Human factors of complex sociotechnical systems

Applied Ergonomics 37 (2006) 525 535 www.elsevier.com/locate/apergo Human factors of complex sociotechnical systems Pascale Carayon Department of Industrial and Systems Engineering, Center for Quality and Productivity Improvement, University of Wisconsin-Madison, 610 Walnut Street 575 WARF, Madison, WI 53726, USA Abstract Increasingly products and services result from interactions among people who work across organizational, geographical, cultural and temporal boundaries. This has major implications for human factors and ergonomics (HFE), in particular, challenging the limits of the systems to be designed, and widening the range of system elements and dimensions that we need to consider. The design of sociotechnical systems that involve work across multiple boundaries requires better integration of the various sub-disciplines or components of HFE, as well as increased collaboration with other disciplines that provide either expertise regarding the domain of application or expertise in concepts that can enrich the system design. In addition, customers contribute significantly to the co-production of products/services, as well as to their quality/safety. The design of sociotechnical systems in collaboration with both the workers in the systems and the customers requires increasing attention not only to the design and implementation of systems, but also to the continuous adaptation and improvement of systems in collaboration with customers. This paper draws from research on human factors in the domains of health care and patient safety and of computer security. r 2006 Elsevier Ltd. All rights reserved. Keywords: Organizational design and management (ODAM); Macroergonomics; Complex work system; Sociotechnical system; Health care and patient safety; Computer and information system security 1. Introduction A number of changes are occurring in the business and socio-economic environment that contribute to increasing the complexity of work systems. Vicente (1999) lists several factors that contribute to work system complexity (see Table 1 for a list of the dimensions of work system complexity and their relevance to the healthcare and computer security domains). Increasing work system complexity poses unique challenges to the people involved in the design, implementation and maintenance of sociotechnical systems, including human factors and ergonomics (HFE) researchers and professionals. In this paper, we discuss two emerging trends that contribute to increased work system complexity: (1) working across organizational, geographical, cultural and temporal boundaries, Tel.: +1 608 265 0503/263 2520; fax: +1 608 263 1425. E-mail address: carayon@engr.wisc.edu. and (2) the increasing role of the customer in product/ service design. The examples used in this paper draw from the healthcare/patient safety and computer security domains. Patient safety is a systemic problem of healthcare organizations worldwide. The issue of medical errors and harm caused by poorly designed healthcare systems made headlines in the US with the publication of the 1999 Institute of Medicine report, To Err is Human: Building a Safer Health System (Kohn et al., 1999). The World Health Organization has recognized patient safety as a strategic issue in order to improve health and health care worldwide (http://www.who.int/patientsafety). HFE has a long tradition of involvement in helping assess and solve performance, quality and safety problems in health care (Chapanis and Safrin, 1960). The issue of computer security is also a global problem, but it has received considerably less attention and contributions from HFE as compared to health care and patient safety. The 2005 CSI/FBI [Computer Security 0003-6870/$ - see front matter r 2006 Elsevier Ltd. All rights reserved. doi:10.1016/j.apergo.2006.04.011

526 ARTICLE IN PRESS P. Carayon / Applied Ergonomics 37 (2006) 525 535 Table 1 Complexity of work systems a Dimensions of complexity Definitions Application to health care Application to computer security Large problem spaces Many different elements and forces About 500,000 illnesses Large number of computers and other technologies connected via a network Social system Composed of many people who must Healthcare providers and staff End users+creators maintainers of work together Patients and their families computer security Heterogeneous Workers with different backgrounds Different disciplines and cultures/ Usability versus security perspectives and disciplines values Distributed system People located in different places Home healthcare Networked system: people accessing Telemedicine the network from a remote location Dynamic system Delay in effects of actions Preventive care Networked system Hazardous system Catastrophic economic, public, social, environmental consequences Medical errors Security breaches leading to loss of business, reputation, etcy Coupling Highly coupled interacting subsystems Both tight and loose coupling Both tight and loose coupling Automation Highly automated system High automation in radiology and High automation pharmacy Uncertain data Uncertainty in data available to workers Patient characteristics Data from intrusion detection software Mediated interaction System not observable directly by workers Medical technologies (e.g., endoscopic technologies) Computer security performance mediated by various technologies Disturbances Workers responsible for dealing with unanticipated events a The dimensions of complexity are further described by Vicente (1999). Unanticipated events (e.g., changes in patient status, adverse drug events) Unanticipated attacks Institute & Federal Bureau of Investigation] survey of 699 people representing various industries shows that 56% of the companies experienced some type of unauthorized use of computer systems within the past year (Gordon et al., 2005), including laptop or mobile theft, denial of service, telecom fraud, unauthorized access to information and virus. There is slow recognition among computer security specialists of the importance of non-technical (human and organizational) factors in ensuring and maintaining computer security. For instance, in the CSI/FBI 2005 survey, a large number of respondents (63 70%) identified awareness training in various areas of security (security policy, security management, access control systems and network security) as very important to their organizations. HFE can make a significant contribution to improving the design and implementation of computer security technologies, policies and management systems (Carayon et al., 2005a). The domains of health care and computer security pose unique challenges to HFE because of their high complexity. Much patient care involves people (patients, their families, and healthcare providers and staff) who work across various boundaries. Patients (and their families and caregivers) have an increasingly important role in the quality and safety of the care provided to them. Computer security is becoming increasingly complex because of the (distributed, decentralized) Internet and other networked systems that involve people working across various boundaries. Those people have a critical role in computer security: they can directly or indirectly affect security through their behaviors and actions (e.g., writing down passwords), or they can alert computer security managers of possible security breaches (e.g., when experiencing slow response to computer network access). In the remainder of the paper, the trend towards working across boundaries and the implications for a greater focus on system interactions and integration within and outside the HFE discipline are discussed. We then describe the increasing role of the customer in product/service design, and the subsequent need for developing more comprehensive models of HFE in system design. 2. Working across boundaries Many people no longer work for a single organization or only with people belonging to the same organization. They work across organizational, geographical, cultural and temporal boundaries in a world that is flattening (Friedman, 2005) (see Table 2 for examples of boundaries in the healthcare and computer security domains, and other domains of application). Products and services are created as outcomes of multiple entities/organizations that work together across boundaries. Working across organizational, geographical, cultural and temporal boundaries increases the number and type of interactions between systems, and therefore amplifies the complexity of work systems. Example in health care: The creation of virtual intensive care units (ICUs) is an example of working across organizational, geographical and temporal boundaries in the healthcare domain that poses important HFE challenges. In a virtual ICU system, a patient is cared for by on-site ICU nurses and physicians located in hospital A

P. Carayon / Applied Ergonomics 37 (2006) 525 535 527 Table 2 Working across boundaries Boundaries Application to healthcare Application to computer security Other domains of application Organizational boundaries Geographical boundaries Cultural boundaries Temporal boundaries Transitions of care across healthcare institutions Care of patients with chronic diseases Virtual intensive care unit with patients and healthcare providers in different locations Care of culturally diverse patient populations Work schedules and shiftwork of nurses Communication over time (e.g., during shift change) Ensuring computer security across supply chain or with outside contractors Ensuring security of computer system while end users access the system from remote locations Globalization of companies and creation of virtual teams (crosscultural teams) that need to share documents and information Providing 24-h computer security support Human factors implications of supply chain management Cross-functional design teams working in different parts of the world Cross-cultural work system design Participatory ergonomics in various cultural environments Extension of work day via use of communication technologies and also remotely monitored by ICU nurses and physicians who are located in remote hospital B. The virtual ICU crosses geographical boundaries, therefore creating a work situation of remote monitoring for the ICU nurses and physicians located in hospital B. The HFE issue of sustaining attention in a monitoring situation is critical in such a work environment. The virtual ICU often crosses organizational boundaries: hospitals A and B are two separate organizations with different organizational and technical systems and processes. A virtual ICU requires that hospitals A and B share information on the patient in a timely manner, which can be quite complex from a technical infrastructure viewpoint. In addition, the ICU nurses at hospital B are required to monitor at least three displays of information: a display of the patient at hospital A (image produced by remote video camera), a display of the electronic record of the patient, and a display of data from various monitors connected to patients (e.g., ventilator). This work situation poses many problems related to physical ergonomics (e.g., workstation design), cognitive ergonomics (e.g., simultaneous monitoring of three displays and information load) and psychosocial ergonomics (e.g., communication with nurse at hospital A). Because care for the patient in hospital A should be continuous, the virtual ICU brings up HFE issues related to working across temporal boundaries at both hospitals A and B. 1 For instance, should there be an ICU physician continuously available at hospital B? What are the roles and responsibilities of this ICU physician over the 24-h period of time? How are responsibilities shared between the physicians and the nurses at hospital B during a 24-h period? How many patients can one person remotely monitor? Example in computer security: We may need to analyze a work situation where the worker interacts with other people located far away, perhaps in another country. This 1 Other industries have faced similar issues and found solutions. The question is then raised of the applicability of these solutions to industries, such as health care. may occur, for example, when support for computer and information system security is provided by workers located in a different country ( off-shoring of computer security function). 2 According to the CSI/FBI 2005 survey, 37% of the companies outsourced computer security (Gordon et al., 2005). If the ergonomist is interested in understanding the demands of the work situation, s/he may need to assess the requirements for the worker to communicate simultaneously with people of different cultural background located in a different country and working in a different time zone. These requirements may affect the work schedule of the worker, such as having to work odd hours and therefore introducing the well-known problems of shiftwork. If the ergonomist is interested in understanding the cognitive demands of the work situation, s/he may need to compare and contrast the cultural characteristics of the worker and his/her colleagues located in a different country. These cultural factors may affect cognitive processes, such as perception and understanding of security policies and computer security-related communication. This example shows how important it is for the ergonomist to understand a diversity of interactions, as well as to integrate different dimensions of HFE (physical, cognitive, psychosocial/cultural). The examples described above have demonstrated the need to focus on interactions within and between complex sociotechnical systems. Those interactions involve multiple HFE dimensions, i.e. physical, cognitive and psychosocial dimensions. In addition, the design of those multiple varied interactions can benefit from collaboration between HFE professionals and experts in the particular domain of application. Because the sociotechnical systems are becoming 2 A healthcare example of workers interacting with other people located in another country is described by Friedman (2005). Some small hospitals in the US are outsourcing reading of CAT scans and other radiological images to physicians in India and Australia. Because it is daytime in India or Australia when it is nighttime in the US, this system allows after-hours coverage by experienced radiologists.

528 ARTICLE IN PRESS P. Carayon / Applied Ergonomics 37 (2006) 525 535 more complex, and their internal and external interactions are growing, there is a need for better integration between HFE and other disciplines (e.g., engineering, computer sciences, organizational sciences) that can provide substantive knowledge about connected elements. 3. Need to focus on system interactions and integration According to Wilson (2000), the nature of ergonomics is to understand people and their interactions, as well as the relationships between these interactions, and to improve those interactions in real settings. Interactions occur between people and elements of sociotechnical systems. Various models have been proposed that define elements of sociotechnical system (see Table 3). These models present different ways of slicing and describing sociotechnical systems, either vertically (e.g., Rasmussen s (2000) model and Moray s (2000) model), functionally (e.g., Sociotechnical Systems Theory or STS) or by domain (e.g., Wilson s (2000) model of interactions, Smith and Carayon- Sainfort s (1989) work system model, the SHELL model and Vincent s (2003) model). All of these models emphasize the need to understand interactions between people and elements of the system, as well as with the wider environment of the system. They also highlight the various levels of system functioning and the need to examine the vertical interactions, i.e. interactions between different system levels (Moray, 2000; Rasmussen, 2000). The necessary focus on interactions between system elements requires integration both within the HFE discipline and with other disciplines. Working across boundaries and the subsequent increasing diversity of system interactions necessitates a true HFE systems approach that identifies and assesses all HFE dimensions, i.e. physical, cognitive and psychosocial interactions. In addition, HFE needs to work with domain experts, as well as other disciplines that can provide the concepts and methods for understanding some of the system elements (e.g., political scientists to consider the legal and political environment of sociotechnical systems). 3.1. Physical, cognitive and psychosocial system interactions Solving HFE problems of working across boundaries requires an in-depth examination of interactions between the various sub-systems. Those interactions can be of physical, cognitive and psychosocial nature, and involve various system levels from micro-ergonomic issues all the way to macroergonomic issues. Zink (2000) has begun to identify the connections of micro and macroergonomics, such as the relation between workplace (anthropometry, biomechanics, information processing) and work organization (process design, group work). We need to continue this effort of integrating the various HFE dimensions, system levels and interactions between systems and sub-systems. A few efforts have emerged that integrate different dimensions of HFE. Dillon (2000) discusses how sociotechnical system approaches can be combined with usability engineering in the design of information systems. He emphasizes the application of STS principles (e.g., user participation) in usability evaluations. In addition, usability engineering can quantify user concerns. However, we also need to assess other outcomes besides effectiveness, efficiency and satisfaction by considering the larger sociotechnical system in which the information system is to be used. Clegg et al. (1996) have developed an integrated series of micro and macroergonomic tools that can be used during the development of computer systems. Why is it so important to integrate the physical, cognitive and psychosocial system interactions for the domains of healthcare and computer security? 3 A few examples will demonstrate the importance of this integration. Example in health care: Transitions of care pose an example of working across organizational boundaries, demonstrating the need to integrate various HFE dimensions. In the pre-operative phase of outpatient surgery, the patient goes through several transitions of care: from his/ her primary care physician to the surgeon for confirmation of surgery, from the surgeon back to the primary care physician for a pre-operative physical exam, from the surgeon s clinic to the anesthesia clinic, from the anesthesia clinic to the outpatient surgery center, and from the outpatient surgery center to home (Carayon et al., 2004; Schultz et al., 2005). These transitions of care present unique challenges for communication between the healthcare providers. Very often, patient-related information at any stage in the pre-operative process is not delivered on time or is incomplete, therefore making the work of the healthcare providers stressful and complicated. We have defined three levels of awareness that can help the performance of the healthcare providers involved in those varied transitions: situation awareness, team awareness and organizational awareness (Schultz et al., 2005). This three-level model of awareness builds on existing cognitive ergonomic concepts of situation awareness (Endsley, 1995) and team awareness (Salas et al., 1995), and adds an organizational/psychosocial ergonomic concept, i.e. organizational awareness, borrowed from the High Reliability Organization approach (Roberts et al., 1994; Weick and Sutcliffe, 2001). This three-level model of awareness is an example of integration of the cognitive and psychosocial dimensions of HFE. Example in computer security: Ensuring computer security across a supply chain is another instance where organizational boundaries are crossed. In a supply chain management system, a manufacturing organization needs to share production-related information with suppliers. The computer security manager of the manufacturer needs to develop technical systems and policies to protect the security of information exchange and to allow secure access 3 The integration of physical, cognitive and psychosocial system interactions is also necessary in other domains with high system complexity.

P. Carayon / Applied Ergonomics 37 (2006) 525 535 529 Table 3 Models of sociotechnical system Models and authors Wilson (2000) model of interactions Smith and Carayon (Carayon and Smith, 2000; Smith and Carayon-Sainfort, 1989) model of work system Components of the sociotechnical system People interact with the following elements: other people (cooperation interactions) remote agents (temporal and spatial interactions) structure, policy and roles (organization interactions) supply chain (logistics interaction) environment (setting interactions) task hardware and software (interface interactions) society, finance and politics (contextual interactions) the individual tasks tools and technologies physical environment organizational conditions The Sociotechnical Systems Theory (Pasmore, 1988; Trist, 1981) social system technical system environment Hendrick and Kleiner (Hendrick and Kleiner, 2001; Kleiner, 2004) model of work system sub-systems personnel sub-system technological sub-system internal environment external environment task and organizational design SHELL (Software-Hardware-Environment-Liveware) model (cited by Rizzo et al., 2000) Rasmussen (2000) model of sociotechnical system Moray (2000) model of sociotechnical system as a set of concentric circles Vincent (2003) model of work factors influencing clinical practice and adverse events software: practices, procedures, regulations and formal/informal rules hardware: physical elements of the sociotechnical system (e.g., equipment, physical layout) political, economic, social and legal environment in which the system functions liveware: workers liveware: other people the workers interact with, e.g., managers and other staff working in the system productive processes or the work performed by operators and workers staff involved in planning the work management who plans operations and supplies resources company that interacts with various regulations regulators and associations government individual behavior, physical devices and physical ergonomics at the center of the system Other layers include: team and group behavior, organizational and management behavior, legal and regulatory rules, and societal and cultural pressures institutional factors organization and management work environment (e.g., staffing level, workload, design of equipment, administrative and managerial support) team individual staff member (e.g., knowledge, skills) task patient to production databases. Employees of the manufacturers and of the suppliers need to understand and adhere to the security policies. How can this be verified and enforced when these people belong to different organizations? This question involves cognitive (e.g., understanding of the computer security policy) and psychosocial (e.g., communication between people belonging to different organizations) ergonomic issues.

530 ARTICLE IN PRESS P. Carayon / Applied Ergonomics 37 (2006) 525 535 More discussion and integration between the different sub-disciplines of HFE need to occur. The HFE discipline is showing signs of growth and maturity, such as the development of HFE sub-disciplines (Moray, 2000); but this should not be at the expense of the core HFE systems approach (Wilson, 2000). We need to better understand the impact of (organizational, geographical, cultural and temporal) boundaries on sociotechnical systems and their implications for physical, cognitive and psychosocial ergonomics. 3.2. Integration of HFE with other disciplines Working across boundaries involves a diversity of system interactions, therefore emphasizing the need for HFE to work with other disciplines. Rasmussen (2000) has called for a cross-disciplinary research approach to human factors problems. For instance, the ecological interface design approach is a cross-disciplinary effort that involves HFE knowledge as well as expertise from the particular work domain being analyzed. Rasmussen (2000) advocates the importance of bringing together the pieces of the system, therefore encouraging HFE to work with other disciplines to design whole systems, instead of pieces of the system. Moray (2000) calls for HFE to expand the types of research methods used, such as going beyond experimental research and using ethnography and sociological methods. He also emphasizes the need for a wider approach and increased cooperation with social sciences (not only engineering disciplines) such as economics, cultural factors, and politics. Two types of integration of HFE with other disciplines are necessary. 3.2.1. Integration with disciplines providing domain expertise Integration of HFE knowledge with domain (or subject-matter) expertise is necessary. As sociotechnical systems become more complex, a greater range of expertise is necessary in order to improve the various interactions between people and those systems. Example in health care: When trying to improve the quality and safety of patient care, various healthcare disciplines, e.g., medicine, pharmacy, nursing, need to collaborate with HFE professionals. The Systems Engineering Initiative for Patient Safety program at the University of Wisconsin Madison involves researchers in both engineering and healthcare disciplines (http:// www2.fpm.wisc.edu/seips/). A team of human factors engineers, physicians, pharmacists, nurses and biomedical engineers studied the design and implementation of a smart intravenous (IV) pump technology in a hospital. We collaborated to assess the usability of the pump technology after the manufacturer proposed several redesigns and before the hospital decided to implement the redesigned pump (Hundt et al., 2005b). We also worked together to understand the reactions (and subsequent decisions and actions) of nurses to medication dosing limit alerts produced by the pumps (Wetterneck et al., 2005). This analysis allowed an in-depth understanding of the potential patient safety benefits and risks of the smart IV pump technology. In the project on Safe Medication Administration Through Technologies and Human Factors (SMArT HF ; http://cqpi2.engr.wisc.edu/smarthf/), the collaboration between the human factors engineers and the domain experts (i.e. medicine, anesthesiology, pharmacy, nursing, biomedical engineering) produced results that were highly relevant to improving the quality and safety of the medication administration process. Example in computer security: Likewise the field of computer security can benefit from more interaction with the HFE discipline. An example of this collaboration is the study of various computer security methods (e.g., biometric device) by Proctor and colleagues (2000): they used task analysis to define the demands placed on the users by the security methods. Our study of red teaming or ethical hacking takes advantage of collaboration between human factors engineers and computer security experts: the human factors engineers provide the knowledge and expertise on team performance and work system analysis to identify and assess the work-related factors facilitating or hindering red team performance (Carayon et al., 2003), while the computer security specialists provide the knowledge and expertise of the context in which red teams operate and the content of their work. 3.2.2. Integration with other disciplines We also need to achieve better integration with disciplines connected to elements of the sociotechnical system. We need to collaborate with various engineering disciplines when testing and improving the usability of technologies. For instance, collaboration with biomedical engineers is important when examining the human factors design of healthcare technologies. Collaboration with information technology specialists is critical for improving the usability of healthcare technologies, such as bar coding medication administration, robotic surgery and software such as computerized provider order entry and electronic health record systems, and the usability of computer security technologies. Collaboration with experts in law will be fruitful, for instance, when studying communication of medical errors to patients. The safety and security of complex sociotechnical systems can be much improved by reaching out to disciplines related to the higher levels of sociotechnical systems, such as organizational and inter-organizational levels. For instance, the High Reliability Organization (HRO) approach has developed a set of organizational principles for safety in high-risk organizations (Roberts et al., 1994; Weick and Sutcliffe, 2001). HFE professionals and researchers, in particular macroergonomists, need to examine other organizational theories besides the traditional STS. The HRO approach is a good candidate that can be tied to efforts by HFE professionals and researchers involved in improving patient safety. HFE may be able to

P. Carayon / Applied Ergonomics 37 (2006) 525 535 531 provide the methods, tools and concepts for implementing and sustaining HRO principles in health care. In summary, the trend of working across multiple boundaries implies a greater need to integrate various dimensions of HFE, such as physical, cognitive and psychosocial dimensions or system elements. We also need to expand our interaction with other disciplines, either disciplines that provide expertise in the domain under study or disciplines that provide the conceptual foundations for connected system elements, such as the larger legal, political environment of sociotechnical systems. 4. Role of the customer in product/service design Customers, i.e. patients, end users or workers, are becoming more involved in creating products and services and influencing the quality and safety of products/services. This should encourage human factors professionals and researchers to devise effective and efficient approaches for involving the customer in the design, redesign, implementation and continuous improvement of products/services and their creation/production. Example in health care: In health care, there is increasing demand placed on patients and their families for being actively involved in their care. An important trend in health care is the shortened hospital length stay, therefore transferring the responsibility for follow-up care to patients and their caregivers. For instance, an increasing percent of surgical procedures are now performed on an outpatient basis. The quality and safety of care of outpatient surgical procedures is influenced by actions and activities that occur before, during and after surgery, thus emphasizing the role of the patients and their caregivers (e.g., following post-surgery instructions provided by the healthcare providers) (Carayon et al., 2004; Hundt et al., 2005a). Patients and their families and caregivers are co-producing care in collaboration with healthcare providers. This is particularly true in the area of home healthcare such as care for elderly (e.g., dementia patients). The patient safety movement has also called for greater involvement of patients and caregivers in the prevention of medical errors. Patients want to know about medical errors, even minor medical errors made by their healthcare providers. The movement towards patientcentered care and patient empowerment also contributes to the increasing role of patients. Example in computer security: In the domain of computer security, end users have a critical role in the security of computer and information systems. According to computer security expert (and former hacker), Kevin Mitnick, A company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business y The company is still totally vulnerabley the human factor is truly security s weakest link. (Mitnick and Simon, 2002). This quote demonstrates the critical role of people in creating or facilitating failures of computer and information systems. Unfortunately, computer security experts often fail to recognize the other side of the coin, i.e. the positive contribution that people make to creating and maintaining computer security. People have a major role to play in contributing to computer security: their behaviors, actions and attitudes can actually fill in the gaps and compensate for the technical weaknesses of the security system (Carayon et al., 2005a). Two categories of people interacting with computer and information systems and affecting their security can be distinguished: (1) the designers and managers of the computer and information systems, and (2) the end users of computer and information systems. The former group designs and implements the systems and techniques to prevent hackers from accessing the computer and information system. The latter group may inadvertently make errors that lead to security vulnerabilities, and may allow hackers to breach the computer and information system (Kraemer and Carayon, 2006). HFE is increasingly involved in the design and implementation of organizational and technological changes and in finding better ways of designing and implementing those changes (e.g., participatory ergonomics) (Wilson and Haines, 1997). However, relatively little attention has been devoted to what happens to the sociotechnical systems after implementation of the change: are the changes sustained over time? how does the organization continue to improve its systems and processes, the performance and well-being of its employees, and the quality/safety of the products/services? HFE professionals and researchers can significantly contribute to answering the difficult questions of continuous system improvement and sustainability of system changes. In addition, given the increasing role of the customer in product/service design, the design, implementation and adaptation/improvement of sociotechnical systems need to significantly involve the customer. 5. Macroergonomic continuous system design HFE recognizes the value and importance of system design and the implementation and change processes. Clegg (2000) has emphasized the need for developing principles for the design of sociotechnical systems, not just the understanding of the impact of sociotechnical systems and their changes onto people. Whereas many human factors experts have emphasized the need to better integrate HFE into system design (Meister and Enderwick, 2001), there is still much progress to be made in this area. HFE professionals and researchers need to consider the end users of their knowledge, concepts and methods. Those end users have characteristics and needs; they perform design tasks in a physical, informational, social and organizational environment. It is our responsibility as HFE experts to understand and reach out to them in order to produce knowledge, concepts and methods that they can use and apply when designing sociotechnical systems.

532 ARTICLE IN PRESS P. Carayon / Applied Ergonomics 37 (2006) 525 535 5.1. Phases of sociotechnical system development Three phases of sociotechnical system development can be distinguished (Clegg, 1988): 1. design of sociotechnical system; 2. implementation of sociotechnical system and 3. operation of sociotechnical system. 5.1.1. Design of sociotechnical system During the design phase, decisions are made regarding the physical, cognitive and psychosocial characteristics of the sociotechnical system. HFE can significantly contribute to this phase by helping define and characterize users. Rasmussen (2000) has called for increased focus on proactive system design. Many HFE guidelines and other sources of HFE information have been developed: they provide HFE-related information that can be useful at the system design stage. Unfortunately, HFE is often not considered in the design of sociotechnical systems for various reasons, such as poor usability of HFE guidelines, conflict of HFE guidelines with other guidelines, and information overload (Perrow, 1983; Wulff et al., 1999). The design of healthcare information technologies such as computerized provider order entry (CPOE) technology and electronic health record (EHR) systems can significantly benefit from HFE guidance. A similar observation can be made regarding the design of computer security methodologies. Research by Whitten and Tygar (1999) has examined the usability of encryption software, therefore opening the door for improved design of such computer security technologies. Further work is necessary to understand the work of designers of sociotechnical systems and to develop HFE information and methods that can help them improve their design. In addition, we need to create methods and tools of sociotechnical system design that involve customers more extensively. 5.1.2. Implementation of sociotechnical system During the implementation phase, issues of participation, feedback, training and learning, project management, organizational support and management commitment are important to facilitate and foster the implementation of the change (Carayon, 2003; Karsh, 2004; Smith and Carayon, 1995). Participatory ergonomics is a key development in HFE and macroergonomics. However, when applying participatory ergonomics to the design and implementation of complex sociotechnical systems, many questions arise. How can a participatory ergonomics program be created when the participants belong to various organizations? How can we apply participatory ergonomics in work environments with heavy workload and time pressure, such as an ICU? How can sociotechnical systems be more efficiently and effectively implemented, while further involving customers? 4 For instance, how can we 4 In health care, the customers involve the patients or their representatives such as family members and caregivers (e.g., when patients are very sick or dying). improve the implementation of computer security technologies while involving the end users of these technologies? 5.1.3. Operation of sociotechnical system The operation phase occurs after the redesigned sociotechnical system has been implemented. At this stage, the issues of sustainability of the change and continuous improvement become important. In the context of the implementation of quality improvement, in particular Statistical Process Control (SPC), Kelly and Drury (1999) have proposed a model of general SPC devolution. The SPC devolution model explains how the implementation of a change such as SPC can degenerate because of lack of attention to human factors and organizational issues. During the operation of the sociotechnical system, the end users and customers of the sociotechnical systems may adapt and revise the system redesign (Rogers, 1995), therefore emphasizing the need to better understand continuous changes (Carayon et al., 2005a, b; Korunka and Carayon, 1999). Weick and Quinn (1999) contrast episodic change (infrequent, discontinuous and intentional) to continuous change (ongoing, evolving and cumulative). The important dimensions of continuous change are long-run adaptability, individual and organizational learning, and sense-making (Weick and Quinn, 1999). Our study of smart IV pump technology implementation in a hospital showed how both episodic and continuous changes can be embedded in a single technological change (Carayon et al., 2005b). The initial phase of the technological change was considered an episodic change, whereas the issues occurring after the implementation of the new technology can be described as a continuous change. After the initial implementation, further changes to the technology occurred in response to use problems. HFE has paid some attention to the issue of change and implementation, but little consideration has been given to the operation phase of sociotechnical system design. We need to better understand the impact of HFE interventions (e.g., HFE as an innovation) and to understand changes that occur following an implementation. How can we improve the participation of end users and customers in the continuous adaptation and improvement of sociotechnical systems? 5.2. HFE as an innovation Corlett (1988) argues that any HFE intervention modifies the relationships of power between people and things, or people and people (p. 733); therefore raising the issue of how we can ensure that our work is not undone by its misuse. The effective and efficient use of HFE in different phases of sociotechnical system development can benefit from considering HFE as an innovation. Research on technological and organizational innovation highlights a number of factors and dimensions that can facilitate or

P. Carayon / Applied Ergonomics 37 (2006) 525 535 533 hinder the diffusion, dissemination, implementation and sustainability of the innovation (Greenhalgh et al., 2004; Rogers, 1995). Greenhalgh et al. (2004) define several characteristics of an innovation that facilitate its adoption, such as compatibility of the innovation with the existing system or organization, low complexity of the innovation, and technical support required to implement the innovation. How can we design HFE innovations that possess the key characteristics of innovation? The application of the innovation model to improving the diffusion, dissemination, implementation and sustainability of HFE in healthcare sociotechnical systems has been discussed by Carayon (2006). Continuous adaptation and improvement Design Implementation Sociotechnical System 5.3. Continuous adaptation and improvement of sociotechnical system Clegg (2000) emphasizes that design is an activity that extends over time, and continues beyond system implementation and throughout use: the people using the new system interpret it, amend it, massage it and make such adjustments as they see fit and/or are able to undertake (p. 467). 5 Therefore, we need to improve our human factors understanding of system design by examining sociotechnical systems after an organizational or technological change has occurred. Fig. 1 depicts a sociotechnical system as being comprised of cogs: the cogs represent the different sub-systems that are related to each other and influence each other. Various models have described the elements of the cogs (see Table 3). The figure emphasizes the interactions between the cogs or sub-systems as being major contributors to the performance of the overall sociotechnical system. The cogs go through phases of system design, implementation of change and continuous adaptation and improvement. Table 4 lists selected HFE concepts and methods for each of the three phases, and applications to the domains of healthcare and computer security. The various phases of system design and changes influence the design of the system and produce changes in other (connected) cogs, therefore creating a continuous movement towards adaptation and improvement. We need to develop models and methods of macroergonomic continuous system design processes. Engestrom (2000) has developed a model of learning and development for work system improvement that he has applied to health care. He argues that the preferred model of work organization is knotworking or a form of coconfiguration where the organization continuously improves and (re)designs its products/services through interaction and collaboration with customers. He defines six key elements of knotworking : (1) adaptive product/service, (2) continuous relationship between customer, product/service and company, (3) ongoing configuration or customization, (4) active 5 This is similar to the STS principle of incompletion in which continuous cycles of experimentation and learning occur (Cherns, 1987). Fig. 1. Cycles of system design, implementation and continuous adaptation/improvement. customer involvement, (5) multiple collaborating producers, and (6) mutual learning from interactions between the parties involved. The knotworking model can be adapted for developing principles of continuous system adaptation and improvement. The principles of continuous change (long-run adaptability, individual and organizational learning, and sense-making) should also be part of the macroergonomic continuous system design (Weick and Quinn, 1999). A preliminary set of principles for macroergonomic continuous system adaptation and improvement includes the following actions: PARTICIPATE: active participation of customers and end users in system design activities (e.g., participatory ergonomics), INTERACT: continuous interactions between customers and the product/service producing organization, DESIGN: continuous system design and redesign, ADAPT: adaptive product/service and long-run system adaptability, LEARN: activities and support for both individual and organizational learning (e.g., collaborative problem definition, analysis and modeling),

534 ARTICLE IN PRESS P. Carayon / Applied Ergonomics 37 (2006) 525 535 Table 4 Design, implementation and adaptation/improvement of sociotechnical systems Phases of sociotechnical system development Selected HFE concepts and methods Application to healthcare Application to computer security System design Usability Participatory ergonomics Usability of healthcare information technologies System implementation Technological change Implementation of healthcare Organizational change information technologies Participatory ergonomics System adaptation and Continuous improvement improvement Organizational and individual learning Knotworking Redesigns of technologies after implementation and preliminary use Usability of password protection system Implementation of computer security policies Training and learning of end users for improved computer security practices MAKE SENSE: sense-making of on-going changes and their impact. 6. Conclusion The increasing complexity of sociotechnical systems in domains such as health care and computer security poses unique challenges to HFE professionals and researchers. Further integrating the different dimensions and elements of sociotechnical systems is necessary to anticipate the implications of working across organizational, geographical, cultural and temporal boundaries. HFE researchers and practitioners also need to reach out to domain experts and to other connected disciplines. This can significantly improve the impact of HFE on the design of sociotechnical systems. Finally, we need to pay greater attention to developing and implementing principles for macroergonomic continuous system adaptation and improvement. Acknowledgments The research in the domains of healthcare/patient safety and computer security conducted by the author and her research team is funded by the Agency for Healthcare Research and Quality ( Systems Engineering Initiative for Patient Safety Grant ] P20 HS11561-01, Principal Investigator: Pascale Carayon; Safe Medication Administration Through Technologies and Human Factors SMArT HF Grant ]1 UC1 HS014253-01, Principal Investigator: Pascale Carayon; co- Principal Investigator: Tosha Wetterneck) and by the Department of Defense ( Modeling and Simulation for Critical Infrastructure Protection ]DAAD19-01-1-0502, Principal Investigator: Stephen Robinson, University of Wisconsin Madison). The author would like to thank the following people for their comments and feedback: Carla Alvarado, Colin Drury, Peter Hoonakker, Ann Schoofs Hundt, Sara Kraemer, Ken Parsons, Kara Schultz, Mike Smith, Tosha Wetterneck, John Wilson, and the guest editors of the special issue of Applied Ergonomics. References Carayon, P., 2003. Macroergonomics in quality of care and patient safety. In: Luczak, H., Zink, K.J. (Eds.), Human Factors in Organizational Design and Management. IEA Press, Santa Monica, CA, pp. 21 35. Carayon, P., 2006. Human factors and ergonomics in health care and patient safety. In: Carayon, P. (Ed.), Handbook of Human Factors and Ergonomics in Health Care and Patient Safety. Lawrence Erlbaum Associates, Mahwah, NJ. Carayon, P., Smith, M.J., 2000. Work organization and ergonomics. Appl. Ergon. 31, 649 662. Carayon, P., Duggan, R., Kraemer, S., 2003. A model of red team performance. In: Luczak, H., Zink, K.J. (Eds.), Human Factors in Organizational Design And Management VII. IEA Press, Santa Monica, CA, pp. 443 447. Carayon, P., Schultz, K., Hundt, A.S., 2004. Righting wrong site surgery. Jt Comm J Qual Safety 30 (7), 405 410. Carayon, P., Kraemer, S., Bier, V., 2005a. Human factors issues in computer and e-business security. In: Labbi, A. (Ed.), Predictive Modeling for e-business Risk Management. J. Ross Publishing. Carayon, P., Wetterneck, T.B., Hundt, A.S., Enloe, M., Love, T., Rough, S., Schroeder, M., 2005b. Continuous technology implementation in health care: the case of advanced IV infusion pump technology. In: Salvendy, G. (Ed.), Proceedings of the 11th International Conference on Human-Computer Interaction. Las Vegas, Nevada. Chapanis, A., Safrin, M.A., 1960. Of misses and medicines. J. Chronic Dis. 12 (4), 403 408. Cherns, A., 1987. Principles of sociotechnical design revisited. Hum. Relat. 40, 153 162. Clegg, C., 1988. Appropriate technology for manufacturing: some management issues. Appl. Ergon. 19 (1), 25 34. Clegg, C.W., 2000. Sociotechnical principles for system design. Appl. Ergon. 31, 463 477. Clegg, C., Coleman, P., Hornby, P., Maclaren, R., Robson, J., Carey, N., Symon, G., 1996. Tools to incorporate some psychological and organizational issues during the development of computer-based systems. Ergonomics 39 (3), 482 511. Corlett, E.N., 1988. The investigation and evaluation of work and workplaces. Ergonomics 31 (5), 727 734. Dillon, A., 2000. Group dynamics meet cognition: combining sociotechnical concepts and usability engineering in the design of information systems. In: Coakes, E., Willis, D., Lloyd-Jones, R. (Eds.), The New SocioTech. Springer, London, UK, pp. 119 125. Endsley, M.R., 1995. Toward a theory of situation awareness in dynamic systems. Hum. Factors 37 (1), 32 64. Engestrom, Y., 2000. Activity theory as a framework for analyzing and redesigning work. Ergonomics 43 (7), 960 974.

P. Carayon / Applied Ergonomics 37 (2006) 525 535 535 Friedman, T.L., 2005. The World Is Flat: A Brief History of the Twentyfirst Century. Farrar, Straus and Giroux, New York. Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R., 2005. CSI/FBI Computer Crime and Security Survey. Computer Security Institute. Greenhalgh, T., Robert, G., MacFarlane, F., Bate, P., Kyriakidou, O., 2004. Diffusion of innovations in service organizations: systematic review and recommendations. Milbank Quart. 82 (4), 581 629. Hendrick, H.W., Kleiner, B.M., 2001. Macroergonomics An Introduction to Work System Design. The Human Factors and Ergonomics Society, Santa Monica, CA. Hundt, A.S., Carayon, P., Springman, S.R., Smith, M., Dorshorst, M., Florek, K., Sheth, R., 2005a. Outpatient surgery and patient safety the voice of the patient. In: Henriksen, K., Battles, J.B., Marks, E., Lewin, D.I. (Eds.), Advances in Patient Safety: From Research to Implementation, Vol. 4. Agency for Healthcare Research and Quality, Rockville, MD, pp. 445 459. Hundt, A.S., Carayon, P., Wetterneck, T.B., Love, T., Haack, B., Schroeder, M., Enloe, M., 2005b. Evaluating design changes of a smart IV pump. In: Tartaglia, R., Bagnara, S., Bellandi, T., Albolino, S. (Eds.), Healthcare Systems Ergonomics and Patient Safety. Taylor & Francis, Florence, Italy, pp. 239 242. Karsh, B.-T., 2004. Beyond usability: designing effective technology implementation systems to promote patient safety. Qual. Safety Health Care 13, 388 394. Kelly, H., Drury, C.G., 1999. Sociotechnical reasons for the failure of statistical process control. In: Axelsson, J., Bergman, B., Eklund, J. (Eds.), TQM and Human Factors Towards Successful Integration. Center for Studies of Humans, Technology and Organization at Linkoping University, Linkoping, Sweden, pp. 122 127. Kleiner, B.M., 2004. Macroergonomics as a large work-system transformation technology. Hum. Factors Ergon. Manuf. 14 (2), 99 115. Kohn, L.T., Corrigan, J.M., Donaldson, M.S. (Eds.), 1999. To Err is Human: Building a Safer Health System. National Academy Press, Washington, DC. Korunka, C., Carayon, P., 1999. Continuous implementations of information technology: the development of an interview guide and a cross-national comparison of Austrian and American organizations. Int. J. Hum. Factors Manuf. 9 (2), 165 183. Kraemer, S., Carayon, P., 2006. A human factors model of human error in computer and information security. Appl. Ergon., accepted for publication. Meister, D., Enderwick, T.P., 2001. Human Factors in System Design, Development, and Testing. Mahwah, N.J. Mitnick, K.D., Simon, W.L., 2002. The Art of Deception Controlling the Human Element of Security. Wiley Publishing, Indianapolis, IA. Moray, N., 2000. Culture, politics and ergonomics. Ergonomics 43 (7), 858 868. Pasmore, W.A., 1988. Designing Effective Organizations: The Sociotechnical Systems Perspective. Wiley, New York. Perrow, C., 1983. The organizational context of human factors engineering. Admin. Sci. Quart. 28 (4), 521. Proctor, R.W., Lien, M.-C., Salvendy, G., Schultz, E.E., 2000. A task analysis of usability in third-party authentication. Inform. Secur. Bull. (April), 49 56. Rasmussen, J., 2000. Human factors in a dynamic information society: where are we heading? Ergonomics 43 (7), 869 879. Rizzo, A., Pasquini, A., Di Nucci, P., Bagnara, S., 2000. SHELFS: managing critical issues through experience feedback. Int. J. Hum. Factors Manuf. 10 (1), 83 98. Roberts, K.H., Stout, S.K., Halpern, J.J., 1994. Decision dynamics in two high-reliability military organizations. Manage. Sci. 40 (5), 614 624. Rogers, E.M., 1995. Diffusion of Innovations, fourth ed. Free Press, New York. Salas, E., Prince, C., Baker, D.P., Shrestha, L., 1995. Situation awareness in team performance: implications for measurement and training. Hum. Factors 37 (1), 123 136. Schultz, K., Carayon, P., Hundt, A.S., 2005. A macroergonomic framework of awareness in transitions of care: application to the preoperative surgery process. In: Carayon, P., Robertson, M., Kleiner, B., Hoonakker, P.L.T. (Eds.), Human Factors in Organizational Design and Management VIII. IEA Press, Santa Monica, CA. Smith, M.J., Carayon-Sainfort, P., 1989. A balance theory of job design for stress reduction. Int. J. Ind. Ergon. 4, 67 79. Smith, M.J., Carayon, P., 1995. New technology, automation, and work organization: stress problems and improved technology implementation strategies. Int. J. Hum. Factors Manuf. 5 (1), 99 116. Trist, E., 1981. The Evaluation of Sociotechnical Systems. Quality of Working Life Center, Toronto. Vicente, K.J., 1999. Cognitive Work Analysis. Lawrence Erlbaum Associates, Publishers, Mahwah, NJ. Vincent, C., 2003. Understanding and responding to adverse events. [comment]. N. Engl. J. Med. 348 (11), 1051 1056. Weick, K.E., Quinn, R.E., 1999. Organizational change and development. Ann. Rev. Psychol. 50, 361 386. Weick, K.E., Sutcliffe, K.M., 2001. Managing the Unexpected: Assuring High Performance in an Age of Complexity. Jossey-Bass, San Francisco, CA. Wetterneck, T.B., Brown, R.L., Carayon, P., Kleppin, S.M., Hundt, A.S., Ozkaynak, M., 2005. End-user response to intravenous infusion pump medication dosing alerts: an analysis of user-interface events. In: Tartaglia, R., Bagnara, S., Bellandi, T., Albolino, S. (Eds.), Healthcare Systems Ergonomics and Patient Safety. Taylor & Francis, Florence, Italy, pp. 235 238. Whitten, A., Tygar, J.D., 1999. Why Johnny can t encrypt: A usability evaluation of PGP 5.0. Paper presented at the Proceedings of the 9th USENIX Security Symposium, August 1999. Wilson, J.R., 2000. Fundamentals of ergonomics in theory and practice. Appl. Ergon. 31 (6), 557 567. Wilson, J.R., Haines, H.M., 1997. Participatory ergonomics. In: Salvendy, G. (Ed.), Handbook of Human Factors and Ergonomics. Wiley, New York, pp. 490 513. Wulff, I.A., Westgaard, R.H., Rasmussen, B., 1999. Ergonomic criteria in large-scale engineering design. I. Management by documentation only? Formal organization vs. designers perceptions. Appl. Ergon. 30, 191 205. Zink, K., 2000. Ergonomics in the past and the future: from a German perspective to an international one. Ergonomics 43 (7), 920 930. Pascale Carayon is Procter & Gamble Bascom Professor in Total Quality in the Department of Industrial and Systems Engineering and the Director of the Center for Quality and Productivity Improvement at the University of Wisconsin Madison. She received her Engineer diploma from the Ecole Centrale de Paris, France, in 1984 and her Ph.D. in Industrial Engineering from the University of Wisconsin Madison in 1988. Her research areas include systems engineering, human factors and ergonomics, sociotechnical engineering and occupational health and safety. She is a scientific editor for Applied Ergonomics and a member of the editorial boards of Behaviour and Information Technology, Work and Stress, and the Journal of Patient Safety. She is the chair of the technical committee on Organizational Design And Management (ODAM) of the International Ergonomics Association (IEA), and is a member of the executive committee of the IEA, in charge of the Ergonomics In Quality Design (EQUID) program and chair of the Science, Technology and Practice committee.