Back to Blog
IndustryApr 14, 202610 min read

Healthcare Root Cause Analysis: Patient Safety and the 5 Whys

healthcare RCApatient safety5 whyssentinel events

The 2024 Joint Commission sentinel event data tells a straightforward story, and not a reassuring one. Healthcare facilities voluntarily reported 1,575 serious harmful events — a 12% increase from 2023. Patient falls accounted for 49% of those events, a staggering rise from 18% in 2019. Wrong surgeries, delays in treatment, patient suicides, and retained foreign objects each contributed another 8%. Of all reported events, 21% were associated with patient death and 49% with severe harm.

Behind those reported events lies a broader problem: an estimated 400,000 hospitalized patients experience some form of preventable harm each year in the United States, and medical errors have been identified as one of the leading causes of death.

The regulatory infrastructure that governs these events is substantial. The Joint Commission requires a root cause analysis within 45 days of any reportable sentinel event. CMS Conditions of Participation require hospitals to maintain quality assessment and performance improvement programs with explicit attention to adverse events and medical errors. Both frameworks share the same expectation: when harm occurs, the organization identifies not just what happened but why — and does something specific about it.

The persistent gap between that expectation and what most investigations actually produce is a root cause analysis problem.

What Sentinel Events Look Like in Practice

Sentinel events are defined specifically: patient safety events not primarily attributable to a patient's underlying condition that result in death, severe harm, or permanent harm. The definition matters because it sets the threshold for mandatory investigation — and because the categories that dominate the data reveal where healthcare systems continue to fail.

Patient falls have become the largest single sentinel event category by a wide margin. A fall that results in a serious injury is not primarily a behavioral problem. Investigation of fall events consistently surfaces systemic failures: incomplete fall risk assessments at admission, handoff communication that does not transfer risk status between shifts, physical environments where call systems are inaccessible, staffing patterns that leave high-risk patients without adequate monitoring during vulnerable periods.

Wrong-site, wrong-patient, and wrong-procedure surgery — a category where incidents increased 13% in 2024 — represents the most studied class of preventable harm in healthcare. Universal Protocol requirements exist precisely because these events are entirely preventable. When they still occur, investigation almost always reveals that a verification step was skipped or performed as documentation rather than as actual confirmation.

Medication errors span prescribing failures, transcription errors, and administration at the wrong dose or patient. The Institute for Safe Medication Practices has documented the systemic conditions behind these errors for decades: look-alike/sound-alike labeling, interruption-prone preparation environments, and EHR interfaces that introduce new error pathways while eliminating others.

Delays in treatment — the third most common sentinel event category — typically reflect communication and handoff failures: a critical lab value not communicated to the treating team, a deteriorating patient whose early warning signs are documented but not escalated.

Each category has a recognizable causal structure. What changes the outcome is whether the investigation reaches that structure or stops at the surface.

Why Healthcare RCA Often Falls Short

Healthcare organizations investigate sentinel events. The documentation exists: timeline reconstructions, contributing factor lists, corrective action plans. What the investigation literature consistently finds is that these products frequently describe what happened accurately while stopping short of explaining it usefully.

A post-fall investigation that concludes "the patient attempted to ambulate without calling for assistance" and closes with staff retraining has explained nothing actionable. It attributes a systems failure to a behavioral event, without asking why the call system was out of reach, whether the staffing level made its use feel futile, or what in the care planning process allowed a high-risk patient to reach that situation in the first place.

This pattern — accurate description, premature closure — reflects a structural pressure. An investigation that produces a clear action item quickly satisfies the regulatory requirement and moves the organization forward. An investigation that surfaces a systemic failure in a handoff protocol or a technology implementation requires a harder conversation. The Joint Commission's credibility standard addresses this directly: it requires that action plans address contributing factors at the system level, not just the individual level.

The 5 Whys in Healthcare Investigations

The 5 Whys method is the most accessible structured technique for healthcare teams conducting incident investigations. CMS has published the 5 Whys as a QAPI tool specifically for this context. The Institute for Healthcare Improvement includes it in its safety toolkit. Its value is practical: it can be applied by unit-level staff without specialized training, it produces a documented cause chain rather than a narrative summary, and it creates a natural structure for identifying where a system failed rather than who failed.

The method works by asking "why" repeatedly — typically five times, though the number is a guideline rather than a rule — until the answer produces something that a corrective action can actually address.

Consider a medication administration error where the wrong dose was administered to a patient. A narrative investigation might conclude: "Nurse administered incorrect dose due to confusion about dosing units." A 5 Whys analysis follows the chain:

  1. Why was the incorrect dose administered? The nurse drew up 1.0 mg rather than 0.1 mg.

  2. Why did this happen? The medication label expressed the concentration in a format the nurse misread under time pressure.

  3. Why was the label ambiguous? The pharmacy prepared the infusion using the facility's standard label format, which uses decimal notation without leading zeros for concentrations below 1.

  4. Why does the standard label format use this notation? The label template predates current ISMP recommendations, which require a leading zero before any decimal (0.1 not .1) to prevent misinterpretation.

  5. Why has the label template not been updated? There is no scheduled review cycle for medication label formats. Previous updates have occurred only in response to specific incidents, not on a proactive basis.

The root cause — an outdated label template with no review cycle — is something a corrective action can change. Retraining the nurse addresses none of it. The same error is highly likely to occur again under similar conditions, because the conditions have not changed.

This is the practical value of the method in healthcare: it moves the investigation from the question of who made an error to the question of what in the system created conditions where the error was predictable.

A Second Healthcare Scenario: Patient Fall

What happened: A 74-year-old patient with documented fall risk was found on the floor of their hospital room at 2:15 AM, having sustained a hip fracture. The patient had been attempting to reach the bathroom.

5 Whys Analysis:

  1. Why did the patient fall? The patient attempted to ambulate unsupported without activating the call system.

  2. Why did the patient not use the call system? The patient was disoriented and did not remember the call system was available; the device was not within reach from the bed position.

  3. Why was the call system out of reach? The device had been repositioned during a nighttime medication administration and not returned to the bedside location.

  4. Why was this not caught? The care plan included a fall-risk note but did not include a specific environmental safety checklist for post-procedure checks after bedside activity.

  5. Why does the care plan not include this checklist? The fall prevention protocol was updated eighteen months prior to add new assessment criteria, but the environmental safety checklist — recommended by the hospital's falls committee — was not incorporated into the electronic care plan template. The checklist exists as a separate document that is not linked to the care plan workflow.

Root cause: A fragmented implementation of the falls protocol, where an evidence-based intervention (environmental safety checklist) was developed but not integrated into the care pathway where nursing staff would encounter it as part of standard workflow.

Corrective actions at root cause level: Integrate the environmental safety checklist into the electronic care plan template for patients with documented fall risk. Establish a protocol implementation review process to verify that approved protocol changes are reflected in the EHR workflows within a defined timeframe.

Generate Countermeasures with AI

Based on what you've learned, try our AI-powered countermeasure generator. Enter an incident and the AI will suggest both immediate and permanent countermeasures.

AI対策案ジェネレーター

事象を入力するだけで、AIが即時対策と恒久対策を提案

業界別のサンプル事象を選ぶか、自由に入力してください。

または
Powered by WhyTrace Plus無料で始める →

Regulatory Requirements: Joint Commission and CMS

For US hospitals, healthcare RCA obligations come from two directions, and understanding both matters for how investigations are structured.

The Joint Commission's Sentinel Event Policy requires that accredited organizations conduct a root cause analysis for every reviewable sentinel event and submit an action plan within 45 calendar days of the event or of becoming aware of it. The RCA must be credible — meaning it must identify root causes, not just contributing factors, and the action plan must address those root causes with specific, time-limited, measurable actions. The Joint Commission reviews submitted RCAs for credibility and may require revisions if the analysis does not meet the standard. Organizations that fail to conduct credible RCAs risk accreditation consequences.

CMS Conditions of Participation do not use the term "root cause analysis" explicitly, but the Quality Assessment and Performance Improvement requirements under 42 CFR 482.21 require hospitals to measure, analyze, and track adverse patient events, identify opportunities for improvement, and implement and evaluate improvement actions. The expectation that corrective actions reduce the likelihood of recurrence is built into the QAPI standard, which cannot be met without causal analysis.

Together, these frameworks create a compliance baseline that is higher than many investigation programs actually achieve. An investigation that documents a timeline, identifies a list of contributing factors, and assigns retraining to involved staff may satisfy the documentation requirement without meeting the credibility standard that both the Joint Commission and QAPI's intent require.

From RCA to Prevention

The corrective actions that follow healthcare incident investigations vary as widely in quality as the investigations that produce them. This is not coincidence — the depth of the corrective action reflects the depth at which the investigation identified the cause.

Immediate corrective actions address the specific failure: replace the out-of-position call device, retrain the staff member, fix the label. These are necessary containment steps. They prevent the identical event from recurring in precisely the same configuration, but they do not address the conditions that made the event possible.

Systemic corrective actions address management and process gaps: update the EHR template, institute a protocol review cycle, revise label standards with a scheduled trigger. These are harder to close because verification requires evidence that the system has actually changed — not just that an action was assigned.

Organizations that mark corrective actions complete at assignment rather than at verified effectiveness create institutional amnesia. A retraining item marked complete when training occurs, not when competency is confirmed, provides documentation without protection.

Near-miss events are the lever healthcare organizations consistently underuse. For every sentinel event there are multiple near-misses — the wrong patient identified before the medication was given, the fall caught before impact, the retained sponge found in the count. Organizations that investigate near-misses can intervene in causal chains before harm occurs. Those that do not are limited to learning from events that have already caused damage.

Structured Healthcare Investigation Workflows

WhyTrace Plus provides RCA tools built for healthcare quality teams — from initial incident capture through 5 Whys analysis, corrective action assignment, and effectiveness verification. Every investigation produces a complete, audit-ready record aligned to Joint Commission and QAPI requirements.

Start a free trial

What Effective Healthcare RCA Produces

The healthcare organizations that sustain patient safety improvements share a recognizable practice pattern. They investigate near-misses with the same rigor applied to sentinel events. They verify that corrective actions have changed the system, not just satisfied the documentation requirement. And when investigation findings implicate a protocol, a technology configuration, or a workflow design, they make those updates systematically.

The recurring pattern in sentinel events — falls despite fall prevention programs, wrong-site surgery despite Universal Protocol, medication errors despite ISMP guidance — does not reflect inadequate regulation or intent. It reflects a gap between what safety systems say and what operational reality delivers. That gap widens when investigation practice stops at the surface.

Root cause analysis, done credibly, closes it. Not by finding someone to blame, but by finding where the work as designed and the work as practiced have diverged — and doing something about it.

See How WhyTrace Plus Supports Patient Safety Programs

Purpose-built investigation workflows for hospitals and health systems. Connect adverse events to root causes, track corrective actions to verified closure, and maintain audit-ready records for Joint Commission and CMS compliance.

Request a demo

Article What It Covers
The Complete Guide to 5 Whys Full method walkthrough with examples across industries
RCA Method Comparison: 5 Whys, Fishbone, Fault Tree When to use each method based on problem type and complexity
CAPA Management: Stop Losing Track of Corrective Actions Building a system that closes actions on time and verifies effectiveness
Near-Miss Reporting: Building a Proactive Safety Culture How to build near-miss programs that capture leading indicators before harm occurs
ISO 9001 Corrective Action and Root Cause Analysis How corrective action requirements map across quality and safety frameworks

Try WhyTrace Plus Free

Sign up with just your email. No credit card required. Run up to 10 AI-powered analyses per month on the free plan.

Related Articles

Industry

Contractor Safety Management: Ensuring Subcontractor Compliance

9 min readIndustry

Warehouse Safety: Common Incidents and How to Investigate Them

8 min readIndustry

Food Safety Root Cause Analysis: HACCP and 5 Whys in Food Manufacturing

10 min read
Healthcare Root Cause Analysis: Patient Safety and the 5 Whys | WhyTrace Plus Blog | WhyTrace Plus