in hospital medicine, are medication errors. People are given medication that is intended for other people rather than for them. The dosage may be wrong. I think probably it's the most common medical error in hospitals, leaving aside surgical errors. And very often nothing happens to the patient, no harm comes to the patient.

If the obligation exists to report that that error occurred, what's the sanction that compels someone who realizes no harm has occurred, I just messed up, how effective will it be? And if it is reported, I can understand protecting it from people in litigation. But what about the patient himself or herself? If I'm right in saying that I as a patient should have the right to have access to anything in my record, do I not have the right to see that? Or is that put in a different record?

As I understand hospital practice, I am sure in North America generally, not just in Canada, if something occurs to the patient such as a fall or something, there's an incident report that has to be made. I'm not sure how well known it is that there are such reports or whether people seek them in litigation. But, you know, one of the things that I think is wrong is that we should be so concerned with litigation that our moral obligations take a second place. I don't think they should.

I don't know that anything can be done about it. We live in a litigious society. That's not an answer to your question, but the short answer is I don't disagree that it would be a good thing and that in some situations the interests of the larger public and society as a whole must transcend those of the individual. The question is have we got the right cases for that principle.

DR. CAPLAN: I have a question for you, Mr. Justice. It goes right to this issue of collecting information, reporting incidents and near hits. It is true that you would be giving up the right to litigate if we created a policy that kept this information off limits from the court. But it's also true, isn't it, that there are other means to obtain the very same information? In other words, if we created a reporting system and said you can't use that, but if you want to go to court and find out, you can still interview people, you could still attempt to investigate and find out what was going on. Is there a way to balance the drive to secure compensation for harm without no fault through litigation, still take the reporting system off limits, if you follow me, but allow people to still investigate anyway, just not go to that particular pool of information to bring their case?

JUSTICE KREVER: I see what you mean, but I'm not sure that the information would be available in any other way if you made it secure against disclosure. I don't think anybody would think of asking were there other incidents--well, I shouldn't say that. Perhaps that question would be asked, but there's no sanction to compel honesty in the answer.

DR. CAPLAN: That may be a truth we would let you escape from this panel with--oh, Larry, go ahead.

MR. ALLEN: Justice, I had a quick question. You mentioned the possibility of somewhere down the road there might be an issue in the blood supply, again, as far as another pathogen. Has there been any discussion in your country regarding that possibility and what to do about treatment or compensation for those affected?

JUSTICE KREVER: No. As I say, nothing has happened and no discussion is taking place on the question of compensating people who may be affected by a future disaster. No. The answer is no.

DR. CAPLAN: Well, I want to thank you for your presentation and actually for sharing that experience with us. And I hope you'll let us call upon you in future as we stumble on in our own deliberations here.

Let me take that 10-minute coffee break that I promised at this point in time. I'm going to ask Mr. Allen to come up and take the chair when we return, and let's do the break and be back in 10 minutes.

[Recess.]

DR. NIGHTINGALE: Could the meeting please come to order?

Mr. Allen?

MR. ALLEN: [Presiding.] Good morning, again, everyone. The next speaker is Mr. Ron Westrum. He's going to talk about the scientific foundation of medical error management.

DR. WESTRUM: Thank you very much. It is a great honor to be invited back to speak to this committee.

Could we have the first slide, please?

Dr. Nightingale has asked me to talk to you about the scientific foundations of error management, and in particular, about the Reason model of accident causation. Since even Professor Reason himself took two books to expound the subject, I'm sure you can appreciate it's not an easy task to do this in a few minutes. However, the central core of Reason's argument I think will be sufficient for my task.

Next slide, please?

Now, in describing the foundations of modern error management, it will be useful to see accidents as coming about through two sources of failures: those at the operating or sharp end of socio-technical systems, and those at the blunt end, away from the scene of operations, but still part of the organizational context.

Since the control of operating errors will be very ably handled, I'm sure, by Bob Helmreich later this morning, I'm going to concentrate on the second set of factors, those pertaining to the organizational context.

Next slide, please?

Beginning in about the late 1970s, there were two parallel developments that created our modern understanding of systems failures. The first of these was a series of major technological accidents.

Next slide, please?

These accidents included aviation disasters such as Mount Erebus, industrial explosions such as Bhopal, railway collisions such as the one at Clapham Junction in England, marine collisions and sinkings such as that of the seafaring Herald of Free Enterprise, nuclear accidents like Chernobyl, and, of course, space accidents such as the Challenger tragedy.

These accidents were often investigated by the judicial branch of the government and yielded understand in depth of how these man-made disasters took place. The thorough investigations of these accidents showed that far in advance of the accident, events had taken place in the organization itself to compromise safety. These latent pathogens, as Jim Reason would call them, often had slumbered silently until the accident revealed the weaknesses that they represented.

For instance, in the Mount Erebus crash in New Zealand, an airliner flew into the side of the mountain. But while the pilots who had made the operating errors were initially held at fault, the very profound inquiry later showed that the most serious problem was that the flight management system of the airliner in question had been reprogrammed without the knowledge of the crew. The pilots flew the aircraft into a mountain without knowing that one of their key systems had been tinkered with without their knowledge.

The report further commented that the flight had, in fact, been set up through a series of management failures and that such failures were typical of the way that the airline operated. And it is the general finding from this and other investigations of systems failures that when operating errors are committed by those on the front line, they often combine with such hidden weaknesses to produce the accidents. The investigations of accidents like Mount Erebus provided the major fuel for the second line of developments.

Next slide, please?

The second set of developments was the sophisticated theoretical examination of these major accidents by academic experts who expressed their ideas through books on the nature of systems accidents.

Next slide?

For purposes of exposition, I will choose the three most important. The first of these was a book by Barry Turner, "Man-Made Disasters," which was published in 1978. Unhappily, this book went largely unnoticed and had almost no impact on the accident investigation community, although it presented a highly sophisticated analysis of many, particularly British, industrial accidents.

The second book, however, was Charles Perrow's "Normal Accidents" in 1984, and it landed on the scene at exactly the right time. In the wake of Bhopal, this book was read with exceptional interest. Perrow's book emphasized the complex dynamics and tight coupling of high technologies and suggested that some, like nuclear power, might even be too complex for humans to manage safely. Perrow's book showed how social science analysis might contribute to the analysis of accidents. It also brought the involvement of many social scientists, including myself, to the field of safety research.

The third book--could we have the next slide?--was James Reason's book, "Human Error." In this book, Professor James Reason of the University of Manchester proposed a model that has since become the international benchmark for understanding the nature of safety in large systems. In "Human Error," Reason set forth the idea that we could understand systems accidents by considering the dynamics and co-existence of the hidden faults that he called "latent pathogens." A latent pathogen is an act or an omission that causes a weakness in the organization of defenses. While errors at the sharp end are easy to spot, the latent pathogen, said Reason, lurks unseen until events reveal its existence.

Every organization, then, has a larger or smaller population of these hidden weaknesses. Reason argued that the specific pathway leading to an accident was difficult to predict, but that the general probability of an accident was a function of this population of pathogens.

Next slide, please?

Now, this is the Reason model, as it is ordinarily seen in aviation safety and other conferences. Reason suggested that latent pathogens were rather like the holes in Swiss cheese of the protective layers around the organization and that you could think of the organization as being defended by a series of layers like this, but with faults. And so he also suggested the sheets might move around and, therefore, that what might be the latent pathogen at one point might not be at another. But the key, said Reason, was that when you get these holes lining up, then the dangers, the external forces affecting the system can get at the socio-technical core and destroy it.

Next slide, please?

Only when there is a complete line of open holes between the outside world and the technical core of the system can the accident take place. Now, as you see in this diagram, basically systems are protected by a series of defenses, and it is the compromise of these defenses which the latent pathogens represent. And latent pathogens can come about as a result of local workplace factors or organizational factors. But often the unsafe act by the operators is simply the last link in the chain that allows the accident to be completed.

Obviously, what we need to do, said Reason, is to drain the swamp that produces these latent pathogens. Reason saw many organizational forces contributing to the integrity or deficiency of the system's defenses.

Now, the aviation community immediately rallied around this model and made it their own. Unlike Turner and Perrow, Reason liked to travel and he liked to speak at conferences, and over the ensuing years he spoke at many meetings on aviation safety. He also consulted widely in the petroleum, aviation, marine, and railway communities, and in each of these communities, by the way, he developed systems for reporting latent pathogens.

I'd like to emphasize that one of his greatest accomplishments was the practical implementation of the ideas that he suggested through a series of systems for the railways, for the aviation industry, for the petroleum industry and so forth. Now, some of these, because they were public organizations, have been published in detail. Others, because they were proprietary, have not.

Reason's model has become the common language through which complex accidents can be understood. I remember being at one conference where six speakers in a row got up and showed Swiss cheese diagrams as a kind of academic overkill. The popularity of this model obviously comes from its wide application. It's generally felt, as I said, this provides a common ground for discussing system safety.

Next slide, please?

But I think it's important to see what the real implications of this model are because they're very different than the ordinary way that we respond to accidents. Reason's approached stressed the build-up of accidents along unforeseen pathways. This meant that the typical blame and train approach will not work to prevent future accidents because it always emphasizes avoiding a repetition of the last accident rather than providing a strategy for avoiding the next one. Since the exact pathway that the next accident will take is not known, it is the general identification and removal of the latent pathogens that is key.

Let me put this in a different way. In the past, each accident has been investigated on its own. The aviation system was able to learn, for instance, from each accident and then fix the specific problems that had allowed the accident to take place. Sometimes this meant a mechanical fix or a new device such as a ground proximity warning system, and sometimes the passage of a new rule or a standard. This item-by-item approach accounts for a good deal of progress in aviation safety. But Reason's approach is not just to learn from accidents since accidents are infrequent, but also to monitor the accident-prone situations in the system itself. And I'd like to quote here from his book, "Avoiding the Risks of Organizational Accidents."

He says: "Are companies doomed to fighting the last fire or trying to prevent the last crash? The answer must be yes if complex, hazardous organizations continue to rely principally on outcome measures in order to navigate the safety space. But there is a workable alternative: the regular assessment of the organizational procedures that are common to both quality and safety. Latent accident-producing conditions are present now. It's not necessary to wait for bad events to find out what they are. But we cannot expect to remedy them all at once. Systems need principled ways of identifying their most urgent process problems in order to deploy their limited remedial resources in the most efficient and timely manner. Making and acting upon proactive assessments of the system's vital signs together with the intelligent application of near miss reporting will not guarantee freedom from accidents. What it will do is take an organization closer to the only reasonable achievable safety goal, acquiring the maximum amount of intrinsic resistance to hazards and sustaining it."

Now, this is what Reason means by draining the swamp rather than swatting each individual mosquito. The organization's culture is a breeding ground for latent pathogens, and only by drying up the processes that produce these latent pathogens can progress effectively be made. Yet even further on this point, there is no magic bullet by which we can kill the latent pathogens. What we are talking about here is a fundamental change in the organization itself, a change which moves the organization toward what I've called the culture of conscious inquiry. Such a culture makes visible the state of the organization's vital signs.

Next slide, please?

Now, a second implication of Reason's model is to cast a spotlight on the role of management. The judges who directed the investigations into the previously mentioned accidents did not satisfy themselves with simple explanations, but conducted profound inquiries into the circumstances of the accidents. They often found that the errors made by the operators at the sharp end, as I said, were simply the last links in the chain that had been building up for some time.

But why weren't the errors detected? Why weren't they corrected? If poorly trained people committed errors, who was responsible for the lack of training? The reports often showed that it was previous actions or inactions by the firm's management that had let hazardous situations develop unchecked.

In the sinking of the Herald of Free Enterprise, for instance, the immediate cause of the accident was a bosun who failed to shut the ferry's bow doors because he had fallen asleep. But why was there no back-up? And why was there no sensor that would tell the ship's bridge that the bow doors were open? Thus, also in the Reason model, human error in the ordinary sense is much less critical than the observation that management sets the scene for safe or hazardous operations. Management does this in several ways.

First, it picks the actors in the drama. If it picks faulty actors, we should not be surprised when they do dangerous things.

Second, management sets the goals and creates the pressure to reach these goals. Many unsafe situations are the evident result of management pressure to achieve production goals by compromising safety.

Third, management sets the physical scene. If the equipment, the spaces, and the budgets are not adequate to get the job done right, who has the control that could provide the right stuff? Usually it's management.

Finally, management sets up the active dynamics of the situation through its creation of organizational structures, rules, and standards. Management empowers or disempowers. It either gives the operators the powers to do the job or it doesn't. And most of all, by the standards it sets, management lets the workforce know what is expected, what will be monitored and what will be rewarded or punished. The Reason model then directs attention to the dynamics of the system as a whole, not just at the operating personnel.

Next slide?

The Reason model is, thus, universal. It is not just an aviation model but a universal model of all accidents that applies to basically all industries. And, of course, Jim Reason would be the first to admit that the model is not perfect and is capable of much improvement.

All this suggests that the model applies equally well to medical situations. I think this is manifestly true of the situation in regard to the blood supply, and it is very well illustrated by the outstanding report of which Mr. Justice Krever is the author on the Canadian blood system failures. I would like to take a moment to recall briefly what some of these failures were.

Next slide, please?

In essence, beginning in 1982 and continuing for many years afterwards, the organizations in Canada responsible for the safety of the blood supply allowed it to become contaminated. They allowed distribution of this contaminated blood, and they consistently underestimated and caused others to underestimate the dangers the blood supply presented. The result, as we know, was the infection and death of hundreds of Canadian hemophiliacs as well as others infected through blood transfusions.

Similar contaminations occurred in other developed countries and still occur in even worse forms today in the underdeveloped world.

The immediate impression we form reading of these events is one of dishonesty, including self-deception, appalling carelessness, and indifference to the lives and well-being of the patients dependent on the blood system. And yet the decisions made by the individuals responsible for the contamination were not simply the result of personal moral defects but, rather, of systematic forces.

And we know this must be so, because in very different countries with very different blood systems, similar, although not identical, mistakes were made. These organizations did not have a culture of conscious inquiry. They often acted on the basis of preconception. They did not keep track of the internal states of the system, and most surprisingly, they continually tried to prevent change in a system that was failing them and would end up harming many of those who depended on a safe blood supply.

While a complete analysis of these failure must wait for another day, the striking thing to me is that these events were shaped by the very way that the organizations had been set up, by the terms of reference they had been given and by the institutional constraints under which they operated. This at least is my first reading of the report.

So, last slide, please. Let me sum up the argument that I have made here.

The organization's approach to preventing and coping with error is shaped by the will to find out what is going on within the organization. The organization needs to know where errors are being made, because where accident is a rare event, error is common. The situational forces that encourage making errors, whether these forces come from human factors, management pressures, or even more insidious dynamics set up by the structure of the organization itself.

The removal of latent pathogens should be the common goal of all organizations committed to safety. The best way this can be done is to empower the work force to take action and to provide for them the sophisticated tools to do the job. I personally believe that near-miss reporting is one of these critical tools. Thank you.

MR. ALLEN: Thank you very much, Ron.

Are there any questions from the panel?

[No response.]

MR. ALLEN: The next speaker is Scott Griffith.

CAPT. GRIFFITH: Thank you, Dr. Westrum.

I was telling Bob Francis, when you were putting up the slide of the swiss cheese, it seems that every conference I attend, six or seven slides of the swiss cheese model goes up every single time, and I see these visions of airplanes flying through swiss cheese.

[Laughter.]

CAPT. GRIFFITH: You know, ultimately I think, all analogies break down. Otherwise, they wouldn't be analogies.

But what I'd like to do today is tell a story, and I would like to do so without the aid of slides or a Power Point presentation, because I think that the story is important, and the story is about ideas. These ideas are not unique to the aviation industry, but I think that it's up to you men and women to determine whether or not this story that we'll tell about aviation has applications in your field.

It's unfortunate that Linda Connell couldn't speak to you today, because I think she would set the tone for what our program provides. Her program--let me say just a few words about the Aviation Safety Reporting System. NASA ASRS, which is the Aviation Safety Reporting System, was established in 1976, and it was established under the auspices of aviation safety through the Federal Aviation Administration, and the program was established to encourage the voluntary reporting of critical flight safety information, and the program has been in operation since that time. It's been very successful, but it is limited in its scope and its design.

The program was designed to offer two types of immunity, and I'm going to speak a lot today about what that terms means to us. Make no mistake about it, where you need to go eventually does not involve what has classically been described as immunity. But the Aviation Safety Reporting System at NASA set up two types of limited immunities from FAA enforcement or legal investigations. And the first immunity that they offered was called use immunity, which basically says that the FAA, should they discover the report that a pilot or a mechanic or a dispatcher turns in, they would be prohibited by regulation from using that report against the individual. It did not prevent the FAA from taking legal action or pursuing an investigation, but at the end of that investigation, if it was determined that the pilot, dispatcher or mechanic had actually deviated from the regulation, then they would waive the penalty or the sanction associated with that finding.

Now, since 1976--I don't have the exact numbers--but there have been hundreds of thousands of confidential reports submitted to the ASRS, and it's been phenomenally successful in its design to collect and gather information. And we talk about near-misses or near-collisions, these are the types of reports that have to be gathered if you're going to get an accurate assessment of the operating environment. In the aviation world, what you don't know truly will eventually hurt you. And what we found to be true is the incidents or the near-misses are a better indicator or precursor to accidents than true accident investigation. Obviously, when a major catastrophe occurs, it is imperative that we go and investigate and learn what happened, but oftentimes we do so without the benefit of context. We don't know the environment that existed prior to that event taking place, so we're faced with putting the pieces of the puzzle back together retroactively.

And I think that's the situation that you may find yourself in today. When a tragic event occurs, you can isolate it to the circumstances surrounding that event itself, but you may not have the benefit of all the background and nuances that may have led up to the situation, and it could have turned out completely different.

And what we see is that, in the aviation world, events happen so rarely, tragic events, that risk-taking behavior or poor performance behavior is reinforced over and over again until something bad happens. So if you're truly going to minimize the accident rate or the potential for accidents, you have to address the incidents and accidents that may lead up to that, and those are the kinds of pieces of information that lie below the surface.

The ASRS has been, as I mentioned, very successful in gaining access to that information, but the NASA ASRS was not set up to do what we call corrective action. But by its very nature it was set up as a research organization to look at the trend and the aggregate of the data. What we decided to do, about seven years ago, was take the best of what we thought were the programs that were available at the time.

At American Airlines we looked around and we saw what systems were available. We looked at the NASA ASRS. We looked at a program that US Airways had started in 1992 called the Altitude Awareness Program. I won't bore with the details, but specifically, that program targeted a certain kind of deviation that was occurring at that particular airline, and they got together, the private association, the airline, and the FAA, and said, "Let's put our best people together and try to analyze why these events are occurring." So they collected data for about 18 months, and the FAA agreed during that time to not take legal enforcement action in exchange for gathering that information.

What we did at American Airlines was we looked at that concept, and tried to adopt it to a much broader application. So we took elements from the ASRS, elements from the US Air program, and elements from a program called the Air Carrier Voluntary Disclosure Program. And that program, in essence, was established around 1992 as well, which said that if an airline deviates from a rule or regulation, that if the airline discovers it, reports it to the FAA within a timely period, and provides a comprehensive fix or a corrective action, then the FAA will not take legal action against the airline in the form of a sanction or a penalty or a fine, but they will close it out with what is known as administrative procedures.

So with that small piece of background, we decided to try to combine elements from all three of those efforts into one program that looked at pilot errors, mechanic errors and dispatch errors in a way that was non-punitive. Now, don't misunderstand. When I say the program is non-punitive, it truly is non-punitive within the confines of the program itself, but it does not prevent the Federal Aviation Administration from taking an active role in the process of error mitigation. It does not offer immunity. It offers what we call corrective action, and that's a very important concept to understand, because the ASRS program was designed to gather information. And they did so by offering a limited type of immunity.

The ASAP program, the program I'm describing at American Airlines, the Aviation Safety Action Partnership Program, was not designed to provide immunity; it was designed to provide a legal alternative to the FAA's method of enforcement of the regulation, and when you go back and look at aviation history, there is a sound basis for establishing a program like ASAP. If you go back and look at Public Law 103, Title 49 of US Code, it describes the administrator's responsibility to enforce the regulation in the manner that best tends to reduce the possibility of recurrence of accidents. And that's an important concept, because there are those in the industry that believe that the only way to reduce accidents is to provide a negative incentive or a disincentive for that type of action. And I'm not trying to discount the effectiveness of it. If you look at aviation statistics over the years, you see that the accident rate has plateaued. And sharing with Bob Francis--and that's the other slide that we typically see--there's a slide that's produced that shows the accident rate over time. And what we saw prior to the early 1960s was a very high accident rate, followed by the advent of jet engines, and higher maintenance reliability engines and airplanes became more reliable. So the rate flattened out, but what we've seen over the past 30 or so years is a plateau, and why that's disserving to us is because as the demand for aviation increases and the number of flights goes up, with the flat rate, the total number of fatal accidents has been increasing year over year, and that's a very disturbing fact.

So what we're looking at doing is trying to uncover why we're at that plateau, why can't we increase or decrease our rate by uncovering new and innovative ways to improve safety. So I'm not discounting the traditional methods that have worked in the past, such as FAA surveillance, government oversight, NTSB investigative authority. Those kinds of things are very important and vital to a safe aviation industry. However, it has not proved successful in lowering the existing rate, and we believe there are ample opportunities to drive that rate even lower by using the best of both worlds.

If you take the traditional FAA enforcement and you say that has been somewhat successful, now we've provided a program, which I'm going to describe to you, which encourages the voluntary reporting of aviation-related incidents and accidents.

The program was established in 1994 at American Airlines. Since that time we have received approximately 22,000 reports. Not all of those reports indicate a failure of a person, but an observation perhaps that could lead to an incident or accident. And less than 1 percent of the 22,000 reports that we have received at American Airlines, would have been known to the FAA outside of our program, less than 1 percent. Actually, it's less than half a percent.

So what that tells us is that the ASAP program, the first benefit to us is that it allows us to see a clearer picture of the aviation industry. Now, NASA will give you the same information because they have even greater access, nationwide and worldwide, to events that take place, but NASA doesn't go in and achieve what we think is vitally important, and that is corrective action. NASA set up in the aggregate to take information and uncover trends and statistics, and they do publish bulletins to the industry at large and to the FAA which talks about the trends that they see, but they're not tasked with going in and achieving corrective action with individuals, and our program does that. So I ask that when you consider reporting programs, whether they be mandatory or voluntary, look beyond just gathering the information, because you've got to be able to go in with the individuals and insure yourselves that you have corrected it, not only with the system or the procedures, but with the individuals. And then you take the next step and try to educate the other professionals to let them learn from the experiences of others. So there are two steps that need to be taken, not just gathering the information, but actually taking corrective action with those individuals.

The program is designed to encourage the reporting of any information that could prevent an accident. We have certain criteria for acceptance. The reporter must report the event within 24 hours of the time that he or she is involved in the event, or the time that he or she becomes aware that the deviation may have occurred. Now, we have accepted late reports because the individuals truly didn't know that they had made an error, but from the time that they become aware that they've potentially made that error, they have 24 hours to report it. NASA requires 10 days. And again, the reason for that is because NASA doesn't go in and take immediate corrective action, or corrective action.

The report has to be an inadvertent or an unintentional act. We do not accept deliberate disregard for safety or security. We do not accept criminal behavior. If we get a report that indicates drugs or alcohol may be involved or other criminal activity, then we will turn that information over to the proper authorities. So we do not offer immunity from criminal action.

Furthermore, we do not offer immunity from civil action, because we take every report, and because it's set up jointly between the Federal Aviation Administration and between the airline and between the Pilot Association, we must reach what we call a unanimous consensus, which is a somewhat redundant term, but it forces and agreement unanimously amongst all parties. And it's very important because it has set up a balanced approach to error management. We collectively go in as groups that have traditionally held widely divergent positions and even adversarial relationships, and worked together in a harmonious way to achieve what we think is the greater good. If you look at the rights of the individual versus the rights of society at large, you can balance the two. It is an important concept to understand. Historically we haven't done a good job of that, but we can balance the public safety interest with those of the individual.

And what we've done is we've provided an environment where the individual comes forward, explains what happened in some detail. We will meet with that individual if necessary, call them in for additional training. We achieve corrective action in many forms. Sometimes the forms of corrective action involve additional simulator experience for the pilot or a line training event. Sometimes it involves a change in a procedure or a change in a systemic concern that we might have with air traffic control. We work together collectively to achieve that balance and that corrective action. And once that information has been gathered, the event has been corrected, we take that information, publicize it to all of our 12,000 pilots, and try to achieve corrective action in the larger sense by sharing that information with others.

As I mentioned, we received over 22,000 reports, and less than 1 percent of those would have been known to the FAA. A certain greater percent would have been known to the airline, but even so, it would have been far less than what we've learned today under the program.

In terms of the ability to insure the appropriate use of the information gathered from the program, again, you've got to balance the needs of the society at large with those of the program. We have unfortunately been involved in two accidents at American Airlines that involved litigation. In 1995 there was a subpoena placed on information arising from our program by the Federal District Court in Miami, and it was, in our mind, a watershed event because it allowed us to the opportunity to state the case for the assurance of appropriate use for this information, and in fact, the judge awarded us a qualified privilege based on common law. However, we had made the argument that this information should be exempt from discovery on the basis of what's known as self-critical analysis. And forgive me, I'm not an attorney nor a physician, so when I speak in terms of other professions, I may get some of the terms wrong. But we made the argument on the basis of self-critical analysis, which basically says to us that if an airline or a corporation has an event or an accident, and there are legal proceedings resulting from that, the airline has an obligation to go in and try to learn what happened, to try to uncover why this event occurred. And in doing so, you often explore areas that may not have been explored otherwise. You may chase down a particular trail that might have in the end no bearing on what actually happened, but in doing so you might learn more about your airline and take corrective action.

But the thinking on the self-critical analysis piece is that you should not then be penalized for going forward and doing what I call the right thing, but when you made the argument--when we made the argument in court, the judge refuted that argument and said, "No. I'm more concerned with the effect that discovery would have on the participants in the program based on common law, similar to the relationship that exists between a patient and a physician." And so he said that it would have--and this is an over-used term--a chilling effect on aviation safety because the reporters, the pilots, the dispatchers and the mechanics, would no longer feel free to report these events if it was used in a manner that they didn't expect or outside of the intended purpose.

And you see this over and over again in aviation, where you have issues related to the recording devices on board aircraft, the cockpit voice recorder, the digital flight data recorders. There's discussion now on Capitol Hill about putting video cameras in the cockpit. And all of these issues surround, in my mind, our inability so far to balance the issues, whether it's a privacy issue with the individuals or an issue with litigation in the discovery process, or the Freedom of Information Act if it's a government body. All of these issues have to be balanced, and in doing so, we have to keep focused on the greater good to society, public safety. And we believe--and it may take some time--but we believe that we can show that programs like ASAP and like the ASRS and a program called FOQA, which is described as Flight Operations Quality Assurance, we believe that these programs ultimately will prove to be the way that we reduce the accident rate, the way that we drive that rate down even lower by exploring these human factor related issues.

And I suspect that in your field, many of the issues that you're struggling with, with computer technology and newer devices to assist you in the operating rooms and in the health care, are similar in nature to the issues that we faced in aviation, because we've seen an onslaught of technology in the cockpit designed to make our jobs better, whether it's through reduced workload or increased reliability, but what we've seen is that every time a new piece of technology comes onboard our airplanes, there's another human element to it that we discover after the fact. And although I'm not qualified to speak on it as Dr. Helmreich is, it is an issue that is a basic human factor issue, and it applies to more than just aviation I believe.

But we must balance the issues that I'm sure you're facing related to discovery. We have the discovery process through, not only civil litigation, but through the Freedom of Information Act, and most recently, the Congress has directed the FAA to write regulations which would exempt certain pieces of voluntarily supplied information from discovery through FOIA. It reminds me in many ways of what the US military has already done, and I wonder sometimes if we're failing to learn from our experiences of the past, but within the US military, when an accident, an aviation accident occurs, there are two investigations that take place. One is the safety investigation, which is privileged, and there's case law that supports that data being exempt from discovery under the executive privilege, because it is deemed to be in the interest of national security. And then there's the legal investigation which takes place, at the same time, and using some of the same information, but not all of the information. And so I think that there's a model there that has existed since about 1948, which says the US Government has the right to go in and learn the truth, or as Paul Harvey says, "The rest of the story" about what really happened, and then take action to prevent its recurrence.

And at the same time there are the rights of the plaintiffs and the attorneys and the families of the victims that have a right to know basically what happened, and yet, those two are not mutually exclusive, but often it's construed or it's perceived to be something that's mutually exclusive.

So I think the challenges that you're facing today are much the same as we've been facing in aviation for some time. I don't want to give you the impression that we have succeeded completely in the aviation world. We have a long way to go before we can achieve what we feel is our ultimate goal. However, we think that we are on the right track. We think that the only way to reduce our number of accidents is to pull the veil back, look at what's happening out there, try to take corrective action on each and every event, and then share those experiences with the other operators and the government authorities and work together in a harmonious way to achieve benefit for the greater good. And we do think that public safety improvements are not mutually exclusive with the designs and desires of other parties.

I think that we need to tell the story, and I appreciate the opportunity to come here today to talk about these things. We need to tell it in a way, in a responsible way to the media. Many people in the aviation industry are very skeptical and nervous about telling the story when it comes to these type of programs, but I believe ultimately we're going to have to do that. We're going to have to allow the news media access to the process of these programs.

The first reaction that you get when you talk about trying to exempt information from discovery or to protect certain pieces of data, it tends to make people think you're trying to hide something. That's the perception. I'm sure many of you have dealt with that in many ways. But if you take the long-range approach and if you look at the greater good for society, we have to do both. We have to preserve our ability to give the public information about the processes that we use and we approach safety in these manners, and you have to be able to insure as a society, as an organization, or as a government oversight agency, your ability to collect that information, and then go take the next step to corrective action. So there's a delicate balancing act that needs to be accomplished, but it can be done.

I guess at this time I should open the floor for questions, doctor. We'll just go around the room, starting on the right here, and move to the left, I guess.

MR. ALLEN: Dr. Piliavin.

DR. PILIAVIN: Hi. I'm a little confused about all of these different kinds of programs, and particularly you said that there's only a small percentage of the things that your program at American Airlines gathers as reports that would go into the FAA. And I quite understand that the focus is different, is that you have this corrective focus, and theirs is a data gathering, but just in terms of what kinds of reports you get and what kinds of reports they get, I don't understand the difference. Why are some of the things or most of the things you gather not the kinds of things that go to the FAA?

CAPT. GRIFFITH: Okay. Let me clarify one thing. The NASA program, when I spoke about the ASRS, that voluntary program, that is sanctioned by the FAA, but it doesn't go--those reports, you understand, don't go to the FAA.

DR. PILIAVIN: Right, okay.

CAPT. GRIFFITH: The FAA has regulations that require legal investigations. If I as a pilot deviate from a regulation, the FAA is required by law to investigate that and take corrective action. But there is no--in the sense of a mandatory reporting requirement, there is--and it wouldn't be enforceable even if it happened--but there is no mandatory requirement for a pilot to come forward and say, "I deviated from the regulations." Historically what's happened is the Federal Aviation Administration has a vast team of inspectors that they use to do surveillance, and they do that surveillance by going and observing you in the cockpit, watching you fly, and getting reports from air traffic control. But that limited insight to what's actually happening is what I think has left the FAA unable to see the entire picture, because they don't have--even if they had--they'd have to have enough inspectors to track every single pilot every day to see the clear picture of what's going on.

DR. PILIAVIN: This NASA program, what's that based on?

CAPT. GRIFFITH: The NASA program is based on the ability to turn in an information on a report voluntarily, and it's done confidentially so the FAA does not have the identity of the pilot who reported it.

DR. PILIAVIN: Okay. What's the difference between that and the ASAP program?

CAPT. GRIFFITH: The ASAP program--actually, every report that comes into us at ASAP goes to NASA. We send it there to contribute to that database, and get that information into their system. The difference is, is that the ASAP report, if a pilot turns in an ASAP report, he stops the legal investigation with the FAA, and the FAA has agreed that if the pilot achieves corrective action, they will close that event out with administrative procedures rather than legal findings.

DR. PILIAVIN: What happens with the voluntary reports that go into the NASA program?

CAPT. GRIFFITH: When a report goes into NASA, it stays on a file. They make it confidential. They track it with a number. If the pilot should be investigated independently by the FAA, and they take him through the legal process and they find him guilty of the violation, then the sanction or the penalty is waived if the pilot can show evidence that he participated in ASRS. So the legal investigation, the finding of guilt or innocence, and up to the point of imposition of sanction, the legal process is still in place with the ASRS.

DR. PILIAVIN: I'm still confused. I thought you said that a very small proportion of the things that you collect is available to the ASRS. And now you say you send everything to the ASRS.

CAPT. GRIFFITH: No. Available to the FAA. Less than 1 percent of our reports would have been known to the FAA.

DR. PILIAVIN: Okay, all right. Now I have it straight I think. Thank you.

CAPT. GRIFFITH: It is confusing. The NASA program--the FAA--if I can be candid, the FAA has been less than full in their support of the ASRS because the FAA only sees that information if they make a request to the Freedom of Information Act, and they only see it in the aggregate. They don't see the individuals involved. They don't know if the event that they're investigating was exactly what happened in a report. They can't track those reports one-to-one. So they are prohibited from using that report on their investigation. It's only used, in the FAA's eyes, to offer limited immunity.

The ASAP program is different in that the FAA sees the report, talks to the pilot, uses that information directly to close out their investigation with us, but they do so using administrative procedures rather than legal findings.

In a pilot's world, the obstacles to reporting in any system are discovery or punitive use through enforcement. In other words, a pilot's not going to come forward and tell you what happened if he thinks that you're going to give that information to the FAA and it will be used against you, self-incriminating. But imagine what it would be like--and Bob Francis raised this question to me--if a pilot was required to tell what happened, admit his errors to the passengers, as you do in your world. I mean I can imagine trying to make a PA's telling, "Well, I deviated from an altitude", and explaining it to 200 passengers in the back. And I thought, well, if you're going to do that, why don't you just take the next step and say not only tell what happened but tell why it happened, and then tell what you're going to do to prevent it from happening again.

Yes, ma'am?

MS. LIPTON: Captain Griffith, I just have a question about--it really relates to corrective action and two quick questions. The first being, do you think that public acceptance of really what I call a non-disclosure rule, is--do you think that corrective action or telling people that corrective action is required is an important part of that public acceptance? You know, we've been talking here, but we really haven't been talking about corrective action. We've been talking about collecting data about things, but not requiring anything in return for that. And it sounds that--you think that's very important.

CAPT. GRIFFITH: I think it is the single most important element of our program. I mean, it's a critical first step to identify where the concerns are, and NASA--I'm a wonderful supporter of the NASA program--it is a means of identification of what's going on, but as a private citizen, I would say I want to know that my government or my airline or the pilot associations are working to correct those issues, not just identify them. So, yes, I think that that is the most vital element of our program, is achieving corrective action.

MS. LIPTON: The next question is, once you collect that corrective action, do you ever go back and see that that corrective action actually works?

CAPT. GRIFFITH: Yes. And because this approach that we've taken ties in with the work that's been done in human factors research, Dr. Reason and others, we're seeing that these are human issues more often than they are technological. If we could go in and put a widget on an airplane to stop it from crashing, we'd go put it in. And in fact, we've done just that in recent years. But each technological improvement that we put on brings a complexity with the man-machine interface, so what we've done is we've tried to drill down below the probable cause, if you will. And Bob Francis and I were talking on the break. We've historically gone and tried to blame someone or some organization for a failure, and when you--and the NTSB to some extent has done that by going in and trying to reach a probable cause determination, which they're tasked to do. But in determining a probable cause, it's often a simplistic approach. You can say that if a baggage cart runs into an airplane on the ground, the probable cause is the failure to maintain adequate separation between the baggage cart and the airplane. Well, that doesn't get you very far in preventing the next one. You've got to be able to go in and say, "What are the contributing factors? Why do we think it happened? Where do we think we are at risk in the future?"

So you've got to be able to go down to the underlying level, the underlying causes, and what we see are basically human issues. Pilots make mistakes when they're tired. They make mistakes when they're under conflicting interests or distractions. When you're performing several tasks at one time, which I'm sure is the same in some of the operating environments, when you're performing several tasks at one time, sometimes you tend to focus on something that's more immediate, but it might not be the most important task you're performing. So prioritizing those duties and responsibilities and minimizing distractions, being cognizant of the external and internal pressures that are upon you, and forming a hierarchy of what tasks should be accomplished first and with which order of priority, is the kind of thing that you can get down into the lower levels. And we see the same things that cause altitude deviations cause navigational errors, which cause other types of concerns. But only getting that information can you go down and track it.

And I think the answer to your question, the long-term measurement, or the measurement of the success of these programs is going to have to be long term. You're not going to say that year over year, this year versus next year, you're going to see a dramatic drop. If it were that easy, we would have done it years ago. You're going to see something scientifically I think which is sound, in that you're taking the right approach, but in dealing with a non-linear dynamic environment with somewhat chaotic behavior, you're going to have to measure those trends and statistics over the long term. I think it's going to take between 10 to 20 years as an industry to accurately measure the rate reduction that we're going to achieve. But we're looking for something that is long term; we're not looking for a quick solution unless it's a lasting solution. We're looking for something that long term is going to be effective in reducing these rates down lower. And I think if you take the short-sided approach, you're going to be subject to variations which may skew your results.

MS. LIPTON: Thank you.

CAPT. GRIFFITH: Yes, sir?

DR. GUERRA: I'm interested in what you just said, and putting it into a context of--I guess as one increases the awareness of, you know, the potential near-misses or near-hits and the breakdown in whatever the techniques might be that are recognized by somebody as contributing to that pathway. And you used the terms of say 22,000 reports that have gone into this system, and that it's obviously going to take a long time to see if there are in fact any changes that occur that would indicate that, yes, things are getting much better.

What is your observation though in terms of those reports that get into the system, that are then investigated, and are either substantiated or not substantiated? Because I think that there is such a wide scatter, you know, some judgment call sometimes or based on experience or lack of experience or whatever, however one perceives something to be potentially a dangerous, what is that observation?

And then the second is, at what cost does all of this take place in terms of the investigation, obviously, the anxiety, the apprehension, all of those things that add some complexity to it?

CAPT. GRIFFITH: Okay. Let me answer the second question first, at what cost. I think it's a cost that is--it's a hidden cost, because if you don't take this type of approach--and it's been termed by Bob Baker, our vice chairman of the airline has said, that what you have without the ASAP program is the immunity of silence. And I say what you don't know will hurt you. The cost involved in the program are the costs of manning it, supporting it, but it's more your ability to create or foster an environment of trust and cooperation. And because we have the regulators and the pilot associations and the other employee groups, and the airline management, working together as a team, it's a great leap of faith for an individual to say, "Hey, I made a mistake, and I'm going to come forward and tell you exactly what happened." Because we're all human. And when I'm flying an airplane and I make a small mistake, the first thing that goes through my mind is, who knows about this? And it takes a leap of faith to say, "I'm going to do the right thing, and I'm going to come forward and I'm going to tell the story about what happened."

Now, what we've seen over a period of time--and again, the American Airlines program is kind of like an experiment. It was a microcosm, if you will, because it was 10,000 pilots. Now we've grown to 12,000. But it's been a contained system. We have seen a linear increase in reporting volume month over month since the program started. Now, we've got to establish a baseline that says, "Well, this is where we think the threshold is or the baseline will be established", but even though we've seen the volume of reports steadily increase--which is to us a good thing--we're getting the confidence of the employees, and that's what's required to make this successful--we have driven within certain categories, certain events have gone down, even though the total reporting volume has increased. So we've been able to measure some success.

But you've got to develop the cooperation or the reporters, the front-line employees. And in your world I'm sure it takes the form of several different occupations within the medical field, but you've got to develop the ability to reach out to them and have them come forward and tell you what they're seeing, because as managers or supervisors, you're not going to see the day-to-day activity that they see, and you're not going to be able to take corrective action until you know what's happening. So you've got to develop that relationship.

In the aviation industry it's a little bit different than others in that--well, actually, it's a lot different. We come under large employee groups that tend to have collective bargaining agreements, so there tends to be ways in which you can apply a program or a rule or a regulation that will affect a large group of people at one time without the various subgroups in there to lobby against that type of action. So in the aviation world there are--and in the US maybe--I'm guessing here--50,000, 60,000 airline pilots, most of which come under large collective bargaining agreements. So we've been successful in working agreements with those associations and unions to say, "We're going to handle these programs in this manner." So their union goes back to the employee and says, "We think this is a good thing and we have signed it."

In fact, I guess I failed to mention, the ASAP program, one of the reasons that we have succeeded is that we put the details of our program in writing as a binding agreement between the airline, the FAA and the employee group. We set it in writing. Now, that's not to say that it didn't change and evolve over time, but we started with a 5-page document, and then we've expanded it now to about 35 pages. But there are some basic elements in that program that I think would apply to any industry. You've got to have unanimous agreement by the group that's charged with evaluating these reports, and you've got to have the ability to take corrective action that you all agree on unanimously. Otherwise, it's too easy to go in and take an institutional position.

I'm not sure I answered your question. Would you like to follow up?

DR. GUERRA: Well, the point that you didn't answer though was of those that are reported to you and investigated, how many are substantiated in a way that you know either you need to take some actions, some disciplinary action, or that it is going to affect some behavioral changes?

And I raise the question, because I think we oftentimes get into the dilemma, which I think we've observed many times over on the medical side of things, and as an example--and the Justice referred to this previously in his comments about prevention of child abuse, for example--as the awareness has increased about, you know, the conditions that predispose or that ultimately are recognized is the abuse or neglect of a child. The number of reported cases has just steadily been increasing, but at a tremendous societal cost and disservice to the--quite often the care takers of the children, and sometimes to the supposed victim of that abuse or neglect, because of the stigmatization and because of all of the other things that fall out for cases that are not very well substantiated. And I think that we can get into a very similar dilemma with this kind of a system.

CAPT. GRIFFITH: I think what you're asking is how do you know when you take corrective action and how far do you go with that. And in our mind, there's a threshold, depending on the type of event, that if the severity of the event or the implications for--potential for future occurrence at other areas is there, that there is a threshold. And you say, "Well, these events we see a lot of them, and yet the impact is minimal." Then that's sort of noise below a threshold. But because we're working as a team, that threshold has moved beyond where it would be with just the airline itself if we were looking at the events ourselves, because we work closely with the unions and we work closely with the FAA. So collectively we set the bar, and if an event rises up, either in severity or in frequency of occurrence, then we go in and we say, we're going to go look at this one a lot closer.

And because we have to have unanimous agreement on that, there's a checks and balance approach taken by saying it's not just one party saying, "Well, we don't think that's an important event, or it's not worthy of continuance" as a group. And it makes me feel good as a private citizen that the FAA is a full partner in this, because now the FAA, who is charged with government oversight, has the legal responsibility to investigate these events, even though they're investigating far more than they would have in the past, they have to satisfy their legal requirement.

So you set your threshold based on the type of event or category that you're looking at, and if you were involved in issues such as you've described with child abuse, with a potential for widespread abuse and applications, I think that you would have to look at placing the threshold low enough to say, "We've got to take action with these events, and then educate people on the consequences in a way that maybe hasn't been done." And if you can organize the program in a way that has that check and balance, where you've got perhaps a government agency, hospital administration staff, and some peer group represents you, now you're bringing in the resources of three separate organizations to achieve that, and I think you have to be able to go in and adjust that bar based on collectively what you think is a problem.

Other events that might be lesser impact on your system, you might set the bar in a different place and say that we're going to trend these data out and see what shakes out of it. But on something like child abuse, if you wait to trend that information, you're hurting a lot of people.

MR. ALLEN: Dana?

DR. KUHN: Yeah. You had talked about the successes of a voluntary disclosure, non-punitive, but corrective program. The two questions I have are the other side of the coin, perhaps from the passengers' perspective. Are air crash accident victims--or should I say their beneficiaries--compensated, or is the only mechanism of compensation for these accident victims received through the purchase of the flight insurance, through those little boxes at the airport? And that's the first question I have.

And the second one is if an air crash occurs--and maybe it's due to the turning screw in the tail flap of a 737, or maybe it's because a pilot has logged more hours than allowed, or maybe he indulged in a little alcoholic beverage--how many victims' families bring lawsuits against these airlines, or do they have to establish a cause of action or negligence before they can even bring a lawsuit against the airlines?

And then I guess part of that question also is, is there a protective mechanism which the airlines have to dissuade lawsuits, such as--I know with blood products, there's a Blood Shield Law.

CAPT. GRIFFITH: Well, you're asking questions that I'm afraid I'm not qualified to answer. I will give you--like most pilots--my opinion.

We see at American Airlines that invariably when someone gets hurt, someone's going to sue. Now, it's the fact of life that we all live in, and perhaps you more so than us. But we do see class action suits brought against the airline. What tends to happen is that the airline tends to deal with these on a case-by-case basis. And of course, we work with our outside attorneys and insurance brokers to try to minimize the impact on that, but every airline does it a little bit differently, and we do see a high activity rate in litigation stemming from events, and I don't think that's going to diminish.

In terms of compensation, you know, there are international treaties which describe ceilings and limitations on the means of compensation or the total amount, and those issues tend to be anachronistic in the sense that they were based on a law that was in place back in the 1940s and in other laws.

But what we see today is an awareness on the side of the plaintiffs' attorneys or those that represent the victims, an awareness that the aviation industry is collecting more information, and so they, understandably, have targeted programs like ASAP and FOQA and ASRS and Voluntary Disclosure, and internal audit processes. They have targeted that information for discovery. I think it's a fact of life. And if you're a plaintiff's attorney and you feel that you're doing the right thing for your client, and you're serving his needs or her needs, then you tend to be zealous in your defense or your attack.

What I think though as a society that we may be missing or we are missing, is the accomplishment of a greater good for society by educating the public before an accident occurs as to the process of investigation, and that we can work with the regulators--it's extremely important, from my perspective, to say that the agencies that are involved in oversight of aviation, the FAA and the NTSB, are actively involved in the management of these programs and oversight, because it increases my government's ability to do that oversight and prevent accidents. And the goals of the NTSB and the FAA are actually identical, which is to prevent accidents, promote aviation safety and prevent accidents. The means by which they accomplish that is sometimes vastly different, but the goals are the same. So it's important as a citizen, as an employee, and as a manager, for me to know that the government is actively involved in that.

The civil litigation side of it, that I'm sure you're dealing with in different ways than we are, is not going to go away. And I'm not sure that we can depend on individual decisions in district courts to put in these fail-safe methods or assurances, but we need to raise a dialog. We need to talk about it in Congress. We need to talk about it in the press. We need to let the media know why we are attempting to do these programs. And I'm convinced that we can tell a story which will make sense, because if we don't, then there's going to be this veil of uncertainty, and the public is going to say, "What are you trying to hide?" And I think we just need to raise a dialog to the level of education in this country.

MR. ALLEN: Dr. Epstein?

DR. EPSTEIN: Captain Griffith, could you just clarify for me, just so that I can be sure I understood. You said that the group acts through unanimous consensus. But the component elements of the group are the airline, the employee group, such as the pilots' association, and you never actually stated the third. Is it directly the FAA?

CAPT. GRIFFITH: Yes, sir, it is.

DR. EPSTEIN: It is, okay. Given that there are a hundred-fold more incident reports than would otherwise be reported to the FAA, does the FAA actually review each of these 22,000 reports, or do you somehow review them subject to a pre-agreed standard or threshold? Because in essence, if the FAA now has to look at 22,000 reports, there's a tremendous implication to that agency of this system. So I want to ask a very precise mechanistic question. Given that there are a 100 times more reports, given that the FAA is a partner in deciding action through consensus, are they actually engaged in reviewing all the reports?

CAPT. GRIFFITH: Yes. They receive every report we get, unedited, unfiltered, and they review it at the same time we review it.

DR. EPSTEIN: But they review it without the identifiers?

CAPT. GRIFFITH: They review it--it's a confidential system. It's not anonymous. But what we do is we redact the individual's name from it, but his employee number is there, and we have the means as a group or a body to go and retrieve that information.

DR. EPSTEIN: Okay. And can you also state explicitly, is that report then not subject to FOIA?

CAPT. GRIFFITH: That's correct. It's not subject to FOIA today because the FAA reviews the report, and while it's an active open investigation, they have been successful in fending off, if you will, the FOIA request, because it's an active investigation.

DR. EPSTEIN: How about when the investigation is complete; is it then open to FOIA?

CAPT. GRIFFITH: Well, at that point the FAA returns to the airline all copies, all had copies of the report--and they don't keep electronic files--all they keep record on are the administrative closures, that if an event occurred, they document how it was closed out, and the airline retains all information related to recommendations and findings and solutions that were achieved, but those are held by the airline on site at the airline.

DR. EPSTEIN: But if an FAA employee, for whatever reason, happened not to, you know, purge his e-mail, and the case was, as you say, closed, it would then be discoverable under FOIA, would it not?

CAPT. GRIFFITH: What would be discoverable would be the records that he maintains, which are the closures to the event, the administrative actions. He would not have--we don't transmit the report via e-mail, so he wouldn't have a record of the event itself, other than the closure in his files. He doesn't keep the event description.

DR. EPSTEIN: Thank you.

MR. ALLEN: Dr. Hoots?

DR. HOOTS: Just to follow that up a bit, the proposed rule changes--we have a lot of briefings in terms of the responses to the proposed rules change, which I think are very insightful, about the broader issues of individuals within the society versus the society at large. And it's probably the most analogous situation other than error itself to what we have in medicine and transfusion, and that's the competing interest side of things. As the FAA is proposing these rules, what you just described is what's in place now, correct, at the present time?

CAPT. GRIFFITH: Yes, sir.

DR. HOOTS: And the proposed rule would specifically increase the FAA's access to specific information; is that not true?

CAPT. GRIFFITH: Yes. The NPRM, Notice of Proposed Rule Making, describes the method by which the FAA would exempt certain pieces of voluntarily provided information from discovery, and I noticed in the briefing packet that was included in there, yeah.

DR. HOOTS: Right. So in terms of these broad responses that we see both from unions, the industry, from plaintiffs' attorneys and all, you are optimistic that somehow this--that some consensus--

CAPT. GRIFFITH: Yes.

DR. HOOTS: --among these competing interests could be achieved.

CAPT. GRIFFITH: Yes.

DR. HOOTS: And you believe that education will do that. Do you think since the intent of Congress was actually to take what you've had as a very good idea, "you" being the industry, like the ASAP program, and make it more--and it seems to me, correct me if I'm wrong, a little more compulsory, and a little bit more broadly reaching in this way--and maybe I'm not inferring the right thing, but that's what I thought--then that actually raises the angst of the newspapers because of freedom of information, et cetera, over all of this, whereas up to now, when you've done it voluntarily in-house and then provided aggregate information to the FAA, they pretty much have been closed out of the deal anyway, but once the FAA gets closer in, then they're afraid they're going to be closed out of things that perhaps they would never have access to anyway, but now they would have access to.

So how do we--how do you resolve that in your mind in terms of these competing interests? Is education still going to solve that issue, or is this going to go to finally Congress just deciding that the rules met their intent and we're just going to do it if they accept what the FAA has proposed?

CAPT. GRIFFITH: Well, I think that it ultimately will go to Congress. I don't think education is the only approach that has to be taken, but, yes, I think Congress is going to have to act. But what I do think is going to happen though is that the FAA will not make these programs mandatory. I don't foresee that as happening in the near term, the ASAP program. I think that there are opportunities there to do digital monitoring, video cameras in the cockpit, and other programs that have gotten a lot of attention. But I think they have--after some time--I mean we could talk for hours on how we have convinced the FAA over a period of 6 years to finally allow other carriers to operate our program, because for 6 years they haven't been able to. American Airlines has been the only airline in the US that has had this program because the FAA didn't understand, and the Justice Department didn't understand, how the NASA immunity was different than the ASAP corrective action.

But I don't see these programs as becoming--as least this is my view--I don't see them becoming mandatory in the near term. I think because the collective bar is going to be raised, airlines and pilot associations will do these programs because it's the right thing to do and because there will be some peer pressure. If you don't do these programs--and the case can be made that an airline would be negligent for not doing something like this--for not doing all that they could do to promote aviation safety. In fact, if you read Public Law 103 in Title 49, it talks about the administrator's obligation to promote aviation safety and hold the carrier to the highest standards. I don't think it will become mandatory, but I think collectively, as airlines see that they can do these programs successfully, you'll see intense peer pressure to do the right thing. But I just don't see it being something that's going to come in and be made mandatory.

Now, FOQA is a different story because it's a technological capability that has been enhanced over the years. The public knows about it. Congress has been interested in that. And so it's easier to say you will go put this piece of technology on board and then, of course, you have to look at the cost and the long-term benefits. But how do you mandate a pilot or a physician or a health care professional to come in and tell the rest of the story, particularly when we have the Fourth Amendment which prohibits--and the Fifth Amendment which prohibits self-incrimination? I mean, how can you mandate someone to come in--now, in the military--and I'm a civilian pilot, so those of you that are in the military might correct me. But in the military world, you are ordered to tell the truth. You are ordered upon penalty of court-martial for not obeying an order. But they take that information, and they make it privileged. The safety investigation is held separately from the legal investigation.

So there's a lot we can learn from that. I don't think you're going to see an ASAP program become mandatory, but I do think that there will--so, in that sense, what the FAA is doing is saying if it's a voluntary program, then we have an expectation to treat it a certain way. And I think that that will be successful in the long run.

MR. ALLEN: Dr. Davey?

DR. DAVEY: Captain Griffith, of the 22,000 reports that you have gotten, are they all reports of one's own mistakes or are some of them observations that perhaps some--an error performed by someone else? For instance, you observe your copilot making a mistake and that person may not elect to report that error. How is that handled under your system?

CAPT. GRIFFITH: That's an excellent question. It's a self-reporting program. The intent of it is to report on your--to tell your version of what happens. And Linda Connell speaks very eloquently about the bias that's contained in a pilot's report. Make no mistake, when a pilot turns in a report, he's seeing it from a certain perspective. But it's a very important bias. In fact, it is so important that we require each cockpit crew member on board an aircraft to--if they want to be in the program, they have to turn in their own report, which is--in our world, historically the captain of the aircraft has spoken for the entire crew. So he would turn in a report, and everybody else would just sign on the bottom line.

But if a pilot turns in a report that says my cockpit crew member didn't perform up to the task, then we will investigate because it's important to us that if we identify something that could potentially cause an accident, we are obligated to go investigate that, whether that individual turns in a report or not.

Now, we are prohibited from using information from one pilot against another pilot in any disciplinary fashion. But we're not prohibited from contacting him and making recommendations to prevent that reoccurrence whether or not he or she turns in a report or not.

What tends to happen most of the time is when we contact the other individual that didn't report, then they will come forward and report as well, because even though we guarantee that we're not going to take that information and use it against them, there is the risk that should that information be discovered outside the program from another source, that action would be taken against them.

So there's two motivations for a person to turn in a report. One is a negative motivation, that if he doesn't turn himself in, somebody else will and he's going to then be faced with some kind of action; and then there's the positive motivation that says most of the time somebody will say, well, I didn't think that was that big of a deal or it wasn't that important.

But we are required to investigate every report that comes in, even if it's against another employee, but we don't use that information in a disciplinary fashion. We will, however, make a recommendation, if it's serious enough, that that individual be removed from duty with pay pending the results of our investigation. We just guarantee that we don't use that for disciplinary purposes.

Let me finish--follow up on that. What we see a lot of times and the most interesting reports that we get are those that involve not only pilots but dispatchers and mechanics. And I think what you would see in your area is that it's not just one occupational area when an event occurs. It's generally the involvement of multiple employees or multiple health care professionals.

We see events that a pilot looked at something and thought it was okay to go, the mechanic maybe signed it off improperly, and the dispatcher didn't correct their oversights. So those are the most valuable reports in many ways because now we can take three independent perspectives from three different job descriptions, each of them looking at the event a little bit differently, and put it together and find out what happened.

A lot of times we'll get a report from a pilot and a dispatcher and the mechanic didn't report or vice versa. But we go investigate that with the employees, and more often than not, those individuals turn in an ASAP report as well. They come into the program, and now we can achieve corrective action with all three groups.

MR. ALLEN: Dr. Goosby and then Dr. Chamberland.

DR. GOOSBY: Yes, in looking at the expectation that you've presented by the collection and reporting of data around misses, near misses, hits, you create a surveillance capability that feeds into a system in the American Airline model as opposed to the NASA model that moves into a system that takes corrective action. And with the American Airline model, you had a 24-hour reporting requirement, and the NASA model was 10 days, if I remember it right.

CAPT. GRIFFITH: That's correct.

DR. GOOSBY: Can you give the committee a eel for the feedback that goes into the identification of a consensus problem and then implementing the resolution to that problem that you've identified? What kind of a time loop in the feedback component of that are we looking at?

CAPT. GRIFFITH: On the ASAP program in American Airlines?

DR. GOOSBY: Yes.

CAPT. GRIFFITH: A pilot will turn in a report that every day we review, my staff reviews the reports that come in, along with the FAA and the Pilot Association. If an event takes place that is time-critical or the severity of the activity is high, then we'll take action as soon as we receive the report. And a lot of times we'll get notified of the event before they have time to turn in the report. Obviously, if there's an incident or an accident or a near miss, I'll get a page and we'll know about the event.

So we oftentimes speak to the pilot--not oftentimes. Sometimes we speak to the pilot before they actually get a chance to turn in a report. On the time-critical reports, we'll be on that event posthaste.

The follow-up on that is generally we initially would remove the pilot from service with pay pending the investigation. If a pilot--let me give you an example. If a pilot comes in and strikes the tail on landing, the nose of the aircraft comes up too high and he strikes the tail, and then the airplane lands, as a passenger you might hear a scrape in the back, you might not. The pilot might not even know that it occurred. But if it's reported to us, by whatever means, we'll take that pilot and we'll go in and say, okay, you're going to be removed with pay until we can have a chance to go in and look at it. He turns in a report. He comes in, he tells us from his perspective what happened. Now, we take the flight data recorder information, and we look at this event. These aren't even accidents, as the NTSB would classify them. They're just incidents, so to speak. But it's a precursor to what could have been a much worse scenario.

So we'll take action. If we've removed him from service, it might be a week before he comes in, we meet with him, we take action, and then he's back on the line. But if it's something that's extremely serious that could be an accident, we might investigate it that day or the next day and then put out an advisory message to all the other pilots because it could be something that could affect another flight immediately.

So every little event is different in that respect. The average time it takes to resolve a corrective action is generally about three weeks, generally. But those are events that we don't have a concern that this pilot shouldn't be out flying. We make a judgment that is this event--is the mistake that this pilot may have made serious enough to warrant his removal from service? That's the first question we ask. If the answer is yes, we'll take him off and we'll investigate, but knowing that he's not going to be out there flying. If it's something that other pilots would be affected by, then we'll take action that day, put out an advisory and take whatever steps are necessary.

Most of the events that we see are air traffic control type events where it may take us three weeks to secure a copy, an audio copy of the air traffic controllers' tape, the conversations on the radio between the pilots and the controllers are recorded, and then we get information from the controllers about those. So we'll request the tape. They'll send it to us in the mail. We'll listen to it, bring the pilot in, review it with him, and then take corrective action.

Most of the time, these events don't require removal from service. So we go in and make a value judgment every day that we look at a report. But the average length of time to resolve an event is about three weeks, as opposed to the FAA's legal investigation process, which can take up to two years. And it might be something that is very serious. It might be something that the pilot failed to do properly and requires corrective action with him, but because they're constrained by the legal process outside of ASAP, it may take certainly months and certainly in some cases up to two years to resolve.

And, by the same token, the NTSB's investigative protocol is such that they come in and investigate an accident, and it might be a year or more before they can come up with a determination of probable cause and recommendations and findings. As an operator at an airline or the FAA, we can't wait two years or a year or even two months, in some cases, if it's something that we feel could happen tomorrow.

So one of the advantages of the program is that if you have an active event review team, you can go in and take action in a very short time, or if it's such that it doesn't require immediate action, it can be resolved in a matter of days or weeks. But it's certainly an improvement in our industry over what the FAA historically has been able to accomplish.

DR. CHAMBERLAND: You've alluded to this a couple of times, and I wanted to see if you could amplify a little bit more to make sure I had a good understanding of this. My questions concern the analysis and the dissemination of the data that you collect. It seems that there is an awful lot of intensive one-on-one, three-on-one, whatever, feedback that occurs immediately with the individual. But I'm interested in--I'm presuming that your reports are some combination of narrative as well as standardized data fields, you know, time of accident, type of aircraft, whatever.

How do you analyze your data, your aggregated data, and how does it get disseminated? For example, I'm sort of thinking of analogies in what we do in public health or in medicine. But do you publish reports, and to whom are they circulated, that describe the last three months we had X thousands of reports and you somehow stratify them in ways that would make sense to you, X occurred at night, X occurred at day, by type of aircraft, by experience?

So can you give us a feel for how you analyze the data and feed it back and who are the recipients of this analysis?

CAPT. GRIFFITH: That's another good question. We take our reports and we produce the narrative, the identify to the pilots. Now, initially, when we started the program, we published every single report to our pilots. We found that was really too much information to digest. More is not always better.

But what we did, we still do, every six weeks we publish a newsletter which summarizes the types of events we're seeing and some trends that we've identified, and we provide statistics by category of event and by aircraft type, and then we provide a sampling of the narratives. We highlight the ones that we feel are most indicative of the groups we're seeing. Or we might have one that stands alone that is worth publishing, and we publish that to all 12,000-plus of our pilots every six weeks.

In addition to that, if it's something that's immediate, I might send out a message to all of our pilots electronically on our computer system that they would have access to before they sign in for work on a given day. So we have means of alerting them to immediate items, immediate-attention items.

There is some risk in doing that because once you've disseminated it outside of the core group, there's a risk that an individual out of 12,000-plus pilots that one might go to the news media with the report.

DR. CHAMBERLAND: Well, that's my next question, which is--I don't recall reading any New York Times articles about American Airlines has a system in place and they receive X thousands of reports, and there were X number of deviations in, whatever, altitude, tail-scraping events, et cetera. So I was curious about your thoughts, because this I think is relevant to some of the discussions that will take place in our group today, about the wider dissemination of information.

I'm assuming it is not currently done, but someone--if you're disseminating it to 12,000 pilots, it's easy to see how it could potentially go beyond just a group of pilots and others. Has that happened? Have you been approached by not just media but by passenger organizations or something like that for this kind of information? And what has your response been? Do you think there's a role for dissemination of this kind of information to the consumers?

CAPT. GRIFFITH: Absolutely, I think that there is a role. But I think that that role is different than what the news media would like to see. That's an understatement, I guess.

But the challenge is to turn data into information, to take all the realms of data that we get and then take that information, or that data and condense it into corrective actions or trends or highlights that can be shared. We think the information is most valuable at the source, at the airline level. Sharing that information with another carrier is extremely important because we can learn from them and they can learn from us. That's an improvement. So we think that there are means to do that, to share information.

We think it's also important to share this information with the NTSB and the FAA outside of the offices that work directly with the program. When the NTSB goes in to investigate a catastrophic accident anywhere in the world, they shouldn't go in looking at just that event in a vacuum. They should have the context worldwide of what may have led up to that, and they should look at it with independent eyes.

The airlines have looked at it, the FAA has looked at it, and we've come up with a recommendation. There should be a way for us to get that information to the government and to the other carriers. And then, lastly, the public at large needs to be--I think the first step in educating the public is to let them see the process, let them understand the role of government in these programs, but giving them the raw statistics, the raw numbers that could be used to rank or rate carriers against each other.

The potential for misuse is extremely high. When you look at the ways that airlines collect information today, it's not standardized. Now, we've got a report that is--our airline has a reservation system that we invested in mainframe technology back in the early 1970s, and that system has served us well. We happen to use that same computer system to get our reports from our pilots. So we are constrained by older technology, whereas the newer off-the-shelf technology off of PCs and Web-based systems can allow you to do greater analysis. And our people are working with Dr. Helmreich and others at the University of Texas to develop a standardized reporting format electronically which would allow you to do greater analysis or better analysis in a standardized way. And we're going to--and we've also worked with NASA to make sure that we're comparing apples to apples with them.

The best example I have of not doing that is our airline in one particular year some time ago, we had over 1,000 reports in that year of pilots who had approached an altitude and not leveled off at the appropriate altitude. An altitude deviation, we call it. I guess in Great Britain they call it a height bust.

We compared our statistics to another major carrier in the U.S., and they published a magazine, and in the back of that magazine, it said that they had five altitude deviations that same year. And by all other measures, we are a comparable airline in any other way you choose to measure us. But yet the method by which we looked at these events was vastly different.

So if that information had gone to the New York Times, then it would have said American Airlines has 1,000 altitude deviation and Brand X has five. And so then we would have felt that that would have been unfair treatment of those statistics.

But what needs to happen is that the New York Times needs to understand the different methods of collection and the goals of these programs and that Brand X may approach safety from this perspective and we may approach it from another, but ultimately we're going to arrive at the same point, the same destination.

DR. GOMPERTS: To follow up on this train of thought, the data that you generate internally with your own evaluation team obviously goes out internally to the pilots, as you've indicated to us. But what is the relationship to the FAA and through the ASRS system? Does that data go into the ASRS system? Do they collate it, evaluate it, and send out the information? If you could just try and tie those two programs together.

CAPT. GRIFFITH: Excellent point. We send every report--we made a conscious decision to send every report that comes into us to ASRS, and they're dealing with a much larger volume, you understand. They collect it, they identify it, and look at it in the aggregate.

We give information to the FAA and other means. We will advise them when we see something from our airlines' perspective that we notice to be a trend. We'll send it up to the FAA administrator.

What I think could happen and should happen is that as the other airlines start developing these programs, you would have the ability for the airlines to come together periodically and see if they are detecting the same trends from different perspectives. NASA could then serve the role as facilitator. If each carrier turns in reports to NASA like we do, they would look at it with an independent set of eyes and have a greater ability to say, well, at American Airlines they're seeing altitude deviations represent 30 percent of their reports, at Brand X they're seeing it's 40 percent or 50 percent. You know, there's some disparity there.

I mean, we could come together with NASA as facilitator to say this is what they're seeing, this is what we're seeing individually, and then share information between the two organizations.

It's something that, quite honestly, hasn't happened yet because up until now, we've been the only carrier that has this program. And the program is not perfect. I mean, we've got a long way to go. But what we really should be doing, and are doing, in fact, is strategizing on how to ensure that each airline has the same ability to collect information and then compare apples to apples, and then I think the NTSB and the FAA and NASA should come together as the government and collectively look at this information and then take certain pieces of it back and review it independently for the different purposes, but together as a government they can form a council that looks and oversees the way the programs are running at the airline level.

It's a concept that I have proposed a number of times, and I think that we're a few years away from achieving it, but I think that ultimately we have to share this information with the government agencies, and they have to assure us of the appropriate use.

There's a proposal called GAIN, the Global Access Information Network--Global Aviation Information Network, and Chris Hart, who is, I believe, the Assistant Administrator for System Safety at the FAA--it's an idea. It's a concept that information sharing is good. Well, of course, it's good. But it's only good if you preserve your ability to collect it in the future and if you can take corrective action and show real safety improvement.

But there's a move afoot to share information. We're trying to make that movement move in the right direction so that the information isn't used inappropriately and inhibits our ability to achieve it in the future.

MR. ALLEN: Thank you, Captain Griffith.

CAPT. GRIFFITH: Thank you very much. I apologize for the length of time.

MR. ALLEN: Not a problem. Thank you.

We're going to take a 10-minute break to give the next speaker time to set up.

[Recess.]

MR. ALLEN: The next speaker is Dr. Robert Helmreich. He'll be here discussing the application of error management principles to the operating room.

DR. HELMREICH: Thank you very much. Of course, being a typical American and never terribly compliant with rules and regulations, I sort of changed it around a little bit. But I will sort of do what you asked, but I'm going to broaden it a bit.

I want to start with a little bit of our background in aviation. I'm honored to be able to follow Scott Griffith, who is truly one of my heroes in aviation. I think I really want to make the point that I think the aviation experience is important for medicine. I think they're a great match. We have some factors that are really shared. Safety is a superordinate goal for both of us. On the other hand, we're limited by cost. Both involve teams and technology and varying levels of risk and lots of sources of threat and error, and also in both groups, there is an enormous amount of second-guessing when things go wrong, both the public's perception and in terms of litigation.

I think the fact that medicine is recognizing the parallels is really illustrated by the British medical journal. I think this is the first time I have seen a broken airplane on the cover of a medical journal in quite an interesting issue.

Just to give you a quick look at what our group at the University of Texas is doing in aviation right now, we've worked on a methodology to see what crews really do on the line, which we call the Line Operation Safety Audit, or LOSA, where we look at under total non-jeopardy conditions how crews actually manage their flights and how they deal with threat and error. And we were very pleased that the United Nations, in terms of the International Civil Aviation Organization, has just endorsed this as an optimal method of assessing system safety.

The second part I don't need to expand on. Our group has worked on a database front end for ASAP, which actually asked crews to indicate systematically factors that either hindered or helped the resolution of the situation and also asked for some recommendations for avoiding it in the future. And, of course, Scott identified one of the major airlines. The other is Continental. And I invite you to test drive this form. It's on our website, which we'll make available.

We've also collected survey data on the effects of what we call the three cultures on performance: national, organizational, and professional. We have data so far from 26 countries, so we have a fairly broad model.

We've also developed a model of threat and error management which is a little different from Reason's model in the sense that it doesn't stop with the commission of an error or a disaster, but focuses on how teams manage the threat and the error.

And, finally, we have worked on formal training, usually called crew resource management in error management, and worked on methodologies for that.

In terms of the medical program, which is much newer, there are many parallel factors. We've been looking at the effects particularly of organizational and professional culture on medical personnel. It's a starting point baseline to look for improvement, and we're working with a number of interesting organizations--Kaiser, University of Utah, a group at Harvard, the University of Texas, and the University of Washington.

We've also been doing some work supported by the Daimler-Benz Foundation to adapt this model of threat and error management to medicine, and I'll give you an example of that. We're also working on the development of a methodology to observe team behavior in the operating room, and I'll show a little bit of those data.

We're also planning to adapt the incident reporting model to medicine with the same kind of format, to make that available, and, finally, to see if we can adapt the training in aviation in teamwork and communication to the medical setting. And I feel considerable promise in that.

So the data I think are very parallel. I won't go through it. We are actually working on very much the same kind of data, and it is all driven by kind of a recursive model of team performance that's only important in the sense that you have to know how many different input factors people bring to the table or to the cockpit or the operating room that influence performance, running from their physical condition and attitudes and the nature of the team to the three cultures that I mentioned, and how all of these get played out in the processes that the teams follow, and, finally, lead to outcomes that drive subsequent behaviors.

The fact that the model is recursive is why humans are difficult creatures to study in the real world. It's a lot easier to grab a bunch of freshmen and see what they want to--see how they react in the laboratory doing something totally boring. But I want to show you some of the data from observing crews in action under non-jeopardy in the real world, in vivo studies, because we have learned a great deal from that.

First off, I better define what I mean by error, and there's two definitions there. I really like the first one. It's the downside of having a brain. It's kind of inevitable. But a little more precisely, I think it's important to note that it's either action or inaction that leads to a deviation from what either you intend or expect or the organization intends or expects. So you can err by doing nothing or you can err by doing the wrong thing.

Most people studying error have focused on active errors, mistakes, et cetera, but error is much broader.

Safety audit I mentioned. This is non-jeopardy data collection. The non-jeopardy part is critical, and we've done it both in the U.S. and foreign airlines. And what expert observers whom we have trained code is the threats to error--the threats to safety in the environment, the number of errors committed and their management, and the behaviors, actually, the behaviors that are error counter-measures, both positive and negative, that have been implicated in accidents and incidents.

So they're proactive data, and I think this is--they're even more proactive than incident reporting because this is looking at the natural habitat and seeing what goes on. And so far we've looked at more than 3,800 flights in six organizations, and I mentioned that ICAO has just endorsed this.

Threat results are kind of interesting. Seventy-two percent of the flights we looked at had one or more threats, and that's not a totally fair number because we sort of tilted it towards looking at more demanding environments. But the average is about two per flight, with a huge variability, of course. And the most threats we saw on a particular flight was 11.

The error results might be more interesting. Scott and Bob mentioned the fact that maybe we would make the captain do an announcement every time there is an error in the cockpit. Well, that means you'd be listening to a lot of announcements on the PA. We saw a range of from zero to 14 per flight, with an average of two. And I think the next point is very important. The most frequent source of data was interaction with automation, and that's important because automation was supposed to be the savior of aviation; we were going to automate the airplane and get rid of error. Now, we changed the nature of error.

We also saw enormous differences in error frequency and their severity which are associated with the organizational cultures and sub-cultures.

The next thing we did was to, based on our data, hard data from what crews do, we came up with a typology of error that I think is important. It classifies five kinds of errors. There might be some debate about the first kind, which are violations. Is a violation an error? Yes, it is, in our opinion, and it's intentional non-compliance.

For example, most airlines have bottom lines that say if you are not fully stabilized, et cetera, at a certain altitude, you must abort the landing and go around. So if you land in an airline that has such regulations, that's a clear violation.

The second kind of error is the kind most people think about, procedural error, where you tried to follow the procedure but you did it wrong. And setting the wrong altitude into the computer running the airplane is a perfect example of that.

The third kind of error that's extremely important is communication, where information is missing or incorrect or simply misinterpreted. And several examples show up very tragically in accidents where the copilot tries to alert the captain to a very serious situation but does it in a very indirect way where it doesn't register.

The fourth kind of error, which is extremely rare in aviation, attributed to the strong tradition of training, is proficiency error, simply not knowing how to perform a required act such as programming the computer.

And, finally, the last kind are decision errors which we define very precisely. This has to be a situation which is not covered by formal procedures where the crew makes a decision that unnecessarily increases risk. And an example that we saw more frequently than we'd like is flying unnecessarily through adverse weather. The crew sees sort of bright red on the radar, which, you know, when you see it on your TV at home, this is not good. And in an airplane, it's not good. You choose to fly through it because we've got to make our schedule. That would be a decision error in our model.

Let me show you the frequencies, and I think this has been kind of a shock to airline management. The largest source of error that we observed was violations. Fifty-four percent of all the errors we saw were violations. The next highest percentage, about 29, were procedural errors. And the lowest percentage were communications, proficiency, and decision errors. But the second part, the second line I think is very important. This is the percentage of errors that we defined as consequential, this done in collaboration with the airline.

Consequential errors we defined as either errors that lead to another error, which I didn't put on that definition, or that place the aircraft in what we call an undesired state, you're in the wrong place at the wrong speed, going the wrong direction--clearly, situations that increase risk.

Now, what's interesting, of course, is the parallelism. Notice that violations were the most frequent kind of error, but only 2 percent of the violations led to undesired states or were defined as consequential, meaning that crews get away with a lot of violations without negative consequences, sort of like His Airworthiness Bob Francis picking me up at the airport. Bob drives a new sports car, not always necessarily at the speed limit. But he seems to get away with it, and, of course, no human being could resist that temptation.

Not surprisingly, the type of error that gets you in the most trouble is proficiency, not knowing how to do it, and also decision errors. So it's very interesting. But lest you say, well, violations are kind of a non-issue, maybe they've got too many procedures and too many silly regulations, which you hear a lot from pilots, let me show you some other data.

We did a kind of interesting analysis. We took the database and we split it into those crews that committed at least one violation and contrasted the crews that had a violation with the crews that didn't have a violation. And what we found is kind of sobering. The crews that had a violation, even though the violation itself was non-consequential, were 1.5 times more likely to commit another kind of error, and the other errors they committed were 1.8 times more likely to be consequential. So the fact of the violation is a very good precursor of a crew that's at risk or a flight that's at risk, even though the violations themselves are rather trivial.

I might say something about violations. Aviation, as we know, is heavily regulated and heavily proceduralized. It's what many people call a tombstone profession, meaning that every time there's an accident, it tends to result in more regulations. And I think that's why you see so many violations. But my experience looking at the medical profession is that there's another extreme, and that's medicine, which is very much under-proceduralized, that there are many kinds of events and activities in medicine that would very much benefit from being proceduralized that are not. So somewhere in there is probably a happy medium.

Are these error data useful? Yes, I think they are. And I won't go through this in detail, but each of the different types of errors suggests different solutions for organizations. Violations suggest that the procedures may be bad. They suggest that captains may be weak because it's probably not--it doesn't take a rocket scientist to figure out that copilots don't violate if big daddy doesn't tolerate it. So they may be a symptom of weak leadership. Or they may define an organizational culture that's simply kind of cowboy or non-compliant.

Procedural errors may indicate poor workload management or, again, point to poor procedures. Communications errors may reflect just inadequate teamwork or complacency. And proficiency errors may suggest need for more training.

At one of our LOSAs, we saw a large bump in proficiency errors. We went back to the same airline. This airline was buying a lot of new airplanes, and they realized that they were running pilots through the funnel a little too fast. So they slowed down the qualification process, which I think is a very good example of using data proactively. Decision errors may suggest a need for more formal training and expert decisionmaking or in risk assessment.

So that's enough for aviation. Let me talk about how we've seen some of these factors play out specifically in the operating room.

We actually have survey data from both operating rooms and intensive care units from a number of teaching hospitals in a number of countries, kind of keeping with a cross-cultural focus, looking more particularly at surgeons, anesthesiologists, residents, and nurses. And one of the things that is a little sobering from the data is that 25 percent of the medical personnel we've surveyed report that they are not encouraged to report safety concerns. So that suggests that there is not this atmosphere of trust that Scott was talking about. And, secondarily, only one out of three respondents across the sample felt that errors were handled appropriately at their hospital in terms of--again, I would point to Scott's data. Were they dealt with correctively? Clearly not in many cases.

I think some of the things that go on are a little shocking to me, because I had not--I have yet to see major conflict in the cockpit. This happened at one of the Harvard teaching hospitals, which I found a little bit scary. Kind of the image of the anesthesiologist and surgeon duking it out on the floor while the elderly patient is on the table is interesting.

I would just point out one other thing about it, and that is the absolutely draconian punishment that was levied on these guys. And I'm not talking about the $10,000 fine. I'm talking about the fact that they were sentenced to joint psychotherapy.

[Laughter.]

DR. HELMREICH: Now, that is a punishment. But this is, you know, Massachusetts. They're kind of wimpy up there. What if we get to a more passionate culture? In the Latin world, I think we see this playing out a little more severely.

I gave a talk in Florida about three weeks ago, and I was kind of shocked. The CEO of the medical system there took me up to his office and said, "I want to show you a new regulation we just put into effect. I'm really proud of it." "What is it?" "Well, it's a new regulation on how we deal with doctors who throw scalpels at other doctors or nurses in the operating room." And I thought, "You got to be kidding." He said, "No, we're not. It happens a couple of times a month in this hospital."

So last week, I was speaking to the med schools from UT and the head of risk management got up and said, "If you think he's kidding," he said, "I have had a scalpel thrown at me in a hospital here in Austin, Texas." So, again, it's a little different environment from aviation. You're safer in the cockpit, is my message.

[Laughter.]

DR. HELMREICH: I want to say a little bit about the professional culture of medicine. We looked at--well, let me go back a bit. Well, this is not a very good slide to leave it on, but I'm going to say a little bit about professional culture.

The professional culture of medicine has--and aviation, both have very positive sides to them. One is medical people, doctors and nurses, tell you that they are proud to be in their profession, that they want to do good; I mean, it's a very positive image, pride, desire to do good. But the negative side showed up in our data, both in aviation and medicine, and the negative side of the professional culture is very parallel, and that's a kind of denial of personal vulnerability, a sort of Superman syndrome that I thought was limited to the astronauts, but it turns out to be present in the cockpit and the medical environment also.

This is some data that we collected most recently at ICUs in Texas, and I think these are very interesting because these are three facts that are endorsed by the majority of people that are patently false:

"Even when fatigued, I perform efficiently during critical phases." No. Fatigue is clearly a detriment to performance. There's huge data on it.

"A true professional can leave personal problems behind." Absolutely not.

And, finally, "My decisionmaking ability is as good in emergencies as in routine situations." We know from very good data that in emergencies you tend to tunnel vision. You're unable to deal with complex situations, which is what you're in. So that one is probably--that's the one that has the highest endorsement, incorrectly, that is the most obviously incorrect.

But it isn't just doctors. This is kind of an interesting chart because this contrasts the attitudes of doctors and pilots, and this is the pilot sample, global pilot sample. And you see they're very close with one exception, which is fatigue, and I think that's interesting because NASA has spent a lot of research effort on studies of fatigue in aviation and has developed programs that many airlines are using. So pilots have been trained on the effects of fatigue, and I have data from one airline over a six-year period that shows their attitude is getting better and better, with more recognition of fatigue and the importance of counter-measures. And, in fact, if I showed you another slide, going back to about 1990, the blue line of the pilots would be right up there with the doctors at about 60 percent. So the good news is there's hope for change.

These are some data, again, from ICUs on safety perceptions. You can see that in this particular organization they're deeply concerned about understaffing and problems associated with shift changes and other things. So that points at what I would call and Ron would call a latent factor in this organization.

The next one is also kind of disturbing. This is the perception--and there were no differences between the perceptions of doctors and nurses--that almost half feel that the organization would compromise patient safety for economic or other reasons. And that's sort of played out in the fact that about 20 percent of the respondents--again, no difference between doctors and nurses--report that they would not feel comfortable being treated at this hospital.

So what are the major issues in the operating room and ICU? Well, one thing I want to point out is that the operating room is a more complex environment than the cockpit because you have multiple groups and specialties and hierarchies that have to cooperate. And there's very unclear lines of authority. There is no question about the nature of authority in the cockpit. The captain is the captain.

I gave a talk at NIH a few years ago, and my audience was primarily surgeons and anesthesiologists, and I asked this kind of silly question. I said, "Who's in charge in the OR?" And now I understood why there are these fights in the OR because I started a riot. I mean, the surgeons all said, "That's the dumbest question I ever heard. I'm in charge." The anesthesiologists all said, "I'm responsible for the maintenance of the patient; therefore, I am in charge."

Somebody needs to be in charge, and probably the best resolution of that debate is not with fisticuffs or a .357 Magnum.

The other issue is conflict. Conflict is much broader--our data from observational data in one teaching hospital, we saw a serious conflict in about 10 percent of the operations we observed. We have seen it in about less than 1 percent of the 3,800 flights we have observed systematically. And then, of course, the issue of communication across disciplines and, of course, I talked about the denial of vulnerability.

So how have we diagnosed the OR? Well, it's, again, parallel but I'm just trying to show you that. We adapted questionnaires we've used in surveys with pilots to the medical environment, and we're working on that now. And, again, we're working on adapting the recording system, the methodology for observations from the cockpit to the operating room and emergency room. And we've done our survey data. And what we do is, of course, query the organizational and professional culture and also the acceptance of the importance of teamwork and communication.

Finally, we ask open-ended questions about what's the biggest problem, and what they tell us overwhelmingly, both doctors and nurses, is communication. They basically tell us that communication is poor across the disciplinary border.

From our observations, well, not surprisingly, we saw major problems in communications, not informing people on the other side, a surgeon not telling an anesthesiologist about using a drug before a blood pressure gets affected, not discussing alternative procedures if something goes amiss. Problems in leadership I've already talked about, not establishing clear lines of how we will deal with situations and contingencies.

I talked about conflict. When we observed the patient deteriorating significantly, while the surgeon and anesthesiologist yelled at each other about whether or not to knock off the surgery and send the patient to the ICU.

Again, the issue of preparation, planning, and vigilance, which is critical in aviation, we also saw as problematic in many operations, not planning for contingencies and not monitoring the situation, people getting distracted. We saw one case where the monitor blew a fuse or blew a circuit breaker. The anesthesiologist was distracted. The patient was going rapidly downhill until somebody finally noticed.

And, of course, the issue of status is perhaps, if possible, even stronger in medicine than it is in the cockpit. The anesthesia barrier is a huge communication barrier, so it isn't just status between attendings and residents but status between different subdisciplines and a kind of unwillingness to question those of other disciplines, the fact that juniors--not talking about the disciplinary differences, but juniors not speaking up when errors are observed or using indirect speech that's not understood.

A case in New York where there was very indirect communication from a resident who saw that a senior neurosurgeon was about to operate on the wrong side of the brain.

Now, it's interesting that this doctor just resurfaced this year. This happened in 1995. He just did it again at another hospital in New York, which is kind of interesting.

The parallel in aviation was an accident I was involved in an investigation of, a copilot who would literally rather die than speak up to the captain that the aircraft was running out of fuel. This happened on a flight into New York. The copilot never mentioned the fuel state, although they told--when the steward came to the cockpit and said, "How is the flight doing?" they made this symbol. So they knew they were out of gas, but they never told the captain. They ended up crashing in John McEnroe's back yard.

Now, these should look kind of familiar. From what we've done so far, we have found that the same typology, the same five types of errors, seem to cover everything we've come across in medicine so far, but with the caveat that I mentioned earlier that the frequencies of different types vary dramatically because of the difference in the number of procedures. But procedural errors that we see, mistake in setting up an IV, miscommunication with other team members.

I was shocked. I've been in three different hospitals where they introduced new equipment without either briefing the staff or providing any training, new anesthesia machines, new monitors. They're just magically there. So naturally, you get proficiency errors.

And, finally, decision errors, perhaps you could argue the unnecessary exposure of patients to very high-risk procedures.

So let me show you in closing the model of threat and error management. This is not Swiss cheese. I don't know what--maybe this is Gorgonzola. But it's a little bit different.

This came from our studies of aviation, and what we think the model is important for is three things: It will help in formal analysis of adverse events; it will help define training needs for personnel since it focuses on how threat and error are managed; and it may help organizations develop strategies to manage error.

So I have to give you some definitions. Threats are factors that increase the likelihood of error, and these can come from a variety of sources. They can be environmental, such as poor lighting; physician-related, such as fatigue; staff-related, such as communications problems; or patient-related, which is one that you don't find in aviation. You may have a difficult intubation, for example.

Latent threats really follow Jim Reason's definition. They're the aspects of the hospital or medical organization that you can't easily identify but predispose the commission of errors or the emergence of threats, which could be scheduling, fatigue, for example, being a much more serious problem due to medical scheduling, or health policy.

So in terms of the error side, what we look at is the error itself, what behaviors are involved in detecting and responding to the error, and then we look at the state, which can either be inconsequential or induce an adverse patient state. And then what you have to manage is the state that the patient gets in as a result of the error. So that's the sequential step. And then, finally, when you manage the state, the outcome can either be adverse or inconsequential.

The full model shows the various threats and the fact that the threats can show up at any point. The latent threats include national culture. A hospital where I've been teaching in Texas--I didn't think of national culture as being particularly critical, but I looked at the roster of the faculty in this medical school. They had 61 nationalities functioning together, and almost as many in the nursing staff. And when we probed beneath the surface, national culture was very much at the root of many of the problems they have. Organizational culture, et cetera.

Immediate threats are obvious: environmental, organizational, individual, et cetera.

And then, of course, you have the threat management strategies and counter-measures which are very similar to the same strategies that you use to manage error. So the model seems to work pretty well.

Let me just describe a sentinel event that I was asked to apply the model to. At first I thought, well, this is kind of a silly event because this is an example of such profoundly awful behavior on the part of a doctor that it's probably not appropriate. But I realized that maybe it wasn't inappropriate because, despite this really shocking behavior by an anesthesiologist, it pointed to a lot of latent factors that were really critical.

Let me give you a brief rundown of the event. It was elective surgery on a perfectly healthy 8-year-old boy who had ear problems. He was anesthetized and the endotracheal tube was inserted, but the anesthesiologist did not check for breathing sounds. And here's an example of the organizational culture: they had changed brands of temperature probe the day before, and the one that they provided the anesthesiologist was not compatible for the monitor. He asked for another one, but he didn't wait, because there was pressure to perform, so he didn't wait for it or connect it. He didn't connect the internal stethoscope. After a few minutes, he stopped filling out the chart. He didn't enter CO2 and pulse on the chart.

And then shortly after that, the nurse observed him sitting in the chair, head bobbing, a reasonable presumption of sleep. However, the nurse reported that she did not speak to the anesthesiologist because, quote, she was afraid of a confrontation with the guy who was noted for being difficult.

Somewhat later the surgeon noted that the airway tube was disconnected, and he sort of spoke sharply to the anesthesiologist, who reconnected the tube, but didn't verify its function.

A little bit later the surgeon notified the anesthesiologist that the patient had a breathing rate of 60 per minute, which was so rapid that he couldn't continue the operation. The anesthesiologist did not respond to that alert.

A little bit later the monitor showed irregular heartbeats and a code was called. When they removed the endotracheal tube they found it was more than half obstructed with a mucous plug.

They put in a new ET and ventilated the patient, but they also noted that the breathing circuit's tubing had melted down, and they turned off the airway here. The patient died despite the efforts of the code team, with a temperature of 108 degrees.

The anesthesiologist claimed the cause of death was malignant hyperthermia, but the investigation did not support that conclusion.

When we went to apply it to the model, we identified a minimum of 9 sequential errors. First, a decision error, initiating anesthesia without a temperature monitor. There was no formal requirement, but it clearly increased risk. There was a procedural error in the failure to verify the ET insertion. There was a decision error in not connecting the internal stethoscope. The nurse made a decision error in not wakening the anesthesiologist. There was a violation in terms of the anesthesiologist's failure to maintain the record, but that particular violation was non-consequential, which is interesting. There was a procedural error in failing to continue to monitor the patient and indeed to notice that the endotracheal tube had disconnected. There was a procedural error in the failure to confirm the tube placement after he reconnected it. And there was a decision error in the failure to act on the elevated respiratory rate. And finally, the surgeon gets nailed with an error also. He did not respond to the inadequate response from the anesthesiologist. He said, "I can't operate because of the rapid breathing." But after saying that, and the anesthesiologist doing nothing, he motored on and continued the operation until the code was called.

So if we look at the threat and errors, they were interesting. There were some clear overt threats. Environmentally we had a temperature probe that didn't work, but there was a staff factor too. This anesthesiologist had been in trouble before. In fact, he had been in such serious trouble that--like the guys that got in the fight--he had been sent to a shrink and diagnosed as having a severe personality disorder. He was clearly fatigued. He was undergoing a difficult divorce and had a couple of difficult kids, and apparently was operating with high levels of fatigue. And the patient had a small airway; it was a young child.

So if we look at one of the errors, the decision error, the nurse decided not to awaken the anesthesiologist, which contributed to the arrest, and it was clearly a decision error which they had reasons to follow. Then if we go through the identification of the latent factors, it gets much more complex than a simple bad actor.

First off, the FDA had certified an airway heater that would continue to function without a temperature probe. In fact, what the airway heater did was assume that the temperature of the patient was the ambient temperature of the room, which is why it melted it down. That is clearly a latent threat that had been present for a long time. It's since been fixed.

Organizationally we can identify a number of latent threats. They changed the temperature probe brand without notifying the staff that they needed a new connector. The organization failed to act on previous reports about the anesthesiologist's behavior and performance. They had sent him to a shrink, but they had not reacted on the fact that there were 43 surgeons in this hospital who said they would not operate with this anesthesiologist because they felt he was dangerous. Another latent threat was the lack of any formal requirement for patient monitoring. It simply wasn't present. There was not a policy for cross-checking other team members, which is why the nurses felt non-constrained to wake the anesthesiologist. And again, we threw in the fact that what aviation has done, of course, is concentrate on team training and communication. There was nothing like that in this organization.

If you look at the combination of organizational and professional culture, there is clearly pressure to perform when fatigued. If this anesthesiologist had turned down the operation because he was tired, that might have had very severe consequences for his future use. And clearly there is, at the organizational and professional level, a lack of discipline in the case of a known bad actor. And at the professional level, I would say the clear willingness to tolerate peer misbehavior--"Well, I won't use this guy, but other people can", and of course the denial of fatigue effects that we've seen in our surveys.

And, finally, the nurse/physician interaction issues. I felt very sorry for the nurse who said, "If I had wakened him, he would have screamed at me, and I don't have to do that. That's not part of my job description", which is extremely reminiscent of a very famous accident in Canada that I was part of the investigation of, an accident at Dryden, Ontario, where several pilots who were passengers told the flight attendant that there was ice on the wings and that the plane shouldn't take off without de-icing. But the flight attendants were trained not to bother the pilot, so they didn't tell him, and the result was a tragic accident, and I think it's a very parallel kind of issue.

So these latent threats, and again just building on Ron Westrum, they're hard to defend against because they're not immediately visible. They're usually recognized after an accident or an incident, but proactive events, such as surveys or observations, can assist in identifying latent threats, and if you can cut them off--and I think Ron's slide was a very good example--you can drain the swamp. That's what we need to do.

So let me sum up by saying, "Can we change things? Can we build a safety culture?" I think the answer is yes. Sort of distilling our experience in aviation and our little bit of experience in medicine, I think there are six steps you can follow. The good news is AA has 12 steps, and we can maybe do this in only six.

And it's very much like what you do with a patient. You start with a history. You have to know what the issues are in a particular organization, and you've got to do a diagnosis, and a diagnosis means you need multiple sources of data, and that includes incident reporting system surveys, find out what the perceptions are of the people at the sharp end, and an analysis of near and adverse events, actually applying threat and error models and observing what really happens. Then you've got to change the culture. It requires clear standards and an evidence-based approach. I think medicine cries out for more procedures, not as many as aviation, but more. And I think, again, paralleling what Scott said, acceptance of error in a non-punitive blame-free way, but not acceptance of violations. And that's why we've got a problem in medicine, because in the absence of procedures, it's kind of a murky forest out there, whereas where there are procedures, we know the difference and distinction between violations and error. And finally, sharing data and approaches, and I think not formally--again, echoing Scott's talk--while there isn't a formal mechanism to share data, there is a huge amount of informal interchange in aviation. There are constant meetings where people share their approaches and their experiences, and I think the same thing is quite achievable in aviation--in medicine.

I think training will work. There are a number of specific behaviors that act very effectively as counter-measures to threat and to error, and I think the training programs that were originally called Cockpit Resource Management, and then Crew Resource Management, and most airlines have renamed Error Management or Threat and Error Management, they have much to offer.

And finally, feedback and reinforcement. People need feedback on their performance, especially in the interpersonal, non-technical areas, including how they manage error. I'm always shocked that there is so little feedback. In the teaching hospital where I taught for a couple of years, about the only thing I never saw in the OR was teaching, and I thought that was kind of tragic.

And finally, the sixth point is, none of this is a one-shot affair; it's an ongoing thing. The organization has to continue to collect data through programs like ASAP at American, through observations, through all kinds of things, and they have to continue to train people. Training is an ongoing thing in the interpersonal as well as the technical end.

Just to give you one example, this is actually Kaiser Permanente's approach. They had a patient safety forum a couple of weeks ago, enthusiastic participation of people from all of their regions, building a national steering committee that encourages local initiatives to attack error and threat in creative ways, to recognize customer concerns and cooperation. General Motors is one of their big customers. General Motors looked at the data, and they concluded that in all of General Motors, they lost one employee in 1999 due to a work place accident. They figure out they lose about 1.3 patients a day to medical error. So their message to the health care industry is, "We're willing to pay more for health care if you clean up your act." And I think that's a very important message. So they decided that they need better data collection and better measurement of outcomes, and they recognize the need to address both their organizational culture, but also, very specifically, the professional culture of their personnel, and that they will do this through training. So I found that very encouraging, a non-defensive reaction to IOM.

So what are the training issues? People need to understand the human limitations as sources of error. I assume that even though pilots didn't know much about human limitations and error, that doctors would. I was wrong. They need to understand the nature of error and how it's managed. There's a lot of good data on how experts make decisions, and I think this has great relevance for medical training. While it's not a big issue in aviation, I decided that conflict resolution probably should be a very primary topic of training, at least for operating room personnel. And that includes--it also includes specific behaviors and procedures as counter-measures. And finally, analysis of positive events. Instead of doing everything based on the negative, more effective training involves how do really good teams manage events? What are brilliant--examples of brilliant and effective teamwork? There are a number in aviation. We need to use those in training people to the positive. And finally, mechanisms to reinforce people for good threat recognition and error management.

So I'll sum up by saying there really aren't any magic bullets. Ron said the same thing, and I couldn't agree more. Since effective teamwork, which is where a lot of the errors happen, is determined by a lot of factors, there's no single action that's going to fix an organization. One of the early mistakes, and a major mistake in aviation, was assuming that this training and teamwork would fix the problems of human error. It didn't. It can't, because error happens in the context or an organizational culture, which has to be health and supporting. But the final news, and the good news is, that you can change organizational and professional cultures if the leadership and the top management are there and they want it change.

So I think there's much to learn, and I am optimistic. Although the reactions to the IOM report have been mixed, I think on the whole the genie is out of the bottle and it's not going to go back in, and I think the long-term effect is going to be positive. Thanks very much.

MR. ALLEN: Thank you. In the interest of time, we're going to move on to the next speaker, and then we'll get the questions for both speakers after Dr. Small presents.

DR. SMALL: It's an honor to address the committee today. I appreciate your work, and I appreciate the opportunity to address you today.

I found myself in the enviable position about 2 hours ago of having a lot of extra time, and now I don't, so I've actually just been busy putting away all my swiss cheese slides, so I won't be showing any of those, although I am a card-carrying swiss cheese slide person and I have some at home.

Just a little bit about myself. I have extensive experience in internal medicine, emergency medicine and anesthesiology. Currently I'm a practicing anesthesiologist at Massachusetts General Hospital in transition to the University of Chicago.

It's perhaps relevant that my father was a family physician, and I accompanied him on house calls. This was back in the late '50s, early '60s. And my memories of my father during that time when he was practicing, are that he saw his role as a family physician as protecting patients from the system. And this is something that I have emblazoned in my memory as a small child, of my father describing, after the untoward death of one of his patients, an old lady who lived across the street, that he really did his best to protect her once she got into the hospital, but once she got sucked into the system, all was lost. And these were recurrent stories through my childhood.

And so for me, becoming an internist and a physician was kind of like--it was like a hero role, if you will, like a seeing-eye dog, where my job was--I was the lifeguard. I was there to protect these people. And I really visualized myself as doing that over the years. And my transition into system safety about 8, 9 years ago, which has been gradual but accelerating lately, I've had a sense of loss actually, over giving up that role. And I think that one of the barriers that we will see in the adoption of a lot of these new systems methods to improve patients' safety, is changing the way that people see themselves in the system in the long-standing role that physicians and other providers actually see themselves operating in. For me it's been important to try to help people in the aggregate, as opposed to just one at a time.

I wished I hadn't have put the word "error" in that slide. I thought about it, but its currency is so powerful, I thought I would just put it in there. As I speak, I would like you to consider substituting for the word "error", the phrase "failure at expertise." I was one of two physicians at Mass General that interviewed physicians during the Harvard Adverse Drug Event Study, and I've spent many, many hours in systems analysis meetings, analyzing hundreds of adverse events. And if you do that, and you look at the literature on inter-rater reliability for what is an adverse event and what is preventable and what is not, you will quickly get lost in that experience and in that literature. It's very difficult to decide, if you really spend the time, on what is an error, what is failure of expertise, what is preventable and what is not. I don't want to go there during this talk, but I would like you to consider the context, that while we should not lose the currency that the word "error" holds, I'm really talking more about failures of expertise here, and the larger issue of learning.

So I have three overall objectives today. I'd like to share with you some perspectives from anesthesiology. Steve Nightingale has asked me to start there. Certainly there's a lot that can be learned from what anesthesiology has done in the last 10, 15 years, but I don't think that the full story has been told. I'll address briefly the current opportunity which the patient safety movement offers us, and I just have a few closing remarks about blood safety. I'm not an expert in blood safety. I don't hold myself out to be such, but in the last 10 years--I've been in practice 20 years, and in the last 10 years, I can tell you that I have--well, I've been covered in blood more times than I would like to say. I've transfused many, many, many, many units of blood. Anesthesiologists transfuse, I believe, half the blood that's ordered in the country. And so I have an intimate familiarity with blood administration.

Briefly, the NIOM report singled out anesthesiology as a profession that has done a lot to improve patient safety, and this improvement's been measurable. The malpractice crisis provided the clear focus for this to happen. Premiums for anesthesiologist were escalating to 30,000, $35,000 annually for each physician, and so they had to do something. And of course there was a public outcry as well from some of the celebrated cases in the early 1980s and mid 1980s. This was managed through having a unified leadership in the person of Ellison Pierce, G. Pierce, who took it upon himself to personally lead this change. It's a very important ingredient. And then multiple sustained approaches were used to win measurable safety gains. When I say standardization, I mean if I walked into an operating room here in Washington, D.C. today, I could probably very quickly use one of their anesthesia machines without a manual, without asking anybody any questions. They probably use one of three or four machines that I've used before.

Reduction of variability in procedures, there are now standards that have been adopted throughout the country on monitoring and what has to be done for each individual patient. We also have new technology, and we also have new drugs, that even in the short time I've been practicing, the 8 or 19 years I've been practicing, in the last 3, 4 years we've seen some astonishing new drugs that have, in many cases, removed the need for experts to give anesthesia, because these drugs are so safe and so error-forgiving.

In addition, in the mid 1980s, the closed claims project was begun, a systematic analysis of malpractice experience. I think there is now 3 or 4,000 closed malpractice cases in the data bank. half the country's insurers participate. And from this retrospective, admittedly limited, type of analysis, there's been 15 to 20 papers published and widely disseminated for anesthesiologist on where our liabilities lie and how we can target those.

Now, that said, I'm reluctant to generalize the anesthesia experience to the rest of medicine. I can say that as someone who has managed and run busy large emergency rooms, practiced in rural settings, academic settings, made a lot of house calls, run intensive care units. If you could imagine, I can--if I'm doing your gall bladder operation, I've got three board-certified people in the room with me all the time. There's myself, a surgeon, and possibly another surgeon. There's at least two other nurses, once scrubbed and one not scrubbed. So that's 5 or 6 people, and we're doing a rather simple operation that we do every day. We might do 5 of them in the morning. If the phone rings, I can't answer it. Do I sometimes? Sure, if the phone's close enough and I'm on automatic pilot and I get an important page, I might do that, but technically, I don't answer the phone, I don't talk on the phone, I don't leave the room to go to the bathroom. If I do leave the room to go to the bathroom, I have to get another person in who's equivalent to me to replace me. That's one of the reasons anesthesia is so safe. I also can't work after 24 hours.

When I was doing emergency medicine, I might have 30 patients I was personally responsible for simultaneously. I might have to leave a resuscitation to answer the telephone, to talk to somebody who might have critical information about that patient that's communicated to me, perhaps another physician. I also might have two simultaneous resuscitation in progress while I had 15 children with runny noses in the waiting room, one of whom might have an incipient meningitis. I've been there. I've done that. I might have to have 100 patients in 12 hours that I would see. 15 to 20 I would admit to the hospital and write their orders for.

Now, I'm not trying to downplay the difficulty being an anesthesiologist. I think that some of my most stressful moments have been one-on-one with a patient who I've--I had one of these last night--you shake someone's hand you put them to sleep and they have a cardiac arrest on the table, and you and them for the next 4 hours, bleeding to death. So I'm not trying to create a one--sort of upmanship, but I am sort of saying that if you want to really think carefully about the generalize-ability of what we've done in anesthesia, you have to think about the constraints of what other specialties have to deal with. Surgeons have patients waiting in the office. They have consults in the emergency room, and they have to deal with that information while they're operating. They get voice messages into the operating room, and they have to carry on three or four conversations simultaneously.

I did not see anything in the NIOM report about the change in the anesthesia work force in the 1980s. And I'm not sure this is a PC subject or not, I haven't seen it written up anywhere except in demographics of training programs, but if you wanted to go into anesthesiology in 1975, you had a much easier time of it than you did in 1990. It was extremely competitive to get into anesthesiology in the late 1980s, and the work force changed completely. That was due to a number of factors: the advent of Swan-Ganz catheterization, the advent of critical care as a specialty. Exciting new procedures and new drugs and new knowledge attracted a lot of people into anesthesia. I would also say, having gone through it, that the advent of DRGs and other issues, and management constraints on physician practices, pushed a lot of people out of internal medicine and other fields into anesthesia in the '80s. And so there was a tremendous--I believe that there was an incredible increase, a logarithmic increase in the motivation and quality of people that went into anesthesiology during that time.

There has never been a single study that has shown that pulse oximetry or entitle capnography have reduced morbidity and mortality; in fact, the opposite. The largest study was done in Denmark of 22,000 consecutive patients, and it showed the opposite, that anesthesiologist who were doing operations without the new technology versus anesthesiologist who were doing major operations with the new technology, there was absolutely no demonstrable difference in any measurable parameter, except there may have been slightly more myocardial ischemia in the group that the anesthesiologists did not have access to the technology. In other words, in some patients they were able to look at a number, and if the oxygen saturation dropped below a very high value, they would be instantly alerted. The other group did not know. They had to use old signs and symptoms: the patient looked pink, the blood looked red, other types of gross physical signs and symptoms.

The basic message from that is that it's very hard to show the impact of new technology sometimes, and in my own estimation, I think that the new technology has actually in some ways reduced patient safety--and I'll just put this out there as playing devil's advocate--because I believe that physicians have become so obsessed with some of these new monitors, that as a training physician, having watched physicians move through the system, it's obvious to me that they have lost the physical diagnosis and cognitive skills that the older physicians of another generation had.

Lastly, I would just address this issue about declining mortality in anesthesia. I'm convinced that there has been a decline in the mortality in anesthesia, although you could have a very vigorous discussion about that. It's clear that we're doing sicker patients. We did not redo heart operations on 85-year-olds 10, 15, 20 years ago, which we do them routinely today. So we've introduced new modes of complications. But if you look at the kinds of conversations I have in the hallway when I go to meetings--I'm identified as a safety nut, and people come and tell me about their cases, I get consultations, I do site visits--I personally do not believe that the controlled studies that have been published, adequately reflect the situation that we see in anesthesia. We've had great advances, there's no question about that, but we still have a tremendous amount of work to do.

As an investigator on the Harvard Adverse Drug Event Study, I can tell you that we really did focus on adverse drug events. We did not look at failures of teamwork and decision making unless they were related to an adverse drug event. I was not part of the malpractice study published in the early '90s on the 1984 New York chart review that led to the series in the New England Journal, but the Adverse Drug Event Study was an outgrowth of that study.

I personally believe that our argument should not be about the 98,000 versus 44,000 deaths, because I personally believe it's much, much, much higher than 98,000. I believe that the response to the NIOM report is what we should be focused on. I was pleased to see the Federal Inter-Agency Task Force response, the GAO report about the FDA and their reporting systems. And I think, as Bob said quite articulately, the genie is out of the bottle. I think we will never really know the denominator, but in the absence of the kinds of reporting systems we're discussing today, and the fact that all reporting is essentially voluntary, we do not have a grasp on the number, and it is much higher than 98,000, and we can discuss that later.

Before I move on to some of the specific initiatives that I've been engaged in in the last 5 to 10 years, I would ask people to reflect for just a minute on the difference between safety and quality. The National Institute of Medicine report definition of quality has been a good thing. People are using it, provides a common language. For those of you who sign on to the patient safety lists that the National Patient Safety Foundation manages, there was a very vigorous discussion a few weeks ago about what is safety and what is quality, and a few clubs came down on the side of, "Let's just use the NIOM report's definition; this seems to be the right thing."

But in the rush to put safety under the quality umbrella, I think we should stop and just consider a few things. In my mind a focus on safety is like the separation of church and state or the executive and the judicial powers. Ultimately, safety analysis has nothing to do with cost at all. Quality has a lot to do with cost. Quality is defined in terms of value and cost. Safety tells you what you can get, what is achievable, and then you have to make a decision as to whether you can afford it or whether you want to do it, and that's an ethical decision.

I also believe that safety has an entirely different lens or perspective than quality. The safety lens is an ecological lens. It's an ecological model. If I'm going to analyze a situation from the safety perspective, I'm going to think about technology issues, automation as a member of the team. I'm going to think about this person's interpersonal relations at home as well as at work. I'm going to think about the design of the operating room, the organizational culture. Safety has introduced a whole new language and a whole new vocabulary of terms and ideas and methods and tools that quality has never considered and will never consider, and I don't think that it can easily adopt them. I think that safety and quality can interdigitate, but I would be cautious at assuming that safety is one more notch on the belt of quality.

And last, I think that safety is a code word for respect. How much are we willing to respect the value of an individual life? That's something to keep in mind.

I'll discuss a few projects that I've been engaged in, just to give you some idea, outside of the operating room, what we've been trying to do. And I'll conclude at the end of my remarks by tying it in to blood safety.

I designed a trojan horse study about 6, 7 years ago, as I began to get involved in simulation training, and by simulation training I mean high-fidelity simulation training, the kind of thing that Bob Helmreich has been a leader in aviation. I became involved in the first commercial simulation tool that came off the assembly line, and we used at Harvard in '94, and I quickly became interested in studying the impact of this tool, because we were spending a lot of time and money on it. And so I designed a trojan horse study.

And what I mean by that is people were very interested in the new technology, but people were not interested in talking about adverse events and incident reporting. So by framing the study as a study of the impact of simulation training on real-world behaviors, I was able to capture lots of things that were happening as a light motif of studying the impact of simulation training. So if you had been through the simulator experience, had been videotaped and had been intensively debriefed by your peers and instructors, 6 months later we'd check back in with you and see how you're doing.

And maybe you had a bad experience a week before or the night before, the day after your simulation experience. "Tell us what happened about it, in depth." And we would debrief that person intensively along the lines of a simulation debriefing methodology, which is a non-confrontational, confidential, learning methodology.

So we began accumulating data on events that we did not know if they had been reported to quality assurance, to the hospital. We didn't ask those questions and we didn't go there. And so this was the nature of the critical incident simulation impact follow-up study.

I have 4 or 5 slides that I'll run through quickly just to give you a flavor of what I mean by simulation. 1969, the first simulated patient mannequin at UCLA. Two Hughes Aircraft engineers developed this. It was way ahead of its time, and it did not lead to anything substantive.

20, 25 years later we now have a highly-sophisticated computerized mannequin that blinks, talks to you; its pupils constrict; it excretes carbon dioxide; it can project vital signs to all routine monitors; you can put catheters in it. Bob has been working in Switzerland with another device that you can actually operate on. That device has not been widely replicated for lots of reasons. This device has been widely replicated and commercialized. There are over 150 out there worldwide, although I would suggest probably only 20 or 30 are being used actively. The device costs about $200,000. In order to put it in a room like that and mock it out like an operating room, and build a control room, costs are widely variable, depending on your available space in your institution and what your goals are, but it could cost you anywhere from 50 to $300,000 to create the environment. So for half a million dollars, you can get a full-fledged high-fidelity operating room environment in which people can observe the action, they can participate in the action. The person in the dark looking at the screen can control the vital signs, and either automatically or manually direct the action. People can move in and out of the action with hidden headsets, et cetera.

This being the usual that way we debrief in our culture, and people bring this to the simulator, I should emphasize that the most important or one of the most important enabling experiences of the simulation training is this kind of debriefing that occurs after, to unpack the action. This is actually a high-level debriefing I organized about 3 years ago, 4 years ago, with members of the FAA and the military, and the other people in the room are the National Anesthesia Peer Review Committee and the president of the Anesthesiology Society. They actually went through the simulator and got to debrief themselves. It was an astonishing experience for all of us.

The positive news is that it happened. The other news is that the task force that resulted from this, disbanded after a year, and we have yet--I was really hoping that that event would lead to the kinds of things that Bob and others have been doing in aviation, and Scott have been doing in aviation, and yet we're adrift on the coral reef now of all sorts of issues, trying to get to accelerate this change. We know how to do this stuff. We know it works. People are crazy about it. The leadership's on board, but as I'll get to later, answering Steve's charge to me today is to present to you, is what are the barriers to getting this out there?

One of the things we do in the simulator is that we experientially get people to understand that everybody has a different mental model of reality, so that if the patient can be substituted for the airplane or take whatever metaphor you want, everybody has a different idea as to what the problem is, because they bring different skills, they have different knowledge, and they have different goals and constraints. And when you have 10 or 15 of those triangles floating around, everybody has a slightly different idea of the problem. In the simulator we get to unpack those ideas and we try to get people on the same page, and they see how difficult that is in a real situation.

Without a lot of intellectualizing, we also try to get people to understand how complex their work really is and how tiny things could have enormous impact, and set in an event, a cascade of events flowing. Most physicians and most clinicians really understand the coagulation cascade. They get that drilled into them in medical school, and they memorize it, and they have to use those numbers when they're on rounds. And they begin to--and we use words like that. We say, you know, "Just think of the event as a coagulation cascade, that once things get going, you may be out of control. You don't really understand. There are interactions happening that you're not aware of. Things speed up and it's out of your hands. And so little tiny things that you do to manufacture safety in your environment could have an absolutely critical importance." And they see that in the simulator when they forget to tell someone one thing, or if they turn their back and something happens at that moment that they missed, they can see on the videotape that they missed that piece of information forever, and they were the only one that could have picked it up, because they sent two people out of the room to do something else that was inconsequential. And they see the tiny little seed, how critical it was.

So in summation, the simulator impact study had ambitious goals. We were trying to study the impact of simulation training in a pilot study. We were trying to expand the use of debriefing, not only in simulation, but also merging it with incident reporting.

And I don't have time to go into the last bullet, but this may have been the most interesting and the most powerful, is that I was trying to achieve a culture change at my hospital. In order to get this study done, I had to go through the IRB for almost 2 years to get this study done, the Institutional Review Board, because what I was proposing to do was to ask people in depth on a tape recorder, after a complex consent process, about things that they probably hadn't told anybody else, and that study was going to be approved by the IRB. And if I publish this data, then how would the regulators deal with it?

So we had to go through a wrenching institutional process that went fairly high in the organization to negotiate the study, because it was unethical not to do the study since we knew these things were happening. Two years before, with Dave Cohen and Lucien Leaf [ph] and others, I published a study with Dave on the actual numbers of adverse drug events at Mass General that were not reported during the Adverse Drug Event Study through quality assurance. You can find this in the JCHO Journal in 1995 or '96, I believe. There were 54 serious adverse drug events in 6 months in 10 percent of the hospital beds. That's a thousand a year. Of those serious adverse drug events, 94 percent were unreported to anyone. And this is in the face of pharmacy hot-lines. It's in the face of well-known institutional incident reporting policies.

So given that data, we were now faced with the prospect of expanding that study and looking in depth at not just adverse drug events, but anything that happened. So we were faced with a conundrum. How does the organization deal with events that it doesn't know about but that are being discussed, and what are the implications for that for all of the stakeholders?

So the model that we came up was a very--I actually tried to model it somewhat on what Scott was doing and at ASRS, where I tried to envision who were the squeakiest clean people at the hospital? Who's the NASA of the hospital? Well, it's the IRB. The Institutional Review Board holds the ethics baton for the whole hospital. They have public members on it. They have a report to the Board of Trustees. So if you could imagine the Institutional Review Board and give them a new function, that they were the third party that was kind of internally dealing with this research, that we might get double protection. We could double protection under the IRB federal confidentiality laws for ongoing research, and we could also get quality assurance protection. But then we had to put two different hats on the QA people. They had to face the IRB and the research team on one side, and then face the corporate compliance and the regulators on the other, because once the quality assurance people become aware of this data, they then are obligated to pass it up to the Board of Trustees, who are then obligated by law in Massachusetts to pass it up to the Department of Public Health. So it becomes a continuous chain, that once you start pulling on it, it leads you into the Board of Registration of medicine.

We did the study. We published some of the results. And I'm not sure if it would have been possible to continue. I will be trying a different model in the institution that I will be moving to, but I believe that this whole study was an attempts to try to integrate a lot of these different improvements, because I believe individually it would be very hard for them to have an impact alone. And I think one of the biggest impacts it had was getting the institution to talk about things it hadn't talked about before.

I met Bob in 1995 in Denmark. We were lecturing in the same venue, and Bob said, "Steve, you guys aren't doing team training?" And I said, "Yeah, I am. We're in the OR, we're a team." He said, "No, you're not." And it took him a while to get it through to me, but we were using anesthesia people in the simulated OR, but we weren't using real surgeons and real nurses because we didn't have a high-fidelity surgical simulator for them to work with. And I came home from Denmark and tried to infect my team with the idea that we weren't really doing team training and that's where the money was. And I hit a wall, so I went in to the emergency medicine folks, because it was clear that in emergency medicine there's no need for new technology to really electrify them with the simulation concept. Emergency medicine is a socially driven model of care. You don't need laparoscopic simulators and surgical simulators and holographic simulators and animal models to operate on. And so Bob, in a collaboration with the Med Teams Project, which is a congressionally funded multi-institutional project that has been translating lessons learned from rotary wing aviation in the army to emergency medicine, we developed the first model for a team simulator in emergency medicine, looking at the team as the unit of analysis.

This is a picture of the emergency medicine simulator. We chose to have three simultaneous patients, because that's the way the boards in emergency medicine are structured, and we wanted this to move into certification quickly. Quickly would probably be slow in terms of years, but we wanted to develop the model so that it would line up.

The patient on the left and the patient on the right, the two far gurneys, are both computerized mannequins. There's a real patient in the middle, standardized patient, which has been used for many years in medical schools, and will now be mandated for all certifications for all physicians in the United States by 2002. Standardized patients are real patients, that is, live actors will present their histories and physicals, and medical students will have to examine and talk to them in order to pass their boards and get their MD degree by the year 2002. And that is very low-tech simulation. So we're mixing standardized patients--this is in the operating room you saw before. We pulled out the lights. We pulled out the anesthesia machine. We put in the emergency room equipment and just set it up that way. And these are a true team. There is no simulator crew that are playing stooges here in setting people up. This is a team of emergency medicine nurses, physicians and techs that are taking care of those three patients in an evolving one-hour scenario that they will then debrief.

This is a mock code. The patient is the same computerized mannequin, but it's in a hospital, and the code bell went off, and people ran, and all the computers are in the bathroom, and they don't know that this is happening. It was announced a week before, but most of those people in that room do not know it's a mannequin. The ones in the periphery often come out wondering how the patient did. And you can do a very interesting high-tech reenactment and have videotapes as well. This is from Dan Raemer's [ph] work at the Brigham.

I'm going to segue into another aspect of our work. Perhaps we're biting off a bit much, but it's been my goal from the beginning to integrate these as opposed to taking the course of biting off a little tiny piece and studying simulation and the impact of simulation training, and biting off a little piece, as I've been advised to do, which is the traditional academic route. I've take the more entrepreneurial route of trying to integrate all these and find an organization that's willing to take the risk of being a demonstration site and become a high-reliability organization.

My fellow, Paul Barish [ph], and I just published in the British Medical Journal, "The Review of Non-medical Near-miss Reporting Systems", which is very germane to our discussions today, and I'd like to make only two or three points in the interest of time.

One is that I got a very interesting perspective, and that is that these systems have evolved. ASRS happened in 1975, and if you talk to Charlie Billings [ph], they wanted to do it 10 years before that, and there were lots of barriers. There's a long, long, long story behind all of this. But over the last 30 years, the ASAP system is possible because of all the ASRS stuff and the other things that went on before in the '70s and the '80s and the lessons that were learned. Systems are moving from anonymous to confidential. The ASAP system--I don't know, is Scott still here? The ASAP system is not anonymous; the ASAP system is confidential. That's a big sea change. They're in your face. If you report to ASAP, they know who you are. So the co-pilot that reports to ASAP knows that the pilot, if he's involved in that event, is going to get talked to if he doesn't report. So you're really exposing your flanks.

Let me take a step back for a second. I really appreciated the comments of the committee when they were asking Scott all those questions about ASAP. And there was a little bit of a disconnect. It's taken me years to understand the intricacies of these systems. And I may talk a little bit about ASAP now as I understand it, because it's a wonderful system, and there's a sea change difference between ASAP and the other systems.

You can report yourself out of a job with the American Airline system. You put your report in the hopper, and then it goes in, and at the bottom of that funnel, at the end of that labyrinth, you can be out of a job. So that's an interesting contradiction of terms. But you should ask Scott how many people have actually reported themselves out of jobs in the six years the system exists. I don't believe any have. The funnel gets tighter and together and the corrective measures are there, and you have to agree to these corrective measures, but it's structured in such a collaborative way and such an intelligent way, that people agree these are not humiliating, and it's a positive thing, and people cooperate. And it may not be a corrective measure for you; it may be a corrective measure in the system.

The most important thing that Scott said--and I'm going to reiterate this--I think the most important remark that Scott made--and he made a lot of excellent remarks--was that they have put in a legal alternative to the FAA enforcement of regulation. They have instituted a legal alternative to enforcement of regulation, and that legal alternative is corrective action. That's a critical point for what you're considering doing today, and for what Steve has charged me with, and try to help with the consideration of how do you balance the needs of conflicting stakeholder groups?

If you report to ASRS, 6 months later you can still be sweating in a hotel room in London with your bags on a transatlantic flight waiting for that call, to see if you're going to have to go to court or undergo some sort of regulatory proceeding. I misunderstood that when I--NASA Document 1114, which I can give the committee, is the most exhaustive discussion of ASRS that's out there. It was written in the late '70s, but it wasn't published much later. And if you read NASA 1114, it's quite exhaustive. But I didn't understand after reading that what I understand today, and that is that you can be sitting in London in your hotel bed wondering if you're going to have to go--no--that little tiny piece of paper that you take from the NASA rip-off call-back, you send in your thing, they send it back to you in 10 days. I thought that when they told you that they were coming to talk to you about this, you just showed your NASA little strip, and that was the end of it. No. That's like waving a flag in front of a bull. You hold that, and at the end of the proceeding, when all is said and done a year or two later, is when you produce that strip, and that is what allows you to not have a sanction against you.

Whereas the ASAP program is a much quicker turnaround on corrective action, and once you're in the corral, in the ASAP corral, you don't have to go through that other whole process. It's a very different system.

Systems have evolved to considering near misses and not just accidents and adverse events. This has not been an instantaneous thing in aviation. This has taken many, many years to evolve to the near-miss consideration, and that model is spreading. It took me personally a long time. I really didn't care about near misses at all till only about a year or two ago. I was too busy to think about them, but I've become infected with the power of that proactive approach, and even for someone like me who's immersed in this stuff, it took me a long time to become a zealot. I think that the general appreciation of this--why do it, it takes so much time, it's costly, these are trivial incidents--in order to really understand the power of the near-miss approach, you have to understand something else first, and that is, for the want of a nail, the shoe was lost; for the want of a shoe, the horse was lost; for the want of a horse, the rider was lost; for the want of a rider, the battle was lost. That is true.

And if we had time we could talk about complex adaptive systems and complexity theory, but we have to find a way to get people to visualize that and to understand that. It's a tough thing for people to grasp. Tiny things make a really big difference, and that's how systems--I think that is one very powerful way of understanding and managing systems.

And of course, I think "root cause" is a dangerous term because it gets us into this head game of visualizing that there is a single root cause or that there are these discrete root causes, these two causes that caused this to happen. The sophisticated reporting systems understand that these are non-linear models, that very tiny things can have huge impacts down the line, and there are multiple interactions that need to be considered.

There's an interesting book out about the nuclear power industry called Hostage of Each Other, and I threw that in here because the evolution of these reporting systems indeed is, again, a function of this dynamic between these conflicting stakeholders that are dancing on this see-saw, and that each group is a hostage of the other group in this sense, and these systems have evolved with that dynamic in place, as they each strive for the same outcomes.

Can I have the lights down just a tad perhaps, darken the room just a tiny bit?

So this conceptualizes what--the three things that I've discussed around the simulation, around the incident reporting, around team training, in that what I was trying to--a little bit too dark--what I was trying to conceptualize is that you can go--and this is important for blood safety, which will be my last few slides in just a few minutes--is that you should be able to take an event from the medical center, put it into the lock box, put it through the filters, treat it a certain way, send that data to the simulator. We can reproduce those cases in the simulator. I have done that repeatedly. And when I say hundreds of times, I'm not exaggerating, in the last 8 years. I have taken cases through the Freedom of Information Act, blood transfusion FDA reports, and done them in the simulator and gotten the same results we have in the report, because it's easy to do. You create the environment. You create the context. You put good people in, and they make a variety of errors which you can map on a board. If you put three people in, you'll see three different things. If you put 100 people in, they fall into 10 categories, and you can just predict that this is what they're going to do because human behavior is not infinite.

So we can then take the cases in the simulator and feed them back in the hospital and train people, or we can also try out new things in the simulator and say this is the counter-measure for this type of thing that we're seeing. Why don't we do it in the simulator, in a patient-free, risk-free environment, and we can let the errors go until their natural conclusion, whether that kills the patient or not--the, quote, patient--and we can have this with different filters in place because I think training needs to be confidential. That raises a whole other box of issues.

But with this type of movement in place, I think that we can accomplish a lot, and I'd love to talk to you more about that this afternoon if time allows.

So what are we going to do in order to sustain the NIOM report, the interagency task force report? What have I learned in extension of threat management throughout health care? It's that our socio-technical system is so complex that it warrants an equally complex response. This is an important point. If you want to control complex systems, your response has to be equally diverse. I think we should build on the quality movement. There are many--I believe there are 11 or 12 evidence-based quality research centers around the country funding by AHRQ. There are the cert centers as well. There's a lot of knowledge in the quality movement, and I think that safety needs to be evidence-based and merged with the quality movement.

And I think we need to integrate the lessons from high-hazard industry and not necessarily one at a time.

I can also tell you that there is no infrastructure out there now for safety, and when I say no infrastructure, I need to qualify that. But I could probably list on the fingers of two hands or one hand trained, experienced clinicians that are out there with fellowship programs in this area. If a fellow came to me and said where do I go to learn about this stuff, I'm a doc, I want to get into this area, I'm a nurse manager, I want to major in patient safety, I know how to do that if they want to get into infection control. But if you're talking about organizational safety, we don't have a Scott Griffith at my institution. There is no safety officer.

So who are the mentors? Who is leading? There are precious few. Paul Battel (ph) at Dartmouth has created a grant through the VA to take 40 young people from the VA over the years and train them to be safety leaders. This is a model I think we should look at very carefully. Who's going to carry the baton?

We also need the tested tools. They need to be validated and they need to be--we need reliable tools. And there needs to be a network of centers that work with each other and share results.

I was also moved very much by Paul O'Neal's (ph) keynote lecture at the Press Club last July at the Leadership Forum for Patient Safety, and he has been talking to the Kennedy executive session. Don Burlick (ph) has been around with Paul O'Neal. Paul is the chairman of Alcoa, recently the CEO, and also on the board of trustees of the Rand Corporation.

Paul O'Neal's vision of safety that transformed Alcoa is something that I've deeply considered, and I think one of the most powerful messages that he has it that there are very positive economic implications of aligning an organization around safety. Safety is good for the bottom line.

He challenged the health care industry that day to develop demonstration models, and in view of what you're considering today recommending a standardized, acceptable pilot reporting system that can be widely used to learn, I think that what I would stress from Paul's remarks is that we need a demonstration, we need to get off the dime. And I think that it will rapidly, like the ASAP program, show its benefits.

So in relationship to blood safety, in a sense--again, I don't hold myself out to be an expert in blood safety and transfusion medicine, but it's really a microcosm of the whole system. Everybody knows about blood. Everybody uses blood and we give it in teams. It's given in the emergency room. It's given in the operating room, the ICU. It's given in the floor. It's given as outpatients. It's a biologic that crosses all boundaries, just like the patients do. It involves technology. It involves people.

I also think that the blood safety community and the transfusion community is very receptive to advanced systems thinking, and it's far ahead of many other areas of the health care services sector and they're ready for this kind of thinking about simulation, confidential near-miss reporting.

It's also curious that blood administration in my hospital is probably one of the safest things that we do. But it's like nuclear power. In a sense, the dread of one patient in my hospital getting HIV unnecessarily or the dread of having one major AB-O trans--you know, is driving--is really driving our system. Whereas, a team failure in the operating room never gets reported, nobody talks about it, and it doesn't drive anything, yet it happens every minute. I mean, you can see it everywhere. It's endemic.

So I think there's tremendous leverage that--we can use tremendous leverage in developing models in blood transfusion and taking a leadership role and affecting the rest of the system with that.

The experience that I told you about where we actually simulated an emergency room and actually created a transfusion reaction situation to happen, most recently I did one that the IHI National Forum, Institute for Health Care Improvement in New Orleans, and we'll be doing another one at a major simulation center in Pennsylvania in about a month. This is a very powerful tool.

This is a picture of the old Boston Garden, and I was struggling for a visual image as to what to take away with here. And this is when they tore the Garden down last year, and they just tore it down and built another one next to it. And we can't do that with patient safety. Patient safety is going to really be more akin to the big dig where--and most of you probably have heard about the big dig, seen it in the news lately because of the cost overruns. But we're actually having to eviscerate the entire network of the city around itself as we're living through it.

And as I went around--that whole thing in front of you there is the big dig, I mean, that whole scene right there, and we're just living right in the middle of it. And as I went around town taking a few slides of the big dig, it occurred to me it was sort of like the Grand Canyon and that I couldn't represent it for you on a single slide. There were so many stories, it's so enormous. It caused me to take a step back and think about this patient safety movement and my remarks to you today, is that this is an enormous undertaking. And I think it's going to be a longer time than we would like to think before we see some results from this. Patience is required. I sense there's a lot of blood in the water, people demanding mandatory reporting and the rest of it. But I think we should have a caution here.

As you go around Boston, you see signs everywhere: Glory Hole 66, Glory Hole 200. Glory holes are these muck-and-water-filled, 80-foot-deep holes these guys go into with their lunch pails every day to make things happen. And in my last--this is my last slide. In thinking and talking about how safety is manufactured, just think for a minute if this committee's job was to control the food supply for Washington, D.C., today and you had to make sure--you had to plan out in a centralized way all the kiosks and frankfurters and all the luncheons at every hotel and every little home around town and all the restaurants and all the institutions, you had to decide where the food was going to come from, how much was required, the spoilage, the cost, and you organized it and then you made it happen.

Well, you know that would never happen. You could try, like the USSR did, and we know what that experiment did. You know, centralization of food supply, it basically creates very little variation and a shortage very quickly. And so what I'm getting at here is that when you have an extremely, extremely complex adaptive system that has to respond in an event-driven way to contingencies constantly to production pressure and to ambiguity, that in a sense the job of the manager is to let the right system emerge from its starting conditions, so people go down in the glory holes and they create safety, and you allow them at the point of contact to do the right thing.

Of course, before you decentralize, as Carl White (ph) has eloquently said, you have to centralize. You have to centralize your decision premises. You have to have some rules and constraints. But one of the powerful things that a confidential reporting system, non-punitive reporting system does is that it's an active intervention and it will ripple through the system. It will create safety for you in ways that you cannot design in. You essentially create the starting conditions and then you will see the culture emerge from those types of interventions.

That's the end of my remarks. I appreciate your patience. Everyone is probably hungry.

MR. ALLEN: Thank you very much, sir.

Any questions? Yes?

DR. PILIAVIN: This is for both you and Bob. As you said, this is an extremely complicated system, the whole medical system, which has got all of these separate parts and so on. And trying to think about blood as part of the system makes me very concerned about how you could try to improve one piece of the system when it's so intricately intertwined with all of the other parts of the system.

You have also, of course, pointed out that of all of the aspects of medicine, quite probably blood is the safest at the moment, or at least one of the safest, possibly anesthesiology, because you've worked on it so much.

But all this committee has any power to do is to make recommendations about this blood section. So what do we do?

DR. SMALL: Ron? Can I ask Ron to comment? Did I see your hand up or no, you were just stretching?

I believe that tiny things can have a huge impact, okay? I believe that if we had a non-punitive, confidential reporting system in my hospital around blood transfusion, that it would rapidly infect the rest of the hospital in every area. And I can say this without compunction.

I made a slide of Ron Westrum's work about two years ago. Pathologic organizations, bureaucratic organizations, and generative or learning organizations--this is a true story. I took that overhead and I put it up at a meeting that I organized with high-level hospital leaders, medical students, residents in the trenches, people who had never met with each other in the same room before, people from medicine, anesthesia, different disciplines. It was a patient safety journal club.

I put up Ron's thing, and I said, okay, let's see a show of hands, or if you're too embarrassed to do that, we can vote on little slips of paper. What kind of culture do we work in? Unanimous. Everyone around the room, pathologic.

People are so hungry for this. The managers are hungry. The hospital counsels are hungry. The medical students are hungry. This is a way--people want--they don't have the tools. They need the systems to be able to do this with. They're ready and willing.

Now, if we were to say let's just start a reporting system--I suggested three, four years ago, and the response from people was, you know, the jaw on the chest, you know, that we should just do this. Why don't we just pilot a confidential reporting system? Well, that was biting off way too much. But in an area in which there are already systems thinkers, in an area in which pilots have already been demonstrated to work, such as MERS-TM, in the area in which there are already publications and their effectiveness and their benefits, if you were--like Paul O'Neal says, let's just demonstrate, a little demonstration, tiny things will have a wave of effect as people come and say, I get more requests than I can answer to educate people wanting to try to do these things. But what they're lacking is an approved, standardized model with the right regulatory and stakeholder pieces in place.

DR. PILIAVIN: We were told at the very beginning of the meeting that it was going to be impossible because we already had everything required as a mandatory reporting and that, therefore, we should not recommend what we recommended in our last meeting, which is what you're recommending.

[Laughter.]

DR. SMALL: What I am recommending is that we think out of the box. I think it was Margaret Mead who said this, that--don't think that a small group of individuals can't make a difference, because that's the only thing that ever has if you do an ethnography of change.

Our current system is not broken, but it clearly is not going to get us where we want to go. So we can't get there from here unless we do something new. We just can't do it.

I didn't talk about high-reliability organizations. I thought Ron was going to address some of that. But one of the models that's been driving my thinking about this has been this issue of what do nuclear-powered aircraft carriers do? What do air traffic control systems do? What do organizations that, as Jim Reason says, do not seem to have their fair share of problems do to get there?

They do four things: they have leadership that's totally committed to safety as a core value, that drives the organization; they have redundant systems because, as Aaron Woldafsky (ph) has said, richer is safer; they have redundant systems, and they do systems engineering continually; they create a culture of safety, a decentralized culture of safety so that the person at the point of contact and the CEO are operating on the same decision premises; and the last thing that they do is that they are constantly, every minute of every day, in a learning mode.

A nuclear-powered aircraft carrier, as I understand it, is a floating school. People are shifted from job to job quickly enough that they can't get complacent. Senior people are often forced to ask junior people questions because they don't know enough about their job that they suddenly find themselves in. And they do this on purpose. You can't run an aircraft carrier from a policy and a procedure manual during a non-routine event. It's a beehive.

And if you look at the business school literature, you'll find the same thing emerging, this fourth bullet about high-reliability organizations. Most organizations don't last more than one or two generations. Even if they become billion-dollar cash flow organizations, they're gone in 50 years or less. Organizations and businesses that last a long time and the organizations that will make it in the 21st century and flourish will be learning organizations.

So if we're going to get there and improve blood safety the next notch, and if we're going to take health care safety to the next notch, I believe we have to resolve this dilemma about the control system on the one side and the learning system on the other. They are mutually incompatible.

But life is lived in a paradox. We know that. We know that. Scott Griffith said to me this morning on the way in here, we were talking about this issue, and he said, "You know, one proverb is that `He who hesitates is lost.' But the other proverb is, `Look before you leap.'"

You know, there's always a right answer for everything. And life is lived in the crack between those two things. That's where we take care of patients. And it's the same with information theory and control--I asked an evolutionary biologist--I was giving a talk in Seattle last month at a conference on complexity, and I was trying to get them to help me understand adverse events in health care from a complexity perspective. And the biologists that are studying the human genome and how the brain is put together are struggling with the same issue of the control systems and the learning systems and the body, and what they have come--and I can give you research on this. What they have come to understand is that the command and control center is not in the brain and is not in the genes. There's no way that you could program all the information we need to respond to our environments in our genes. It's impossible. It unfolds. It unfolds from the genes.

So the adaptive nature at the cellular level as an analogy for what we're doing in organizations, manufacturing safety every day at the point of contact, that's a whole new concept that's very hard to grasp. It's tough enough for people to grasp systems thinking because we're very object-oriented. But what we have before us, again, as Scott alluded to, is we have to raise the education level to a much, much higher level. It's schizophrenic in a sense because we're object-oriented.

The kinds of things we're talking about are happening at a systems level and we're living life on an object-oriented level. I don't know how to get the public to understand that, but there are great strides in other industries that have been made that I think we can learn from in that way. Otherwise, I don't think that we can get to where we want to go.

Sir?

DR. GUERRA: That was an excellent presentation and one that certainly is very provocative. But do you think that you could have gotten to where you are in terms of the insight that you have to deal with these very complex issues if you had not incorporated into your own career the training, the discipline, the experience, the diversity of being a general internist, an emergency medicine physician, and an anesthesiologist that covers so many different--

DR. SMALL: I think the key thing was the simulator. The key thing was the simulator. And I'm glad you brought that up because it allows--I made some notes to myself. It's really a great point.

I don't know if Judge Krever is still here. I'm sorry? I wanted to ask him when that incident occurred with the man who became quadriplegic after his catheterization.

I listen to people differently since I became a simulator instructor, but when he said that they had to make--they didn't have the room to put his bed in and he told the story of what happened to those two people, it became instantly apparent to me, after having debriefed a lot of adverse event investigations, that that was an adverse event for Judge Krever. I bet it happened 20 years ago, 25 years ago. He remembers it like it was yesterday, and if you talk to him, I bet you he could talk to you for an hour and a half about it and tell you what clothes the guy wore to court.

That was a critical incident for Judge Krever, and from immersion in the simulator environment, I can tell you hundreds of anecdotes where people come out after one exposure and start thinking, Why do I drive that way? Why did I fight with my wife last night about X? That was pretty stupid.

The idea of going through your daily routine where you live on videotape and then debriefing it right after that in the non-punitive environment is so powerful that it's caused me to redirect my entire career into doing that full-time, because I think that behavior change is what we're after, isn't it? We're after behavior change of individuals, and we're after behavior change of organizations.

So one of the things I've done is to try to focus on doing high-level simulation sessions for Chairs of departments and CEOs so that they can be led through simulation and see themselves on tape. And I think we need to do this for everybody, and I think it needs to be institutionalized. It's the most powerful thing. And, of course, the immersion and all the rest of it, but intellectualizing it only gets you so far.

This is how we learn. This is how organizations learn. It's how this committee learns. You go along and you don't learn very much, and then you fall off the edge. You pick yourself up and go, gee, what did I learn? Then you fall off the edge again, and hopefully you fall off the edge a lot but you don't fall very far. You don't have a Challenger disaster to have to fall off the edge and learn.

But people learn in step functions like this. Learning is not continuous. That's a myth. We all run around every day going about our jobs, doing our cases, and the residents--the residents have commented in the survey I just published that a half an hour in the simulator is worth a month in the operating room, because they run around the operating room for a whole month waiting for something to happen, and it never does, or it's trivial, or someone else fixes it for them because they have to.

And we have done simulations--there are simulations for business managers and executives, and we're constructing health care simulations around complex problem solving. There's a lot of literature on this that we're trying to bring together in this Nesbitt model of how you would give a package to an organization and say here, here's an organizational behavioral change tool.

DR. GUERRA: But I guess that, you know, the simulation models are not so generally and readily available to accomplish what you suggest. Is there some substitute for that with interactive computer technology and programming that one could do? Because I think it's the broad cross-sectional diversity of experiences in a cumulative way that probably helped to get one a little closer to that.

DR. SMALL: I actually would disagree. I think that you have to go through it. And it's been institutionalized in aviation for everybody. If I told you that your pilot today for your flight back to New Mexico had never been through a simulator because it was kind of expensive and he did a computer screen-based thing instead, and that was public disclosure, would you get on the plane? If I had a choice, I wouldn't.

Every pilot every six months goes through a simulator. And every year they go through a full-team high-fidelity simulator session. There are probably 200 medical simulators out there now worldwide, over 100 in the United States, and I think five of them are being used effectively. And even those are being used one day a week or two days a week.

The NIOM report said that anesthesiology has become safer because of initiatives like simulation. There are 35,000 anesthesiologists in this country and less than 2,000 have ever seen a simulator or been through one.

It's not true. Simulators are out there. We know how to use them. The tools are there, and Bob Helmreich and others are willing and ready to consult with us and help us build effective change programs. What we need is the infrastructure and the resources to make it happen.

I think HCFA is on the right track. I think every single health care organization should have executive leadership responsibility for patient safety. There should be a designated safety officer with resources. They all should have simulation training programs integrated with blood banking and critical care, et cetera. That's how a culture of safety makes it down into the glory holes.

And I think that the next big piece is the economic model. I think safety saves money, huge amounts of money. We need to get the economics people in here and start developing those models. There are billions of dollars being spent every year on completely ineffective continuing medical education. It doesn't work. That is well-known. And I think a lot of those funds should be translated into what we know does work--video feedback, small group, interactive, debriefing sessions. And that's actually happening, but slowly.

MR. ALLEN: Thank you, Dr. Small.

We're going to break for lunch and be back at 2:20.

DR. SMALL: Thank you.

MR. ALLEN: Thank you.

[Whereupon, at 1:24 p.m., a luncheon recess was taken to reconvene at 2:20 p.m., this same day.]

A F T E R N O O N S E S S I O N

[2:28 p.m.]

DR. CAPLAN: [Presiding.] Let me ask any one who wishes to speak to come forward, and we will identify for the tape into the record.

DR. YOMTOVIAN: Do you want to have the public comment point?

DR. CAPLAN: Yes, yes.

DR. YOMTOVIAN: Okay. I am Rosslyn Yomtovian. I am from University Hospitals of Cleveland, but I am here today not in that capacity, but as a representative of the American Society of Clinical Pathologists' Patient Safety Initiative Transfusion Medicine Work Group, which I chair, and it is in that capacity which I would like to make some remarks, and I will do that for you quickly.

The American Society of Clinical Pathologists is a non-profit medical specialty society organized for educational and scientific purposes. Its 75,000 members include board-certified pathologists, other physicians, clinical scientists, and certified medical technologists and technicians making the ASCP the largest medical laboratory organization in the world.

The purpose of the ASCP is to improve public health by advancing the science and practice of pathology and laboratory medicine.

Patient safety is an important part of this principle. To continue its leadership role in advancing patient safety, the ASCP has developed the patient safety initiative for pathology and the laboratory including transfusion medicine.

Transfusion medicine laboratory professionals, as you know, have experience in error prevention and detection by following standard operating procedures and by conducting audits. Mandatory reporting of errors to the FDA is already required at some blood banking sites and may soon be mandatory at all blood banking and transfusion medicine sites. However, systematic error prevention improvements are still needed in transfusion medicine.

Not all health care providers who are entrusted with ordering and transfusing blood and blood components are familiar with the need for rigorous patient identification when procuring samples for and transfusing blood, the proper storage requirements of blood and blood components, or the type and quantity of blood needed for patients.

The evolution of change within the transfusion medicine community is rapid. New assays and techniques are continually being introduced to improve the safety of the blood supply. Technological advances to make blood even safer, such as nucleic acid testing, are used within transfusion medicine because they improve the quality of the blood supply and because the science is available in the commercial sector.

Thus, while blood products are very safe and becoming even safer, they can still be incorrectly administered or transfused to the wrong patient.

The increase in transfusion product safety should be matched by an increased entrance transfusion administration safety.

While the FDA has been rigorous towards oversight of blood banks by mandating application of good manufacturing practices and process controls, within the confines of the blood bank proper, once blood exits the blood bank there is little systematic quality oversight. This lack of oversight and process controls, coupled with decreasing budgets, encourages the opportunity for accidents and errors.

In addition, mistakes may happen due to lack of personnel training. For example, draining blood from patients is not always performed by qualified individuals. Phlebotomists and other individuals drawing blood should be trained, educated, and certified in proper phlebotomy techniques. Equivalent training and certification should be applicable to other health care providers, whoever they are, nurses, physicians, et cetera, occasionally performing the phlebotomy process.

On behalf of the American Society of Clinical Pathologists, we look forward to working with you and the rest of our colleagues in the health care community in continuing to strive for the safest transfusion medicine system possible.

Thank you very much.

DR. CAPLAN: Questions?

I am just curious. Do you use mannikin simulation in the training and continuing ed process?

DR. YOMTOVIAN: No, not where we are. Not in the transfusion medicine arena, which is really all that I can speak to.

DR. NIGHTINGALE: However, I do understand that Dr. Battles, who is around the room, if not in it, in fact just talked in, is in fact developing a simulated patient for a simulated medical donor that will be introduced into clinical training at UT-Southwestern sometime later this spring.

DR. CAPLAN: Comments?

[No response.]

DR. CAPLAN: Thank you.

DR. YOMTOVIAN: Thank you.

DR. CAPLAN: Any other individual wishing to offer a public comment?

MR. MacPHERSON: I am Jim MacPherson from America's Blood Centers.

We already submitted our testimony in the January meeting and would stand by what we said at that point in support of the MERS error reporting system.

I learned a lot this morning. If I could just ask your indulgence for a few off-the-cuff comments.

I think in response to Dr. Piliavin's question about what can the committee do, the MERS system is complicated, I think it is expensive, but I think as we have seen it look a long time within the airline industry to get it implemented, and this committee, I think, can serve a role by just continuing to push and continuing to see how the resources can be found and systems can be put in place like this to support it.

I also think the committee should not give up on some of the issues that even Dr. Yomtovian mentioned regarding that the errors regarding blood that are killing more people than any transfusion-transmitted disease continues to be outside the environment of the blood bank.

Although I recognize that there is some concern and frustration on the part of the Federal agencies with regard to their ability to regulate the practice of medicine, there are many more people who are killed from getting the wrong medicine than are killed from blood transfusions. So, if the Office of Drugs and the Office of Biologics work together with the medical community, I think that we can solve this problem, or at least to a large extent. We saw the technology exist, and there are ways to address the problem.

Finally, I think that Justice Krever raised the issue this morning about no fault, and it is interesting that his report recommended a no-fault compensation system for transfusion industry that echoed a similar recommendation from the Institute of Medicine in their report in 1994 and 1995 about addressing the issues or the problems arising out of the AIDS crisis.

Yet, as Justice Krever said this morning, no one is addressing the issue in Canada and no one is addressing the issue in the United States.

In fact, Justice Krever and I talked briefly at the break as to why that is. We think partly it is because most of the lawsuits have disappeared and partly because most of the consumers who were most affected at that point have received some forms of compensation and are no longer actively advocating for that system, but this is probably, as Justice Krever said, the perfect time to take a look at this system again and would urge the committee to put it on its agenda at some point in the future.

As he said, if there are injuries that you know that will happen, it becomes a moral imperative to consider how you are going to take care of those injuries, and tort is not the way that those should be addressed.

Thank you.

DR. CAPLAN: Anyone else?

Yes.

MR. VOGEL: Hi. My name is Rich Vogel. I am president of the Hemophilia Federation of America.

First, I would like to read some testimony from Jan Hamilton, our executive director, who could not be here today. She tore some ligaments in her leg. Then I would like to read some personal comments of mine.

This is Jan Hamilton's testimony. Some of the devices that have been contrived in order to conquer errors and accidents in transfusion medicine are fascinating. Of course, it is sad that we must resort to such complex situations to overcome human error often caused by understaffing.

It has been interesting to watch the evolution of administration of blood and blood products over the last couple of decades. With the advent of dozens of blood components and administration possibilities, there has naturally been an increase in the number of errors and accidents that occur. Hospitals are busier and more crowded, frequently have less adequate staff on board, and some of those staff persons have worked far too many hours at a stretch.

Sometimes staff members are alone to other departments in a crunch and are not familiar with transfusion routines. However, it becomes evident that we must come up with a solution and prevent errors and accidents in transfusion medicine as much as humanly possible.

How do we accomplish this? Where do we draw the line on degree of reporting? Hospitals are already buried in a sea of paperwork. There are already so many forms to sign, even to be admitted as a patient. In a day where patient rights are coming more and more to the forefront, we must establish a protocol for preserving these rights.

The subject of patient rights in the hemophilia community is almost tantamount to an untreated open wound. A large portion of the hemophilia community feels their rights as a patient have been violated many times over.

Some patients were not told of their HIV status for months and even years and in the meantime infected their spouse. This may be seen as a drastic side effect of the equation, but it is part of the equation.

If we are going to set a standard, draw a line in the sand, prioritize degrees of errors and accidents, then so be it. Obviously, if someone in the hospital gets a glass of orange juice instead of the tomato juice they ordered, it may be a bad error if the patient is allergic to tomato juice, but it is another story altogether if the patient gets a compatible type of blood or the wrong blood-clotting product.

An error receiving orange juice instead of tomato juice is easy to detect, unless the patient is blind. The wrong type of blood is not as easy to detect, and in the case of a seriously ill patient could go unnoticed until dangerous results have occurred.

Some of the safeguard methods that were present to the advisory committee in January seem to be very workable and manageable. Clearly, someone somewhere is going to have to decide what the parameters are, where will be the line drawn, what will be acceptable and not acceptable, what must be reported to the patient. Guidelines must be set. Someone must have the responsibility to monitor these areas and report any errors and/or accidents to the patient and to whatever hospital staff, person or committee is responsible for addressing this problem.

It must not be swept under the rug. Steps need to be taken to prevent any problems from occurring in the first place.

Members of the board of directors of the Hemophilia Federation of America and the hemophilia community in general are thankful that the Advisory Committee on Blood Safety and Availability is addressing this issue head on and urges you to follow it through to a final and acceptable safety tool for their health care industry.

We are pleased that you are taking a proactive stance in this matter.

Thank you.

I just have a couple of comments that I jotted down. Like I said, my name is Rich Vogel, and I am a 44-year-old hemophiliac who is infected with HIV and the various hepatitis.

As I sat here this morning listening to testimony about the airlines and their voluntary disclosures program, which are non-corrective, I thought this was very reassuring, but what is this to do with blood safety and reducing errors and accidents in medicine?

Then it dawned on me. We cannot be thinking of doing the same thing to blood safety. The hemophilia community has a past history with the self-policing policies of the past, and it did not work. We have seen many recalls in the past few years and are thankful for some degree of self-policing, but a program of voluntary disclosure programs which are non-punitive is not a very good idea.

I understand the concept of acceptance of error, but not violation of procedure. But there seems to be no clear-cut procedures to differentiate between error and negligence.

We see an overwhelming reporting of non-consequential errors reported as compared to reporting of consequential errors in aviation. Like a child, human nature's first response when something goes wrong is to say I did not do it. To have a review without punitive damages after working on the patient simulator is a great source of information, and I applaud that learning technique, but when something goes wrong with a human life, that is a different story.

The hemophiliac community has been the patient simulator for 4 years, from whole blood to plasma to chronic precipitate to clotting factor to even genetic engineering. We have seen what has happened to that community with the threat of punitive damages, known HIV, hepatitis A, B, and C infection. Could you imagine if there was a non-punitive reporting system?

In conclusion, what we need is a mechanism to protect the blood establishments in patients as well as limiting liability on the blood establishments and providing reasonable compensation to patients should that system fail.

Thank you.

DR. CAPLAN: Questions?

[No response.]

DR. CAPLAN: Thanks.

Any other public testimony?

[No response.]

DR. CAPLAN: All right. At this point, I think what we will do is move to a discussion of where we want to head with respect to the request from the Secretary. You have got that letter in front of you.

Steve and I have talked, and Steve has something that he would like to present to us to consider. I am going to give him a preamble, though.

It seems to me, since I have to go back over on my little mission, I just want to use the opportunity to say three things. It does seem to me that informed consent in the American context is not unlike what the justice told us about in terms of the presumption that people will get and have information and it is their decision as to whether they consider it important and how they want to use it.

Secondly, the legal system presumes in this country that the way to seek redress to error is through tort, and the third comment I would make is that everything we heard this morning undercuts one and two, that tort stinks and that informed consent does not work. If information does not come out, people do not know things.

So it seems to me that as we try to move into this area, what we need to do is assure people, the American people, that if we are going to weaken their right to information, they are going to get something for that, that will enhance their interest, and if we are going to move to some limits or suggestion of legal reform, then we have to make it clear that they are going to benefit by giving some relief from the threat that the legal system poses.

My personal view is that is the way we should go. We can do better. Some have said why blood. It seems to me the paradigm is there and the move toward safety and the culture is already there. People know it, believe it. Ever since I have been on this panel, I have been impressed that people take safety seriously. So this is an area of medicine that could move forward in ways that other areas of health care would be harder for them to do, but I think this is one that could.

So I hope that we can in fact answer the Secretary's request to come up with something, and even some of the requests we heard in the public testimony and from our witnesses, to move even further ahead in terms of trying to come up with an oversight system that handles misadventure and error and near-miss and near-hit in a way that really does lead to reform in training, reform in practice, and advancing the standards of safety that are already pretty high.

That is the preamble.

DR. NIGHTINGALE: I would thank Dr. Caplan for that preamble and will try to complete my remarks in an equal amount of time.

The remark I want to make, though, is based on the April 14th memorandum that I sent out to you.

On the second paragraph of the last page, I said that we hope that this program will result in relatively explicit recommendations, and for that reason, I am going to do something that I as executive secretary have not done at these meetings before, which is to suggest where the discussion is headed and where it might head for the rest of the afternoon.

It seems to me that in the snowstorm of the last meeting, the debate focussed around the information, patient information itself, rather than the right to that information, and that when we focussed on the information itself, we focussed on what information would have to be reported mandatorily and what might be reported voluntarily. We had difficulties with that concept for several reasons, one of which I believe Ms. Gregory pointed out most acutely is if it is not mandatory as in the Baconne [ph] study case, it may not be reported at all.

The other consequence of the framing of the arguments in the discussion is difficulty in identifying what information might be intrinsically protectable and what information would not be intrinsically protectable, and that was why I proposed in one of the memoranda that I sent to the advisory committee a couple of hypotheticals, the hypothetical of the A-positive patient who receives an O-positive transfusion and the hypothetical of an A-positive patient who almost receives an O-positive transfusion.

I put them out for many reasons, but one of which was because of the inherent difficulty in achieving a consensus on which of these would be potentially protected from disclosure and what would not. It seems to me to be very difficult to draw a line, arbitrary or otherwise, between what information could be intrinsically protectable and what would not.

So one of the things I would like to see in the discussion this afternoon would be attention paid to the ownership, if you will, or the right of individuals to that information.

I think one of the things that many of the discussants, Judge Krever, of course, but many others in the last two meetings, have pointed out is that patients have substantial rights, perhaps slightly different in Canada than here, maybe based on different premises in Canada from here, but rights to information that pertains to their health.

Another point that has been emphasized in the last meeting, and I think to the point where it was not necessary in this one, the government agencies that have statutory responsibilities to protect the public health have through those statutes the right to information necessary to fulfill those statutory responsibilities. So it seems to me that one place the discussion will have to go will be to identify under what circumstances both patients and the public at large, through its regulators, might be willing to waive public disclosure or even access to information about an individual patient's health or the health of a community.

What I would suggest to the community, as I have suggested to individual members over the last week or so to see if there was at least initial agreement with these premises, would be if one gives up a right, assuming that one has the right, one wants to get something in return.

I think the first thing, obviously, that somebody would want to get in return for giving up the right to immediate access to information would be a betterment of the public health, would want a system that would work.

One can never guarantee that a system would work. One would probably want some other guarantees, and the first thing I think that you would want would be a guarantee that any right that was waived would be waived for a finite period of time.

The second is while it was waived that there would be a built-in evaluation of the use of the information that was protected, if any was, and finally, while that confidentiality protection was afforded, there would be some sort of oversight by those who had waived those rights, both the government and the patient community or representatives of them.

I am not representing this as where I feel the committee may necessarily end its deliberations, but I think that these are points of departure on which I think there might at least be second-order agreement in which you might not agree with each of the principles, but you might see them as a starting point.

One other issue, the second of the two issues that I would like to raise, is one that has been raised in both meetings, and that is that these things cost money.

It would be easy for the committee to recommend that an agency or a Congress devote an arbitrary amount of money to these things, but I would advise the committee that in my own experience and I believe Dr. Epstein's as well, the fact that some money is authorized for an agency's use on October 1st by no means guarantees that that money is available to the end regulators for use on January the 15th.

So any recommendation that money be afforded for this purpose should come with relatively strong underlying that, A, it should not be diverted for other purposes and, B, that other resources to that agency should not be short-changed because of increasing money for this one.

Finally, I believe we have already had and I hope to continue an open discussion of these issues. We do wish to incorporate the views of all the stakeholders, particularly those as they are represented by individuals in this room, and that is why it is a pleasure for me to welcome back to the advisory committee Dr. Linden, Dr. Kaplan, Dr. Battles, Mr. Francis, and Ms. O'Callahan, and I would mention Mr. Masiello as well.

I would give the initials of the particular branch that Ms. O'Callahan and Mr. Masiello represent, but they twist my tongue. They are from the Food and Drug Administration, and all of you are welcome and we look forward to hearing all of your comments this afternoon.

Thanks.

DR. CAPLAN: All right. Let me then open the floor for some comment, discussion, about where we think we ought to be with respect to trying to enhance and respond to error reporting.

Dr. Kaplan, did you have something?

DR. KAPLAN: I have just a couple of terms for definition.

I think all of us were impressed with Scott Griffith's presentation about the system at American Airlines. I think there is an importance to defining the term "correction."

From our experience, when you put an event reporting system in place, if you do it effectively you get a lot of input. The worse thing to do is to keep changing the system in response to every piece of input you get. So "correction" has to be defined. It may be that monitoring for a problem's recurrence rather than making a change in the system and tampering with the system so it is never in a steady state is one of the things that has to be addressed.

Hazard analysis, potential severity for harm, probability of recurrence and detectability--the tomato juice/orange juice analogy is a good one--would help in that regard. So I think being driven to do a complete investigation and potentially to make a change in the system may be counter-productive because you try to eliminate a target risk, and you end up with a contravening risk that is worse than the target risk that you tried to correct.

The idea of corrections is very valuable, but I think it has to be defined and not necessarily construed as a real big system change.

The change that we are proposing or considering today is in the context of broad changes, as you know, that are going to occur within the hospitals. In that context, although the perception of risk is very high for a blood transfusion, the real numbers are very different compared to some of the things we have heard discussed.

So the opportunity to move ahead and let transfusion be a model is a very good moment not to miss because, if one looks at the numbers, then the problem is always that nothing recedes like success. If it is perceived as a low risk, it is going to get a much lower priority. So the timing is right now.

I just wanted to mention that event reporting can be used in three different ways, for modeling, for new and unique events, for monitoring events, and most importantly, it is proactively engaging the staff in mindfulness and awareness of the system, and particularly if they feel they own the system with feedback and a non-punitive environment, then you change to safety culture; that is, modeling, monitoring, and mindfulness.

The three reasons you want data are for accountability, research, and process improvement, and those do not map exactly, certainly not at that last level of mindfulness, unless you consider a kind of negative incentive for being aware of the safety environment.

So I think that accountability, clearly, is a necessary issue. Process improvement can take place without a lot of central reporting. So I think that is another theme that process improvement and all of this event reporting starts at the local level, and it has to be valuable and useful at the local level for process improvement.

Also, that useability at the local level leads to the adoption rather than just compliance, and that will reflect directly on the quality of the information that is recorded outside the institution.

Thank you.

DR. CAPLAN: Dr. Linden?

DR. LINDEN: Thank you.

I would like to comment on just a few issues, one of which is to follow up on what Hal was saying.

I think it is really critical that a very positive outcome from here could be that individual facilities, hospitals, improve their own safety culture, have a safety officer, whatever, to adopt their own strategies, to identify their own individual problems, through their own reporting system, taking appropriate corrective actions and so forth.

I think the role of an outside independent, be it government or strictly independent, oversight of that would be to look at, say, rare events that maybe individual facilities would not be able to trend and that they could pick up common themes, but I think the individual facilities can very effectively look at their own latent pathogens.

The other point that has been made by myself and others is that most of these errors are occurring outside of the blood bank. They are really medical practice issues, the nursing staff, anesthesia staff, giving blood to the wrong patient, and I think any sort of event reporting and tracking system in that regard could very effectively be part of an overall medical event reporting system; that is, medication errors, these other types of things that are very similar and analogous as opposed to reinventing the wheel and saying we are going to have a separate system just for transfusion. It makes sense that the hospital practice issues be incorporated with other medical events.

I think the product side already has oversight to it, and again, I do not think we need to reinvent the wheel there, maybe enhance the systems that we already have in place.

One other comment in that regard, I thought that Captain Griffith's presentation this morning was fascinating, and we can learn a lot from the aviation system.

Unfortunately, it is a very different type of system from what we have in transfusion medicine, and I think one of our challenges is that the majority of the staff who are involved in these problems, nurses, phlebotomists, house staff, anesthesiologists, they are not heavily invested in the transfusion system, unlike the pilots who are extremely heavily invested and do that basically 100 percent of their time.

You may have nurses who give one transfusion a week.

DR. CAPLAN: We have to have everybody in the hospital transfuse themselves once a month or something.

DR. LINDEN: That there, therefore, needs to be a way of getting information from such people, but in my opinion, it needs to be focussed through basically subject-matter experts, which would usually be the blood bank director, perhaps the supervisor's input as well.

I think the idea of the individual pilot submitting a report and so forth is not going to be directly applicable here, but we can certainly learn from that experience.

Certainly, as was mentioned, some mechanism of providing feedback, I think, is very important. There was also some discussion this morning about some of the legal issues.

In my opinion, having any such reports be exempt from Freedom of Information laws is very important, and what we have done in New York is we actually had specific legislation to accomplish that. So it is not necessarily easily met.

I also agree with other speakers Dr. Nightingale mentioned in terms of adverse outcomes. Whether there is an adverse outcome or not, whether the blood is actually administered to the wrong patient or not, we have found in our experience that the underlying problems are really the same. So that, it does not make a lot of sense to distinguish whether there was an adverse outcome or not. I think you need to look at the entire system.

The only other comment was that the error reporting can be integrated in terms of an overall process that looks at quality either within the hospital to examine their own procedures, seeing if the nurses are checking the wrist bands before administering the blood, and also from a government or accreditation oversight standpoint.

I know in our case we include the error reporting piece as part of the overall regulatory oversight, and when we are in facilities doing surveys, that is something we specifically look at. While we do not take punitive action solely because of incident reports, although we may get other information that would cause us to take enforcement action, we would cite facilities for not reporting. So it is basically part of the oversight process.

I think be it government or an independent accreditation agency, the error reporting and tracking can be part of an overall oversight program and quality improvement program. It does not have to be completely separate.

Thank you.

DR. CAPLAN: I am going to take advantage of those last remarks and maybe take a little issue with Dr. Linden, but maybe not.

I wanted to put a couple of ideas just into play to see if they resonated with the group.

I happen to live with someone who is a hospital administrator, and a person who visits her pretty frequently is the radiation safety officer who is always buzzing around the COO's office at the hospital, reporting things, worrying about things.

I just wonder if the committee might want to make a recommendation even though I would preface this by saying it is just a road into general safety concerns in the hospital culture that someone should be appointed with responsibility to look out for safety at every institution that deals with blood to take on the education, training, simulation, the missions we heard about. In other words, we could just recommend that someone at every hospital be designated as the blood safety officer, not because blood is worse or in more demand of that attention, but just as a model, again, to sort of move it forward.

It is within our purview not to sort of lay out the standards on that about how they do education or training or simulation or review or how they want to handle it, but it is one route to sort of take it down to the local level, although, again, I would preface it by saying we understand that what we are trying to do is pilot into an area that has a safety sense.

Another thing that occurred to me we might want to consider is simply suggesting that relief be sought from the legal system's tort appropriate. While it is probably unlikely between now and August that the current Secretary of HHS and the administration are going to be put in no fault, at least we could go on record saying that reform is overdue here, limiting liability, trying to come up with a compensation theme is something we think ought to be pursued.

The political realities are probably that this administration is probably not going to pursue them, but the next one could. There are a lot of cookies. We can meet for eternity waiting for this to happen, but we may still want to say anything about that and argue that that would be helpful in terms of trying to move safety even further along.

Another suggestion is that we simply go for a standardized reporting system to be developed; that it be imposed wherever blood be handled. We do not get into the details of what that looks like, but call for the creation of appropriate persons with the right expertise to draw it up. Some of those are in this room. Some are not.

If it has the features that Steve talked about of being finite, evaluated, and having some oversight by patient groups and providers and citizens, whatever, in terms of accountability, that might set the stage for the release from Freedom of Information and some other things that would normally be expected when you are collecting that kind of data.

So my comments are meant to get us thinking a little bit about just structural change where we would not again have to micromanage one of my pet bugaboos that do not do, but just giving general direction to the Secretary saying, "Look, we need standardized reporting that is not going to get punitive." We are willing to try that out and think you should be if we can keep it finite, evaluated, and have sufficient oversight to keep everybody on board that it is being done honestly, and that the results are worth doing; that we try to get safety going at the local level, maybe that we try to encourage some sort of reform on the legal side within the culture.

I say all this again prefacing it by the acknowledgement that we have been pushing hard here. The field has been pushing hard since the experience of the '80s to make safety at the forefront.

We get it. That is why we think we can do it here. It should be done here. We want to take that ball and roll it further.

I do not like it when we talk about changing the culture of safety. What we want to do is advance the culture of safety further. It is not a change. Let's move on.

MS. LIPTON: There are so many ideas that it is hard to know what to respond to.

There are two things I came away from listening to all the people this morning. I would hate to see us abandon the concept of some type of voluntary reporting system that it is coordinated with, but separate from the regulatory structure, because I do think we have an opportunity to learn so much more from that system.

I think the other thing when you were talking about a blood safety officer, I would not like us to sit there and dictate the format, and let me just give you a specific example why.

I know Dr. Small said he distinguishes quality and safety, but I really do not. If you look at quality and talk about it being a deviation from an expected outcome, that is an error and accident. Quality tries to ensure that you do not have those deviations.

A deviation that has a tremendously adverse outcome really is a safety problem, but it is a safety problem that is related to quality in my mind.

In our standards at the AABB, we require transfusion services and hospitals to say that quality is a management problem, and we do not tell you the precise structure to put in place, but we do tell you that there has to be someone appointed by executive management who is responsible for ensuring that quality within your transfusion service, that there is a quality system that is implemented, that is taken care of, and that those things get reported up to management.

If we start talking about a safety officer, how does a blood safety officer coordinate with the quality assurance program? I think what is important is we need to give enough infrastructure that it can coordinate with other things that are already going on in hospitals so that we give them what I would call the goals and outcomes we want, not the exact structure that they have to follow to achieve it.

I think we are just so diverse and we are down the road in so many different ways that I would hate to have us pull back and say now tomorrow we are all going to have a blood safety officer, which to my mind does not really change anything that is going on in a hospital.

DR. PENNER: I think just about all hospitals have transfusion committees already in place, with a quality control officer from the hospital sitting in on it. All of the incidents are at least run through that committee, and corrective measures are ordered by that committee. They have some power to withdraw services of the physicians who do not respond.

So there is a mechanism in place. Perhaps as I have seen in my transfusion committee, we do not necessarily get down to the level of some of the incidents that we are talking about, the so-called near-misses. That might be an area that could be amplified for selecting a listing of things that might be brought up to that committee and the information controlled and prepared and sent forward from there.

So I think there are a lot of things that can be done that are already in place, but just need to be expanded upon.

DR. EPSTEIN: I think that in structuring our thoughts about recommendations, we need to distinguish a few different objectives.

The largest distinction, I think, is that we have errors and accidents affecting product manufacturing that are a very different thing than administration errors or medication errors which largely occur outside of the blood bank setting and have to do with medical practices.

I think it is important to recognize, just as we have said a lot about the different environment of aviation versus medical care, that we are dealing within medical care with also subset environments which are not the same.

So, for example, in the product manufacturing area, because we have had FDA regulation for many decades, we are dealing with well-standardized systems which are highly regulated and highly monitored. I would submit that although there is continued and legitimate public concern about optimizing blood product safety, that on the whole we have heard stated many, many times, and correctly so, that blood products are one of the safest medications. I do not think it is an accident that is somewhat attributable to the control system of oversight that is in place.

I think that we should be very cautious advocating any kind of reforms of a system which apparently has been working.

In contrast, when you look at the practice side, it is much less standardized. It is only very indirectly regulated, and it is not systematically monitored.

So I would suggest that much of the attention is really on that medical side where we are in essence trying to close a gap related to patient safety through transfusion practice.

So I guess my first point is that we need to think about where is our goal to close a gap, and my answer is that the biggest gap we are trying to close is on the practice side.

Secondly, I think that we do have goals to improve existing systems, and I would submit that that goal does apply on both sides of the equation, the product manufacturing and the product use side.

On the side of product manufacturing, which, of course, goes all the way from the donor environment to, say, release of a unit after a cross-match, we need to improve the data-gathering, the data analysis, the feedback, and also the mind-set of that process. I think that that is where the debate over the addition of voluntary systems starts to come into play, on the notion that we might learn more if we had some kind of confidential voluntary reporting.

There, though, again, it is important to consider what is the gap; in other words, what are you going to add to what is already reportable. I think it is important to recognize that the dividing line is not the near-miss; that the current regulatory requirements for reporting errors and accidents applicable to released units does not make a distinction whether it was a near-miss event or one that had consequence.

In other words, we do not distinguish between near-misses, benign events, and adverse outcome events. It is only a question of was the unit released, was there an error or accident. So we are dealing with two completely different classification systems, and we get ourselves confused if we think that the thing that we are adding is near-miss reporting. It is only near-miss reporting in the sense that it would be applicable to units that did not happen to get released.

I think we should look very carefully at the question of how much added information is there looking at the universe of units that were not released as opposed to errors and accidents related to units that were released.

FDA has been of the point of view that the underlying causes of those two things are not different, and that there is not a lot of added value in studying the non-released unit. However, if the system is to be extended, that is where the extension is occurring, and it is not really occurring along the lines of near-miss except for that fact. They are near-misses in the sense that they were not released, but plenty of the things that were released are also near-miss events under the definition of near-miss.

Then, on the practice side, I think it is clear that the improvements to existing systems are really far more sweeping. We are talking about creating an infrastructure. It has been pointed out to us by Dr. Small that there is not currently a safety infrastructure in the hospital environment. So we are talking about creating the infrastructure. We are talking about instilling or promoting the culture of safety, and we are also talking about creating the tools, the standards, the oversight, the monitoring, the feedback, the training, et cetera.

Again, I would just suggest that it would be very important to keep the two environments distinct in our thinking so we do not get confused; that the things we may wish to recommend in the one domain automatically apply to the other because, A, they may not apply and, B, the remedies may not work in the same way. So that is my main message.

I have to say that the confidentiality argument confuses me a bit because we are already operating in an environment of mandatory reporting which is discloseable. So what remains to give up or waive, I am just not sure because you have not started with it is confidential. You have started with it is mandatory to report, and it is not. So that issue does confuse me for that reason.

Also, we have not clearly distinguished what is a patient confidentiality issue from what is a practitioner confidentiality issue, and I think we have to keep those two domains separate in our thinking.

So my main message is that we need to make a couple of critical distinctions as we think through recommendations, and that our main goals, it would seem to me, are, on the one hand, closing gaps where we think they exist and, on the other hand, improving existing systems which in some cases we may conclude are working just fine.

DR. CAPLAN: Jim?

DR. AuBUCHON: May I offer my comments in a visual format?

DR. CAPLAN: Sure, as long as you supplement them with audio.

[Laughter.]

DR. AuBUCHON: I was very impressed this morning with what the airline industry had to share with us, and I am concerned that the direction that the Federal Government is going with respect to attempting to reduce errors in transfusion medicine may not entirely be the correct one.

I understand Dr. Epstein's comments, and I think we are both on the same page, but I think the agency does feel constrained as to what it can be involved with.

So I would like to pose the question, working off the airline industry, is it time for us to actually take off and move into a different arena.

I would like to propose that we should focus primarily on the patient. That is why we are in this game. The three key factors in providing a system that will give us the information to actually improve patient care are primarily the internal quality assurance system in each hospital reporting to the FDA as required, and I understand they do need data in order to discharge their obligations, and reporting to some type of national database so that we can as a profession move ahead and make transfusion safer.

To begin, we are dealing with the patient in an incident and some initial review. I think the definition of the incident and the review initially should include the entire process of transfusion, not just the product manufacturer, as was described by Dr. Epstein a minute ago.

I think everyone realizes that we are dealing with something that starts at the vein of the patient as well as at the vein of the donor and ends up at the vein of the patient, and we need to make sure that that entire system is reviewed.

Clearly, if there is a fatality that needs to be reported to the FDA, according to current CFR, and I do not think any of us have any problems with that, and also if this initial review indicates there is some patient safety issue, the patient needs to be taken care of immediately. We do not need a system to deal with that or to report that, per se, but if this is not something that directly relates to patient safety and it is not a fatality, where do we go next?

I certainly agree with the approach that has been suggested by Drs. Kaplan and Battles, that we need some type of investigatory system and corrective action system in each hospital. This is an important step, a QA investigation that leads to all involved in the entire process of transfusion.

If there is some potential for harm to the patient in the future, then sharing that with the patient makes some sense ethically. I am not going to get into the ethics of it. That is really not the point of this.

The question is what does the hospital transfusion service do with the information about this event and how can the regulatory bodies make use of it to make sure that the appropriate thing has been done and how can we all learn from this one hospital's incident.

So I would propose that we consider two different approaches to reporting. Those situations in which there are violations, as was discussed in the airline industry, where an established procedure was violated need to be reported to the FDA, and clearly, if the investigation within the hospital indicates that the incident involves issues beyond that one institution, that should also be reported to the FDA. If it is a problem with the blood bank, for example, that needs to go through the FDA to the blood bank manufacturer or to whomever is involved.

The FDA, in my opinion as a hospital transfusion specialist, can provide the most assistance by reviewing what we have done in the hospital for completeness and appropriateness of the corrective action, and if we have submitted what appears to be a complete report and our corrective action is appropriate, then the FDA does not need to do anything more. This would be the equivalent of the FAA administratively closing out a report to it from the ASAP program.

If there is any follow-up that needs to be done by the agency, it would focus on further improvements that need to be made, the agency is not satisfied that the corrective action is sufficient.

I think that there should be protection from disclosure of self-reported incidents in order to encourage the system to generate as many of these reports as possible for completeness sake.

On the other hand, I think that all events should be pre-sorted to some sort of national database of transfusion incidents similar to the NASA adverse events system.

Here, the identifiers could be deleted from the report upon verification that the report was complete, and that the data would be reported in aggregate form only so that we would all be able to learn without anyone feeling that they were unduly at risk for some type of punitive action or legal action in the future.

Those are my comments, and that is easily reducible to an overhead in two sentences of a recommendation, but that is the approach that I would take.

MR. ALLEN: [Presiding.] Keith?

DR. HOOTS: Jim, implicit in that, it seems to me, is that someone internally has recognized that there is a deviation, and on the all events, are you including in that a confidential self-reporting mechanism?

In other words, obviously if the only person who knows there was a deviation is not as likely perhaps to occur in this setting, although it well could, obviously, especially at the point where the patient is being transfused, the nurse, or some other person could self-report. It could go into the same data, but it needs a separate system just like with pilots and the ground people have for the airlines.

DR. AuBUCHON: I agree. I think the concept of how American Airlines and the FAA structured it, if an individual and the airline self-reports the deviation, the incident, they are then protected from punitive action from an outside regulator.

I can only share with you the experience in our own transfusion service laboratory when we changed our approach to reporting incidents or deviations. I do not think we had any draconian disciplinary actions in the past, but it was known by the staff that if a deviation was reported that they were potentially liable for some type of disciplinary action.

Despite our best efforts to encourage everyone to report any and all deviations, no matter how large or how small, we got relatively few of them. Most of them are trivial in nature.

However, about a year ago, we finally stepped forward and said we are not going to use these in any disciplinary action. We are only going to use them to correct the problem, and the problem is usually a system problem rather than a personnel problem.

We saw about a tripling of the number of reports that we got, and I have been very gratified by that. I think we need to have that kind of non-punitive approach or we are never going to get all the reports we need.

DR. HOOTS: I think so, too, and I think Dr. Caplan made that point very strongly, and I think Jay did, too, that the point where the error is likely to occur has now moved out of the blood bank towards the actual transfusion of the end product.

Secondly, if this is going to be a paradigm on which we could build other error management in medicine, then it seems to me it is incumbent on us to build the beginning to the end process and also to build in this part of it.

So, if we can show demonstrative success with this process, with the example you just gave like increased reporting, and then corrective actions that are brought to bear by confidential reporting, then we can go to our colleagues and other branches of medicine and say this was a successful endeavor and it had a positive impact by implementation or corrective actions. You might want to look at this, like the OR and the other things we heard about this morning.

I think we should come back to one thing that Art said. By having that piece in, if there is some sort of tradeoff that could be made to even theoretically--and obviously it is theoretical now--to justify something like a no-fault compensation program, it has to be, it seems to me, an inclusive and closed-loop sort of process so that safety can be demonstrated or else there is no hope that society is going to buy into a no-fault proposition.

MR. ALLEN: Dr. Lipton?

MS. LIPTON: Jim, could you put up your last piece there?

I want to pursue something that Dr. Hoots was talking about. I just want to clarify when we start talking about who is turning in these incident reports, it seems to me that in your internal, what goes into your QA system here and to your internal QA investigation may in fact be those individual reports from the individuals involved.

When you get down to violation issues beyond the institution, what is getting reported to the FDA or to the national database, at that point it becomes an institutional report, does it not? So the type of protections that you are talking about there, when you say protection from disclosure of self-reported incidents, that layer of protection from disclosure is vis-a-vis the institution?

DR. AuBUCHON: I would think so, but I would also like to see that same kind of protection within the institution's own quality assurance system so that the individual reporting the event to the system within the hospital is protected.

MS. LIPTON: Right. So the individual protection comes at the internal reporting level.

I understand that we consider that there is a tradeoff and saying that if you report this, for example, to the FDA or the national database, we will not disclose and it cannot be used in litigation. I am just wondering how practical that really is to say that we will not disclose any of this.

Maybe what has to go along with that is some understanding of what things will get out that will be published and some agreement as to what does go back to a patient at that point. If you cannot go to no fault, it seems to me you do need to build in some sort of protection so that the patient does not think there is something in there. I have got that O-positive unit, right now we think maybe that is all right, but what if in the future we find out that is not such a great thing for someone who is A-positive to have gotten to an O-positive. Isn't there some way we should be talking about getting that information back to a patient somehow?

DR. NIGHTINGALE: Karen, if I could try to rephrase the question I think you are asking, are you asking whether it is possible to get to a truly confidential system without concurrently addressing no fault?

MS. LIPTON: Yes. I see no fault as a great answer to this, that it is not going to happen, and I hate to see this held up.

DR. NIGHTINGALE: On the contrary, I think if this is the sort of thinking that is the sense of the committee, I would very much appreciate the committee going in this direction because this is our best and possibly last chance to address the issue.

As we have seen in the past, when there is strong endorsement by a substantial majority and, even better, a unanimity of the committee that something ought to happen, in the past it has happened.

MS. LIPTON: But to get to the point of no fault, you can pass all the no fault, but if everything is going into a secret vault, how are you going to know?

MR. ALLEN: Mary?

DR. CHAMBERLAND: Karen, I just want to follow up on your question or comment.

Certainly, at the institutional level, there are precedents for this. For example, CDC has a longstanding program of surveillance called NNIS, the National Nosocomial Infection Surveillance program, and this is a group that started off kind of small, 20-some-odd hospitals. Now it is well over 200 hospitals in 42 States.

They report institution-specific data to CDC using standardized definitions and protocols and all of that. It is voluntary. It is confidential, and they report the numbers of hospital-acquired pneumonia, urinary tract infections, surgical wound infections, et cetera. The data are protected. Again, this is a special situation. The data are protected by an assurance of confidentiality. So the agency cannot release the names of the hospitals that are even the system, certainly can never release institution-specific data, but it is very valuable because, first of all, you have a national bench mark.

A couple of months ago, there was an MMWR that talked about the history of the system, and the editorial note very specifically was written for the context of this whole arena of errors and accidents. I believe the system has also been publicly mentioned by John Eisenberg of ACPR, now something else, as a type of model that could be employed, but you learn a tremendous amount. You can stratify data by types of hospitals, all sorts of things, and it allows you to aggregate a cross-institution so you get these national trends, and it allows you to build in, I think in this parlance we say corrective actions, what we would call preventive measures to reduce the likelihood that you would have.

So there is some precedent, and this airline thing, just as kind of a side bar, but there clearly had to be some very creative negotiations with the regulatory agency, the FAA, that allowed them to participate in this. So I think there may be some ways out there that currently exist or that could be thought of creatively.

MS. LIPTON: Did you have statutory protection against disclosure?

DR. CHAMBERLAND: It is called an assurance of confidentiality. Dick Reisberg from the Department's General Counsel was here earlier, but it allows not just CDC, but other agencies to protect the data and it is not releasable through FOIA.

MR. ALLEN: Dr. Gomperts, did you still want to say something?

DR. GOMPERTS: Yes.

Jim, if you could put up your overhead? It might be a good idea to leave it on.

I have one question. As far as the internal QA investigation, internal QA system follow-up, that has the potential for JCAH review and oversight, if you want to comment on that.

DR. AuBUCHON: I guess what I would like to say is that I like the approach that the AABB assessors use when they come to do an inspection or assessment of an institution. Their focus now is not on do you have an alarm system that rings at a particular temperature when your refrigerator does not work, when did you test it last, but it is more on do you have a system to deal with problems with those kind of systems, such that if something went wrong, they want to know that your investigation system, your means of investigating what happened and taking appropriate corrective action and then verifying that the corrective action really was corrective is the main issue, not whether or not the alarm rings at 5.9 versus 6.0 degrees.

So I know that JCHO has a sentinel reporting system. I know many hospitals have had difficulties accepting that for fear that the information they provide to JCHO will be disclosed to other parties, and I would like to see that barrier removed in the system, particularly for the national database. We can be sure of capturing all the appropriate information.

I understand that the FDA is going to have to have enough information to identify the hospital in order to go back to the hospital to say you did not do this correctly or you did not give us enough information, but if we do not have some distance, some trust, I guess, between the regulators and the people performing the internal quality assurance system, we will not be able to pull this off properly.

I am afraid if there is too close an oversight from the regulators of this and lack of trust in the system, which needs to be gained institution by institution, we will not get all of the cases reported. WE will not have their own investigation.

DR. GOMPERTS: Potentially, JCHO could from the internal quality assurance point of view for those institutions--if we are moving away from blood bank to the actual delivery--and there is, as we mentioned earlier this morning--safety and quality are not necessarily the same.

So, if there is a move in focus towards the safety issue by the hospital oversight organization, that could be a positive move.

DR. AuBUCHON: Yes.

MR. ALLEN: First of all, just so everyone is aware, there may be a fire drill for the hotel employees within the next 10 or 15 minutes. So we are to stay put. I do not want to alarm anyone.

Dr. Guerra?

DR. GUERRA: Thank you.

It seems to me that a lot of what we are discussing really is accepting almost the given of an ideal set of circumstances in terms of expertise and capacity and systems in place.

I am not sure that we currently have enough data to really come out with some universal kind of recommendations for how to deal with this. If we really do not know what the capacity is around the country, I think it is a very uneven playing field. I think there is some very small community hospitals that are nowhere close to having the kind of capacity to do a lot of these things, especially if we are going to come down on the side of administration beyond the blood banking part of it where I suspect that many of those systems are set up on a regional basis where they certainly have developed capacity to serve a much larger region.

But on the administration side, we are talking about sometimes a very small component of lab personnel and nurses and physicians, in many instances very few that have the kind of expertise to do the really close monitoring and surveillance of this.

Then I do not know that we know that much about cost, of what it would cost us to implement these kind of systems around the country to really have in place something that would give us the assurance of quality and safety.

DR. SNYDER: I am a little confused because I thought that any hospital that is accredited by JCHO has to have an organized medical staff, number one, and, number two, a quality assurance program. Somebody correct me if I am wrong about that, number one.

Number two, the States currently--every State and Department of Defense and the VA have confidentiality of medical records, peer-review protection so there is nondiscoverability of those records, to my knowledge, in every State and territory and also DOD and VA.

HHS, to my knowledge, does not have that. So things are discoverable under FOIA. They may be redacted, but they are discoverable.

It may be a model to look at, although it is a model that I do not love, a model that potentially could be looked at is what Congress did with the national practitioner databank and the health care fraud and abuse databank. That information is available, but there is defined categories of who has access to it.

When you are working at the local hospital level within their peer-review efforts, my understanding is that all of that is covered by statute in the various States. It is when you move to a national reporting system that you run into a problem, and I fail to see how the reports of near-misses could go by or just be passed through a hospital's quality assurance committee without at least some comment, at least some investigation of some sort.

I cannot see it getting to a national system without passing through that level. So I think that raises a question, but I cannot see designing a system that sits outside of the hospital's quality assurance. I think that is redundant, and it does add extra cost to whatever we are talking about.

I know within the Department, whenever we use the word "quality," the acronym they use is SAFE. It is a safe system, it is accessible, it is affordable, et cetera. So, to me, safety is part of quality assurance, part of quality improvement, and I think that is pretty much within the Department when you look at a definition of "qualify assurance" or of "quality," "medical quality." You are looking at a safe and effective, affordable, accessible treatments.

MR. ALLEN: Keith?

DR. HOOTS: I am concerned, though, about the concept of analogous assistance in a national practitioner database.

DR. SNYDER: So am I.

DR. HOOTS: I do not think you are going to get voluntary disclosure of near hits, near misses with that kind of system because it does not matter who does not have access to that system. What is important is who does, and it is very widely disseminated.

Every hospital has access, and if you give that kind of information that broad an availability, then I do not think it will work as a confidential system. The systems that the airlines have described to us is nowhere nearly as available as the ND practitioner system.

DR. SNYDER: I agree with you.

What I was looking at was from the point of view that Congress mandated through legislation who had access, if anybody. That is what I am getting at.

I am not getting at the national practitioner databank, the fraud and abuse. The fraud and abuse is even open to the local police officer and the Federal law enforcement agency, and nothing is redacted out of that.

So, yes, like I said, it is an example that I do not favor, but what I favor is the concept that legislation which clearly defined who had access to the information in such a databank, number one, and, number two, in what form, whether it be redacted, whether it be in aggregate form, that is critical. But if you just form one of these with no congressional mandated non-discoverability, you are wide open. I do not think that is where we want this to wind up.

You want it protected from discovery. You want it protected from what follows from discovery and what potentially can follow from FOIA, either against an institution or an individual.

MR. ALLEN: Let's go to Dana, then Dr. Lipton.

DR. KUHN: I want to thank Jim for your schematic. A picture is worth a thousand words, and I think it comes close to capturing what we are looking for.

I think we are not going to be able, as we formulate a recommendation, to try to address all of these issues and solve all of these issues that we are talking about. I think we need to name these elements.

As I have been trying to listen carefully this morning, some of these elements I think we can put into a generalized recommendation. What I think are the important elements of a standardized reporting system for blood or transfusion services would be, first of all, voluntary disclosure, second, a non-punitive confidential element of it.

Data collection surveillance, with all due respect to the CDC, which they would need to have that information, they have done an excellent job with that. Corrective measures would be another element, as well as quality assurance and safety.

I think the illegal needs to be mentioned here as an element, too, for a limited liability of those institutions, the blood institutions, and then protection from discovery. I think we could name these elements. I do not know if we exactly have to solve these problems, but we can name these elements.

Then, accountability, in all due respect to the FDA, I do not believe we need to usurp the many, many years of the FDA doing such an excellent job, although I know there are some people in Congress that want to do away with the FDA.

I think then the other element that we need to bring into this, in order to help patients feel more comfortable and to buy into this whole reporting system, would be the balance with the patient's right to know what and to know when, to know what and when about what happened, and then the balance between the patient's rights to come kind of compensation to avoid the tort system which we know has become a nightmare in many situations.

I still think no matter what anybody says, we are still going to be addressing this down in the future. I think we have only seen some of it now, and I think with class-action settlement, some of it has been resolved, but some of it is going to continue as individual cases go on.

I think it goes right along with the patient's legal rights, but what are the definitions that we report, adverse reactions or near misses or whatever, to patients? Should it be the Qualifier B, when the patient incurs harm and what is going to be the definition of "harm"?

But I think we need to kind of focus into generalizations, not trying to solve the specifics here, and then give those directions to the Secretary and let her try to figure out how to incorporate this. If she needs to go to branches of the legislatures, let them do it.

MS. LIPTON: I agree with Dana.

I was going to say I think in some ways we are trying to create something that is too complicated, and we do need to focus on the elements.

Just as an example, you can deal with the issue of confidentiality by restricting access. Otherwise, you can leave it to the present court system where they really say, well, essentially all of this activity and reporting it to a national database is looking at peer-reviewed or audited materials, which in most cases are not discoverable or permissible. You cannot use them in any kind of a case, but it is case by case. It is just very difficult, and there is not really one Federal rule that applies everywhere. So you can get at it in many different ways, but I think if we talk about the elements, that it should be left to other people to design it.

To Dana's point, I think that is really what I was trying to get to earlier. I think we should push for a no-fault compensation. I believe in that, absolutely, but I think, and maybe I am wrong, that patients also want something else. They want to know clearly then what things will be told to them and when they can have a right to expect that that information will be divulged to them. I do not know if it is harm to the patient or something that even happens to the patient or there has to be some sort of peer review in a hospital to determine if that incident is something that should be reported back to the patient, but I think it is something more than no-fault compensation because you do not want to just create a black box without anything where the patients feel that, yes, if it is really important, they will tell me and I will know about it.

MR. ALLEN: Jim?

DR. AuBUCHON: I was just going to comment in terms of protecting the information.

I was impressed that the FAA was willing to essentially remove from their files all of the information reported through the ASAP program leaving only as a memorial to what had happened the administrative action or I guess the corrective action.

They could then obviously use that to inspect American Airlines to say had that really been accomplished, if they were going to change a procedure, they could come in 2 months later and say was the procedure really changed.

That, I think, demonstrates the FAA's commitment to a non-punitive approach. They want to make sure that the corrective action has been taken and they have enough information to make sure that it has been taken. Beyond that, any other information that they might maintain in their files could only be used in a punitive sense which I think is an important thing not to do in this kind of system.

MR. ALLEN: Jay?

DR. EPSTEIN: I guess I would like to try to focus for a moment on the whole issue of what is punitive because there is sort of an undercurrent here of wanting to get away from what FDA now does and do something more akin to what was described under the ASAP program.

I have to say there is a big disconnect because the FDA sees itself largely as already doing the things that you are calling for us to do in the sense that when we review a report of an error or accident, our focus is on determining whether there was adequate investigation and corrective action, and if we decide that there was, by and large we do nothing.

Additionally, when we take action, for the most part, we see the actions that we take as being corrective. We, of course, also take a compliance approach to make sure that the correction is implemented, but in our own minds, we make a very sharp distinction between mandates for corrective action and punitive action.

Punitive action is really very different. It is when we would go after individuals to prosecute them or when we would try to levy civil money penalties, and that is in fact quite rare.

So I think that the question then is why are FDA-mandated corrective actions perceived as punitive when in fact they are not. They are certainly not punitive in the ordinary sense. They are not actions against individuals. They are not seeking money penalties or criminal prosecutions. They simply are not.

I think the two things that I have observed that would distinguish how the FAA is now interacting through ASAP and the way the FDA interacts with blood establishments are these. First of all, there is a sense that the mandated corrective actions are punitive precisely because they are externally mandated, and the implication is that the blood center does not feel as if it has ownership of the larger system that is being imposed.

The problem, then, is not really whether FDA is correctly performing its functions as a national system in a non-punitive manner, but the fact that the entities regulated do not feel they have buy-in. Probably, there is a sense of lack of buy-in at two levels; one, that there may not be concurrence with all of the standards, in other words, we may be enforcing outmoded or inappropriate standards, because we do not believe that. Then, secondly, that there is not a consensus approach to actions to be taken. I was very intrigued by the model of having a three-way dialogue with the employee representatives, usually unions, the airline which is the industry establishment, and the regulator which is the FDA, and the whole concept that there was agreement to a consensus approach, although we did not, I do not think, hear enough said about whether the regulator kind of had veto power or trump authority, in other words, could they decide to investigate anyway and go further and litigate, et cetera.

I suspect that as regulators, they probably do have that. It is just that they are more often than not operating in the consensus mode. I do not know if there is somebody still here who can answer that question about the airline industry.

I would just like to focus on the fact that we seem to want to change things because we are not happy with the punitive aspects of what we perceive as now going on, and yet the agency does not see itself as taking punitive action, rather imposing corrective action.

DR. SMALL: To just answer your question, my understanding of the ASAP program is that on Fridays, the event review team meets and the FAA regional administrative, the representative for the airlines and the representative for the pilots meet, and they have to agree on every incident report as far as what happened and why and what the corrective action is.

If they do not agree, then the whole program is folded. The whole ASAP program is gone on that one incident report.

MR. EPSTEIN: Meaning what? Meaning it defaults to an FAA decision?

DR. SMALL: That they close ASAP and that they do not meet again and that the program is history.

So it is a Russian roulette, if you will, and I do not know how much is internal documentation and how much I can say from my study of the system, but there has been disagreement and they have come back to the table and had to resolve. Otherwise, there is no more program. So the weight of that, on that meeting of those people, is intense, especially given the exposure and the success of the program.

MR. ALLEN: Yes, sir.

DR. WINKELSTEIN: Before I am going to be able to vote on a resolution, I guess I am more naive than the other committee members. I want to get some clarification on what we meet by no fault. It seems to me, there are two kinds of errors. I am a little nervous about this concept of no fault, or confused at least.

There are two kinds of errors. There is the error for which there really has been on fault, and then there is the medical error for which there really has been someone or some procedure that has been truly at fault.

So the issue I am asking is when we are using the word "no fault" in this discussion, are we using it to include both of those situations? Are we saying that there is a parallel system for surveillance that will have nothing to do with litigation for an individual patient? I need some clarification. I am a little uncomfortable with the concept globally of no fault.

MR. MacPHERSON: I probably know more about no fault than most anybody in this room, having lived through a lot of looks at this for both blood and other issues.

I think in general the committee could probably make a recommendation that this should be examined and looked at, but there are lots of different models, and there are lots of different ways to look at this.

The classic no fault that probably blood would want to look at is maybe something akin to the vaccine injury program, the Federal vaccine injury program. That addresses all of the issues you are talking about here in terms of confidentiality and disclosure to patients. They have already gone through this issue of the tradeoffs and that sort of thing, but, again, it is hard for the committee to examine this without really knowing what the options are. But I think a general recommendation might be in order.

DR. WINKELSTEIN: I do not think I have made myself clear. In the vaccine compensation program, the concept of no fault is very clear to me that there is a measurable, but small finite risk that no one can predict that there will be some adverse event from, let's say, live polio. That, I understand.

Are we talking about no fault in the concept of this afternoon where someone has given the wrong patient the wrong unit of blood? That is what I need to know.

MR. MacPHERSON: You are correct. That is a separate issue from a product injury issue.

DR. WINKELSTEIN: Okay, because I have learned to live with no fault as a concept when there has been on fault.

MR. MacPHERSON: That is correct, and when you start talking about no fault in terms of any kind of reportable medical injury, that is a very different level and that is much larger.

DR. WINKELSTEIN: That is why I am confused.

MR. MacPHERSON: You are correct. You are correct.

DR. WINKELSTEIN: So am I going to get clarification?

MR. ALLEN: We are working on that now. Karen, and then Mr. Battles.

MS. LIPTON: We can define "no default" any way we want. We can say that what we are recommending is even for medical errors for which there was negligence we are going to say there is a system and you need to tie it. When we say no fault, you have to tie it to a compensation piece to that says for this type of injury, this is what you get.

As far as the inquiry goes in terms of the compensation piece, if you get a wrong unit, an A-, B-, O-incompatible unit, and you suffered these amount of injuries, this is what you get out of it, and really what you are doing is a very short factual inquiry into what the injury was.

So I do think it is important when we say no fault, what we are saying for any transfusion injury, whether it is related to product or process--that means administration--that we are recommending that we go to a system that does not have a trial system where a few number of people get a lot of money, but where everybody says there are certain injuries, some of which will be avoidable, some of which will not be avoidable. But what we are saying is there is a dollar value attached.

In the vaccine and in some of the other no-fault compensation systems, sometimes you can opt out of that system and sue the party for negligence, too. I do not know how involved we want to get in that here in recommending this, what course you take.

DR. WINKELSTEIN: I understand.

MS. LIPTON: It sounds like we are not just concerned about product issues. We are concerned about administrative issues.

DR. WINKELSTEIN: Practice issues.

You have clarified it. I would suggest that the word "no fault" is giving a false impression then of this process. "No fault" means no fault, and that holds true for many of the vaccine-related problems, but I am not sure it is going to hold true for some of the issues that we are discussing today. So I am still uncomfortable with using the word "no fault" because of both personal and private reasons that might exist within the medical community, not private, but issues relative to the community, but in a larger sense issues related to society as a whole.

I would be uncomfortable saying this is a no-fault situation in every instance. So I am dealing with a semantic problem that is substantial to me.

DR. KAPLAN: To carry the semantic problem a little further, and maybe Karen can speak to this, my understanding, there is a fellow named David Marks who has talked about a just system. James Reason discusses his work. The issue is a continuum of compensation up to and including negligence. The term has a lot of unnecessary baggage.

Then an error may occur in the kinds of setting we heard about today, but from reckless behavior on, where someone is reckless or they know what they did could cause harm or they intended to cause harm, then you cross that line into punitive damage. I think that is part of what you are talking about.

Karen may talk to that because it is well established within the law, and I think that helps. If your car skids and you hit someone who is stopped at a light, there is compensation here, but no punitive action. I do not know how that translates in the no-fault context, but I think it is an important differentiator.

MR. MacPHERSON: Actually, I think I can address your question.

We are talking here about fault versus no fault-based compensation systems, not whether there was no fault or fault. You are just talking about whether the compensation system is fault-based or no fault-based.

DR. WINKELSTEIN: That helps. I am just saying from the public's perspective.

MR. MacPHERSON: Right.

DR. WINKELSTEIN: If I am confused, there is a fair chance some people other than me will be confused as well.

MR. MacPHERSON: In fact, people do not even talk about no fault anymore.

DR. WINKELSTEIN: I think we have to be very careful about the wording. That is the last I will say on it.

MR. ALLEN: Go ahead, Dr. Snyder.

DR. SNYDER: I am confused, too, because if we talk about no fault and we talk about the vaccine injury compensation program, we are talking about a federally supported program. There are no insurance companies. It was designed because the vaccine manufacturers could not get information or it cost them a fortunate.

So are we saying we are going to do this at the Federal level where it is going to come out of the public coffers versus from the insurance companies and usurp the State's powers with respect to torts? Because most of these cases are local cases in a State and they take place there, and they come under their tort system, the State's tort system.

Are we talking about no fault or fault, however you want to say it, no fault within a State, or are we talking about at the Federal level where, again, the distinction is it is coming out of the public coffers versus out of the insurance companies?

That is a distinction in my mind somebody needs to clear up for me.

MS. LIPTON: I think that is open to question. I think how you fund it does make a difference, and a Federal vaccine injury compensation program is funded by some sort of tax on the vaccine itself, but it does control over the State laws which generally do control most negligence or tort questions. That is absolutely true.

Again, I do not think this committee is going to be able to write the law as much as say this is what we think are the important elements that people who are injured get some kind of compensation. As to how that is funded, I do not think we can possibly address that here.

MR. ALLEN: Keith?

DR. HOOTS: I want to clarify one thing Jay was talking about.

What I was thinking when the word "punitive" was bandied about was really more in the context of the part, as you started out by saying, that you do not routinely surveil, that is what happens once the product leaves the transfusion service.

The part that would be most analogous at least in my mind to what happens with the airlines where a nurse walks in, it is a near miss, walks in, is about to hang the blood and then realizes, oops, I forgot to check and then the name tag is different from what is on the back.

That is a near miss, and that kind of reporting, I would hope, would be not subjected to any punitive or even potential for punitive action because that is how we are going to get the data and change this system in corrective action.

I think what the FDA does is good, and I think the way they do it is well done. I think it is trying to figure out how we can go the next step to add one more layer of safety all the way into the product, going into the patient. I just want to make that comment.

Clearly, I think what Karen said is right. We cannot rewrite the laws here. What we can do is philosophically say that we think there are parts of this that may be analogous to a vaccine situation or some other situation where society has a potential benefit from relooking at the whole issue outside conventional tort system.

MR. ALLEN: Dr. Davey?

DR. DAVEY: Yes, just a couple comments.

As far as I understand some of the discussion so far, it does seem to me that we have made a pretty clear distinction between product manufacturing which we are in pretty good shape. I think the safety record is good, and I think several people have mentioned that. We are really focussing on the transfusion side.

I think Dr. Penner mentioned this earlier. There are institutions in place already in the hospitals. The transfusion committee which is a required committee by JCAH, I believe, has a lot of responsibility already for utilization primarily, but we could perhaps look at a committee like that or the hospital QA committee to expand their reach a bit. So that, there should be a plan in place, perhaps monitored by those existing committees, looking more at safety, and the plan should involve monitoring. It should involve corrective action. It should involve some kind of way that the patient will be fed back information when it is appropriate.

Really, it is not up to us to get to the details of that plan. There might be some reporting that is required perhaps, but maybe even some voluntary reporting if it is built on a system of trust that can expand the information base.

But we just need to require that a plan be in place and use existing structures to build that plan.

DR. BATTLES: We have some problems because we use "no fault" in some other kinds of things in different ways, but in terms of event reporting, one of the things that is referred to as no fault is that you do not shoot the messenger because, if any harm comes to the person who reports the information, that information dries up because you would not have known about it otherwise. So we want to protect in some form the person who reports, and I think that comes through particularly if we are trying to get at more of the information, that is, the near miss.

I might comment about a definition. I look at a near miss if it is reportable to the FDA under regulations for that is organization. It is no longer a near miss. That is a hit. Therefore, whether there was harm to a patient is immaterial. That is a significant event as far as the organization to meet the requirements. So anything reportable to the FDA deserves serious consideration within the organization.

MR. EPSTEIN: I would like to ask Drs. Battle and Kaplan what your actual findings were. When you were studying MERS-TM in the transfusion medicine environment, real time, actual data, you pointed out to us that the report rates or the capture rates rose quite markedly, and we have heard that in other settings as well.

What I would like to know is what percent of those reports were things that were required to be reported to the regulator. In other words, how did you accomplish the feat of getting additional reporting if you were still subject to the regulatory report requirement, and how did you deal with that interface?

DR. KAPLAN: I cannot recall the percent, but I think an important point is there are lots of things that are not reportable that are precursor events.

Let's take a mislabeled sample that is trapped in our system. At what level do you want to keep testing your system? Because eventually one of those mislabeled samples is going to result in a bad outcome.

The premise to the whole idea of near miss is there are many more of these events, and many of these are not reportable because they are trapped inside the system early enough, but you do not want to keep testing that Swiss cheese model on that particular day when either the computer is down or somebody misses a cue.

So I think the idea here is to move the errors farther upstream and hopefully prevent the errors and address the issues that go on at the point of data collection or patient card-swapping. So those do not get in downstream far enough. That is one thing.

Another which we have preliminary data on that deserves a further look is if you go far enough down, the events really do not have potential for harm and they do not map the same way as things that look as though they could have potential for harm and that get through the system.

MR. EPSTEIN: If I might pursue this a little bit. I think that the added value or lack of added value of a parallel system is sort of the crux of the matter, and that what happened at the January advisory committee meeting is that there was a recommendation in favor of a voluntary, non-punitive, confidential, nationally aggregated reporting system for events not captured under FDA mandatory reporting.

What I keep trying to figure out is what are they and what is the value of learning about them. So it is important to understand whether they are of different character than the ones that are reportable or simply of different number.

I can understand that there may be antecedent events that get trapped, but they may not be of any different character than the ones that did not get trapped.

DR. KAPLAN: No. I think from your view, since you get the aggregate data--and I have seen Sharon's office--the numbers are large, but at any site in terms of local management, every event occurs within a context, and that is a very valuable database that is 10 to 100 times greater that requires assessment and evaluation at the local level.

Some of these are events that might not rise to the level of ever reportability, but if enough of them occur when we want to address them perhaps even on a national database, because there may be an awful lot of extra work being done and misfocus resources--btu I think the issue is you miss the opportunity for the local improvement of the system.

Frankly, when we talk about error reporting, it ought to be error reporting internally and analysis internally ought to be stressed a lot more than the external reporting.

DR. AuBUCHON: If I could comment on Dr. Epstein's last question and then Dr. Battles' comments.

Indeed, reporting an event to the FDA is a significant event for those individuals who are doing the reporting. It is something one remembers.

I think it is important that the system be structured so that the event reporters do not feel that their neck is headed for a noose because they have reported that event.

Our technologists in reporting an incident through the system should feel comfortable that they will not have their job jeopardized or will not be castigated for having made an error or for having discovered one. Whether or not the management has to report this to the FDA is of no concern to them, and it should not be.

By the same token, if I as a transition service director have to report something to the FDA, I would hope that the FDA would look on this report in a professional manner, which I believe that they do, and that they will not seek to in some way take any punitive action.

I do like the idea from the FAA approach that if the corrective action we report we have taken internally does not meet what they feel is appropriate that we engage in a professional dialogue and not just receive a letter saying that was an inadequate response and here is what you have to do.

MR. ALLEN: Jim, you mentioned earlier about the reporting that was done. I think you said something about it was more systemic than personnel at some point in one of your statements earlier. Do you remember that? The reporting increased three-fold?

DR. AuBUCHON: Yes.

MR. ALLEN: In your opinion, what would be the reason if the problems were systemic versus personnel? Why would there be the increase in the reporting?

DR. AuBUCHON: There was concern that reporting might focus undue scrutiny on an individual person, although staff always believed that any error is not their fault--I should not say that--they often feel it is not there fault and it is a system problem. Occasionally, it is a training problem or lack of attention to detail for them, but then there are usually mitigating circumstances in that situation. They had too many things that they were being asked to do simultaneously.

In any case, the individual staff do not like to have to take time out from what they are doing, working on patient samples, in order to report something. However, when they came to understand that we were serious about this and wanted to improve systems wherever possible and that we needed them to tell us whatever was not working correctly, they took it to heart.

We are seeing about 30, 35 incidents reported per month. Not all of them would be FDA-reportable under the proposed system from a transfusion service, but probably about half of them would be. That is not the important fact, and indeed because of our internal QA system, reporting to the FDA is going to mean probably just filling out one more form and sending it off. What we would hope is that by sending that form off, that information will be useful to someone else and not just occupy a box in a warehouse.

DR. BATTLES: Most of it is in theory, but it seems to be supported by a number of industries that if your voluntary reporting goes up, like Jim is reporting, eventually we should see drops in reportables to the FDA.

We have some evidence that some of our blood centers have reported if they drive up the number of deviation reports, that total aggregate, they drive down the total number of reports over time that go to the FDA under current regulations.

Since our regulations for hospital transfusion services--we can say we think so, but because the number of reports that Sharon has is so small, we do not know whether that is action. It shows up in the petrochemical industry. It shows up in the airline industry.

If you drive up your information locally through these near-miss benign events, you increase the awareness of staff and eventually that which is reportable to whatever the regulatory agents should go down. We have evidence from British Midlands and Exxon and some other things that would indicate that is what likely would happen.

So we would anticipate that the more vigilance there is on the non-reportables, it will have a positive impact on driving down over time the number of things that get reported to the FDA.

DR. PENNER: Then perhaps if we just provided guidelines to the floors so that incidents would pick up some of the near misses, they would then be forwarded to the transfusion committee. One could then apply some correction there at that point, and then information from them could go on to a national center in which case that would not require a complete new system to be employed. It would go through a local system that would be less of a concern with respect to at least challenging the poor person who is submitting the error report and it could be all handled internally, but yet the data would still be corrected. Is that a reasonable approach?

DR. BATTLES: Yes.

MS. LIPTON: But wouldn't you want on the transfusion committee some other disciplines besides--I mean, I would hope that you would somehow tie it into the QA system in the hospital, too, that those people would be part of the transfusion committee because otherwise you are getting just one kind of discipline's viewpoint.

DR. PENNER: No. You have a QA, and you have all of the disciplines. So it is not just a blood banker. It is the surgeon and OB-GYN, QA person.

MS. LIPTON: Yes, I am working sort of on the QA people.

DR. PENNER: Oh, yes. They are part and parcel. They have to be for the JCHO.

MS. LIPTON: Good.

DR. KAPLAN: That is going to be handled in quite a level of detail before it gets to the transfusion committee. Then the transfusion committee which is not domain-specific in terms of the area that the occurrence took place in as well as the blood bank, it is the broader representative committee with QA that has already been aboard on this. So it would not go zip out the blood bank to a transfusion report and out the door.

DR. PENNER: But what is missing are the guidelines at this point to what extent one should report the so-called near misses and investigate them. Is that right?

DR. BATTLES: Yes, I think so.

The other thing is that it is sort of an idealized way that we really have kind of from the operations level a single kind of reporting and standards. They go to different places depending on where you draw the lines, that which goes to the FDA by regulation, but it is basically the same kind of report and information. So it is a seamless system with information below whatever the line is that is drawn by the FDA for their regulatory and oversight. The other information is shareable, but it is a seamless system.

Ideally, transfusion would lead the way for the rest of the hospital, and so, with slight variations, we show the hospital--and it is true at my own institution--where they look at what has been done with the MERS system.

MERS is their model for the entire hospital, and that is what they are planning to do.

MR. ALLEN: I just had a couple of things I wanted to ask, and pardon my ignorance here. Art mentioned earlier about a safety officer. I am curious. Once blood is received by the hospital, who is essentially responsible for that safety storage of that blood. Would that be the blood bank director and his staff? So they essentially are the safety officers as well for that product?

MS. LIPTON: I think he was using the term "safety officer" a little bit differently, sort of like this super numerary in the hospital, soret of like the czar, a blood czar. So I think that is a little bit different, but when it comes into the hospital, it goes into the blood bank and the blood bank is responsible for receiving it, holding it there, issuing it to the right patient and storage.

Where it sometimes breaks down is when it gets outside the blood bank onto the floor in the surgical suite, and it is less clear who is always in charge of it then.

MR. ALLEN: Jay, I actually had a question. If HHS goes ahead with any form of mandatory reporting, what kind of assistance, if any, do you think institutions could anticipate from HHS?

MR. EPSTEIN: That is really not a question for me. Perhaps Steve would like to comment.

MR. ALLEN: Okay. Steve?

DR. NIGHTINGALE: Steve is trying to preempt the need to answer that question. That is why we are meeting here today.

[Laughter.]

DR. NIGHTINGALE: Since I got a laugh rather than a shudder, I believe that some of the many proposals that are on the congressional table, the various administrative tables and in the non-governmental agency, such as those at the institute of medicine are highly likely to be enacted in this election year.

I think the Grassley proposal, for example, that was introduced about 20 days ago has a number of powerful people attached to it.

The real purpose of the meeting here is to identify whether or not there are specific concerns of the community that is concerned with blood safety that that community would like to issues a preemptive statement on.

It is not necessary that we do so, but if we do not, it is quite likely that others will. I sense a feeling that this is all going to work out okay, not one that I share, but it could.

I think that what we are faced with is really the question, can we now separate the question of confidentiality, which I think is at the core of the discussions here, from the question of liability, and Judge Krever raised that question. It has hung over the rest of these deliberations.

I think that when I use the word "hung over," when we looked, we said, oh, my God, we were going to deal with that one in January of 2001 and here it is staring us in the face.

We may need additional time to deal with the issue of confidentiality if we conclude that it is inextricably tied with compensation. If that were to be the endpoint of our deliberations today, I would say we have gone a long way.

I do not know if that is the endpoint of the deliberations or not.

DR. GUERRA: I may be a naive pediatrician from South Texas and one who does public health, but I hear about issues related to blood banks and all sorts of capacity and what have you.

I guess my concern is there are a lot of places around the country, some that I have visited within my own State for one reason or another where there are not blood banks, where the blood is delivered to take care of a crisis situation quite often without the opportunity to go through all the different layers of assurance and where the committees are almost nonexistent, where there is overlap from one committee to another just because there are not that many people that can serve on these.

Many of the hospitals in rural communities probably have never heard of transfusion committees, for one thing, and even if they have committees in place, the participation and attendance is suboptimal just in terms of input and participation, decision-making. That quite often is just the chairperson of the committee and maybe a staff person, secretarial staff that are conducting the business.

I think as we look at these very complex issues, we need to really develop some recommendations that take into account what is truly an unevent playing field in terms of how all of these things are implemented.

MR. ALLEN: Dana?

DR. KUHN: I am not sure of where we are in this whole process, if we are even at a point of a recommendation, but I would be willing to throw one out there to at least get going in the direction that we might want to go in, and also that it would not encompass everything, but it at least would be a start. I would be willing to do that if it is acceptable.

I would like to start. Please forgive me if I do not have all of my words right. We can wordsmith it later. I was just thinking that the recommendation we could offer would be that a standardized reporting system--

[Pause.]

MR. ALLEN: Technology is catching up with us.

CAPTAIN McMURTRY: Let me say that this is only going to improve my penmanship, not my spelling.

DR. KUHN: Mine is not any better.

[Pause.]

DR. KUHN: The recommendation would be that a standardized reporting system--

CAPTAIN McMURTRY: I told you, this is only penmanship, not spelling.

MS. LIPTON: Are you feeling under a lot of pressure?

[Laughter.]

DR. KUHN: --be established and implemented for blood establishment/institutions which would incorporate the elements of voluntary disclosure--and you can put this one in quotes because I think it is a legal term--"assurance of confidentiality," data collection, surveillance, quality assurance, protection from discovery, reportable corrective measures, and accountability to the regulatory agency.

I think that is a good generalization of where you could start.

Keith asked me if I would put something in about compensation. Yes. That is another element. I did not get to that part. I think that a compensation mechanism should be in there because that is the tradeoff for the patient. Still wordsmithing. Maybe, Keith, you can help me with that. Then what would constitute a patient being informed--I really believe the definition probably should be "harm" and what does "harm" quantify.

DR. DAVEY: Dana, by "standardized," do you mean uniform? Do you mean kind of a uniform system across the board, a very standardized cooker-cutter, hospital to hospital?

DR. KUHN: Something that all can encompass or embrace.

DR. SECUNDY: Established by whom?

DR. KUHN: The Secretary.

DR. SECUNDY: In the Department of HHS?

DR. KUHN: The Department of HHS.

DR. SECUNDY: In FDA? I always suggest we get very specific. Do you want it in FDA or someplace else in HHS, a separate office or what?

DR. KUHN: I think a generalized recommendation to the Secretary of HHS to figure out how to establish this and implement it.

[Pause.]

MS. LIPTON: Yes. What about "voluntary reporting" instead of "voluntary disclosure"?

DR. NIGHTINGALE: Mac, "voluntary reporting" instead of "voluntary disclosure."

CAPTAIN McMURTRY: Okay.

DR. NIGHTINGALE: Karen, do you need the "assurances of confidentiality" in quote?

MS. LIPTON: Is Dick here?

DR. NIGHTINGALE: Dick Reisberg? No, he had to leave.

MS. LIPTON: I am just concerned that that is a research protocol term and not a -- as far as I am aware, it is a term that is strictly used by Federal agencies, CDC, the National Institutes of Health. It is a mechanism that they have the ability to utilize. So why don't we just say protections from disclosure. Then we don't have to call it assurances of confidentiality. Protection of disclosure of information.

One way to phrase it that might make this easier would be: a standardized reporting system be established and implemented for blood establishments and institutions that incorporates the following items, colon. Then, if you start listing, you can describe them a little better.

DR. WINKELSTEIN: But it does not say what we are reporting.

MS. LIPTON: We could say "voluntary reporting of."

DR. WINKELSTEIN: No, no. You still need the area. Is this miscarriages?

DR. NIGHTINGALE: We will be getting there, going a line at a time here. In fact, this, I believe, though I am right in the middle of the process right now, will prove to be very helpful to the administration in trying to forward--I hate to use the hacking phrase, but the will of the people because that is what we are trying to figure out right now.

Let's take a second until the word processor has caught up with the conversation, and I think it will move faster in the long run.

CAPTAIN McMURTRY: This is spelling by the committee back there.

DR. NIGHTINGALE: "Surveillance" gets an "e."

MS. LIPTON: Don't you have spell-check on that thing?

CAPTAIN McMURTRY: Yes, but I cannot see it. I'm sorry.

DR. NIGHTINGALE: Dr. McCurdy has his hand up, and after that Dr. Chamberland.

DR. McCURDY: I just want to make one or two comments about the certificate of confidentiality. That refers to a legislation passed by Congress a number of years ago. It is for research projects only. It can be used for such things as you were talking because there is a research aspect to it.

It has never been tested in court as to whether it is available or not, but it is available to any investigator in the country whether they are federally supported or not.

DR. NIGHTINGALE: In that case, Paul, would assurances of confidentiality then be a subset of protection from discovery and, therefore, superfluous?

DR. McCURDY: Yes, I think it probably would. A certificate of confidentiality probably would not pertain here at least over the long term. Over the short term, perhaps.

DR. NIGHTINGALE: Captain Snyder?

DR. SNYDER: I was just going to say that that is a whole different ball of wax, and what you really want is protection of peer review activities, nondiscoverability of medical quality assurance records. It is nondiscoverability.

DR. NIGHTINGALE: Then perhaps you would like to add "protection of discovery."

DR. SNYDER: It is "protection of discovery"--

DR. NIGHTINGALE: "Of the peer-review process"?

DR. SNYDER: "Of medical quality assurance activities."

DR. NIGHTINGALE: "Protection of discovery of medical quality assurance processes"?

DR. SNYDER: "Activities."

DR. NIGHTINGALE: "Protection of discovery"--

DR. SNYDER: "Protection from discovery."

DR. NIGHTINGALE: "For medical quality assurance activities." You might just take out the "medical." Just "quality assurance activities."

DR. SNYDER: The "medical" is the context it is used in.

DR. NIGHTINGALE: Okay, I'm sorry.

MS. LIPTON: But that does not make sense right there, "protection from discovery for medical quality assurance."

DR. NIGHTINGALE: It is "protection from discovery."

MS. LIPTON: You want to protect it from disclosure to any unauthorized person and disclosure pursuant to a legal action, right?

DR. SNYDER: That is discovery, right?

DR. NIGHTINGALE: You are the lawyer, Karen. Could you direct us on how to write this right?

MS. LIPTON: I just want to make sure I understand what you want to capture.

DR. SNYDER: What I am saying is that the issue, my understanding of it, in a tort claim is the discoverability of documents that are from peer-review activities.

MS. LIPTON: Why don't we say "confidentiality protections, including protection from discovery and legal proceedings." Does that do it?

DR. SNYDER: That works for me.

DR. NIGHTINGALE: That works for him.

Would you type that up and then we are going to move to this side of the table.

MS. LIPTON: Now you want me to say that again, don't you?

CAPTAIN McMURTRY: Yes, I do.

MS. LIPTON: "Confidentiality protection." I think you want to delegate "assurances of confidentiality."

"Confidentiality protection, including protection from discovery in legal proceedings." Now the question is how far do you want that legal discovery protection to--I mean, I think this is a question for the group. Is this tort liability we are talking about? Is it criminal liability? Would you not want this disclosed in a criminal case?

DR. NIGHTINGALE: Your microphone is on, Ms. Lipton.

MS. LIPTON: I think we need the consensus of the committee. I think if it is a criminal proceeding, I do not know that you would want this to be non-discloseable.

DR. SNYDER: I would look at it in the context of what every State and territory has, and that is medical quality assurance records are non-discoverable as long as there is no evidence of a fraudulent use of the records. Does that make sense?

DR. NIGHTINGALE: Can you give us the words?

MS. LIPTON: Yes. Fraudulent behavior is one form of criminal activity. I guess my question is when we get into some things that are--what if it is intentional? What if you have an intentional error? Someone went out and did something intentionally. Would you really want to protect these from disclosure and that type of criminal proceeding? We can figure out how to wordsmith the language.

DR. NIGHTINGALE: Karen, maybe the word would be "inadvertent," "protection of inadvertent," or not close enough? Okay.

MS. LIPTON: You can say "civil proceedings" as opposed to "criminal proceedings," and "legal civil proceedings" or "civil legal proceedings."

DR. SNYDER: I think what we are trying to do is not protect the individual--

DR. NIGHTINGALE: We are trying to do what FAA has already done.

DR. SNYDER: We are not trying to protect them from the act they committed, but it is from the quality assurance activities around that. I do not know legally how you make that distinction.

MS. LIPTON: The question is if it comes into your system and this is the only way it is known. What we heard from the airlines is that those type of events get bumped out of their system immediately. They do not allow them into their system.

Am I wrong about this?

DR. KAPLAN: No, you are right.

DR. SNYDER: Wouldn't that automatically be reportable to the FDA which would take it out of the system? We have not built that in.

MS. LIPTON: I don't know. Is that true, Jay or Sharon?

MS. O'CALLAGHAN: No, not necessarily because if you are talking about transfusion practice errors, then those are not reportable to FDA to begin with.

So, if there was an intentional deviation from procedure that caused the transfusion of an incorrect unit to a patient by a nursing staff, that would not be reportable to FDA. So that would not be kicked back to us.

MS. LIPTON: I do not think you would want protection for that type of activity.

MS. O'CALLAGHAN: And you would not want protection from that, I do not think, but if you are going to kick it out of one system, you have to have another one to put it into because it would not be us.

DR. SNYDER: That is the problem. When we start talking about discovery--and you are correct--if we give a blanket nondiscoverability, then nobody is ever going to know unless inadvertently somebody in that hospital mentions it, and then it is not going to take them anywhere because they cannot get the records to know what happened, not even from the local facility because they are covered by nondiscoverability on the local level. So I do not know how you handle that.

DR. KAPLAN: Both the Australian system, which is now nationwide, and the aviation systems specifically exclude those things which are considered to be potentially criminal.

It is not so much that you violated a rule because, in the context of what you did, you may have had good reason to think that was a thing to do. It is whether you intended harm, you were reckless.

We do not have to parse that if we just make the point "civil legal proceedings."

MS. LIPTON: Or you could just say "legal proceedings," and then you could put "excluding reckless, intentional," or something else.

DR. NIGHTINGALE: Yes.

MS. LIPTON: That is an easier way to do it because you do not care what context it comes up in. You just do not want this database or this system to protect that type of activity from the light of day.

DR. NIGHTINGALE: Or "reckless or intentional acts."

MS. LIPTON: There you go.

DR. NIGHTINGALE: Here we go. We are heading for the first semicolon.

"Intentionally harmful"?

Do you have something to type, Mac?

DR. PILIAVIN: Can't we leave the legal stuff until later, until somebody who knows legal stuff?

DR. NIGHTINGALE: Actually, she is sitting shortly to your right.

MS. LIPTON: I am trying to get a sense of what people want before I put words up. I can put all the words in the world up, but if you do not agree with what I am saying, then you do not know what it means. That is what I am trying to ask the committee.

DR. NIGHTINGALE: Yes. This is the hardest part of the committee. It is certainly the hardest part of trying to manage as opposed to direct committee.

What we really need is what consensus exists among this group, and that consensus is forming even as we speak at 4:30 in the afternoon, and I am sorry it is 4:30 in the afternoon, but you hear to inform the committee before you can get an informed response, and that is where we are right now.

Dr. Chamberland has been patiently waiting for a while.

DR. CHAMBERLAND: Actually, I think it is just an organizational comment, and I think Jay is going to amplify this.

I think we need to go back to about an hour and a half ago, the comments that Jay and Jim made to sort of get us into this discussion. I think their comments were complementary.

I think Jay really made a very important point that perhaps in our previous set of recommendations, we did not differentiate or the need to differentiate between systems that are applicable to blood collection establishments and then transfusion services because there already is a system in place.

There may be differences of opinion as to whether it is adequate, can be tweaked. There should be other things that are reported to it that are not currently or whatever.

I thought Jim's diagram and presentation kind of went to fill what Jay calls "the gap" that currently is not really being addressed.

Besides wordsmithing, I think the first thing we have to do is indicate what this system that we are talking about is--where this should be directed, and I think that is where Jay wants to take us.

MR. EPSTEIN: Thanks, Steve.

Looking back on the first question of the committee in January, I think we already talked about the blood establishment, and that what we really need to do today is to talk about medical error in the hospital environment.

So I would like to propose a wording change, but let me first read what we already recommended in January or that the voting members recommended in January.

"The experience of aviation and other industries supports the use in all blood establishments (i.e., both blood and plasma collection centers and facilities that provide transfusion services) of a confidential non-punitive system for the management of errors and accidents not subject to regulatory requirements.

So I think we have already made a statement that captures the world of blood banking, collection, processing, storage, and release.

I think that to capture the scope of the hospital environment, we need to start this recommendation with a statement such as to address medical errors affecting transfusion safety, hospitals should implement and maintain error investigation and reporting systems which would incorporate the elements, et cetera. So I am suggesting a change in scope.

DR. SNYDER: A quick question, Jay. If you say hospitals, then you are going to keep it at the local level, or are you going to have something that has a national database?

MR. EPSTEIN: I see that as the surveillance and reporting part because data collection--it is buried in there to whom, and I think we need to wordsmith the later words.

We can fix it by saying report to a national entity.

MS. LIPTON: But I think your standardized reporting system, you have to capture, and if you just say "hospital should establish," we are going to get 3,300 different systems. I thought we were talking about standardized reporting.

DR. SECUNDY: Are hospitals the only place that transfusions occur, Jay? Are you going to include any other places? Are any places being left out by referring to "only hospitals"?

MR. EPSTEIN: I think that is a good point. We do not want to leave them out, but I think the distinction I am trying to create here is that at the last meeting, we already decided what was needed for the collection center and transfusion service. What we are really trying to address here is the medical environment where transfusions occur.

MR. ALLEN: Jim?

DR. AuBUCHON: If I could provide a brief interlude while Mac is typing, I support the concept of no-fault protection for transfusion recipients, but I am not sure it necessarily needs to be tied into what we are doing today. It would be nice if we could kill two birds with one stone, but I am not sure we need to because for those incidents of error that result in harm to the patient, the patient will know that they have been harmed, obviously.

I would contend that any significant harm to the patient will result in a subsequent medical event which someone, or someone's lawyer, will point out could be due to some incorrect activity.

DR. SNYDER: I do not think so.

MS. LIPTON: I thought what we were talking about was creating something where we would somehow have guidelines or decision-making about when you tell a patient and not wait for the lawyer to come and tell you.

DR. AuBUCHON: If I can just finish what I am suggesting here. Apparently, I do not have unanimous opinion around the table.

If a patient, for example, receives an incorrect unit and suffers morbidity from that, they will not need to have access to data in this system in order to determine that that happened or to investigate why it happened. That will be handled by a separate discovery process.

I like the distinction that has been made about confidentiality protection for quality assurance activities, and I think that is adequate and appropriate.

DR. SNYDER: My point is that there is a big distinction. Those medical records are discoverable. There is no 15 ways about it. So I think, Jim, you and I are on the same wavelength there.

It is the quality assurance activities which this would fall under. My question to you and to Jay is, yes, the FDA has a reporting system, but would it be of value to the blood banking industry to have the data that the FDA has go into here and be aggregated so that you see trends within your own industry? Would that be of any value?

DR. AuBUCHON: Oh, absolutely. My only complaint about the current system or the likely extension of the current system to transfusion services is that the trending and data analysis are not as complete as I would like to see, and in the past, the FDA has ceased its purview at the door to the laboratory, and I think this process needs to have a complete overview of the entire transfusion process.

DR. SNYDER: The reason I am asking that, with all due respect, Jay, that would go against what you just said because, if we took data from everybody, which includes the blood industry, then you would have a complete database that covers every phase. That information that is something that is going on in his blood bank, there could be a sentinel system. Does that make sense?

DR. AuBUCHON: Yes.

DR. SNYDER: Is that of value?

DR. AuBUCHON: Absolutely, because the near misses that we might have missed might have been detected somewhere else, and knowledge of problems in other institutions will alate us.

DR. SNYDER: So that argues in my mind to having a universal system within the blood industry, period.

DR. AuBUCHON: I concur.

MR. ALLEN: Dr. Penner?

DR. PENNER: I have just a question. If I am recalling correctly, a litigant has to prove that damage has been done, and therefore, near misses really would not be something that one would be able to litigate. So, therefore, if the information appears, it will be of no consequence if we are talking about tort into the legal aspect.

MS. LIPTON: Sometimes they use it, though, to prove sort of that the institution was negligent because it knew certain things existed. So it is not that you are usually litigating over the near miss. You are using evidence of a different near miss to support your claim that the hospital was negligent in a case where there was harm.

DR. SMALL: I just wanted to make one point. We reviewed 30 nonmedical reporting systems, and it is interesting that we were unable to find a single instance where the databank was breached in support of a claim such as that.

We expected to find more instances, but there are facts and there are perceptions, and I think among clinicians and providers, there is the perception that nothing is safe, but the reality is it is actually much safer, for that that is worth.

MS. LIPTON: My only experience has been, for example, at the AABB, every time there is a case, we have an accreditation program and people do subpoena our records and we are constantly involved in trying to bring them under the peer review. So far, we have won every one, but you really have to be diligent about--

DR. SMALL: This is my point. So far, you have won every one which is interesting. The ASAP program has had two challenges.

There was a challenge in New York State recently where a practitioner's privileges were revoked, and then he had the peer-review material opened up to say, "I was unfairly treated. There are other people in the Department who practice just as I do." But indeed, that was not a fishing expedition. No one benefitted from that. No plaintiffs' attorneys were able to get any data. It was used to answer that one specific question.

The Carr case in Massachusetts that was settled last year has become a very celebrated case, and that the judge demanded to see the peer-review data in camera or in his chambers to determine if it was acceptable to be reviewed. The hospital refused to release it to him. He held them in contempt.

He went to the Supreme Court in Massachusetts where they found in favor of the hospital.

MS. LIPTON: But I think putting the language in is not bad because all it says is that somebody ought to review it and make sure that adequate protections exist.

DR. SMALL: I agree.

MS. LIPTON: We would not assume, but if this is a directive to the Secretary of HHS, then presumably that legal department will take it upon themselves to look at these issues.

Again, I do not think we are all expert here. I think what we are trying to do is to say these are very important issues, but that is also why I thought this should be directed more to setting up a system rather than just saying a hospital should have.

To your point, Jay, I understand the distinction between product and process, but if you sent the original statement over, HHS could decide we have the product side covered, so now let's focus on the other side.

I think to the extent that we are sending this off to the Secretary saying we want you to fix this, we are not telling you exactly how.

DR. NIGHTINGALE: That is okay. I think if you substituted "health care organizations" for "hospitals," you might address the problem.

Jay, would that be acceptable to you? Is that an identification?

MR. EPSTEIN: I think it addresses the earlier point.

DR. SECUNDY: It is institutions where every transfusion occurs, right?

MR. EPSTEIN: But it does not really address Karen's point.

MS. LIPTON: I mean, my issue is I thought we were doing two things. I thought we were trying to get to a standardized reporting system which is now absent from there. Am I wrong? I do not see it in there.

The other thing is I think what we are doing is saying the instruction is to the Secretary of HHS to make sure the system is in place, not just directing the hospitals to do this.

The Secretary should be responsible for making sure whatever system that is there works.

DR. NIGHTINGALE: Then, what I would ask, if it is a substitution of "health care organizations" for "hospitals" as appropriate, then would you take the floor and wordsmith it as you wish? We thought we would ask everyone around the table, even if we were starting in reverse, alphabetical order, to have one last crack at the wordsmithing, then ask for a second and call for a vote. Is everybody in agreement that that is an appropriate practice? Hearing no objections--

MR. ALLEN: Would it help to put "maintain a standardized error investigation and reporting system," something along that line"?

MS. LIPTON: Yes, or there should be a standardized--to address there should be a standardized--I cannot remember the other language we had, a standardized reporting system.

MR. EPSTEIN: Could I suggest that the place to fix that is standardized national data collection? I just thought that was in the data collection piece. If we want the word "standardized" back and we want "national" back, I think the place it belongs is under "data collection." It would be "standardized national data collection."

MS. LIPTON: But you could have a separate system. You could have "data collection" separate.

DR. KAPLAN: I think it needs "standard error investigation reporting system" at the origin.

MS. LIPTON: Yes.

DR. KAPLAN: Otherwise, you are going to have different systems reporting into the center.

MR. EPSTEIN: Then just add the word "standardized," "standardized error investigation reporting systems." At the top, "to address medical errors affecting transfusion safety."

CAPTAIN McMURTRY: We are trying to get this to the end.

MS. LIPTON: If you use a colon and "1," "2," "3," we do not run into these problems of modifying things we do not want to modify. I learned that in English.

DR. CHAMBERLAND: I guess I just want a clarification. Is this what the committee is asking for, "a national system of surveillance and reporting that contains certain elements"?

DR. NIGHTINGALE: Yes.

DR. CHAMBERLAND: My biased background, that is the word that comes out of my mouth, but a better word would be fine.

DR. DAVEY: If I could make a comment on that. I thought that we earlier were really focussing quite strongly on local autonomy and hospitals being able to develop their own plan based on their own particular set of issues. This to me seems a little bit draconian in terms of a national standardized data recording system.

I believe, Jeanne, if I remember correctly, you were an advocate for hospitals doing their own thing on this, and I think others were, too. So I have a little concern about the strength of this recommendation personally.

MS. LIPTON: I am just saying that it is a standardized reporting mechanism; that we all have the same terminology. I do not care if you send it to your QA committee, your peer review transmission committee. I am just trying to say that we all need to understand what data we are collecting and what events we are reporting. If you leave everybody to decide that on their own, we just might as well go home now because it is not going to happen.

Where I would like to see standardization is what are we trying to collect, and then there will be standardization through FDA reporting because that will be standardized, but I would like to see the FDA system tie into all the other systems so we are not doing five different exercises. We should all agree on one thing we are using.

DR. HAAS: Larry, I guess I am getting really nervous in the sense of drafting by committee is always incredibly dangerous. This is a very important document. We are working to tyr to get a sense of what the committee wants, but I would be really reluctant in the next 15, 20, 30 minutes to vote on this thing for exactly the type of dialogue that is going on now.

I think the idea of having a standardized reporting system is essential, but I also agree we do not want to just clamp it down on the system and say you do it this way. I think there is a lot of discussion on how you get that standardized process.

I think once we can get to the sense of some sort of agreement among the group, then someone should play with this tonight and we come back and look at it tomorrow.

I will not vote. I will abstain if we have to vote today.

DR. PENNER: Larry, maybe we need to just break it down into pieces that people can agree are covering a topic. There are several that can be broken out instead of all in one piece.

DR. SNYDER: Can I make a suggestion? Could somebody take this tonight? Instead of having it run on like this, start with a semicolon, it looks like someplace in there, and then have "1," "2," "3," "4," and "5," and let us see it in the morning when everybody is fresh?

DR. NIGHTINGALE: I would be delighted to do that. The one thing that I would ask the committee would be to put in the additional effort so that everybody feels that their contributions have been put in tonight.

I think we will have a much more productive morning than we would otherwise have had. The agenda for tomorrow is not overly long. I do want to give Dr. Emmanuel adequate time. I want to give the public adequate time to comment on the HCFA rule and other rules, but I think that the comment on the HCFA rule could be completed in an hour. I think Dr. Emmanuel's could be completed within an hour. I think Dr. McCurdy's report could probably be within 10 minutes, and the report of plasma could be within 10 minutes. My report on the committee's past accomplishments--well, that will take an hour, of course, but I think we can get you all on your plane tomorrow afternoon and do right by this.

I very much appreciate the efforts that are being put in, but do not stop quite yet. I think you are close, but you are not quite there yet. If I have got to smith this baby tonight, I want to make sure I have got all your thoughts here.

DR. SNYDER: What I am saying is I agree with you. We should not vote today.

DR. NIGHTINGALE: I am delighted to accept the will of the committee on that. Just give me your best shot this afternoon so I can give you my best shot tonight.

MR. ALLEN: Okay. Why don't we start with Jim and just go around the table. Any additions or deletions you would like to make?

DR. AuBUCHON: Well, I have a couple of different issues. One, I agree with Dr. Davey entirely that the heart of the success of a system like this is going to be within the hospital, not the national reporting system. The national reporting system is very important, but each hospital needs to have its own quality assurance system to investigate and come up with appropriate corrective actions for these incidents. I do not know where to put that in the wording, Steve, but you can work on that and I will try tonight as well.

The other is the last phrase, "accountability to the regulatory agency." I am thinking that possibly the verbiage, to my mind, might go better if it is "accountability for adherence to regulatory requirements," because my focus in the diagram I showed noted that the reporting to the FDA was primarily for violations, that is, non-adherence to regulatory requirements, and for issues beyond the institution, in other words, things that the institution could not handle by itself, either to be reported to someone else through the FDA.

CAPTAIN McMURTRY: To regulatory?

DR. AuBUCHON: For adherence to regulatory requirements, but if the group does not want to accept that yet, that is fine because I, too, have to give some additional thought to this.

DR. NIGHTINGALE: Are there any objections to that change? I would be surprised if there were, and I do not see any.

MR. EPSTEIN: Just one comment. Jim, what was disturbing me earlier on your diagram, you actually were implying a change in what is reportable to the regulator because what is reportable now are any product deviations affecting safety, purity, and potency. It is not strictly linked to whether they are violations. They do not have to be violations because our mandate does go to product. The way you crafted it would create a difference.

So, for example, an information report affecting product safety is not actually a violation. We consider those accidents. They are not violative, but they affect or potentially affect product safety, purity, and potency. Therefore, they are actionable. So I am not sure we have quite stratified it so that we are closing a gap. We are also changing the system.

DR. AuBUCHON: I understand that. I do not mean any disrespect to the FDA, but the example that you brought up is exactly the kind of situation that I really do not think institutions need to spend their time reporting or the FDA spend their time dealing with.

When a donor calls up to report 3 days after donation that they now have a cold and the blood center decides that they need to withdraw that unit from the hospital, it really is not worth someone's effort here in Washington to even log that in.

MR. EPSTEIN: It is a doubly bad example because that would not be recordable.

DR. AuBUCHON: There are similar circumstances where almost trivial things get reported.

MR. EPSTEIN: Obviously, this is a gray area, but what is supposed to go on, our 1993 memo, there is supposed to be a judgment made whether had the information been known at time of donation, it would have precluded donation and/or would otherwise affect safety, potency of the product.

It was never FDA's intention that any and all incidents are reportable, only the significant ones, and obviously there is a gray area because there are issues of judgment.

DR. AuBUCHON: I understand, although I know that it is after 5 o'clock, but my all-time favorite is the unit that we received a withdrawal notice on because the donor reported at a later donation that she had stuck her finger during a quilting bee, had a needle-stick injury during a quilting bee.

MR. ALLEN: Dana?

DR. KUHN: I think the intent of the recommendation on that phrase was just to try to keep the FDA in the loop of this recommendation, and if we are developing this system to reporting. That is where I look to Jay to see whether this still allows the FDA to be able to exercise their authority and their mandates by HHS or the Federal Government to do. That is what I am trying to keep in here, and I am wondering if this is still doing that.

MR. EPSTEIN: I do not have a problem with the current language. I just wanted to point out that it might be meaning different things to different people based on earlier discussion.

DR. NIGHTINGALE: Have your concerns been allayed by the discussion?

MR. EPSTEIN: Well, no, but I am okay with this language.

[Laughter.]

DR. NIGHTINGALE: Okay, perhaps later.

MR. ALLEN: Paul?

DR. HAAS: I think on a lot of this same tone, we had a lot of discussion about the word "standardized," what Jay is talking about. I think as we get this thing set out in a bullet-type form, then maybe what we need is a glossary of definition and what we mean by the terms, and even that is going to create a lot of problems, but if we just leave language up there which we ourselves around this room are saying, "Well, I see it this way, you see it that way," well, of course, when it gets out of this committee, it is going to be seen in many more ways.

So I think that there are some very important words up there that are going to need further clarification, but I do not think in the body of recommendation it hsa got to be separated from it.

MR. ALLEN: Dr. Penner?

DR. PENNER: Maybe for the benefit of Steve, I would break this down into four parts. One is error reporting system, standardized forms, and voluntary. That is number one.

DR. NIGHTINGALE: Again.

DR. PENNER: Okay. A voluntary error reporting system using standardized forms.

Number two, protected for confidentiality and excluding reckless acts.

Number three, it contains corrective measures.

DR. NIGHTINGALE: Okay.

DR. PENNER: And number four, accessible for national data collection, but accountable for regulatory requirements.

DR. NIGHTINGALE: That helps me greatly because certainly the words that had stuck in my craw and by extension the Secretary's craw in the letter she signed yesterday was exclusion of a large body of potentially useful data from the process of investigation, and this current resolution addresses that concern to my satisfaction. So your clarification was helpful to me, and I believe that clarification--

DR. PENNER: And you have to work on each part, I think, and wordsmith it as opposed to the run on--

DR. NIGHTINGALE: Actually, both will be helpful.

MS. LIPTON: My only question is with the standardized reporting, what we have done is set for the voluntary system, and do we want to encourage that to also be used in the nomenclature, wouldn't it be nice to standardize? I think the FDA is trying to look at this system so that the nomenclature and what we report and how we analyze would be the same, go through one process that at the end spits out reportable to FDA, voluntary--that is what I was trying to get at.

DR. NIGHTINGALE: Yes. And I would like to try to address the issues that Dr. Davey has brought up which is clearly that we recognize the need for any such program to be grounded in local action taken in response to local issues.

The concern of society is that experience gained at the local level be made available nationally in a way that would parallel the efforts of the Federal aviation industry to disseminate parallel information across its industry. That is why I have a concern about the concern that you raised.

MR. ALLEN: Dr. McCurdy?

DR. McCURDY: I agree that it needs to be grounded locally, but let's not go to the point where we consider every institution to be different because every institution should not be different.

There are size differences. There are a number of differences, but within those broad categories, they should have many, many similarities, and a national database will help you detect the problems and help get innovative fixes where you may not be able to do that at the local level.

DR. NIGHTINGALE: Dr. McCurdy expressed what I wished to say far better than I had.

MR. ALLEN: Jim has spoke. Dr. Busch?

DR. BUSCH: I think all of this is wonderful.

As someone who actually trained in residency in a hospital setting when transfusion committees came up in the early '80s and it was a big deal and I remember as a resident being responsible for compiling all of this data and the committee was very proactive at that time, then in blood centers my career involved the impact of QA and massive expansion in program.

My understanding now is that most transfusion services even in big institutions are not anything like as active as they were when I was in training. They are lucky if they can get two or three people to attend these transfusion service meetings.

So my concern about all this is I do not think people have any balance here with respect to the resources that it takes. In a blood center of 100,000 unit collection, which is a modest-sized blood center, there are five or six full-time quality assurance-type employees to keep this system, to dissect these nuances of reporting, to investigate and try to be quite proactive, which I think in blood center environments it is a very proactive, corrective action-oriented program, but it takes an enormous amount of resources.

I think this is a very long-term objective that needs to be in the long run integrated with an overall program in hospitals in a much broader context. I think this is wonderful, but I think we have to recognize that an expectation that even large hospitals or hospital systems can implement a program like this without substantial resources is fallacious.

MR. ALLEN: Mary?

DR. CHAMBERLAND: Just to quickly pick up on what Mike said and then just a couple comments here, I guess in my mind--and I do not know if this is the expectation of the committee at all, but I am sort of thinking of the ultimate translation or implementation of these recommendations would be done in a way that historically we do a lot of these things of this nature from a national perspective, which is you develop, devise standardized protocols, definitions, and you pilot them.

We do not implement at all X-thousands of hospitals, but we provide resources to a small pilot group of hospitals to test this out, to see how it works, make modifications, et cetera.

So, at least from a practicality of implementation, that is what my expectation is, and I do not know if that is what the committee is expecting because I do not think there will be resources or really even the ability to do this on a grand scale.

I mean, the NNIS system started more than 20 years ago. It started with 20 hospitals, and it has taken that time to get up to 200, admittedly a system done with very little, if any, resources.

My specific comments about where we are going with the recommendations is, one, I see the first recommendation as being one that sort of addresses hospitals or transfusion services. I guess I would just urge there would be some maybe up-front modification of that to I think get to what people want which is something along the lines of consideration should be given to the establishment of a national voluntary confidential hospital-based reporting system to monitor transfusion-related errors and to guide the implementation of corrective actions, critical elements of this system should include or can include.

So I would put the national system more up front because I agree, when you read it now, it sounds like hospitals kind of do this independently and not under sort of a more national umbrella.

I think there might be a need for a separate second recommendation to address some of the comments that Jim and others have made about what happens in the hospital, that there is a national system, but there needs to be some specific language about what the committee feels should be happening in terms of hospitals' review of data, quality assurance, whatever. I think it gets too cumbersome to try to do it in all one big thing.

Then, thirdly, if people think that there is a need, should there be a recommendation or commentary that addresses what currently is going on vis-a-vis blood collection establishments under the current FDA regulatory system, is that adequate, are you happy with that, should it be amplified, should there be changes made, et cetera. So that is kind of an outline of at least how I am seeing recommendations perhaps flow.

MR. ALLEN: Dr. Davey?

DR. DAVEY: IiI do not have a lot to add. I certainly acknowledge the comments of Mike, Jim, and Mary, which I think were very cogent and to the point.

I guess my only little bit of sniffing would be to maybe focus a little bit on my thinking of local input here, perhaps to say something that hospitals should develop, implement, and maintain a plan that includes standardized error investigation or reporting systems, elements of voluntary reporting, blah, blah, blah.

So it focuses on hospitals developing a plan, and that they do it, and that part of that plan will be standardized reporting. Part of it will be elements of voluntary reporting and the other items that are there. So it takes a little bit away from the national and puts it to a hospital plan, even though it includes elements of standardized reporting.

MR. ALLEN: Jay?

MR. EPSTEIN: I like what Mary Chamberland proposed. I would actually like to see it written out.

DR. NIGHTINGALE: So would I.

MR. EPSTEIN: Generally, though, I think we ought to substitute something along the lines of "health care-providing organization" for "hospital," and I would apply that comment both to yours, Mary, and also to yours, Rick.

I also like what Dr. Penner suggested adding as a point which is regulatory access to the aggregate of safety data or however it was that it was stated. I thought that was something that we had discussed earlier in the day, but omitted. It is part of the system of--I forget the right acronym, the NASA--ASRS system. The data properly modified are then immediately accessible to FDA, and I think that is important.

One additional point which is perhaps a fine point, but the distinction between data collection and surveillance troubles me. I think what we are reaching for is active surveillance and data collection; that those really are not distinct bullets. They are part of the same bullet. Those are my only comments at this point.

DR. NIGHTINGALE: Excuse me, but you paraphrase that, Jay, to say surveillance is a continuum and you do not break it up? Is that the intent of what you just said?

MR. EPSTEIN: The revised language that I am suggesting is "active surveillance and data collection."

MR. ALLEN: Dr. Gilcher?

DR. GILCHER: I prefer the term, Jay, "transfusing facility," although "health care provider" would be inclusive of--and I think we should include dialysis clinics, home health care agencies, all of the transfusing facilities.

DR. NIGHTINGALE: Is there agreement to that? It would appear there is agreement to that.

DR. GILCHER: The second point that I think should be included in the elements is to be sure that we include the issue of what I am going to call a near-miss potential error as well as the actual errors included in the reporting. I did not see that included here, but we did not put in the reason why we are doing this. The purpose of all this is to in fact prevent future errors. That is the purpose of all of this, and that needs to be included somewhere in here, right at the top.

DR. NIGHTINGALE: At the top.

DR. GILCHER: There is another piece that I think needs to be included in here because it does not take into consideration the patient, and that is the informed consent issue.

When we look at from the FDA's perspective, Jay, a recall on a blood product, depending on whether that is a Class 1, 2, or 3, the patient ultimately is informed. That is a requirement, but that is not included here. So I feel, and I wrote here, there should be included "a requirement of the institution's informed consent to inform the patient of actual errors." I think that that needs to be a part of this proposal.

Those are my comments.

DR. NIGHTINGALE: Does that include near misses?

DR. GILCHER: No. No. Actual, not near misses.

DR. SNYDER: Can I ask you one question? I do not see how you are going to get any health care facility or organization to admit liability. I just do not see it, and I do not know if that belongs here because you are talking about a national system versus they are under local jurisdiction. Am I making sense with that?

DR. GILCHER: Yes, but what I am saying is that it is already included by FDA regulations in a blood product. As we have heard said, the administration of blood is where the line has been drawn, and I do not think that it is right not to include.

DR. SNYDER: But my point to you is that the administration of the blood--you are now into the medical practice realm versus the FDA's realm. There is no attorney for any hospital or insurance company that is going to insure a hospital or facility that admits liability.

DR. GILCHER: But the informed consent specifically could do that. The informed consent. I would be interested in the opinion of others here. The informed consent which the institution uses could tell the patient that they will be informed of actual errors.

We told them what the potential errors are in the informed consent, but we never tell the patient--

DR. SNYDER: I just cannot in my mind see an insurance company or hospital or health care facility's attorney allowing their client to expose themselves to that liability, but that is just a statement on my personal--

DR. GILCHER: We do it on the blood products side. It is a requirement by FDA.

MS. LIPTON: I do not think that is an issue. I think good attorneys recognize that bad events do not get better with age. It just starts to stink.

If you have something that is an adverse event that happened, your best defense is getting out there pretty quickly and telling the patient what happened because if they find out and you knew, you got an uphill battle all the way. So I think that you can get people to buy into that.

I do not know that it is an informed consent issue, Ron. That is what is troubling me. You used the informed consent.

Informed consent is I will consent to this treatment as you have told me all the risks and benefits, and the funny area about saying "and I will agree to tell you something else," I mean, it really is not a contract, and you are talking about almost a contractual issue with someone.

DR. GILCHER: I am willing to modify that, but what I want is to be sure that the patient is informed because I think that is what we are missing.

MS. LIPTON: Right, and I agree with you on that.

DR. NIGHTINGALE: We can work on that this evening.

DR. GOMPERTS: I think the key issue as far as the right to know is whether the accident or error has the potential for immediate or longer-term health consequences to the individual, and in that situation, the individual does have the right to know.

Returning to the point of data collection, both at the local institution as well as national, it is important that our recommendation incorporate verbiage that this information will be analyzed, and in the event of issues arising, corrections instituted or recommended.

Finally, my third point is that in order for health institutions to do this properly, in addition for the national surveillance system to carry out its actions correctly, there would need to be resources.

DR. GUERRA: I think I have pretty much heard expressed here in the last bit some of the concerns that I had.

I think as long as we can include in this statement the diversity of those institutions, facilities, and services that are in place, I think recognizing issues related to capacity and resources--and then I think I would expand Jay's notion about active surveillance to also include passive surveillance which I think is a matter of public--it is usually something that occasionally will pick up incidents that will not have been picked up through active surveillance.

DR. HAAS: I, too, am not going to be able to go above what I have already heard, but I guess I will take the opportunity to emphasize this is a long-term project, not a short-term project. The airlines have told us that. They are still not where they want to be.

I am very concerned about the local buy-in, but I think our role is to be clear on the goals that we want because, if we have very different sets of data, then we do not get what we need.

I guess from my perspective, I also have to say something about resources. If the resources are not there, it does not get done.

MR. ALLEN: Keith?

DR. HOOTS: I have nothing new to add.

DR. KUHN: I just want to concur with Ron, I think there has to be the element in there of the patient, the right of the patient to know the potential consequences or harm because we are protecting the hospital in some way, shape, or form, also.

Also, that is the directive that was given to us by the Secretary in a specific letter that she has here.

DR. NIGHTINGALE: Would you like to amend that phrase to say "the right to know potential and actual consequences"? I am asking. I am not putting words in your mouth.

DR. KUHN: Right, yes.

DR. NIGHTINGALE: But is that what you wish to say, the potential--

DR. KUHN: Say that again.

DR. NIGHTINGALE: Did you posit "the right of the patient to know the potential and actual consequences of the therapy received"?

DR. KUHN: Correct.

DR. NIGHTINGALE: I thought so.

DR. KUHN: That would be acceptable.

DR. NIGHTINGALE: I thought that was what you meant.

DR. AuBUCHON: Could I ask for a clarification? Do you mean adverse consequences?

DR. NIGHTINGALE: Well, if the consequences are beneficial, are they self-evident? I am asking, but this is what the judge was talking about this morning.

Do you have trouble with those words? Because those words essentially capture the position that Krever articulated this morning, and that may or may not be yours or ours.

DR. AuBUCHON: I am going back to the "O red cells being transfused to the A patient" example. With 50 years of experience, we are not aware of any adverse consequences of O red cells being given to an A individual, and that is done commonly, anyway.

DR. NIGHTINGALE: Understood.

DR. AuBUCHON: Therefore, were that to happen, I would not be one to think the patient would need to be told of that event.

DR. NIGHTINGALE: It would appear that I got the answer to the question that I was fishing for.

Does anybody object to that answer?

MR. EPSTEIN: Can you read the way you are maybe phrasing this?

DR. NIGHTINGALE: Yes. "The right of the patient to know the potential and actual consequences."

MR. EPSTEIN: Of the actual errors?

DR. NIGHTINGALE: Yes.

MR. EPSTEIN: Yes. I think the concept here is to inform the patient of actual errors--

DR. NIGHTINGALE: Yes.

MR. EPSTEIN: --with potential for harmful consequences.

DR. NIGHTINGALE: Then we would say--give me a hand. I am not whetted to the words. What I am whetted to is extracting the sense of the committee, and the question is, is the sense of the committee that the recipient of a transfusion has a right to know both the potential consequences and the actual consequences?

MR. EPSTEIN: I do not think that is where the distinction is needed. The first point we need to distinguish is the near-miss issue.

DR. NIGHTINGALE: Yes.

MR. EPSTEIN: And what we are saying is you only have to tell the patient about an actual error, in other words, something that did occur.

DR. NIGHTINGALE: Yes.

MR. EPSTEIN: The second is that what you need to tell the patient is about any actual or potential harmful consequence.

DR. NIGHTINGALE: Actual or potential or harmful consequence.

MR. EPSTEIN: Yes. Either you did get harmed or there might be some consequence in the future.

DR. NIGHTINGALE: I think actually "actual or potential harmful consequences" expresses the duty to inform, as we heard earlier this morning, much clearer than the words that I used, "actual or potential consequence."

MR. EPSTEIN: "Harm."

DR. HOOTS: "Harm" is the key term. Whether you put any adjectives there or not, it is really harm.

MS. LIPTON: My only comment is somehow capturing that resources issue, and maybe we do it here, or we are going to have an opportunity, aren't we, Steve, tomorrow to look at some reimbursement issues?

DR. NIGHTINGALE: Oh, absolutely. Just real quick, what you are going to hear tomorrow is that what happened with the HCFA Final Rule on Outpatient is that they separated blood and plasma from comprehensive--from an umbrella. You have a passthrough there for outpatient, and this is a sea change for the Health Care Financing Administration's philosophy.

That experiment for outpatient, the separation of blood and plasma products from outpatient prospective payment, is an experiment that will be watched very, very carefully by all parties. If it proves to be successful in increasing access without prohibited or predatory pricing, an argument might be made in the future for extension of that concept to other areas of medicine such as inpatient and such as other components that are now lumped under prospective payments.

MS. LIPTON: Or we can move that along faster.

MR. ALLEN: Dr. McCurdy?

DR. McCURDY: I would like to make just one comment, and that is when you talk about resources, you probably ought to include the regulatory agency or whoever is going to do the analysis and the dissemination of the results of these reports. So that, the corrective action will be reasonably uniform and around the country.

MS. PAHUJA: I do not really have anything new to add. My question to the committee is whether in a separate recommendation we are going to address the issue of compensation.

MR. ALLEN: Yes.

MS. PAHUJA: We are? Okay.

MR. ALLEN: Yes.

Dr. Penner?

DR. PENNER: I agree with Dr. Busch. I sit on a transfusion committee, but when the JCHO comes through for their examination, it is no doubt that we get everybody in for that meeting. I think it is whether the hospital really wants to support it and make sure those individuals on the committee show up, and if they do so, I do not think there will be a problem. Otherwise, it tends to be lax.

DR. PILIAVIN: I just have a couple things to say.

First of all, obviously you are going to reorganize this before you present it tomorrow. I just think the issues having to do with feedback to the patient should be in a separate section.

What you want in this part is to talk about the data collection and the confidentiality and so on and then have some other sections about how it should be analyzed and how it should be paid for the analysis and how this information once gathered within the local hospitals should be fed back to patients.

You just think about the organization and not getting a whole lot of different goals mixed into one statement.

The other thing I want to suggest is I would think it would be very sensible and would help the people on the receiving end of this document if you could attach what Jim has done as one example of such a system, not saying this is what we think you should do, copy it exactly, but here is one potential model for how this could be done, just examples help almost everybody.

DR. NIGHTINGALE: I appreciate and will act on your first suggestion.

I am a little unsure at this point of how to incorporate a visual into a recommendation, but since we have been creative in the past, I am sure we will rise to the challenge once again with Dr. AuBuchon's help.

DR. AuBUCHON: I will be happy to e-mail it to you are a Word document this evening, Steve.

DR. PILIAVIN: It can be an attachment.

DR. NIGHTINGALE: To my home, to Steven D. Nightingale at WORLDNET.ATT.NET. Those of you who have tried to e-mail me stuff at my Government address know the difficulty of that.

DR. SNYDER: I got lost there for a second. I think it is important that we also distinguish or make clear that this system will not replace the FDA system. I think that is critical because you need to stay in place, and it is a question of however we think about this is does the hospital report or the facility report to both--for things that should be in both banks or under purview of both, does it pass from the hospital to--or the facility to the FDA then to the nation, or does it go to both simultaneously? That is the only question I have on that point.

I do agree with Jane. The patient notification, to put that not in the same area as this. I am not sure why we are addressing that. I think that is really at the local level, and that is State's right to me, a facility's right. They come under State.

If they do not have informed consent, they do not have a problem with the Feds. They have a problem with that patient's attorney, bottom line.

DR. NIGHTINGALE: I think implicit in what you are saying is that informed consent is based on 21 CFR 50. Those are national regs.

DR. SNYDER: I am an oral maxillofacial surgeon. If I do not give informed consent to a patient, all I have done is open myself up to the lawsuit.

DR. NIGHTINGALE: That is right, but the informed consent that you give the patient is--the elements of "informed consent" are defined in 21 CFR.

DR. SNYDER: No, not at the local level.

DR. NIGHTINGALE: I'm sorry. I retract what I just said. That is for research.

DR. SNYDER: That is for IRB which has nothing to do with what we are talking about.

DR. NIGHTINGALE: I stand correct. I'm sorry.

DR. SNYDER: When we talk about informing a patient, what I was getting at is, yes, you tell them something happened, but you never admit liability. I guess that is what I am saying.

MR. ALLEN: John?

MR. WALSH: I look at it as a distinct difference between informed consent and patient's right to know, and I strongly feel--I embrace Drs. Gilcher and Kuhn's placement of the patient's right to know in the text. I do not really care whether it is in this particular recommendation or an additional recommendation.

I also think resources need to be in a second recommendation, support for additional resources.

DR. NIGHTINGALE: Let me get a clarification. Since these do go to the Secretary and the Department in a package, whether they are 1(a), 1(b), or 1 and 2 does not matter once they hit the Government law.

MR. WALSH: Understood.

DR. WINKELSTEIN: And finally, I would endorse Dr. Chamberland's preamble because it expressed what I could not do as well, and I would say that in contrast to the Secretary's recommendation, I think the patient's right to know, although very important and critical, it is beyond our purview. So I would not put in the patient's right to know, a statement regarding that.

I think it is very important. I just do not think it is in the purview of our committee.

DR. NIGHTINGALE: Is there any further discussion of that point?

DR. SNYDER: One last thing. Earlier, we talked about money being authorized. Money being authorized, having dealt with a couple of programs, it does not mean there was appropriation, and that may be an unfunded mandate. So I think it is important that everybody goes into this up front with the idea that, number one, the fact that there is an authorization may wind up as an unfunded mandate on FDA, and, number two, if you are going to press for something like this, that hopefully you can come up with the appropriation.

Jay is smiling because he knows--

MR. EPSTEIN: Because I have already decided that it is you or CDC.

[Laughter.]

DR. SNYDER: We have both been through it, or all three of us.

MR. EPSTEIN: I mean, there is a gray area in that we do not currently require reporting to FDA of adverse events related to transfusion which are non-fatalities. However, our current thinking is to change that.

If we begin to get medical adverse event reports, then we are broadening the horizon from nearly errors and accidents to incidents potentially related to adverse events of transfusion.

So there is going to be a gray area, but still the underlying point is that we do not regulate medical practice, and practice errors will never really be captured in the FDA system as we now have it.

DR. SNYDER: Steve, if I may add one thing to what Jay is saying, you do not want it with my agency because that is where the database and the health care fraud and abuse databank, the two different databanks, exist.

It would be much better served to have it with either CDC or another agency, or if at all Federal. Please trust me. You do not want it in ours.

DR. NIGHTINGALE: I assume there will be further internal discussion within the Department on this point.

As a nod to the parliamentary procedure, we have, as I understand it, had an informal discussion. There has been no motion put on the floor, but there is the expectation of a motion in the morning, and I believe there is another motion that a member wishes to bring forward.

DR. HOOTS: Actually, in light of the hour, let me just say I have a proposal that could become a motion. Perhaps if it is okay with the other members, I will read it, and if there is no consensus to proceed, then we can just bag it, but if we want to put it on the computer for tomorrow so people can really look at it, then we will proceed.

This relates to a potential motion about compensation, and I started out with the word "consensus" because I think if we are going to talk about any sort of national compensation, if there is not a consensus of this committee, there is probably not much point in proceeding.

So I said it is the consensus of the advisory committee hat a national system of compensation for morbidities resulting from transfusion and/or blood product administration be developed and implemented.

This compensation system would be accessible to all recipients of transfusion or blood product administration services and would be administered outside the traditional tort system.

Awards or compensations from this fund should be made without ascribing direct practitioner or systemic blame.

In the event that the causative transfusion event resulted from action reflective of egregious violations, reckless or intention to harm, it would be expected that recourse to tort action would be preserved.

DR. AuBUCHON: What law school did you graduate from?

[Laughter.]

DR. NIGHTINGALE: A good one.

MS. LIPTON: I mean, I just have a bunch of questions which maybe are better dealt with offline just in terms of what it means.

DR. NIGHTINGALE: I would very much appreciate an offline discussion. I do not think that would violate the Federal Open Meeting Act. So I would state for the record that it is the intent of this advisory committee that all of its deliberations be public, but perhaps the public and the committee are both best served if some of the technical discussions are held offline, and I see no objection from the committee to that course of action.

MR. ALLEN: Can we get a motion to adjourn?

MR. WALSH: So moved.

DR. HOOTS: Second.

MR. ALLEN: The meeting is adjourned. See you all in the morning.

DR. NIGHTINGALE: Thank you all very, very much.

[Whereupon, at 5:51 p.m., the meeting was adjourned, to reconvene Wednesday, April 26, 2000.]