Reference Guide

Root Cause Analysis (RCA) in Australian Healthcare: A Practical Guide

Root cause analysis is the structured investigation Australian healthcare services run after a serious clinical incident, near miss, or sentinel event to identify the system factors that allowed harm to reach a patient. Done well, RCA produces a corrective action plan that addresses contributing system causes rather than blaming individuals. Done poorly, it produces a tidy linear explanation that misses the real system structure and lets the same failure recur.

This guide explains when RCA is triggered in Australia, the methodologies used (5 Whys, fishbone, fault tree, A3, London Protocol), how the team is composed, what evidence is collected and how, the corrective action output, and follow-up. It is written for nurses moving into governance, clinical risk staff, accreditation leads, and anyone studying the BSB50920 Diploma of Quality Auditing who needs working RCA fluency.

RCA in Australian healthcare is triggered by serious clinical incidents, sentinel events, and patterns of harm identified through monitoring. The trigger comes from one of three streams: a state-based serious incident reporting threshold, a national sentinel event, or an organisation-level decision driven by NSQHS Standard 1 governance.

The Australian Commission on Safety and Quality in Health Care (ACSQHC) maintains the national sentinel events list (currently ten categories including wrong-site surgery, retained instrument, medication error leading to death, and inpatient suicide). Each Australian state then operates its own clinical incident management policy that defines which incidents require formal RCA, the timeframe, and the reporting line. NSW runs the Clinical Excellence Commission framework; Victoria runs Safer Care Victoria; Queensland Health, WA Health, SA Health and the smaller jurisdictions each maintain equivalent policies.

NSQHS Standard 1.10 (incident management) and Standard 1.11 (open disclosure) require accredited services to operate an incident management system that includes structured analysis of serious events, a corrective action process, and follow-up that closes the loop. RCA is one of the methodologies that satisfies this requirement.

RCA in healthcare differs from generic ISO 9001 nonconformance investigation. It assumes a sociotechnical system, weighs human-factors contributions explicitly, and operates inside the Australian open disclosure framework rather than a contractor-customer NCR loop. See also our ISO 9001 versus NSQHS comparison, the QI methodologies guide, and clinical governance overview.

Five RCA methodologies are commonly applied in Australian healthcare. Choosing the right one depends on the complexity of the event, the time available, and the level of analytical rigour the incident warrants.

For a sentinel event the analysis is typically multi-method: London Protocol as the spine, fishbone for surface mapping, 5 Whys inside specific threads, fault tree where probabilistic logic helps. For a near miss on a single ward, a 5 Why workshop and an A3 sheet may be enough.

5 Whys asks why the event happened, then asks why again about each answer, until reaching a root cause that can be acted on at system level. Its trap in healthcare is stopping at human error (“nurse misread the chart”) rather than continuing to system causes (chart layout, lighting, workload, training). Always push past the first individual-level answer.

Fishbone (Ishikawa) diagrams visualise multiple causes branching from a central problem statement. The standard healthcare grouping is People, Process, Equipment, Environment, Policy, Patient. Used in workshop format with the team that lived the event, fishbone surfaces contributing factors before the team commits to a corrective direction.

Fault tree analysis applies in equipment, infusion-pump, or medication-pathway events where logic gates (AND/OR) help reason about how a failure cascade could occur. It is more common in pharmacy, biomedical engineering and theatre incidents than in clinical-judgement events.

A3 thinking captures the full RCA on a single A3 sheet: background, current state, target state, root-cause analysis, countermeasures, plan, follow-up. Useful for unit-level incidents and for keeping team-led analysis focused.

London Protocol (Vincent et al, Imperial College London) is the systems-analysis approach designed specifically for healthcare. It weighs contributory factors across seven layers: patient, task, individual, team, environment, organisation, institutional. It is the methodology most often applied to sentinel events in Australian tertiary services.

The composition of the RCA team strongly predicts the quality of the analysis. Australian frameworks (CEC NSW, Safer Care Victoria, Queensland Health) all describe similar team-composition principles, although the exact structure varies by jurisdiction.

A well-built RCA team for a serious incident typically includes a trained RCA facilitator (independent of the clinical area), a senior clinician familiar with the relevant specialty but not directly involved in the event, a representative from the unit where the event occurred, a quality and safety coordinator, and an executive sponsor. Patient and family voice is now routinely included for sentinel events, consistent with the open disclosure framework.

Evidence collection in healthcare RCA operates inside the Australian Open Disclosure Framework (ACSQHC). The framework defines how the service communicates with patients and families after harm, and it shapes the ethics of evidence collection.

The first principle is that RCA runs under a “just culture” model. Staff are interviewed with the understanding that the goal is system learning, not individual sanction (except where conduct meets the threshold for separate review under the National Law). Conflating analysis with discipline destroys the candour that makes the analysis useful.

Practical evidence sources include:

The output of an RCA is a corrective action plan that addresses contributing causes through the hierarchy of risk control. The hierarchy ranks corrective actions by likely effectiveness: stronger controls (system redesign, forcing functions, automation) sit above weaker controls (policy update, training, additional checking).

This hierarchy matters because most RCA reports default to the weakest controls (re-educate staff, update policy) which research consistently shows do not prevent recurrence. ACSQHC and state health departments now require corrective action plans to demonstrate consideration of stronger controls before defaulting to training.

A defensible corrective action plan typically combines actions across the hierarchy: a system-redesign action (strongest), a process-standardisation action (strong), a monitoring action (moderate), and supporting training (weakest). Each action has a named owner, a target date, and a verification measure.

An RCA without verification is incomplete. Following up on whether actions were implemented and produced risk reduction is what separates audit-grade RCA from reports that get filed and forgotten.

Australian frameworks expect three follow-up activities. First, implementation tracking: each action has a named owner and closure date, tracked through the risk register. Second, effectiveness measurement: the original measure that signalled the incident is monitored after corrective actions are in place, ideally on a run chart so real improvement can be distinguished from noise. Third, system feedback: lessons are fed into related services (other wards, sister sites, executive committee) so learning is not isolated to the unit where the event occurred.

NSQHS Standard 1.10 (incident management) and Standard 1.11 (open disclosure) are the survey checkpoints where RCA evidence is sampled. Surveyors typically pick two or three RCAs from the previous twelve months and trace each end-to-end through documentation, committee minutes and current operational practice. See also our guide to common Australian audit findings for what surveyors look for at this point.

The BSB50920 Diploma of Quality Auditing is TalentMed’s nationally recognised pathway into healthcare quality auditing and clinical risk roles. Delivered 100% online and self-paced, with case studies framed around NSQHS, aged care and NDIS frameworks. You build confidence on incident management, RCA facilitation and corrective action verification before facing a real review.

TalentMed Pty Ltd, RTO 22151. The BSB50920 Diploma of Quality Auditing is nationally recognised on the National Register. Confirm current course duration, fees and intake details on the course page before enrolling. RCA framework descriptions reflect published practice of ACSQHC, the Clinical Excellence Commission (NSW), Safer Care Victoria and other state health authorities; refer to safetyandquality.gov.au for authoritative national framework guidance.