Fault tree analysis for patient safety
What is Fault tree analysis for patient safety?
Fault tree analysis (FTA) is a top-down, deductive analytical method that begins with an undesired event — the 'top event' — and systematically works backward through logical AND/OR relationships to identify all the combinations of conditions and failures that could produce it. Developed in the early 1960s at Bell Telephone Laboratories for the Minuteman missile program and later adopted extensively in nuclear power and aerospace safety, FTA has been applied to healthcare safety for high-consequence events where understanding the full logical structure of possible failure pathways is more important than quickly identifying a single root cause.
The AND/OR gate structure is what distinguishes FTA from methods like fishbone diagrams. An AND gate means that all of the conditions below it must be present simultaneously for the event above to occur — meaning that preventing any one of those conditions prevents the top event. An OR gate means that any one of the conditions below it is sufficient to produce the event above — meaning that all of them must be addressed to fully prevent the top event. This logical structure reveals which failure combinations are most critical to address and which prevention strategies will have the broadest impact.
FTA is a bottom-up complement to FMEA's bottom-up approach. Where FMEA starts with individual components and asks 'what could fail and what would happen?', FTA starts with an undesired outcome and asks 'what combination of conditions could produce this?' The two methods are often used together in safety-critical system design: FMEA to identify and mitigate component-level failure modes, and FTA to verify that the system-level combination of failures that could produce a catastrophic outcome is well-understood and defensed.
When to use it
Use fault tree analysis for complex system failures where multiple independent failure paths could produce the same adverse outcome, and where understanding the logical structure of those failure paths is necessary to design adequate defenses. FTA is most appropriate for high-consequence events — catastrophic patient harm, system-wide failures, never-events — where the organization needs to be confident that its defenses address all of the credible failure pathways, not just the most obvious one. FTA is also valuable for validating the completeness of FMEA-based risk mitigation plans: if the fault tree reveals a failure pathway that the FMEA didn't address, the mitigation plan has a gap. FTA requires more time, analytical skill, and data than simpler methods — reserve it for events where that investment is justified by the potential consequence.
Healthcare example
A hospital engineering and patient safety team used fault tree analysis to analyze failure pathways that could lead to undetected patient deterioration in a newly redesigned progressive care unit. The top event was 'Rapid deterioration event not identified within 15 minutes.' Working backward, the team mapped three major failure branches: continuous monitoring failure (AND gate: both the primary monitor and the backup alert must fail), nursing assessment failure (OR gate: any one of several missed assessment triggers is sufficient), and communication failure (AND gate: both automated alert and manual communication must fail). The fault tree revealed a previously unrecognized vulnerability: the manual communication pathway depended on a charge nurse who was also assigned direct patient care responsibilities during overnight hours — meaning that under high-census conditions, the redundant pathway was effectively unavailable precisely when the primary monitoring pathway was most likely to be overloaded. This finding led to a staffing redesign that preserved the charge nurse role as a dedicated oversight function during overnight hours rather than as a combined charge/direct care assignment.
How ImprovementFlow supports Fault tree analysis for patient safety
ImprovementFlow's safety event data provides the empirical basis for fault tree construction — rather than building fault trees from theoretical failure modes, event patterns reveal which failure pathways are actually occurring and at what frequency.
Event classification data identifies which barrier failures and contributing factors co-occur across events, informing the AND/OR gate structure of the fault tree with real operational data rather than engineering assumptions.
When fault tree analysis identifies high-priority failure pathways requiring mitigation, ImprovementFlow's improvement project framework provides the structure to track mitigation design, implementation, and effectiveness verification.
Post-implementation monitoring connects fault tree-identified failure pathways to ongoing event surveillance, verifying that mitigations are reducing the frequency of identified failure mode combinations over time.
Trend analysis across event classifications allows quality teams to test whether the failure pathways identified in a fault tree are confirmed by subsequent event patterns — supporting iterative refinement of both the tree and the mitigation strategy.
See how ImprovementFlow supports your analysis work
Most customers begin with safety reporting or huddle boards and expand from there. No enterprise commitment required.