Wednesday, March 30, 2022

When does a “mistake” become CRIMINAL?

 When does a “mistake” become CRIMINAL?

By Dennis Taboada, M.eng.,CQE,CQM

This past week a jury convicted a former Nashville nurse of reckless homicide and impaired adult abuse  after she was accused of inadvertently injecting a patient with a deadly dose of a paralyzing drug. RaDonda Vaught, 38, was indicted in 2019 on two charges – reckless homicide and impaired adult abuse – in the death of Charlene Murphey at Vanderbilt University Medical Center.Murphey, 75, died on Dec. 27, 2017, after being injected with the wrong drug. This was a terrible tragedy and certainly there is plenty of blame to go around. 

Former Nurse RaDonda Vaught

When does a “mistake” become CRIMINAL?

Of course there needs to be reparations for the family involved. I support the right to sue for “malpractice.” The nurse in this case did not try to hide or cover-up what she did. I guess we need to define what a “Mistake” or “Error” is. According to Merriam-Webster Dictionary: a wrong action or statement proceeding from faulty judgment, inadequate knowledge, or inattention.” According to Atlanta Attorney Alex Freeman, “The difference between a mistake and a criminal act is “WILFUL INTENT.”  If there is no “wilful intent” then there is no crime, but there are legal liabilities. According to an NPR article While Vaught's defense acknowledged the tragic nature of Murphey's death, her attorneys argued that her mistake was not a conscious, criminal act of homicide.

"What struck me most about RaDonda Vaught's interviews was not her honest recitation of the facts ... but her genuine worry and concern about Charlene Murphey and concern for her family," defense attorney Peter Strianse said during the defense's closing statement Thursday. "She was not thinking about herself."

 In a Safety Management System, SMS, we have an important element called NON PUNITIVE REPORTING. What does Non-Punitive reporting mean? In order to continuously improve, we need to know what is happening in our “SYSTEM.” The good and the bad. If we punish someone for “self reporting” and error or mistake they made, we create an environment where people are “Fearful” to report any incidents or hazards. It is bad enough for employees to receive administrative discipline, but when you cross the line to “criminal” you now create a very Toxic environment. I would add that this criminal threat to employees would lead to a much more dangerous environment because nurses/doctors will NOT act in situations that may save a person’s life in fear of being arrested.

What makes this case even more ominous is the fact that there was no autopsy performed. so there was no objective proof that the drug mistake was the cause of death. My question here is this: 

What happened in the “SYSTEM” to cause this accident?

The "SYSTEM" Forces as defined by Dr. W. Edwards Deming

Dr. W. Edwards Deming, “The system is responsible for the outcomes. NOT the people.”  Why did nurse RaDonda make this mistake? Let’s look at the Deming “system” forces that may have affected her judgement.  Machines, Material, Methods, People, Environment. There may not be machines involved, but the Material: Was it properly labeled? Was it identified properly to the patient? Methods: Is there a procedure in place for administering medication? Was the procedure followed? People: How many people did this medication pass through? Why didn’t others catch this mistake? Was there proper training given to administer drugs? Environment: Is the nurse working in a pressured environment? Is the Management supportive or toxic? We must examine the “System!” If the nurse is held criminally liable, why is not the management held criminally liable as well?


Janie Harvey Garner, Founder of "Show me Your Stethoscope"

Janie Harvey Garner, the founder of Show Me Your Stethoscope, a nursing group on Facebook with more than 600,000 members, worries the conviction will have a chilling effect on nurses disclosing their own errors or near errors, which could have a detrimental effect on the quality of patient care. "Health care just changed forever," she said after the verdict. "You can no longer trust people to tell the truth because they will be incriminating themselves."


Certainly, nurses and others in the medical and pharmaceutical professions are going to think twice about reporting any mistakes or errors. Many will now refuse to make decisions without some sort of legal personal liability waiver. Before this ruling, Nurses would fall under the malpractice umbrella of the hospital or doctor. Yes there certainly need to be lawsuits. There needs to be a system to compensate the injured. This is the purpose of malpractice insurance. What is criminal prosecutions going to do to patient care?  Will criminalizing mistakes improve the Patient Process? As a society, we are driving in Fear to our medical workers. How can they work with this “gavel” hanging over their heads?  Yes, mistakes are going to happen! We need to learn from these mistakes and not merely BLAME the person. Management is responsible for the medical System and should be constantly evaluating processes to look for variations that may get out-of-control. By blaming the person, we let the same broken system continue and  most certainly contribute to future tragedies.  

Dennis Taboada, M.eng.,CQE,CQM

Note: Janie Harvey Garner is the sister-in-law of Dennis Taboada, author. 

Monday, March 21, 2022

Your SMS Conversion Rate

Your SMS Conversion Rate

By OffRoadPilots

Within the world of a Safety Management System (SMS) the task is to identify desired outcomes in operations for both airlines and airport operators. The SMS regulations are performance based, and in a performance-based environment it is crucial to success that goal strategies are researched, designed, developed, and carried out. SMS are building blocks of data, information, knowledge, comprehension, triggers, tasks, oversight, and monitoring. What makes SMS different than tangible project, such as an apartment complex, is that the building blocks within a safety management system are abstract without tangible or physical dimensions. Without physical or measurable limits or perimeters, it becomes a difficult task to assess performance value of the SMS itself.  

Performance is a system in harmony with itself.
Elements of a safety management system are performance goals and a means of measuring attainment of those goals and processes to develop and maintain performance parameters that are linked to goals and objectives. Parameters are defined differently if applied in a technical environment, to mathematics, or statistics. However, its common core is that a parameter is any characteristic that can help in defining or classifying a particular system. Parameters within an SMS are characteristics classifying each sub-system within the SMS itself. Parameters are also different from perimeters. A perimeter establishes a physical boundary which a system must remain within. Going back to the apartment complex, these buildings must remain within established boundaries. Look at parameters as challenges and perimeters as task. A parameter establishes opportunities, challenges, or objectives, while perimeters within an SMS system are task performed to move in a desired direction.  


It is just as important to know what parameters are not, as it is to know what parameters are. At an airport a parameter is not the number of runway edge lights failures in a year, or the number of safety discussions held with airport tenants. For an airline, a parameter is not how many runway excursions they had, or the number of flat tires upon landing in a year. The reason these are not parameters is that they are applicable to operational tasks, or objectives, such as maintenance or training, and are not applied to operational challenges, or goals, such as an established quality assurance program. A parameter applied to these conditions would be a daily quality control program with a defined purpose to monitor the daily operations of both acceptable and unacceptable performance. A parameter does not assess for unacceptable performance only, but for the whole system itself. On the other hand, a perimeter assesses only for unacceptable performance when a system exceeds beyond its physical limits, or perimeter, and reports only when a runway edge light is burned out.    

Performance of a timepiece without parameters are unidentifiable events.

Parameters are pre-defined within the operational management of an SMS system. A safety management system has process in place to develop and maintain performance parameters that are linked to goals and objectives, which forms the basis for a performance analysis. This analysis in not how many failures there were over a period of time, but how well, or poorly, they system itself performed. In aviation weather is what has the most impact on operational reliability. 

There are operational performance reasons why METARs are published hourly and TAFs are published several times per day. For an airport operator these weather parameters affect their level of success to in operational performance. An airport cannot do anything about the weather, but their response, or reaction to the reports and events are critical to their success. An airport’s pre-defined performance parameter, or challenge or goal during a heavy snowstorm could be established within their quality assurance program for the airport to maintain operational status. Other airport operations parameters could be to maintain a FOD-free runway prior to each arrival and departure, or maintain runway markings to maintain ongoing compliance with the standards, or runway edge lights to meet illumination and operational standards. These parameters, challenges, or goals for an airport operator triggers objectives to execute tasks, or defined perimeters of what, when where, who, why and how to collect data and establish records for an analysis of performance parameters. 


A requirement of the quality assurance program is to include a process for periodic reviews or audits of the activities and reviews or audits, for cause, of those activities. The beautify of a quality assurance program is that after a comprehensive line-item audit, an SMS enterprise has a wealth of information to use in their strategic planning of goals with associated objectives and processes. 


Parameters within an SMS is to assess how an SMS performs as data collection tool, information development system, conveyor of knowledge, and as an overall system comprehension platform. SMS parameters is to measure the value of what percentage of personnel buy-in, or unconditionally accept and support the SMS as their environmental culture. While it is true that parameters are numerical values, they are not values of failures, or occurrences, but numerical values of what percentage level an SMS has the capability to identify prospects, or challenges and the conversion rate needed to master these challenges.  




Friday, March 18, 2022

Is Aviation Risk Assessment really “VooDoo?”

Is Aviation Risk Assessment really “VooDoo?”

By Dennis Taboada, M.eng.,CQE,CQM

Coming from a strictly Quality Assurance, QA, background, both education and vocation, I have been engrained with the concept of “OBJECTIVITY!” All analysis and action must be based on DATA and ACCEPT/REJECT criteria. When I was first introduced to the process of Risk Assessment, RA, using a risk matrix, my reaction was, “Are you kidding me?”  The Risk Assessment was mostly based on OPINION and SUBJECTIVITY of the team conducting the Risk Assessment session.  The result of the Risk Assessment was a numerical RISK RATING based on the OPINION of a safety committee. Depending on the composition of the Risk TEAM, the Risk Rating can change to meet the objective of the company. I say that this process itself is a “RISK” to SAFETY!  Hey, at least the process is using the QA concept of  TEAMING!  

Risk Assessments are Subjective

In 2003, Sol and I were contracted by NASA at Kennedy Space Center to Design, Develop and Deploy Quality Assurance Training for all NASA Safety and Mission Assurance personnel. This was the first time I was introduced to the NASA Goddard Risk Program. 

Dennis and Sol Taboada Contracted by NASA at Kennedy Space Center

The NASA Goddard Space Flight Center (GSFC) Risk Assessment Tool is based on the Quality Assurance concept known a Failure Mode, Effects, and Critical Analysis, (FMECA).  FMECA was originally developed in the 1940s by the U.S military, which published MIL–P–1629 in 1949. By the early 1960s, contractors for the U.S. National Aeronautics and Space Administration (NASA) were using variations of FMECA under its Risk Assessment Program.

When Sol and I were first contracted by Transport Canada to help design and develop QA training for the CAR 107 Safety Management System, SMS, deployment to 705 carriers, I mentioned FMECA as a more “objective” means of risk analysis.  The idea was promptly rejected, why?  I touched upon the “3rd Rail” of risk in Aviation:  MONEY!  The Goddard Risk Matrix includes “cost” and “scheduling” as factors!  No way could cost be considered as part of “SAFETY” in aviation! 

Another division of the Quality Assurance science is something called, “Cost of Quality.”  That was a misnomer because the actual process determines the cost of “NON-QUALITY.”  Why can’t we have the “COST OF NON-SAFETY” in SMS?  This is a discussion for future articles. 

Is it possible to use the FMECA concepts to help “Objectivize” Risk Assessment even without cost factors? The answer is YES! We can use the actuarial Failure rate formula:

lambda = ln( 1 – pf )/- time

Where lambda represents the density of occurrences within a time interval, as modelled by the Poisson distribution. We can us lambda as “Failure Rate.” 

Where is our DATA for calculation coming from?

In Aviation Risk Management, we are required to have a “HAZARD REGISTER” in which we categorize the Hazards and Incidents. By simple modification of the Hazard Register categorization cells to include a probability calculation, we can now obtain objective probability numbers that can be introduced into our every day Risk Assessments through a modified Risk Matrix. Let’s face it, We use the Risk Matrix to create our Safety Risk Profile that drive our Safety Goals and Objectives.  Then why can’t we use the Hazard Registry to provide Quantifiable information for our Risk Matrix? At least this would make the PROBABILTY side of the RISK MATRIX more OBJECTIVE. The SEVERITY side can also use the “MODE” and “EFFECT” components of the FMECA to quantify the “Effects” of an incident or hazard based on history. 

Yes I know this is going to raise questions in the AVIATION Safety world! Why can’t we bring together the science of Quality Assurance into the world of Safety Management Systems to provide better “Processes” that can actually make Aviation Safer and more efficient? Without the Voodoo!

Dennis Taboada, M.eng.,CQE,CQM

For more information:  Request Training from 


Saturday, March 5, 2022

SMS Is A Business Approach

 SMS Is A Business Approach

By OffRoadPilots

A Safety Management System (SMS) is a businesslike approach to safety as a dedicated, planned, and systematic approach. In a business, a financial audit is an objective examination and evaluation of the financial statements of an organization to make sure that the financial records are a fair and accurate representation of the transactions they claim to represent. An audit of a Safety Management System is no difference than a business audit. 

Every day starts with a blank sheet of paper.
An SMS includes a general journal, or a data collection tool, where each transaction, or events are entered in order of time and date. The daily quality control tasks performed are credits, and the daily quality control tasks required to be performed are debit entries. The general ledger in an SMS summarized all the journal entries of an account to get the ending balances, where each daily quality control task is its own account and number of tasks performed are compared to the number of tasks required to be performed for that account. As an example, an airport operator is required to conduct runway inspections (an SMS account). Smaller airports may do a daily inspection, while larger airports may do an inspection every eight-hours, or an inspection prior to each departure or arrival. Each airport has defined how many inspections are expected to be performed daily and at the end of the day inspections performed are summarized and should be equal number of inspections required for that day. Any differences must be identified and recorded. Accounts are recorded in the daily rundown of accounts sheet.  

A purchase journal in a business is a special journal used to record purchases on credit, or payable to a supplier. The supplier is the operations itself, and any daily operational tasks are the purchases. The purchase journal of a Safety Management System is the register of safety critical areas, where each event is assigned a purchase value, or a hazard priority level, and identified by a number in a numeric value system as safety critical areas and the safety critical function of that area. As an example, a grocery store may have an isle of laundry detergent, i.e., safety critical area, and a supply of a specific brand, i.e., safety critical function, with a hazard priority level 7. An airport may have the runway identified as a safety critical area, with runway 04/22 as a safety critical function, with a hazard priority level 5. Tasks are purchases since they are both proactive and reactive to an occurrence as a mitigation of safety. It is expected that at the time a report is received the immediate corrective action, or avoidance action is completed. The priority level action is the time to initiate a policy corrective action plan. It took several years to finalize a regulatory runway end safety area after a large aircraft overran the runway, the immediate corrective or avoidance actions were already implemented at time the occurrence report was received, at which point it was decided to move forward with a regulatory requirement. 

Business success is in the sales.

A sales journal in a business is a special journal used to record sales on credit, or payable by a customer. The customer is also the operations itself, and any daily unexpected events, or occurrences are the sales. The sales journal of a Safety Management System is also the register of safety critical areas, where each occurrence is assigned a sales value, or a hazard priority level, and identified by a number in a numeric value system as safety critical areas and the safety critical function of that area. As an example, a grocery store may experience an occurrence where a stack of water supplies, i.e., safety critical area, is unstable and falls, i.e., safety critical function, with a hazard priority level 2, to initiate a policy action response. An airline may experience a taxiway occurrence identified as a safety critical area, and a wing-strike classified as the safety critical function, and priority level 5. Occurrences are sales since they are not time specific pre-identifiable. 

Commonly applied hazard priority level action times are: level 1 (immediately) level 2 (24 hours), level 3 (7 days), level 4 (28 days), level 5 (90 days), level 6 (12 months), level 7 (indefinite). 

Businesses produce financial statements (i.e., income statement, balance sheet, cash flow statement, etc.) to provide information about their financial performance to stakeholders, such as investors, employees, banks, regulatory bodies. In comparison, an SMS Enterprise produces safety statements, (i.e., statements of occurrences, balance statement of expected outcome to actual outcome of processes, data collected of daily tasks and events, etc.). Both systems are systematic oversight and operational management approaches. 

The first step for a comprehensive audit of an SMS Enterprise is the regulatory compliance step. Regulatory compliance is the bases for all operations. There are no activities, actions, tasks, or events at an airline without an operating certificate, or at an airport without an airport certificate, or a pilot, dispatcher, or mechanic without their certificates. As always, there are exemptions to the rules, as written in a book of an airline pilot who flew for thirteen years without a pilot license. However, an audit would have discovered the discrepancy. 

An audit of regulatory compliance is a line-item audit of all required regulations to maintain a certificate, standard compliance requirements and audit of manuals requiring approval by the regulatory oversight body. Each line-item of a regulatory compliance audit are transactions required to break even. If a business or an SMS Enterprise does not break even, they are very soon eliminated from operations. Compliance with regulatory requirements is described in operations manuals. Some operators are referencing the regulation paragraph in their manual for compliance made easy. For the appointment of an Accountable Executive (AE), an operations manual contains a flowchart to determine how an AE could be selected. 

The flowchart itself is a document showing how an operator maintain regulatory compliance, while the input of the selection process, including supporting documents is how the process an operator is applying conform to regulatory compliance. The next step, and often forgotten task when selecting the AE is that an AE is the person responsible for operations authorized under the certificate and accountable on behalf of the certificate holder for meeting the requirements of the regulations. This requirement also conforms to a businesslike approach to safety, where in a business the Chief Executive Officer (CEO) is the responsible person for processes to conform  to regulatory audit compliance. Over time it will become evident or not if an AE has enough knowledge, skills, and oversight to meet the requirements of the regulations. As the CEO of a corporation is not expected to be the expert on everything in a business, an AE is not expected to be an expert on regulatory compliance in an SMS Enterprise. 

Oversight is not to catch errors but to analyze data
As a financial audit of a business, their inventory is not directly audited by inventory count. Inventory is audited by the business adhering to requirement for inventory compliance factor. Manuals and operations plans are inventory and to be audited by the operator themselves. An operator conducts a line-item audit of their emergency response plan and include supporting documents as required to justify the audit result. A one-page signature page that a manual conform to regulatory compliance is not a valid confirmation document without the support of a line-item audit of that manual. Just as a business starts with a set amount a cash 

In the drawer every morning, record their itemized transactions, remove at the end of they day the recorded cash from drawer and count the drawer cash as their daily quality control, an SMS Enterprise begins the day with a pre-selected tasks required to be performed and at the end of they day compare the day to their daily quality control system.         


It is a misconception in SMS operations that only occurrences or errors are what is to be recorded, when in fact all transactions, or events are to be recorded. It is also a misconception that quick or spontaneous action to an occurrence makes aviation safer. When SMS is applied as a businesslike approach to safety it becomes simple and manageable for small and large operators. 




Accepting or Rejecting Risks

  Accepting or Rejecting Risks By OffRoadPilots A ccepting or rejecting risks is a fundamental principle in a successful safety management s...