Intraorganizational enforcement of safety management systems in hospitals: the case of internal audits

In order to manage risk with the aim to decrease risk for patients, hospitals in many countries are required to implement an accredited or certified patient safety management system (SMS). SMS is the “formal, top-down... [ view full abstract ]

In order to manage risk with the aim to decrease risk for patients, hospitals in many countries are required to implement an accredited or certified patient safety management system (SMS). SMS is the “formal, top-down business approach to managing safety risk, which includes a systemic approach to managing safety, including the necessary organizational structures, accountabilities, polies and procedures1” (Federal Aviation Administration, 2016). In the Netherlands, all hospitals are obliged by law to systematically manage the safety of care provision with the aid of a SMS. The implementation of such an accredited SMS is enforced by the Dutch healthcare inspectorate (VMS Zorg, 2011).

The enforcement of rules and regulations is central to enforcement literature. Most research on enforcement has focused on the link between enforcement strategies used by regulatory agencies and organizational compliance (e.g., May & Winter, 2011). However, practice shows that organizations themselves also use enforcement to reach compliance. We expect that these organizational enforcement actions play a role in reaching compliance. Therefore, we argue that the enforcement literature should be extended to include enforcement within the organization. This seems especially relevant in the case of large and complex healthcare organizations.

In addition to focusing on enforcement within the organization, we argue that enforcement should be considered at multiple levels of the organization. This is in line with the difference that is made between enforcement strategy by enforcement agencies and the enforcement style of the inspectors. The first refers to the choices made by agencies and the latter to inspectors’ day-to-day interactions with regulated entities. We add to this distinction between enforcement strategy and enforcement style by adding the level of enforcement as perceived by the regulated entity. We do this by using the multilevel implementation model by Wright and Nishii (2013) to distinguish different intraorganizational levels of enforcement.

To investigate enforcement at different levels within the organization, we use the internal audit system of a large academic hospital as a case. An internal audit system is one of the control and monitoring systems that is used nowadays in public organizations as a means to enforce compliance (Diefenbach, 2009) and is therefore a good fit with our theoretical interest. Moreover, this audit system allows us to follow the process of enforcement at different levels within the organization.