Building barriers – positive controls to improve patient safety

Dr Nick Woodier and Dr Sean Weaver of the Healthcare Safety Investigation Branch look at why semantics are important when considering how healthcare organisations address risk mitigation

HOW many times have you stood at the door of a hospital ward waiting for the doorbell to be answered and for you to be let in? That door is a significant obstacle to you doing your work, potentially delaying and frustrating you. However, while a hindrance to you, that door is also a physical barrier to prevent safety and security incidents, such as patients trying to abscond.

Now reflect on the effectiveness of that door as a barrier to prevent such incidents. How many times have you ‘tailgated’ someone onto a ward or not challenged the identification of someone entering or leaving a ward? These various factors degrade the effectiveness of the door as a barrier.

In this article we discuss the concept of barriers and their role in patient safety. However, before diving in, we are going to challenge the use of the term barrier and describe why we should refer to controls instead.

What’s in a word?

The term barrier is commonly used across many industries and you will find its use in healthcare, including in the Never Events policy (NHS Improvement, 2021). A barrier is a type of control, as is a safeguard (Chartered Institute of Ergonomics and Human Factors, 2016).

Controls are measures put in place to prevent incidents from occurring, but they may vary in their effectiveness.

  • A barrier is a control that has been assessed to be sufficiently robust and reliable and can therefore be relied on as the primary control to prevent incidents.
  • A safeguard is a control that has been placed with some expectation that it will have a role in preventing incidents, but not to the same effectiveness as a barrier.

Are these definitions just semantics? We don't think so. The words are often used interchangeably without truly understanding their meaning and potentially provide false reassurance that a system is safe because ‘barriers’ are in place.


Let us consider one of the classic barriers referred to in healthcare, the ‘surgical safety checklist’ (World Health Organisation, 2009). Essentially, the checklist was designed to prevent outcomes such as the wrong patient undergoing surgery or the right patient undergoing the wrong surgery. There is no doubt that the checklist has supported improvements in patient safety, but maybe not to the levels suggested by the original research.

Checklists are now common across healthcare, but various factors can degrade their value. Catchpole and Russ (2015) described the problems with checklists and highlighted the need to consider the rationale behind selecting a checklist, their design, and how they are used in practice.

Design and user testing is crucial, but no matter how usable a checklist is, without motivated teams, supportive working environments and the right culture, its effectiveness will be undermined. A checklist therefore cannot be considered a ‘robust and reliable’ measure to prevent incidents.

We would suggest that a checklist is therefore not a barrier, rather it is a safeguard.

The recognition that a checklist is a safeguard, not a barrier, is important. Take Never Events: these are considered ‘wholly preventable’ because ‘strong and systemic barriers’ exist to prevent them occurring (NHS Improvement, 2018). This means that there should be ‘robust and reliable’ controls in place to prevent them. For some Never Events this is true; locks and limiters on windows prevent falls from them and are true barriers.

However, several Never Events rely on checklists to prevent their occurrence and as we have challenged, these are not barriers and certainly not strong. This juxtaposition challenges the definition of several of the Never Events.

We are not suggesting that checklists should be disposed of; they have an important role. Rather we are suggesting that checklists should be used with good rationale and designed appropriately with testing before implementation. They may be appropriate as one control (a safeguard) to reduce the potential for incidents to occur, but other controls will also be needed if we are to truly prevent certain incidents happening.

Barrier analysis

The concept of controls has long been used in safety management in hazardous industries, such as nuclear power. These industries have recognised the need to identify barriers and ensure they are ‘robust and reliable’. They also recognise that multiple controls are needed to address the various hazards that may lead to incidents.

These industries talk about layers of controls, or ‘defence in depth’. Controls will often be of different types, with a mix of engineered (e.g. automatic pressure relief valves), organisational (e.g. strict standards and processes) and human (e.g. plant operators monitoring and responding).

A useful approach to help consider controls is that of ‘barrier analysis’. Barrier analysis identifies:

  • where controls exist
  • their effectiveness
  • factors that degrade them
  • where controls do not exist.

One tool to support barrier analysis is the bowtie (Fig. 1). The bowtie demonstrates how threats may lead to safety events, but with appropriate controls the chance of these occurring is reduced. The bowtie also accepts that sometimes, despite best efforts, safety events will occur. In these situations, controls can be considered to reduce the harm of an event that has occurred.

Fig. 1 The bowtie (Healthcare Safety Investigation Branch, 2021)

Hierarchy of controls

Judging the effectiveness of a control can be challenging because so many contextual factors may influence and degrade it. Controls that do not rely on humans are likely to be more effective and stable, such as those that are engineered. Those relying on humans will be open to degradation because of the knowledge, skills and attitudes of those involved and how they are supported to interact with the control. Even better is to eliminate the threat altogether, but this is often challenging in healthcare.

The ‘hierarchy of controls’ developed outside healthcare helps us to consider the effectiveness of controls (Fig. 2). While not directly transferable to healthcare, the principles are useful.

Those controls at the top are likely to be more effective and sustainable, but are harder to implement. Lower down the controls rely more and more on humans and become weaker.

Controls implemented in healthcare are often administrative, for example procedures and checklists that rely on changing the way people work. It is acknowledged that it is difficult to implement more effective controls in healthcare because of the human-centric nature within which we operate. However, ensuring any controls within our gift are as effective as possible is key. This includes ensuring they are designed well with input and testing from those who are to use them.

Fig. 2 The hierarchy of controls (Healthcare Safety Investigation Branch, 2021)

No single defence

The concepts shared here offer learning to all those working in healthcare. Significantly, for any member of staff who has inadvertently ‘done the wrong thing,’ it must be recognised that the human condition is a weak safeguard against incidents and therefore they will sometimes happen.

Rather than placing any blame on the individuals involved, these incidents should be seen as signals highlighting:

  • where the healthcare system has influenced humans to ‘do the wrong thing’
  • where the healthcare system does not have effective controls to trap or mitigate unintended action or inaction by the humans.

For those who have roles supporting safety improvement or responding to incidents, the learning here is that we cannot assume that our common administrative controls, such as policies and checklists, will prevent incidents. If they are well designed with appropriate user input, then they may help to prevent incidents. However, alone they will not prevent all of them.

To improve safety, we must look to layering defences by building controls against the various hazards that make incidents possible, and identify and address the factors that may degrade existing controls. Ultimately we should all search to eliminate hazards entirely or identify ultimate barriers to achieve true prevention. However, the reality in healthcare is that the sheer complexity of our systems means that incidents cannot often be prevented with a single intervention.


Dr Nick Woodier is national investigator at the Healthcare Safety Investigation Branch (HSIB)

Dr Sean Weaver is deputy medical director at the HSIB

For registration, or any login issues, please visit our login page.