Use error
Encyclopedia
The term Use Error has recently been introduced to replace the commonly-used terms human error
and user error
. The new term, which has already been adopted by international standard
s for medical device
s, suggests that accident
s should be attributed to the circumstances, rather than to the human beings who happened to be there.
. Accordingly, they are attributed to the human operator
, or user
.
When taking this approach, we assume that the system design is perfect, and the only source for the use errors is the human operator. For example, the DoD HFACS
classifies use errors attributed to the human operator, disregarding improper design and configuration setting, which often result in missing alarms, or in inappropriate alert
ing .
The need for changing the term was due to a common malpractice
of the stakeholders (the responsible organizations, the authorities, journalists) in cases of accidents . Instead of investing in fixing the error-prone design, management attributed the error to the users.
The need for the change has been pointed out by the accident investigators:
.
The workgroup pointed at the tendency to attribute accidents in health care to isolated human failures.
The provide reference to early research about the effect of knowledge of the outcome, which was unavailable beforehand, on later judgement about the processes that led up to that outcome. They explain that in looking back, we tend to oversimplify the situation that the actual practitioners faces. They conclude focusing on the hindsight knowledge prevents our understanding of the richer story, the circumstances of the human error.
According to this position, the term Use Error is formally defined in several international standard
s, such as IEC
62366, ISO 14155
and ISO 14971
, to describe
ISO standards about medical devices and procedures provide examples of use errors, which are attributed to human factors, include slips, lapses and mistakes. Practically, this means that they are attributed to the user, implying the user’s accountability.
The FDA glossary of medical devices provides the following explanation about this term :
With this interpretation by ISO and the FDA, the term ‘use error’ is actually synonymous with ‘user error’.
Another approach, which distinguishes ‘use errors’ from ‘user errors', is taken by IEC 62366. Annex A includes an explanation justifying the new term:
This explanation complies with “The New View”, which Sidney Dekker suggested as an alternative to “The Old View”. This interpretation favors investigations intended to understand the situation, rather than blaming the operators.
supertanker. The accident was due to a combination of several exceptional events, the result of which was that the supertanker was heading directly to the rocks. At that point, the captain failed to change the course because the steering control lever was inadvertently set to the Control position, which disconnected the rudder from the wheel at the helm..
(Three Mile Island accident
) described above, the NYC blackout following a storm New York City blackout of 1977
and the chemical plant disaster in Bhopal, India (Bhopal Disaster
).
approach to safety (Hazard prevention
), which might end up in a fatalistic attitude, implying that we cannot avoid use errors.
The proactive approach, on the contrary, enables prevention of such mishaps, by considering the circumstances of the mishaps, regardless of the results (Ergonomics
). A proactive
definition proposed by Harel and Weiss is:
The proactive definition is not operational, as intentions are not in the scope of common engineering practices. To enable detection of unexpected events, the definition is rephrased, using engineering terms, such as design requirements and guidelines. An operative definition of a use error proposed by Harel and Weiss is:
This definition complies with the STAMP model proposed by Nancy Leveson
. According to this model, normal use is defined by constrains to the system operation, and accidents may be attributed to deviation from these constrains.
This definition is operative, because:
For example, the use error in the Torrey Canyon
accident may be described by:
Instead, he proposes to focus on the performance variability of everyday actions, on the basis that this performance variability is both useful and necessary. In most cases the result is that things go right, in a few cases that things go wrong. But the reason is the same.
Hollnagel expanded on this in his writings about the ETTO principle
of Resilience Engineering,
and the Resilient Health Care Net.
Human Error
Human Error is the stage name of Rafał Kuczynski , a polish electronic musician, working mostly in the ambient music genre, produced only with a computer...
and user error
User Error
A user error is an error made by the human user of a complex system, usually a computer system, in interacting with it. Although the term is sometimes used by Human Computer Interaction practitioners, the more formal human error term is used in the context of human reliability.User Error and...
. The new term, which has already been adopted by international standard
International standard
International standards are standards developed by international standards organizations. International standards are available for consideration and use, worldwide...
s for medical device
Medical device
A medical device is a product which is used for medical purposes in patients, in diagnosis, therapy or surgery . Whereas medicinal products achieve their principal action by pharmacological, metabolic or immunological means. Medical devices act by other means like physical, mechanical, thermal,...
s, suggests that accident
Accident
An accident or mishap is an unforeseen and unplanned event or circumstance, often with lack of intention or necessity. It implies a generally negative outcome which may have been avoided or prevented had circumstances leading up to the accident been recognized, and acted upon, prior to its...
s should be attributed to the circumstances, rather than to the human beings who happened to be there.
The need for the terminological change
Traditionally, human errors are considered as a special aspect of human factorsHuman factors
Human factors science or human factors technologies is a multidisciplinary field incorporating contributions from psychology, engineering, industrial design, statistics, operations research and anthropometry...
. Accordingly, they are attributed to the human operator
Operator
In basic mathematics, an operator is a symbol or function representing a mathematical operation.In terms of vector spaces, an operator is a mapping from one vector space or module to another. Operators are of critical importance to both linear algebra and functional analysis, and they find...
, or user
User
User may refer to:* User , one who employs the services provided by a telecommunication system* User , one who uses drugs* User * End-user, one who uses a product in economics and commerce...
.
When taking this approach, we assume that the system design is perfect, and the only source for the use errors is the human operator. For example, the DoD HFACS
classifies use errors attributed to the human operator, disregarding improper design and configuration setting, which often result in missing alarms, or in inappropriate alert
Alert
To be alert is to be in a state of alertness.Alert or ALERT may also refer to:-Places:* Alert, Indiana, a community in the United States* Alert, Nunavut, Canada, the northernmost permanently inhabited place in the world...
ing .
The need for changing the term was due to a common malpractice
Malpractice
In law, malpractice is a type of negligence in, which the professional under a duty to act, fails to follow generally accepted professional standards, and that breach of duty is the proximate cause of injury to a plaintiff who suffers harm...
of the stakeholders (the responsible organizations, the authorities, journalists) in cases of accidents . Instead of investing in fixing the error-prone design, management attributed the error to the users.
The need for the change has been pointed out by the accident investigators:
- Early in 1983, Erik Hollnagel pointed out that the term Human Error refers to the outcome, not to the cause. A user action is typically classified as an error only if the results are painful
- In the story “Leap of Faith” of his book “Set Phasers on Stun”, Steve Casey suggested that the accident of the Indian Airlines Flight 605Indian Airlines Flight 605Flight 605 was a flight on 14 February 1990 that crashed on its final approach to Bangalore airport, killing 92 people.The flight, IC-605, took off from Mumbai at 11:58 for a flight to Bangalore. At 12:25 Bangalore approach was contacted and prevailing weather at Bangalore was passed on to the crew...
near Bangalor in 1990 could have been avoided, should the investigators of the Air France Flight 296Air France Flight 296Air France Flight 296 was a chartered flight of a new fly-by-wire Airbus A320-111 operated by Air France. On June 26, 1988, it was flying over Mulhouse-Habsheim Airport as part of an air show. The low-speed fly-by was supposed to take place at with landing gear down at an altitude of 100 feet...
accident of 1988 past the Mulhouse-Habsheim airport considered the circumstances (exceptional situation), rather than the pilots (human errors). - In his book “Managing the Risks of Organizational Accidents” (Organizational models of accidents) James Reason explained and demonstrated that often, the circumstances for accidents could have been controlled by the responsible organization, and not by the operators.
- In his book “The Field Guide to Understanding Human Errors” , Sidney Dekker argued that blaming the operators according to “The Old View” results in defensive behavior of operators, which hampers the efforts to learn from near-misses and from accidents.
- In a recent study by Harel and Weiss the authors suggested that the Zeelim accident during an Israeli military exercise in 1992 could have been prevented, should the Israeli forces focus on learning from the accident of 1990, rather than on punishing the field officers involved in the exercise.
Use errors vs. force majeure
A mishap is typically considered as either a use error or a force majeure:- A use error is a mishap in which a human operator is involved. Typically, such mishaps are attributed to the failure of the human operator
- A force majeure is a mishap that does not involve a human being in the chain of events preceding the event.
Use errors in health care
In 1998, Cook, Woods and Miller presented the concept of hindsight bias, exemplified by celebrated accidents in medicine, by a workgroup on patient safety.
The workgroup pointed at the tendency to attribute accidents in health care to isolated human failures.
The provide reference to early research about the effect of knowledge of the outcome, which was unavailable beforehand, on later judgement about the processes that led up to that outcome. They explain that in looking back, we tend to oversimplify the situation that the actual practitioners faces. They conclude focusing on the hindsight knowledge prevents our understanding of the richer story, the circumstances of the human error.
According to this position, the term Use Error is formally defined in several international standard
International standard
International standards are standards developed by international standards organizations. International standards are available for consideration and use, worldwide...
s, such as IEC
IEC
-Organisations:* Independent Electoral Commission * Independent Electrical Contractors, a U.S. national trade association.* Institut d'Estudis Catalans , a Catalan academic institution....
62366, ISO 14155
ISO 14155
This International Standard addresses good clinical practices for the design, conduct, recording and reporting of clinical investigations carried out in human subjects to assess the safety and performance of medical devices for regulatory purposes....
and ISO 14971
ISO 14971
ISO 14971 is an ISO standard, of which the latest revision was published in 2007, that represents the requirements for a risk management system for medical devices....
, to describe
- an act or omission of an act that results in a different medical device response than intended by the manufacturer or expected by the user.
ISO standards about medical devices and procedures provide examples of use errors, which are attributed to human factors, include slips, lapses and mistakes. Practically, this means that they are attributed to the user, implying the user’s accountability.
The FDA glossary of medical devices provides the following explanation about this term :
- Safe and effective use of a medical device means that users do not make errors that lead to injury and they achieve the desired medical treatment. If safe and effective use is not achieved, use error has occurred. Why and how use error occurs is a human factorsHuman factorsHuman factors science or human factors technologies is a multidisciplinary field incorporating contributions from psychology, engineering, industrial design, statistics, operations research and anthropometry...
concern.
With this interpretation by ISO and the FDA, the term ‘use error’ is actually synonymous with ‘user error’.
Another approach, which distinguishes ‘use errors’ from ‘user errors', is taken by IEC 62366. Annex A includes an explanation justifying the new term:
- This International Standard uses the concept of use error. This term was chosen over the more commonly used term of “human error” because not all errors associated with the use of medical device are the result of oversight or carelessness of the part of the user of the medical device. Much more commonly, use errors are the direct result of poor user interface design
This explanation complies with “The New View”, which Sidney Dekker suggested as an alternative to “The Old View”. This interpretation favors investigations intended to understand the situation, rather than blaming the operators.
Sources of use errors
The Task-oriented Systems engineering considers two sources of user difficulties:- User errors
- User incapability to handle system failures.
Example of user error
An example of an accident due to a user error is the ecological disaster of 1967 caused by the Torrey CanyonTorrey Canyon
The Torrey Canyon was a supertanker capable of carrying a cargo of 120,000 tons of crude oil, which was shipwrecked off the western coast of Cornwall, England in March 1967 causing an environmental disaster...
supertanker. The accident was due to a combination of several exceptional events, the result of which was that the supertanker was heading directly to the rocks. At that point, the captain failed to change the course because the steering control lever was inadvertently set to the Control position, which disconnected the rudder from the wheel at the helm..
Examples of user failure to handle system failure
Examples of the second type are the TMITMI
-Nuclear accident:* Three Mile Island Nuclear Generating Station, a nuclear power station in Pennsylvania, U.S.* Three Mile Island accident, a common term for a 1979 accident at the station* Three Mile Island accident health effects, about impacts of the accident...
(Three Mile Island accident
Three Mile Island accident
The Three Mile Island accident was a core meltdown in Unit 2 of the Three Mile Island Nuclear Generating Station in Dauphin County, Pennsylvania near Harrisburg, United States in 1979....
) described above, the NYC blackout following a storm New York City blackout of 1977
New York City blackout of 1977
The New York City blackout of 1977 was an electricity blackout affected most of New York City from July 13, 1977 to July 14, 1977. The only neighborhoods in New York City that were not affected were in southern Queens, and neighborhoods of the Rockaways, which are part of the Long Island Lighting...
and the chemical plant disaster in Bhopal, India (Bhopal Disaster
Bhopal disaster
The Bhopal disaster also known as Bhopal Gas Tragedy was a gas leak incident in India, considered one of the world's worst industrial catastrophes. It occurred on the night of December 2–3, 1984 at the Union Carbide India Limited pesticide plant in Bhopal, Madhya Pradesh, India...
).
An operational definition of use errors
The ad-hoc definition implies that the use error is the consequence of a user command. This complies with the reactiveReactive
Reactive may refer to:*Generally, capable of having a reaction*Reactance , the imaginary component of AC impedance*Reactive mind*Reactive programming...
approach to safety (Hazard prevention
Hazard prevention
Hazard prevention refers to the prevention of risks. The first and most effective stage of hazard prevention and emergency management is the elimination of hazards...
), which might end up in a fatalistic attitude, implying that we cannot avoid use errors.
The proactive approach, on the contrary, enables prevention of such mishaps, by considering the circumstances of the mishaps, regardless of the results (Ergonomics
Ergonomics
Ergonomics is the study of designing equipment and devices that fit the human body, its movements, and its cognitive abilities.The International Ergonomics Association defines ergonomics as follows:...
). A proactive
ProActive
ProActive is Java grid middleware for parallel, distributed, and multi-threaded computing. It is developed by the OW2 Consortium, including INRIA, CNRS, University of Nice Sophia Antipolis, and ActiveEon...
definition proposed by Harel and Weiss is:
- A user command is a use error if the results do not comply with the designer’s intention.
The proactive definition is not operational, as intentions are not in the scope of common engineering practices. To enable detection of unexpected events, the definition is rephrased, using engineering terms, such as design requirements and guidelines. An operative definition of a use error proposed by Harel and Weiss is:
- A user command is a use error if it is not in the scope of predefined user commands appropriate to the operational scenario.
This definition complies with the STAMP model proposed by Nancy Leveson
Nancy Leveson
Nancy G. Leveson is a leading American expert in system and software safety. She is Professor of Aeronautics and Astronautics at MIT, United States....
. According to this model, normal use is defined by constrains to the system operation, and accidents may be attributed to deviation from these constrains.
This definition is operative, because:
- we know what are the predefined commands,
- we can formalize the operational scenarios, and,
- we can assign the user commands to operational procedures or constrains, associated with the operating scenario.
For example, the use error in the Torrey Canyon
Torrey Canyon
The Torrey Canyon was a supertanker capable of carrying a cargo of 120,000 tons of crude oil, which was shipwrecked off the western coast of Cornwall, England in March 1967 causing an environmental disaster...
accident may be described by:
- The predefined commands, including setting the steering control to either of the Manual, Automatic or Control position
- Formalizing the Navigation and the Maintenance operational scenarios
- Assigning the Control position to the Maintenance scenario, but not to the Navigation scenario.
Classifying use errors
The URM Model characterizes use errors in terms of the user’s failure to manage a system deficiency. Six categories of use errors are described in a URM document:- 1. Expected faults with risky results;
- 2. Expected faults with unexpected results;
- 3. Expected user errors in identifying risky situations (this study);
- 4. User Errors in handling expected faults;
- 5. Expected errors in function selection;
- 6. Unexpected faults, due to operating in exceptional states.
Critics
Erik Hollnagel argues that going from and 'old' view to a 'new' view is not enough. One should go all the way to a 'no' view. This means that the notion of error, whether user error or use error might be destructive rather than constructive.Instead, he proposes to focus on the performance variability of everyday actions, on the basis that this performance variability is both useful and necessary. In most cases the result is that things go right, in a few cases that things go wrong. But the reason is the same.
Hollnagel expanded on this in his writings about the ETTO principle
of Resilience Engineering,
and the Resilient Health Care Net.
External links
- IEC 62366:2007 - Medical devices -- Application of usability engineering to medical devices
- Department of Defense Human Factors Analysis and Classification System: A mishap investigation and data analysis tool
- Managing the Risks of Use Errors: The ITS Warning Systems Case Study
- The re-invention of human error
- Why "Human Error" is a Meaningless Concept
- Dekker: The Field Guide to Understanding Human Error
- Mitigating the Risks of Unexpected Events by Systems Engineering
- FDA Medical Devices Glossary
- Nancy Leveson home page
- Cook RI, Woods DD, Miller C 1998, A Tale of Two Stories
- Hollnagel: Understanding accidents-from root causes to performance variability
- Hollnagel, Paries, Woods, Wreathall (editors): Resilience engineering in practice
- The ETTO Principle – Efficiency-Thoroughness Trade-Off
- the Resilient Health Care Net
- Dekker, 2007: The Field Guide to Understanding Human Error
- Zonnenshain & Harel: Task-oriented Systems Engineering, INCOSE 2009 Conference, Singapore