Most serious safety events don’t occur without warning. They are preceded by weak signals, near misses, workarounds, and variation that quietly accumulates until something eventually slips through the cracks. Weick and Sutcliffe describe this orientation in Managing the Unexpected (2015) as a defining trait of high-reliability organizations (HROs): a healthy preoccupation with failure. It means actively looking for what could go wrong before it does, then doing something about it. Failure Mode and Effects Analysis (FMEA) is how you make that preoccupation systematic.
In nearly three decades of acute-care nursing and Quality leadership, I have seen FMEA applied brilliantly, and I have seen it buried in binders. The difference between those two outcomes is not the tool itself. It is how seriously organizations treat FMEA as an enterprise risk discipline rather than a regulatory deliverable. Executed well, FMEA improves patient safety, strengthens regulatory confidence, and gives leaders a clearer way to identify, prioritize, and reduce risk. When conducted poorly, it generates a spreadsheet of opportunities that no one owns, and nothing changes.
This post covers what FMEA is and is not, why it so often underperforms in healthcare, what high-performing FMEA actually looks like, and a concrete scenario demonstrated from start to finish.
Key takeaways:
- FMEA is a strategic capability, not a compliance task. Hold it to the same standard as financial and operational risk management.
- Consistency in scoring matters more than precision. Inconsistent scoring undermines decision confidence.
- The value of FMEA is in closed-loop action: assignment, implementation, verification, re-evaluation for sustained compliance.
- A healthy preoccupation with failure is the operating posture of high-reliable organizations that catch failure before it reaches a patient.
What Is FMEA, and What Is It Not?
FMEA is a structured, systematic, proactive method for identifying how a process, product, or system could fail, assessing the consequences of each failure, and prioritizing corrective action before harm occurs. In healthcare, this framework is often formalized as HFMEA (Healthcare Failure Mode and Effects Analysis), an adaptation developed by the VA’s National Center for Patient Safety in 2001 specifically for clinical environments. The VA’s HFMEA model replaced the traditional Risk Priority Number with a simpler hazard-scoring matrix (severity x probability) and a decision tree designed to account for the complexity and consequence of clinical process failure. Many hospitals outside the VA continue to use the classic three-factor RPN, and that is the version we will walk through below. AHRQ has similarly developed resources supporting proactive risk assessment in healthcare settings. CMS has similarly developed resources supporting proactive risk assessment in healthcare settings.
Understanding what FMEA is not, is just as important as understanding what it is:
- It is not a worksheet. A worksheet is the output of a process; FMEA is the process itself.
- It is not a regulatory “necessary evil.” Accrediting bodies and CMS reference proactive risk assessment in their standards because the evidence supports it.
- It is not a one-time exercise. Processes change, staffing models change, technology changes. The risks change with them.
- It is structured thinking about how systems might fail before that failure materializes and reaches a patient, and it is that forward-looking orientation that gives FMEA its clinical value.
That last point carries weight. The moment FMEA becomes about documentation instead of decision-making, its value disappears. This distinction between FMEA as evidence of compliance and FMEA as a tool for managing risk is where most organizations lose the thread.
Why Does FMEA Matter More in Healthcare Now?
Healthcare is operating under compounding pressure: workforce shortages, new technology, intensifying regulatory expectations from CMS, Joint Commission, DNV, and ACHC while constant operational change introduces new failure modes faster than retrospective analysis can address them.
Joint Commission’s leadership standards expect hospitals to select at least one high-risk process and conduct a proactive risk assessment at least every 18 months. CMS Quality Assessment and Performance Improvement (QAPI) Conditions of Participation hold the governing body accountable for a program that tracks adverse events, analyzes their causes, and implements preventive actions. The VA goes further, requiring each of its facilities to complete at least one HFMEA annually. These are not aspirational benchmarks. They reflect a recognition that retrospective analysis (learning from events after they cause harm) is necessary but not sufficient. You cannot build a reliable safety system by only studying failures that have already happened.
FMEA should be held to the same standard as financial and cybersecurity risk. Organizations do not wait for monetary losses and data breaches to occur before identifying vulnerabilities. They use consistent methods to identify risk, assign ownership, and track mitigation. Those efforts receive executive visibility and oversight. Clinical risk deserves the same level of discipline.
When FMEA operates as a genuine operational discipline, the outcomes are distinguishable. Repeat harm events decline or eliminate completely after process changes. Operations stabilize faster when new technology, staffing models, or workflows are introduced. More of the actions tied to identified risks close. And scoring stays consistent enough that leadership can make resource decisions with confidence.
Framed correctly, FMEA is not how hospitals prepare for surveys. It is how they operate between them. Simply, it transforms culture.
What Are the Core Components of FMEA?
Every FMEA rests on five elements. Working through each one in plain language matters before applying them well.
The failure mode is a description of how a specific step in a process could go wrong. Not why it went wrong; that is root cause analysis, that is retrospective in nature. FMEA asks how a process step could fail, prospectively, before that failure causes harm, delay, or negatively affects operations.
The effect is the consequence of that failure. In clinical settings, effects typically cascade: a breakdown in one step becomes a delay in care, a missed diagnosis, or an undetected contraindication downstream.
The cause is the underlying reason the failure could occur. A single failure mode often has multiple causes, each of which may require a distinct preventive action.
Current controls are the safeguards already in place that reduce the likelihood or impact of the failure. Documenting controls honestly is important; teams frequently overestimate the effectiveness of existing safeguards.
Risk prioritization is where teams assign numerical scores to prioritize limited resources on the failure modes that matter most. The most widely used approach is the Risk Priority Number (RPN), calculated as Severity multiplied by Occurrence multiplied by Detection (S × O × D = RPN scoring). Severity scores the magnitude of harm if the failure occurs. Occurrence scores the likelihood of the failure happening. Detection scores how likely the failure is to be detected upon occurrence: a failure that would almost certainly be intercepted quickly scores low, and a failure that would likely go unnoticed scores high.
A candid note on RPN: the literature documents its limitations clearly. Multiplication can obscure meaningfully different underlying profiles, a failure mode with moderate scores across all three dimensions produces the same RPN as one with very high severity, very low occurrence, and very low detection, even though those situations call for different responses. Organizations should not treat RPN as a precise measure. The value of consistent scoring is not precision; it is the disciplined comparative judgment it enables across processes and over time. Inconsistent scoring across teams, departments, or years destroys the decision confidence FMEA is designed to create.
Why Does Traditional FMEA Underperform?
Most FMEAs fail to mitigate risk long-term not from poor analysis but rather from inconsistent implementation of risk mitigation strategies. In my experience, the single most common reason FMEA underdelivers is straightforward: the actions it generates are never owned, funded, or tracked to ensure sustainability. The risk gets documented, but little changes. By the next survey cycle, the same vulnerability often resurfaces.
There are structural reasons this pattern is so persistent:
- FMEA is treated as a deliverable rather than a decision tool. Once the form is completed, the work feels completed.
- The process is resource-intensive and time-consuming, that limits frequency and narrows the time teams have for action follow-through once the analysis is completed.
- Even when actions are assigned, they are rarely funded. Without active leadership engagement in the FMEA process, identified actions compete poorly for budget and staff time against immediate operational demands.
- Scoring variability between team members or across time periods undermines confidence in the results. When leaders cannot trust the scores, they deprioritize the actions.
- Risk does not respect organizational boundaries, but FMEA visibility often does. A failure occurring in the pharmacy has downstream effects in nursing and the laboratory, but the action plan may sit only in the pharmacy binder.
- Actions are documented but not assigned. Without an accountable owner, a deadline, and a mechanism for follow-up, the action exists in theory and not in practice.
The result is an organization that checks the FMEA box during survey preparation and then repeats the same findings in the next cycle. That is not a Quality problem. It is a system problem.
What Does High-Performing, Capability-Driven FMEA Look Like?
High-performing FMEA behaves like a management system. It has consistent methods, visible priorities, and accountable execution. Four culture shifts separate it from being just another required compliance task.
First, standardize scoring and thresholds. Every team involved in FMEA should apply the same definitions for severity, occurrence, and detection. Organizations that establish shared scoring anchors before conducting assessments produce results their leadership teams can trust and act on. Consistency builds confidence. Confidence drives action.
Second, establish enterprise visibility. A risk identified in one department frequently has implications for multiple others. High-performing FMEA is inherently multidisciplinary. It surfaces failure modes that no single service line would catch working in isolation, and it ensures that cross-functional risks are visible at a level where resource and priority decisions can actually be made. An FMEA conducted within a single department and filed in that department’s QAPI binder is not practicing enterprise risk management.
Third, shift operational ownership to leaders. Quality and Safety teams facilitate FMEA. They should not own all the resulting actions. The leaders accountable for the processes in question (operational managers, department directors, service line leaders) are the appropriate action owners. Those sitting closest to the potential failure have the greatest insight into how to prevent it. When accountability sits with the people who control resources and processes, follow-through improves.
Fourth, require closed-loop accountability. An action without a verification step is not complete. Closed-loop accountability means the action is assigned, the process improvement is implemented, the effectiveness is verified, and the risk is re-evaluated. Organizations that stop with implementation frequently find the same failure mode reappearing because the intervention did not stick.
When these elements are in place, the benefits are concrete: proactive identification of high-risk areas before harm occurs, explicit linkage between identified risks and the people responsible for resolving them, and a governance path that connects FMEA findings to executive decision-making and resource allocation.
FMEA in Practice: Walking Through a Real Scenario
The method is clearest in a concrete case. Consider a prolonged outage of a hospital’s pneumatic tube system, the kind of disruption that quietly threatens both medication delivery and specimen transport simultaneously.
Setting the Stage
The failure mode is a mechanical failure in a frequently used device that halts transport of non-narcotic medications from the pharmacy to patient care units, and of specimens from the patient care units to the laboratory. Replacement parts require more than two weeks to source. On its face, this sounds like an infrastructure problem. In practice, it is a patient safety problem.
To conduct FMEA honestly, teams must pressure-test the failure mode against realistic operating conditions. What if the outage begins at 3:00 PM on a Friday and extends through the weekend? Would frontline staff on the night shift know what to do without senior leadership present? Is the alternative, backup process documented? Have staff been educated to the alternate process and is it executable by the people actually working that shift, or does it require institutional knowledge that is not available at 2:00 AM?
Team Selection
A well-constructed FMEA team for this scenario includes a PI-trained facilitator, an executive sponsor, a Quality or Patient Safety representative, operational leaders from pharmacy, lab and nursing, frontline staff members from an effected departments, facilities, and informatics representation if the tube system integrates with any clinical technology.
Executive sponsorship matters for a practical reason: executives hold the authority and responsibility to allocate resources and remove barriers. Without that visibility, well-designed action plans lose momentum.
The frontline representative is equally non-negotiable. The failure modes visible from the nursing units are not always visible from the conference room.
Current Controls
Existing controls typically include a policy and standard operating procedure (SOP) for manual transport backup, staff education on that SOP, preventive maintenance schedules for the tube system, and spare-parts inventory. An honest assessment goes beyond confirming that these controls exist. Teams should verify that procedures are current, training on the downtime procedure is recent enough to be operationalized, and spare-parts kept in onsite inventory reflect the components most likely to fail.
Effects and Risk Prioritization
The effects of a prolonged tube outage include delayed STAT medication delivery, that raises a regulatory issue that must be explicitly addressed. Under the hospital's policies and applicable state and federal regulations, not all personnel are authorized to physically transport non-narcotic medications. This is not a procedural footnote. It is a compliance consideration that belongs in the FMEA and in the corrective action plan.
Additional effects include manual specimen transport, that introduces chain-of-custody requirements and collection receptacle management. Downstream risks include delayed laboratory results, delayed diagnosis, and delayed clinical decision-making.
Applying the S × O × D scoring consistently across these failure modes allows the team to rank priorities. Executive sponsors need to see disciplined logic, not all of the arithmetic. What they need to trust is that the highest-priority actions reflect the highest-risk consequences, and that the scoring process was consistent enough to make that judgment credible.
Preventive Actions and Closing the Loop
Each preventive action should carry an assigned owner, a concrete description of the process or control change being implemented, and a planned completion date. Re-educating staff on a process they have not used in two years is not a preventive action. Preventative actions are not reminders or education alone, but concrete changes to the process, technology, or controls.
Within the scenario, closing the loop means the action is assigned, the change is implemented, the implementation is verified as effective, and the risk is re-scored. That sequence (assignment, implementation, verification, re-evaluation) is the difference between an FMEA that produces change and one that sits filed inside a binder.
How Do You Make Sure FMEA Actions Are Completed and Sustained?
The hardest part of FMEA is not identifying risks. Most experienced Quality teams can populate a failure mode table in an afternoon. The hard part is keeping the corrective and preventive actions alive after the session ends, through leadership transitions, competing priorities, and the next wave of operational demands.
Actions captured in spreadsheets and static documents stall. The person who created the spreadsheet knows what it contains. The people responsible for individual actions may not know they are on it. New leadership arrives, and the file is in a folder somewhere. An action is overdue, and no one has flagged it. Another survey cycle approaches, and the team is revisiting the same FMEA on the same process.
Actions get closed when they are embedded in existing Quality and safety workflows with assigned, accountable owners, visible status markers, and follow-up mechanisms that do not depend on someone manually checking a document. Several structural requirements enable this:
- Assignment that is real-time and traceable, not recorded after the fact in a separate log
- Visibility into completion status across the organization, not only within the department that owns the action
- Notifications when deadlines approach and flags when actions become overdue, without requiring administrative follow-up to surface them
- Links to related activities (incident reports, policy updates, training completions, audit findings) so that changes propagate consistently rather than existing in isolation from the broader Quality record
- Monitoring and verification mechanisms that confirm the action was effective, not merely marked complete
Organizations looking to strengthen this kind of closed-loop accountability often rely on integrated Quality management tools that keep actions visible, electronically assigned, and connected to the broader Quality program. Vastian's APPIL Action Planning, Performance Improvement & Long-term Effectiveness and Events support that approach.
Conclusion
FMEA is not a compliance task that healthcare organizations perform annually and neatly file away until the next onsite survey. It is a capability and a discipline that, when embedded as a strategic asset, changes how organizations relate to and manage risk before it becomes harm.
A few principles to carry forward:
- FMEA is a capability, a strategic method, not a compliance task. Hold it to the same weight as financial and operational risk management by using standard methods, visible ownership, and tracked resolution.
- Consistency in scoring matters more than precision. Inconsistent scoring undermines the decision of confidence that makes FMEA actionable.
- The value of FMEA is in closed-loop action. Identified risks that are documented but never resolved consume resources and create false confidence in a safety system that is not functioning.
- Healthy preoccupation with failure is not pessimism nor paranoia. It is the operating posture of highly reliable organizations that catch and mitigate failure before it occurs or can reach a patient.
The goal of FMEA is not to predict every failure. It is to ensure that failures never catch your organization by surprise.
See closed-loop action tracking in practice.
The gap this article describes, actions that are documented but never owned, funded, or verified, is the gap an integrated quality management system (QMS) closes. A walkthrough with the Vastian team shows how FMEA actions stay assigned, visible, and tracked to verified completion, connected to incidents, audits, policies, and training. Request your demo here!
Not ready for a conversation? Download the one-page FMEA handout.


