Towards an Ontology of Healthcare Compliance based on Just Culture Paradigm Cristine Griffo1 , Juliana Castello2 1 Conceptual and Cognitive Modelling Research Group (CORE), Free University of Bolzano, Italy 2 Vitoria Law School (FDV), Brazil Abstract In the last years, the society has been changing in its way to face the idea of human failure, proposing new approaches to minimize it. Thus, a retributive culture is being replaced by a restorative culture taking into account a paradigm of measuring and vindicating human failures in organizations. In this paper we present the first steps of the ontology of healthcare compliance based on Just Culture theory as well as on the relation-based ontological theories. The method applied to develop the ontology is SABiO, which permits to develop the artifact in cycles. In order to maintain consistency and coherence in the modeling of this domain, we ground the ontology on a foundational ontology called Unified Foundational Ontology (UFO) as well as on a legal core ontology called UFO-L. The results of the first cycle presented in this paper are: 1) the ontology-based conceptual modeling, 2) the nonfunctional requisites; and 3) the competency questions (QCs). In order to verify the ontology built, we have instantiated a small real case. Keywords compliance, just culture, ontology, UFO, UFO-L, healthcare 1. Introduction In recent years, there has been a change from a retributive culture to a restorative culture (also called just culture) in the paradigm of measuring and vindicating human errors in organizations. This approach has been applied in healthcare compliance and other industries that deal with security, such as: aviation [1], nuclear energy [2], and others. There are profound differences between the two cultures. In a just culture paradigm (or restorative culture) the aim is the restoration of the trust between the agents involved in the relationships, which may have been negatively impacted by some failure [3]. The just culture seeks to understand, in the face of a security breach, what was the error of the organizational process and who suffered (or potentially would suffer) the injuries. In this paradigm, it is assumed that most errors are a sequence of failures in the organizational workflows. The focus is on finding the reasons for the failure and how the organization as a whole can change to minimize the occurrence of failures or to prevent their recurrence. In this context, the communication of errors is motivated using a trustworthy process. RELATED - Relations in the Legal Domain Workshop, in conjunction with ICAIL 2021, June 25, 2021, São Paulo, Brazil Envelope-Open cristine.griffo@unibz.it (C. Griffo); jjbcastello@gmail.com (J. Castello) GLOBE https://br.linkedin.com/in/cristine-griffo (C. Griffo); https://br.linkedin.com/in/juliana-justo-castello (J. Castello) Orcid 0000-0002-4033-8220 (C. Griffo); 0000-0000-000-0000 (J. Castello) © 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) On the other hand, the retributive culture is based on violation of rules, individual liability, and the gradation of the penalty to be applied according to the individualized error. The focus is on punishing individualized conduct. Because that, frequently, mistakes are covered up by the fear of punishment and the communication is mitigated. With the paradigm shift, the representation of the new paradigm also changes. In this context, conceptual models, such as the latent failure model proposed by Richard Cook [4] is a perspective to perceive human errors with focus on decreasing errors and not the focus on finding a culprit. In Computer Science perspective, this type of model can be represented using an ontological approach. An advantage of the use of the ontological representation is the semantic enrichment, which does not found in isolated information-oriented approaches. Despite the use of ontology-based approaches in the modeling of compliance domain and security, the just culture paradigm is not widely applied in the building of ontologies. Another point scarcely explored it is the use of foundational ontologies to ground ontologies of compli- ance. In order to propose a solution to these gaps, we propose an ontology of compliance for healthcare-domain based on the just culture paradigm combined with the use of a foundational ontology to prevent the ontological problems highlighted by Guizzardi’s work [5]. Additionally, to represent normative relations we applied the legal aspects layer of UFO (UFO-L) [6]. We advocate that our approach can bring 1) greater clarity about the ontological nature of failures on healthcare environment; and 2) an ontological model for healthcare compliance more consistent for being based on well-founded formal ontologies. Focused on it, this paper aims to propose a preliminary ontology for the field of healthcare compliance based on the just culture and grounded on Unified Foundational Ontology (UFO) [5] / UFO-L [7]. With the advancement of this research, we intend to pave the way to build systems able to prevent failures in organizational processes in the healthcare domain. This paper is structured in five sections. Section 2 presents a background on organizational morality, healthcare compliance, just culture, and ontologies. Section 3 introduces the first lines of the building of an ontology of healthcare compliance based on just culture. Section 4 offers a brief discussion on the results and related works. Section 5 presents a real case and its instantiation in the ontology built. In Section 6, we present the final considerations and future works. 2. Background 2.1. Organizations: Moral Autonomy Organizations are moral agents, paraphrasing French [8]. They have moral autonomy regardless of the individual morality of their members. Although the concept of organizational moral and organizational autonomy are not the main subject of this work, they are related to the organizational behavior and compliance. The organizational autonomy leads to the study of the organization’s culture, which is not confused or reduced to the culture of the individuals who are part of the organization. The organization’s culture is an independent variable in the equation of non-conforming and harmful acts caused by the interaction between the organization, practitioners, and external agents. According to [8], every organization is formed by an internal decision structure, composed of (i) organizational flowchart, which outlines the spheres of decision and power and (ii) presupposed and fundamental rules of decision, usually called corporate policies, which guide decision-making process made by corporate agents. It is possible to say that the organization has body and soul, that is, it has physical structures of power and internal organization but it also has values and policies to be observed. Both organizational body and soul are not confused, nor they are reduced to individuals, who are part of the organization. Agents (partners, suppliers, employees) of an organization can change over time, without substantially altering the standards of the decision-making process and the ethical principles of the organization. In this line of reasoning, an organization could be ethical or unethical. For this reason, the organizational culture can be considered a variable in causing accidents and in any other harmful event, i.e., in any other kind of event practiced in non-conformity way with the organization’s policies. The organization’s moral autonomy is not, however, a peaceful idea in the theoretical field. On the contrary, authors asseverate that organization’s moral autonomy is a misconception notion because organizational autonomy cannot be separated from individual autonomy in view of the fact that autonomy is related to intentionality. For these authors, intentionality is inherent in individuals and not in artificial organisms [9]. In this context, [9] defend that there are three conditions to exist moral agency autonomy: 1) autonomy, 2) intention, and 3) action. Thus, in his point of view, an organization to have moral autonomy should have independent intentions from the corporate members in order to act with moral autonomy. In any case, this divergence is related to the organization’s responsibility, regardless of its members. The controversial question is: can a company be held responsible, even if its individuals are not held responsible? This is at the heart of the divergence. Despite the divergence, the idea that the organizational context has an influence on individual action is not abandoned, and it keeps interest in the investigation of just culture and its importance in the healthcare compliance. 2.2. Healthcare Compliance and Just Culture Healthcare compliance is defined as the process of following norms, regulations, and policies towards to the patient healthcare, the privacy of patient data and information, and billing practices among other issues. The just culture paradigm can be applied to healthcare compliance, as well as to industries that deal with security. The just culture can also be called a fair culture, a learning culture, restorative culture, and reporting culture. The goal of the just culture is to find the flaws of the organization, so that the triggers that contributed to the event are remedied and do not recur, thus creating an ethical and safety environment. The organization’s main approach, in the face of a failure, should be to restore the ethical, the safety and quality standards of service provision. In that sense, the most severe penalties should be reserved for those situations of gross errors, malpractice, negligence or imprudence of the employees, that is, those situations in which, weighing organizational factors and individual factors, the last ones were that most influenced the result. This is a trend towards organizational compliance due to the change of society itself and its regulatory systems. This change starts from a society that was based on closed regulatory systems of conduct to open regulatory systems since it is understood the impossibility to predict and regulate all human behavior. In this sense, the concept of just culture is associated to a value and the main contribution that this value brings is the understanding that compliance is not police power 1 . Compliance is not primarily intended to bring punishment when investigating a failure or at least it should not. Compliance is not Internal Affairs; they are not synonyms. The reason for this is that punishment does not change the organization, does not change behavior and, therefore, does not solve the problem which generated the failure or risk. According to Dekker [3], failures are a combination of numerous factors and circumstances. The accident or failure stems much more from the complexity of the activity, from the multi- ple players and from the dynamics of imperfect systems, than from malevolent and reckless individuals, who deliberately or culpably violate rules. Also, he dismantles the theory of the bad apple, which asserts that errors are a consequence of erroneous or irrational decisions, that is, those that would not be taken by a highly competent professional in possession of all the information and means necessary to reach the correct decision. For that reason, from the perspective of just culture, different flaws deserve different conse- quences. Honest mistakes deserve assistance and research on the triggers that led to the failure. Risky behavior - not previously authorized - requires mentoring, advice and warning. Gross errors and malicious activities require discipline and eventual notification to the regulatory bodies. A just culture recognizes that there are honest mistakes, which are triggers of the very form of organization; it recognizes that competent professionals also fail, and use this to create a culture of learning and information. Thereby, the proposal is not to end accountability, but to transform it. In this way, individuals who make mistakes report failures and take responsibility for correcting the procedures that culminated in the harmful event, reserving punishments for those justified hypotheses. For the just culture, the occurrence of the error is not linear, but results from the interaction of individual and organizational variables. In this line of reasoning, the “latent failure model” more accurately explains the triggers of a harmful event. An example of this is an experience related by [11], in which some researchers, in 1947, wanted to get a better visualization if the design and location of cockpit controls of an airplane influenced the kinds of errors that pilots made. In the survey, they did a series of interviews with pilots, in order to do an inventory of the most common mistakes. They concluded that it is possible to eliminate a significant number of ’pilot-error’ accidents redesigning the cockpit controls conform suggested by pilots interviewed. The basic idea is that this new paradigm avoids putting people on the defensive, making them part of the failure resolution and restoring the ethical and safe environment. According to Dekker [11], ”people will cover up, not tell you things, change or leave out inconvenient details. The key is holding people accountable without invoking defense mechanisms”. However, there are criticisms against just culture paradigm. One of them is that this kind of categorization does not invoke higher-order structure(s), such as culture, medical competence hierarchy, history or social moral to account for the emergence of moral judgments within healthcare practice. Another criticism is that the model of just culture empties the value of individual punishment, which disrespects both patients and providers [12]. Under this perspective, the individual punishment is good and it is a way to restore the social balance and 1 For a greater understanding of what police power is, we refer the reader to [10] moral status after a wrongdoing disturb. Notwithstanding the arguments against the just culture model, what is sought is not to soften responsibility in the hospital-patient relationship. This responsibility, moreover, is not defused. What is sought in the just culture model is to analyze why there was a failure. Obviously, as previously mentioned, this model does not focus on behaviors directed by the health professional’s intentionality (malicious behavior), but it focus on a behavior that, in some way, was vitiated by failures in the organizational protocols. With this, the model aims to solve flaws in organizational workflows and, thus, helps to prevent the same failures by other professionals. 2.3. Ontologies In Computer Science, ontologies are used to represent categories that are countenanced to exist in a conceptualization of a given domain [5]. Foundational ontology is a sort of ontology defined as a domain-independent ontological system of categories, which should be built with the explicit support of theories of Formal Ontology and Philosophy. Moreover, in the particular case of the so-called descriptive foundational ontologies, theories from areas such as cognitive science and linguistics should also be seriously considered [5]. An example of foundational ontology is Unified Foundational Ontology (UFO) [5] based on several research areas such as: Formal Ontology, Cognitive Psychology, Linguistics, Philosoph- ical Logics, but also based on empirical and theoretical results from the area of conceptual modeling in Computer Science. UFO has three basic layers: (i) UFO-A (ontology of endurants), which includes a system of categories, such as universal, individual, relator, role; (ii) UFO-B (ontology of perdurants), which relates temporal aspects by means of categories, such as event, situation, fact; and (iii) UFO-C (ontology of social aspects) built based on UFO-A and UFO-B as set social concepts such as social agent, social role, normative description, among others. In this work, we apply UFO to ground the ontology of healthcare compliance. Additionally, we also applied a legal core ontology called UFO-L [6] to represent the normative relations of the healthcare compliance ontology. UFO-L is based on a relational legal theory proposed by Alexy [13] that represents legal relations in a triadic mode, unlike legal theories based on deontic logic that represent legal relations through monadic commands (it is obligatory, it is permitted, it is forbidden). In the next subsection it is presented a brief of UFO-C and UFO-L. For more details of these UFO layers, we recommend the following works: [5], [6], and [14]. 2.3.1. UFO-C and UFO-L: social and legal aspects UFO-C [14] is an ontology of social aspects built on UFO-A and UFO-B. One of the theories used to base UFO-C was Searle’s theory of intentionality, which is applied in the construction of the social ontology [15]. Searle asseverates that a social reality is set of representations of physical facts built by human beings with the aim to better communicate. In UFO-C, there are concepts of acting and non-acting substances. Acting substances, called agents, are substantials that promote some type of action on non-acting substances denominated objects. Both agents and objects are classified into physical or social. In this way, there are physical agents, social agents, physical objects, and social objects. A social object that stands out in this ontology is a normative description, which can be understood as norms (social or legal norms) recognized by social agents. In addition, normative descriptions define social roles, social rolemixins, and social objects. A relevant ontological statement for this research is that agents bear moments [5]. A moment is an endurant that cannot exist by itself. For instance, John’s fever, Mary’s belief that she got the right medicine; Marc’s intention to administer the right medication to the patient; or Ann’s right to privacy. Moments specialize in intrinsic moments and relational moments (or relators). Intrinsic moments are categorized as intentional moments and externally dependent moments. In turn, intentional moments are specialized in mental moments, which are moments that do not surpass an agent’s sphere, such as: belief, desire, and intention 2 and social moments (Figure 1). Figure 1: UFO-C fragment [17] Intentional moments may lead agents to take certain actions aiming to satisfy that first intention. Among these actions are speech acts defined in UFO-C as a communicative act and based on the theory of the social reality construction [15]. For example, a person’s desire (mental moment) to enroll in a university course may lead him/her to study for an admission examination and, with approval, to enroll (relator) in an undergraduate course. In this case, a mental moment took an agent to perform specific actions that, in the end, created a social relator (an university enrollment). Social Moments are types of intentional moments bear by agents. As Figure 1 shows, claims and commitments specialize social moments. Also, social moments are parts of social relators, which are founded by events. Thus, for example, when John promises to help Mary with her homework, the speech act ”I promise...” founds the social relator Promise between John as Mary’s friend and Mary as John’s friend. This social relator is composed of pairs of social moments 2 The concept of intentionality used in this paper is the concept given in [16] as more than “intent something”, i.e., as “the capacity of certain properties of certain individuals to refer to possible situations of reality”. For instance: the nurse’s intention to administer the medicine prescribed by the doctor (claims and commitments) each one inherent in a social role and externally dependent on the other. In the example, John has a commitment to help Mary in her homework and Maria has the claim to ask John for help with her homework. In healthcare compliance context, certain social moments will exceed the limits of social organization and reach the legal reality. For instance, the Hospital Santa Clara’s commitment to ensure the compliance with federal rules is an instance of social moment that reach the legal domain. UFO-L is a legal core ontology grounded on UFO and based on Robert Alexy’s Theory of Constitutional Rights [13]. In UFO-L, legal entities are categorized as legal individuals and legal universals, considering UFO categories. Legal individuals specialize in legal abstract individual and legal concrete individual. Examples of legal individuals are legal relators and legal agents. In turn, Legal universal is a specialization of universal and specializes in universal legal event and substantial legal universal. A key notion in UFO-L is legal relation. Legal relation is defined as a bond between agents who are in legal positions 3 . An agent who is in a legal position plays a legal role. Legal roles are specializations of social roles played by categories of legal agents. Legal roles are defined, prescribed, and assigned to agents or group of agents by legal norms. In the last example, Hospital Santa Clara, who has a duty to compliance with federal norms, is an instance of legal agent who plays a legal role called in UFO-L duty holder. UFO-L has a catalog of legal patterns for representing legal relations based on UFO patterns4 . Figure 2 shows the Right-Duty to an Action legal pattern. Figure 2: UFO-L Pattern: Right-Duty to an Action Legal Relation [6] Below, we present a brief summary of the categories of UFO-L that appear in the diagrams in Subsection 3.2.2 5 . 3 Legal position is a term used by Robert Alexy to describe rights, duties, permissions, liberties, powers, etc. 4 For more details, see [6], Chapter 6. 5 We recommend the reading of [18] and [6] for further details. Table 1 UFO-L: Some categories Legal Norm is a legal normative description sub-categorized in rules and principles. A principle is every norm that has a degree of optimization based on a degree of factual possibility and a degree of legal possibility [11]. At its turn, a rule is a determination that is either satisfied or is not satisfied. Legal Normative it is the form of a legal norm. A legal entity is defined by one or more Legal Description Normative Description (e.g. the text of a statute, constitution, and contract). Legal Agent it is an individual - human being or not - capable of acquiring rights and con- tracting obligations. For instance: persons, companies, associations, societies and foundations. Legal agents act by creating, modifying or extinguishing legal relations. Agentive Legal In- the set of Legal Agents, which play legal roles and form a whole, is called an stitution Agentive Legal Institution, which is a specialization of Social Agent. Agentive le- gal Institutions are defined by Legal Normative Descriptions. It is by means of Legal Normative Descriptions that Legal Agents prescribe conducts or powers to others Social/Legal Agents or bind to other Agents creating legal positions in normative texts (for example, the contract between two companies). Agents recognize the Legal Normative Descriptions prescribed and submit to them. Legal Role legal agents play legal roles in a legal relation. Legal roles are specializations of social roles and, therefore, they are sortal types, anti-rigid and relationally dependent [5]. Legal roles are defined by legal normative description, which expresses a legal norm. Legal Relator is a reification of a legal relation between roles played by agents. Every legal relator presents the following elements: i) a legal agent (or addresser) with a claim in a narrow sense; ii) another legal agent (or addressee) with a burden in a wide sense; and iii) a defined object, i.e., a subjective action (or omission) of the addressee; and iv) a link that binds the legal actors. Legal Relators can be of two types: simple legal relator and complex legal relator. The first one The first one represents the reification of legal relations between substantials possessing the following externally dependent legal moments: right-duty; permission-no-Right; legal power-legal subjection; and disability-immunity. On the other hand, complex legal relator are composed of legal relators. Thus, Liberty relator is a type of complex legal relator. It specialized in unprotected liberty relator - composed of permission-noRight relators; and protected liberty relator - composed of unprotected liberty relator and right-duty relator. 3. An Ontology of Healthcare Compliance 3.1. Method Concepts and relations represented in the ontology of healthcare compliance are based on the background presented in Section 2. For building the first iteration of the ontology, the systematic approach called SABiO [19] was applied. The following SABiO phases were performed: 1) Identification and elicitation; and 2) Ontology capture and formalization. 3.2. Results 3.2.1. Phase 1 - Identification and Elicitation - First Iteration Initially, we defined the purpose and the intended uses of the ontology (Table 2). Our focus is on representing the social and legal relations that exist in the domain of healthcare compliance. Table 2 Identification: Purpose and Intended Use Purpose Provide a consensual conceptual model on various types of social and legal relations in a context of healthcare compliance of an organization, applying the just culture paradigm Intended Provide an ontology-based conceptual modeling to implement healthcare Use compliance systems. Stakeholders: hospital administrators and staff in general Based on both purpose and intended use, we identified the first nonfunctional requirements. Table 3 presents some of them. Nonfunctional requirements (RNF) are aspects of the system related to quality, completeness, consistency, security, reliability, performance, maintainability, scalability, and usability [20]. Table 3 Identification: Some Nonfunctional Requirements (RNF) ID Description Requirement Type RNF01 Application of just culture paradigm consistency RNF02 The ontology must consider the UFO/UFO-L categories consistency and com- pleteness RNF03 The ontological building process must follow the approach quality SABiO RNF04 The ontological building process must reuse an existing well- quality, usability, and founded core ontology of value reliability RNF05 The ontological building process must reuse an existing owner- quality ship ontology In addition, we identified some competency questions that the ontology should be able to answer (Table 4). Competency questions are functional requirements that deal with questions as ”what” the ontology represents. Each competency question is answered in the sub-ontologies identified in the column Sub-Ontology.6 . To conclude the phase 1, we identified five sub-ontologies necessary to support the ontology of healthcare compliance. The modularization approach allows the building in modules that will facilitate the development of the system. 6 I-SO: Incidents; HC-O: Healthcare Ontology; HWC-SO: Ontology of Healthcare-Work Contracts; B-SO: Behavior Sub-Ontology; D-SO: Deliberation Sub-Ontology Table 4 Identification: Some Competency Questions (CQ) ID Description Sub-Ontology CQ01 What are the types of organization’s workflows and their HC-O, OA-SO, HO-SO, actions? B-SO: CQ02 Which types of workflow/organizational event resulted in an I-SO, HC-O, OA-SO, incident type? HO-SO, B-SO CQ03 What day of the week / time did incident occur? I-SO CQ04 How long had healthcare practitioner been working on the I-SO, HC-O, HWC-SO day of the incident? CQ05 Who was on the incident scene? I-SO, HWC-SO, HC-O CQ06 What are incident decisions and decision-making agents? D-SO, I-SO, HC-O CQ07 What were the organizational policies and legal norms vio- I-SO, HWC-SO, HC-O, lated by the incidental event / action? B-SO 3.2.2. Phase 2 - Ontology Capture and Formalization The Ontology of Healthcare Compliance (Figure 3) is focused on organizational relations (Organizational Failure and Incident Relation in yellow color; and Organizational Work in gray color). Organizational failures are specializations of social relations called Organizational Work. An organizational work is a relation between a healthcare professional (individual or organization), who works in a healthcare organization; and an healthcare organization (Acting Health Organization), who employs health professionals. The organizational work is based on complex organizational events (Organizational Event). For example, treating a patient, screening patients, buying a drug, etc. When there is a failure in an organizational work, then this relation is called Organizational Failure. An organizational failure is a relation between a professional and a healthcare organization, both ones in a failure situation (Practitioner in Failure and Acting Organization in Failure). A failure event (Incidental Event) is the foundation of a failure relation. This failure relation will result in an incident relation between the healthcare organization in failure and a person (or persons) who suffers (or would suffer) some type of damage from the failure (Victim). Also, the organizational failure will result in an event that will report the failure. There is a communicative act (Incident Declaration) that defines what is an incident. In Healthcare Organization sub-ontology (Figure 4), there are four relations: 1) Legal Compliance Relation-Organization; 2) Legal Compliance Relation-Individual; 3) Organizational Policy Proposition-Relation; and 4) Value Proposition-Relation. The Legal Compliance Relation-Organization is a relation between the Healthcare Organization and an Exogenous Legal Agent categorized in UFO-L as an Agentive Legal Institution (e.g. a country’s parliament, a state assembly, or a professional public council). Thus, a legislative institution can impose (or prescribe) compliance relations by means of types of relations of power and subjection for healthcare organizations, which are in the role of organizations that complies with legal norms (Health Organization as Legal Normative Compliant). There is a constraint here that is not explicit in the model: it is that both the healthcare organization and Figure 3: Healthcare Compliance Ontology - First Iteration the legislative institution are specializations of Legal Institution, but are necessarily disjoint. The same type of relation of power and subjection occurs between the healthcare professional (Health Practitioner as Legal Normative Compliant) and Exogenous Legal Agent. The Organizational Policy Proposition-Relation, however, is different. It occurs between the healthcare professional and the healthcare organization. In this relation, the power holder to provide a policy of compliance is the healthcare organization (Health Organization as Organiza- tional Policy Provider) while the healthcare practitioner must submit to it once it is in the role of subject holder (Health Practitioner as Organizational Policy Follower). Finally, the Value Proposition-Relation it is a relation between the health practitioner (in the role of recipient of organizational value proposition) and the healthcare organization (in the role of provider of the value proposition). In this relation, the Value Proposition Recipient receives the organizational values provided by Value Proposition Provider through protocols, guidelines, strategic plans, good practices, etc. In Organizational Actions sub-ontology, there are two types of actions without incidents: compliance actions (Compliance Action) and conformance actions (Conformance Action). Con- formance actions are those actions performed by health practitioner and health organization that observe organization’s standards, policy, values, strategic planning and protocols. On the other hand, compliance actions are those that observe public norms prescribed by some state agency (e.g. parliament, public professional councils, etc.). These public norms can be directly related to healthcare, such as the healthcare law, or indirectly, such as example, GDPR law and the billing practice law. The category of healthcare-related public norms (Legal Norm Related to Health) extends the UFO-L concept of Legal Normative Description, just as Acting Figure 4: Health Organization Sub-Ontology - First Iteration Health Organization extends the concept of Agentive Legal Institution (which, in turn, extends the UFO-C concept of Institutional Agent). Acting Health Organization participates in incidental events, which are events carried out by the organization that have some result outside either organizational norms or legal norms. Healthcare organizations in a relation of employee-employer (in a wide sense), i.e., in an organizational work can make incidents. In this case, these actions are called as Organizational Incidental Action. Figure 5: Organizational Action Sub-Ontology - First Iteration A first ontological conception for an incident is presented in sub-ontology of Incidents (Figure 6). Incident is some result in organizational relations that is either in non-conformance to the organizational policies or in non-compliance with legal norms (or both). The nature of an incident is relational. Organizational events are defined as incidental events when they produce organizational work with some failure (Organizational Failure). This organizational failure will result in an incidental relation (Incident Relation) between the health practitioner and the health organization as well as between the health organization and the victim. Incidental relations can be a ”near miss”, an incident or a fatal incident. Occupational Safety and Health Administration (OSHA) defines a near miss as ”an incident in which no property was damaged and no personal injury was sustained, but where, given a slight shift in time or position, damage or injury easily could have occurred” (e.g. a medication is prescribed without doing the patient’s anamnesis) [21]. In turn, an accident is ”the occurrence in a sequence of events that produces unintended injury, death, or property damage. Accident refers to the event, not to the result of the event (see preventable injury)” [22]. OSHA has suggested replacing the term accident with the term incident. Nowadays, the public health community has been using the term “incident”. Finally, a fatal incident is an incident that results in one or more deaths within one year of the incident. An Incident relation is defined in a communicative act called (Incident Declaration) resulting from a decision on incidents (Deliberation on Incident) carried out by an organization based on public and organizational norms. Figure 6: Incidents Sub-Ontology - First Iteration Sub-ontology of Deliberation Relations - Deliberations on incidents are relations between agents who play the role of decision-makers (power holders) and agents who submit to these decisions (subject holders) (Figure 7). The decision to classify an event as an incident results in a communicative act (Incident Declaration). All deliberations about incidents are based on events occurring in a certain period of time. Related agents are: 1) Declarant Entity as Social Power Holder, which may be external to the healthcare organization (e.g. an audit firm) or a security council within the organization itself; and 2) Acting Health Organization as Social Subjection Holder, which is one that plays the role of an healthcare organization that has made a failure. Agents who play the role of declaring incidents bear a social power. On the other hand, agents who play the role of failing organization submit to this power. In Behavior sub-ontology (Figures 8 and 9), behavior is defined as a bundle of actions performed by agents in scenarios. These actions are caused by moments. In these scenarios there are relations between agents (e.g. nurse and patient; hospital and patient). Healthcare Figure 7: Deliberation Relation Sub-Ontology - First Iteration practitioners are members of a Health Organization that is the reason practitioners’ behavior when occurred in the work relation composes the organizational behavior. This sub-ontology was based on UFO-C, therefore, an Organizational Action extends an Action as well as a Healthcare Practitioner extends a Agent. When a practitioner plays the role employee his/her behavior compose the organizational behavior of a Acting Healthcare Organization. In Behavior sub-ontology, an organizational behavior is composed of organizational actions resulting of both flawed organizational workflows and correct organizational workflows. Also, it is composed of health professionals’ behaviors related to organizational work. Incidental actions occurred in a healthcare organization can be caused by both flawed or- ganizational workflows and agentive failures. Some agentive failures are related to flawed organizational workflows. Agentive failures are related to health professional’s behaviors in organizational work relations. For each factor causing the incident there is a gradation of responsibility. Thus, it is possible to identify where the failures are and how to eliminate them. 4. Instantiation of a real case Case:7 two nurses (Marc and Mary) select the same type of wrong bottle of intravenous medication in the Santa Clara Hospital’s pharmaceutical distribution system. Marc prepares the medication and administers it to John, causing cardiac arrest. Mary almost makes the same 7 We used fictitious names. Figure 8: Behavior Sub-Ontology - First Iteration failure, but before she administers the medication she realizes the error when seeing the bottle next to the bed [23]. How should the hospital investigate and address these incidents? In the investigation, it was observed that both bottles (with the right medication (1) and the wrong medication(2)) had the same shape, the same color, the same label design. Marc failed in the organizational work performed at Santa Clara hospital by selecting the wrong medication for medical protocol applied to patient John. This failure occurred because in the scenario analyzed (Figures 9 and 10) he did not realize that medication bottles (1 and 2) for different protocols had the same shape, color and similar labels design, which led him to error (instance of Flawed Organizational Workflow). Because of this, patient John suffered a cardiorespiratory arrest when the medicine was administered by Marc (instance of Incident). Also Mary failed in the same scenario, but in this situation, Mary realized the failure before administering the medication to patient Paul (instance of instance of Near Miss) (Figure 10). Figure 9: Instance of Behavior - Case Marc’s belief that he selected the correct bottle leads him to administer the wrong medication to the patient John. Marc’s intention was to administer the correct medication to patient John, but his action caused an agentive failure. This agentive failure, however, is related to a flawed organizational workflow (Both medication bottles - 1 and 2 - used in different medical protocols have the same shape, the same color, and the same label design). Figure 10: Instance of Healthcare Compliance Ontology - Case 5. Discussion The aim of this work was to represent the organizational compliance in a healthcare context, placing the organizational failure rather than the individual failure at the center of analysis of incidents. We applied the foundational ontology UFO (in particular, UFO-C and UFO-L) successfully, although a core ontology of organizations such as [24], [25] could bring more concepts about organizational structure. During the ontology engineering, we observed that healthcare organizations play several roles in a context of compliance. Because that, we decided to include in the second iteration, a table of roles or categories of roles played by agents. The idea is to cross roles and relations with sub-ontologies in order to find if there is some role or relation that we did not represent in the models. Also, we have realized the importance of reusing an ontology of service / work contracts [18] once there are some aspects of organizational compliance that deals with legal relations supported by contracts. Regarding the representation of organizational behavior, we have analyzed the reuse of a well-founded core ontology of behavior. In the sub-ontology suggested in this paper, we consider only basic elements, such as: agent, scenario and reaction. However, as a large number of studies on organizational behavior point out, there are other elements that complete the concept of organizational behavior (e.g. personalities, principles, accountability grades) [26], [27], [28]. Regarding the prevention of failures based on modeling incidents as proposed here, the checking for failures in workflows through the ”near miss” case log, permits to reconstruct these workflows, replacing the points where possible failures can occur. For example, if different medication bottles have similar labels that can generate an incident, changing those labels or changing storage would be some ways to alter the workflow and prevent further failures. Finally, in the behavior sub-ontology the concept of accountability has not been explored deeply. There are some approaches on incident management such as ITIL [29] that manage the incident life cycle in parallel with process flow, manage roles and responsibilities, good practices an so on. This approach classify types of incidents and the aspects related to. On the other hand, this approach does not use the just culture paradigm. A future investigation will be combine the ITIL standards with our patterns to analyze the possibility to reuse some concepts and relations from ITIL. 6. Final Considerations and Future Works In this paper we have presented the first steps of an ontology of healthcare compliance based on just culture paradigm. We applied an ontology engineering approach called SABiO to develop the first iteration of the ontology. According to this approach, the next step is develop the operational ontology and, then, implement it. However, considering the result obtained, a new iteration will be necessary to include new concepts and relations. This can be done with the first iteration in progress in order to complete a cycle (including the prototyping phase). Regarding the limitations of the research, we point out the modest building of sub-ontologies of organization, organizational action, and behavior in view of the existing theoretical framework. A future work will be to raise research on the theory and computational representation of healthcare organizations. Another limitation was the lack of formal verification of the models in the first iteration. Considering the importance of this activity, a future work will be the verification of the models in Alloy, proceeding to the other phases of ontology engineering. Other future works are planned, such as: modeling of other existing concepts in just culture paradigm; application of ontologies in a sample of real cases; systematic study on existing ontologies of values, and axiomatic formalization. References [1] GAIN Working Group E, Flight Ops/ATC Ops Safety Information Sharing, A roadmap to a just culture: Enhancing the safety environment, 2004. URL: http://coloradofirecamp.com/ just-culture/index.htm, accessed: 2 Feb 2021. [2] S. Cox, Safety culture and beliefs in the nuclear industry—looking forward: Looking back. opening keynote address, in: Human and Organizational Aspects of Assuring Nuclear Safety—Exploring 30 Years of Safety Culture. Proceedings of an International Conference, 2019. [3] S. Dekker, Just culture: restoring trust and accountability in your organization, Crc Press, 2018. [4] R. I. Cook, M. Render, D. D. Woods, Gaps in the continuity of care and progress on patient safety, Bmj 320 (2000) 791–794. [5] G. Guizzardi, Ontological foundations for structural conceptual models, Ph.D. thesis, CTIT PhD thesis series, Amsterdam, 2005. [6] C. Griffo, UFO-L: Uma ontologia núcleo de aspectos jurídicos construída sob a perspectiva das relações jurídicas, Phd thesis, Ufes, 2018. [7] C. Griffo, J. Almeida, G. Guizzardi, Conceptual Modeling of Legal Relations, in: Int. Conf. Concept. Model., Springer, Xi’an, China, 2018, pp. 169–183. [8] P. A. French, The corporation as a moral person, American Philosophical Quarterly 16 (1979) 207–215. [9] D. Rönnegard, The fallacy of corporate moral agency (2015). [10] W. W. Cook, What is the police power?, Columbia Law Review 7 (1907) 322–336. [11] S. Dekker, The ield guide to understanding’human error’, Ashgate Publishing, Ltd., 2014. [12] S. Reis-Dennis, What ‘just culture’doesn’t understand about just punishment, Journal of Medical Ethics 44 (2018) 739–742. [13] R. Alexy, A theory of constitutional rights, Oxford Univ. Press, Oxford, 2009. [14] J. P. A. Almeida, G. Guizzardi, An ontological analysis of the notion of community in the RM-ODP enterprise language, Comput. Stand. Interfaces 35 (2013) 257–268. doi:1 0 . 1 0 1 6 / j . csi.2012.01.007. [15] J. R. Searle, The Construction of Social Reality, The Free Press, New York, 1995. [16] G. Guizzardi, R. A. Falbo, R. S. S. Guizzardi, Grounding Software Domain Ontologies in the Unified Foundational Ontology (UFO): The case of the ODE Software Process Ontology, in: CIbSE, 2008, pp. 127–140. [17] J. C. Nardi, R. de Almeida Falbo, J. P. A. Almeida, G. Guizzardi, L. F. Pires, M. J. van Sinderen, N. Guarino, C. M. Fonseca, A commitment-based reference ontology for services, Information systems 54 (2015) 263–288. [18] C. Griffo, J. Almeida, G. Guizzardi, J. Nardi, Service contract modeling in en- terprise architecture: An ontology-based approach, Information Systems, doi = https://doi.org/10.1016/j.is.2019.101454 (2019). [19] R. de Almeida Falbo, SABiO: Systematic approach for building ontologies, in: ONTO. COM/ODISE@ FOIS, 2014. [20] D. Leffingwell, Agile software requirements: lean requirements practices for teams, pro- grams, and the enterprise, Addison-Wesley Professional, 2010. [21] O. Safety, H. Administration, A to Z index incident investigation, 2021. URL: https://www. osha.gov/incident-investigation. [22] N. S. Council, Injury Facts.Accident, 2021. URL: https://injuryfacts.nsc.org/glossary/. [23] P. G. Boysen, Just culture: a foundation for balanced accountability and patient safety, Ochsner Journal 13 (2013) 400–406. [24] W. W. W. Consortium, et al., The organization ontology (2014). [25] G. Boella, L. Van Der Torre, A foundational ontology of organizations and roles, in: Int. Work.on Declarative Agent Languages and Technologies, Springer, 2006, pp. 78–88. [26] S. P. Robbins, T. A. Judge, et al., Organizational behavior, v.4, New Jersey: Pearson Educa- tion, 2013. [27] S. L. McShane, M. A. Y. Von Glinow, R. Jing, Organizational behavior, Technical Report, Irwin/McGraw-Hill, 2000. [28] P. Hersey, K. H. Blanchard, D. E. Johnson, Management of organizational behavior, v.9, Prentice Hall Upper Saddle River, NJ, 2007. [29] A. Hoerbst, W. O. Hackl, R. Blomer, E. Ammenwerth, The status of IT service management in healthcare-ITIL in selected European countries, BMC Medical Informatics and Decision- Making 11 (2011) 1–12.