Back to Journals » Risk Management and Healthcare Policy » Volume 19

Beyond Compliance: An HRO-Based Governance Framework for ISO 45001–Enabled Safety Strategy in Healthcare

Authors Alshreef BS ORCID logo

Received 6 March 2026

Accepted for publication 24 April 2026

Published 9 July 2026 Volume 2026:19 604364

DOI https://doi.org/10.2147/RMHP.S604364

Checked for plagiarism Yes

Review by Single anonymous peer review

Peer reviewer comments 2

Editor who approved publication: Dr Gulsum Kaya



Bandar Saad Alshreef

Department of Medical Laboratory Sciences, College of Applied Medical Sciences, Shaqra University, Shaqra, Saudi Arabia

Correspondence: Bandar Saad Alshreef, Email [email protected]

Purpose: This paper proposes a conceptual framework to reposition the ISO 45001 standard from a compliance-driven tool to a strategic governance framework for improving occupational health and safety (OHS) in healthcare.
Design/Methodology/Approach: This is a conceptual paper that synthesizes existing literature from management, safety science, and healthcare. It does not present new empirical data but develops a new theoretical lens for understanding and applying ISO 45001.
Findings: The compliance-oriented approach to ISO 45001 in healthcare fosters audit-driven behavior and weakens sustainable safety culture. We propose a three-layer governance framework—(1) Foundational governance infrastructure (ISO 45001 Clauses 4– 10), (2) Strategic integration mechanisms (leadership accountability, worker participation, integrated risk governance), and (3) Strategic outcomes (safety culture maturity, workforce well-being, patient safety, and organizational resilience)—that operationalizes High-Reliability Organization (HRO) principles through auditable governance mechanisms.
Originality/Value: The paper’s novelty lies in offering a practical, theoretically grounded model that bridges the gap between OHS management and strategic governance in healthcare. It provides a roadmap for moving beyond certification to unlock the standard’s potential for enhancing workforce well-being, patient safety, and organizational resilience.
Practical Implications: The framework offers healthcare leaders, regulators, and accreditation bodies a new way to think about and implement ISO 45001. It provides concrete examples of how to integrate OHS into existing governance structures, address common critiques, and measure the strategic value of safety investments.

Keywords: ISO 45001, healthcare governance, occupational health and safety, high-reliability organizations, patient safety, organizational resilience

Introduction

The ISO 45001 Occupational Health and Safety (OH&S) Management Systems standard has become widely adopted by organizations across all sectors since it was published in 2018.1 It provides an internationally accepted, systematic framework for OH&S risk management and performance improvement for organizations to use. Since ISO 45001 is based on the same High Level Structure (HLS) used in other management systems such as ISO 9001 Quality, this creates an opportunity for a single way of achieving organizational excellence and harmonized governance.2,3

Although the implementation of ISO 45001 is often led by an organization with a compliance driven mentality, many organizations implement ISO 45001 to achieve regulatory compliance, obtain contract bids and enhance their marketing efforts as was the case with previous standards.4,5 A compliance driven approach to implementing ISO 45001 may cause an organization to treat ISO 45001 as a list of items to be audited rather than as a means of making fundamental changes to their safety culture. An auditing-only approach to the implementation of ISO 45001 will likely have an adverse impact on employee safety and will also result in a decoupling between obtaining certification and having a safe workplace.6

This paper identifies and addresses a key conceptual void in the literature: ISO 45001 is seldom viewed as a strategic governance mechanism in health care. Principles of clinical governance and patient safety are well established; however, occupational safety is frequently isolated and reactive. We believe that the clauses of ISO 45001 represent the foundation upon which to develop a comprehensive occupational health and safety governance structure. Therefore, we propose to recast ISO 45001 within established health care management paradigms by translating the clauses of ISO 45001 into governance structures based upon the principles of high-reliability organization (HRO) theory7 and develop a three-tiered framework that transforms HRO constructs into governance structures. Specifically, the first tier of the framework (ISO 45001 Clauses 4–10) implements a preoccupation with failure via a structured, risk-based planning and operational control. The second tier of the framework (Leadership Accountability and Worker Participation) embodies deference to expertise and a reluctance to oversimplify explanations of how safety events occur. The third tier of the framework (Sensitivity to Operations and Resilience) embodies a commitment to safety and a commitment to developing a generative safety culture.8,9 Overall, the proposed framework provides a missing operational architecture for health care organizations to translate reliability aspiration into auditable, system level OH&S governance.

Recent literature published in Risk Management and Healthcare Policy has emphasized that healthcare organizations are highly complex systems in which effective risk analysis must move beyond simple hazard identification to become a central component of organizational decision-making and governance structure.10 As Pascarella et al demonstrate, risk assessment tools adapted from high-reliability industries are essential for managing the mutual interdependence of professional, technological, and organizational risks in healthcare.10 However, while these methodological frameworks highlight the necessity of structured risk analysis, occupational health and safety (OHS) standards such as ISO 45001 are still frequently implemented as isolated compliance exercises rather than integrated governance strategies. This manuscript builds upon this foundation by proposing that ISO 45001 should be reconceptualized not merely as a statutory checklist, but as a Strategic Safety Governance Architecture (SSGA). By explicitly mapping the standard’s clauses to HRO principles, the SSGA provides a practical mechanism to elevate OHS from a managed process to a governed strategy, directly supporting the comprehensive risk management objectives prioritized in contemporary healthcare policy.

Conceptual Development Approach

Although this manuscript is a conceptual paper rather than a systematic review, the Strategic Safety Governance Architecture (SSGA) was developed through a structured synthesis of existing literature to ensure theoretical rigor and reproducibility. The conceptual development process involved identifying and integrating literature across three primary domains: (1) occupational health and safety management systems, specifically ISO 45001; (2) High-Reliability Organization (HRO) theory; and (3) healthcare risk governance and patient safety culture. Literature was identified through targeted searches in academic databases, including PubMed and Scopus, focusing on peer-reviewed articles, international standards, and policy documents published primarily within the last decade. The selection logic prioritized studies that examined the intersection of workforce well-being, clinical governance, and organizational resilience in complex adaptive systems. The synthesis process followed a logical integration protocol: first, mapping the statutory clauses of ISO 45001 (Layer 1); second, identifying the strategic integration mechanisms required to operationalize HRO principles within a clinical context (Layer 2); and third, defining the resultant strategic outcomes for healthcare organizations (Layer 3). This structured approach ensures that the proposed framework is grounded in established safety science while offering a novel, actionable architecture for healthcare leaders.

Conceptual Contribution of This Paper

This paper contributes to the literature with the reconceptualization of ISO 45001 from a compliance tool to a strategic governance system for healthcare. In addition, this paper addresses a gap in the literature by explicitly relating the language of the standard to well-established theories such as HRO and clinical governance. The novelty of this paper is the development of a practical three layer model which could be used by health care organizations and their stakeholders (ie., regulatory bodies, researchers, etc.) to move beyond certification to realize the strategic benefits of the standard and improve both patient and worker safety.

Limitations of Compliance-Oriented ISO 45001 Implementation

A compliance-focused approach to implementing ISO 45001 is practical in many respects; however, this orientation has significant constraints that reduce its long-term value. One constraint is that this mindset will likely create a culture of “audit-driven behavior.” An organization’s activities will be directed toward preparing for and passing certification audits in lieu of creating meaningful improvements in worker safety. The result is a form of “audit ritualism”11 where the effort placed into developing the required documentation and gathering evidence to meet auditor expectations contributes to a shallow, “paper-based” safety system that does not accurately represent the working environment.

Numerous studies have documented a common “decoupling” pattern in empirical research related to the effectiveness of certification programs and management systems. Specifically, there is a consistent finding that the development of formal compliance artifacts (ie., documents, procedures, audit records) increases while the operational risk control practices used by employees remain largely unchanged.1 In high-risk industries such as healthcare, this decoupling pattern is evident when audit preparation dominates the direction of safety-related activities. As a result, the employee’s participation in learning-oriented reporting processes and the employee’s role in identifying and mitigating workplace hazards is diminished.

The most significant disadvantage of the compliance-oriented approach to implementing ISO 45001 is the lack of a supporting cultural transformation. Employees at every level within the organization must believe they are personally responsible for their safety and the safety of their coworkers.12 If employees do not believe this, then the organization has failed to establish a proactively focused safety culture. Studies also indicate that if an organization achieves certification under ISO 45001 but does not deeply implement the standard in their business operations, the certification will have limited to no positive impact on the organization’s overall safety performance.5 When the organization views the standard as an externally-imposed requirement from management or a bureaucratic obstacle, the organization will not have the commitment from frontline employees necessary to make the standard successful. Therefore, the organization’s occupational health and safety management system will likely consist of two distinct systems – one focused on managing administrative requirements and the other focused on managing the organization’s daily work and associated risk-taking behaviors.

Additionally, the use of a compliance-oriented implementation process for ISO 45001 results in a fragmented approach to governing the organization. Occupational health and safety is typically viewed as a unique discipline that is not integrated with the organization’s quality management and enterprise-wide risk governance systems.13 While this isolation can allow the organization to respond quickly to specific occupational health and safety issues, it can prevent the organization from developing a comprehensive understanding of the systemic risks that affect multiple parts of the organization.14 In healthcare, this type of fragmentation can be disastrous since the underlying reasons for occupational injuries are very similar to those for patient safety events (eg., understaffing, fatigue, equipment failures).15 Thus, an organization that fails to integrate their governance systems is unable to take advantage of the opportunity to address both employee and patient safety through the development of an overarching risk management strategy and the implementation of controls that protect both employees and patients.

Reconceptualizing ISO 45001 as a Governance Framework

A transformational reconceptualization of ISO 45001 based upon strategic considerations is essential due to the structural constraints associated with a compliance-focused implementation. The next section will contend that the very mechanisms needed to prevent audit ritualism, organizational decoupling, and the fragmentation of safety risk management can be found within the clauses of ISO 45001 itself when viewed through a governance lens.

At its heart is leadership accountability as described in Clause 5 of the standard. In addition to providing a source of funding, ISO 45001 places top management directly accountable for demonstrating leadership and commitment to the OHS management system. The leaders need to be engaged in developing the OHS policy and ensuring that the OHS is integrated into all aspects of business operations as well as encouraging a culture of safety.14 To achieve effective safety leadership, one must move beyond creating rules to create a climate of adaptive oversight, where the focus is on producing safe results rather than just on adhering to the rules.16 When leadership accepts this role, the OHS system becomes part of the organizational governance structure and no longer a peripheral activity.

Another foundation of the ISO 45001 governance framework is risk-based thinking. Organizations are required under the ISO 45001 to continuously assess and manage their OHS risks and opportunities. This proactive risk management approach via the PDCA cycle encourages organizations to take a long-term view of risk and away from the short-term incident investigation approach.15 By managing risk as a continuous process, organizations can gain a better understanding of the risk landscape and use data to inform their decisions regarding the accumulation of risk and avoid the “drifting into failure” scenario where small increments of risk continue to build without detection or intervention.17,18

The worker participation provision in Clause 5 is also an important mechanism of effective safety governance. ISO 45001 mandates that workers at all levels of the organization have both the right and opportunity to participate in the OHS management system. This is not solely an issue of communication; it is a means of empowering employees to actively participate in identifying hazards, assessing risks, and designing control measures.19 Meta-analysis has shown that worker participation is a strong predictor of improved safety performance.19 By allowing workers to have a real voice in safety matters, organizations can leverage their firsthand knowledge and experience to improve the design and delivery of practical safety solutions.20

Lastly, a governance-focused approach necessitates the integration of the OHS management system with the organization’s overall strategy. As part of Clause 4, “Context of the Organization,” the organization needs to conduct a comprehensive examination of those internal and external factors that could impact the OHS system. An understanding of these factors allows the OHS objectives to be aligned with the organization’s overarching goals, such as increasing quality of patient care, employee health and well-being, and profitability. When OHS is included as part of the strategic planning process, it can become a source of organizational value creation and resilience20 instead of being treated as a necessary expense.21

Comparison to Integrated Management Systems (IMS): While IMS research typically focuses on structural integration of standards (ie., harmonized documentation, joint audits, and common procedures across ISO 9001/14,001/45,001), this research presents a distinct governance-first integration logic. Rather than merely considering how ISO 45001 may be added to other management systems, this research proposes a framework that views ISO 45001 as an operational architecture for reliability and resilience, describing the leadership behavior, decision-making forums, and inter-domain risk mechanisms through which integration leads to strategic safety outcomes, rather than simply administrative consolidation.

Application to Healthcare Organizations

The transformation of ISO 45001 into a governance framework may be particularly applicable to healthcare organizations, which include hospital settings, laboratory operations, and academic medical center facilities. These settings have unique and complex occupational hazards that include ergonomic-related injuries, exposure to infectious disease, high levels of psychological stress and burnout, and other factors,22 and a compliance-based (check-box) model will not be effective in managing the dynamic nature of these types of risks. A governance-based framework will allow for a flexible and strategic way of protecting the healthcare workforce.

One of the strongest potential uses of a governance-based ISO 45001 is its ability to create a strong synergy between worker safety and patient safety. The current division between these two areas is an artificial one; a safe environment for healthcare staff is necessary for providing a safe environment for patients.23 When healthcare workers are exhausted, stressed out, or injured, they can experience a significant increase in their error rate and the negative impact on the patient population. By using ISO 45001 as a governance tool, healthcare leaders will have the opportunity to identify and address the systemic problems that impact both worker and patient safety, such as staffing shortages, poor communication, and the punitive treatment of mistakes. This is consistent with the underlying premise of Resilient Healthcare, which views worker and patient safety as complementary outcomes of the same clinical system.24 Using a holistic, integrated approach to safety (consistent with the principles of High Reliability Organizations) can lead to a broad organizational culture of safety.

A governance-based ISO 45001 framework also provides a vehicle for healthcare organizations to fulfill and/or exceed the requirements of accrediting agencies such as The Joint Commission, who now place greater emphasis on a proactive safety culture and effective leadership to ensure high-quality care. A well-integrated ISO 45001 system that incorporates the organization’s quality management program and patient safety program(s) will serve as clear and convincing evidence of the organization’s commitment to continuous improvement and provide a means of demonstrating that it is not just “checking the box” for accreditation purposes but rather proactively managing its risks in a systematic and strategic manner.

Lastly, the focus on workforce well-being is another important use of the ISO 45001 governance framework in healthcare. The inclusion of psychosocial risks within the standard provides a formal process for addressing the widespread issues of burnout, stress, and mental health challenges faced by many healthcare professionals.7,25,26 Executive leadership has been shown to be an important influence on whether clinician burnout is exacerbated or mitigated.26 By making workforce well-being a strategic priority, healthcare organizations can achieve higher levels of employee retention, lower rates of absenteeism, and a positive, supportive work environment. Not only does this support the employees themselves, but it is also related to improved quality of patient care. Using a resilience engineering perspective, a governance-based ISO 45001 implementation transforms the view of safety from preventing failure to the ability to operate under changing conditions.8,27 Through the incorporation of ongoing risk anticipation, learning from day-to-day work, and integration across multiple systems into routine governance, the framework develops the adaptive capacity to build the foundation for resilient healthcare systems. In doing so, occupational health and safety shifts from being a reactive control function to being a primary driver of organizational resilience that can respond to both foreseeable hazards and unanticipated disruptions.

Proposed Conceptual Framework

To develop an operational approach to the transition from compliance to governance, this paper outlines a conceptual framework to position ISO 45001 as a strategic safety governance architecture (SSGA) for the health care sector. The SSGA framework has three integrated layers that build on each other to transform the standard from a static checklist to a dynamic system for creating value. As such, it should be viewed as a conceptual lens for leaders to reimagine the role of Occupational Health and Safety (OHS) within their respective organizations rather than as a prescriptive model. As illustrated in Figure 1, the framework connects foundational infrastructure to strategic outcomes.

Strategic Safety Governance: Infrastructure, Integration, Outcomes layers.

Figure 1 Three-layer conceptual framework repositioning ISO 45001 as a strategic safety governance architecture in healthcare. ISO 45001 clauses provide foundational governance infrastructure; integration mechanisms function as operational levers bridging policy and practice; and outcomes reflect strategic value creation (safety culture maturity, workforce well-being, patient safety, and resilience). A feedback loop connects outcomes to continuous improvement, closing the PDCA cycle.

Table 1 summarizes the components of the three-layer Strategic Safety Governance Architecture, and Table 2 compares compliance-oriented and governance-oriented ISO 45001 implementation.

Table 1 Three-Layer Conceptual Framework: Components and Descriptions

Table 2 Comparison of Compliance-Oriented vs. Governance-Oriented ISO 45001 Implementation

Layer 1: The Foundation – ISO 45001 as Governance Infrastructure

The first layer of the framework is the Core Layer, and it is based on the core clauses of ISO 45001 (Clauses 4–10), which provide the basic structure for the governance framework of an organization with regard to occupational health and safety. In this layer, you will find the necessary framework for governing the management of occupational health and safety risks. This layer defines the rules of the game for a safe working environment and ensures that organizations have a structured approach to identifying hazards, assessing risks, and implementing controls. This layer includes the following:

  • Context of the Organization (Clause 4): Internal and external aspects of an organization that influence its OH&S performance.
  • Leadership and Worker Participation (Clause 5): Definition of the roles, responsibilities, and powers of individuals or departments in terms of OH&S.
  • Planning (Clause 6): Determination of OH&S goals and definition of the actions required to achieve these goals.
  • Support (Clause 7): Provision of the necessary resources, skills, and communication to enable an effective OH&S system.
  • Operation (Clause 8): Execution of the processes required to manage OH&S risks.
  • Performance Evaluation (Clause 9): Monitoring, measurement, analysis, and evaluation of OH&S performance.
  • Improvement (Clause 10): Continuous improvement of the OH&S system.

Layer 2: The Integration – Strategic Levers for Governance

The second layer of the framework is made up of the strategic levers that enable integration of the OH&S system into the overall governance and operational framework of the organization. While these levers are part of ISO 45001, they represent the mechanism through which the requirements of the standard will be implemented in practice. This layer includes:

  • Leadership Accountability: Top management actively supports safety, defines the safety culture of the organization, and will hold itself and others accountable for the performance of the OH&S system.
  • Worker Participation: Workers participate in the OH&S system and are involved in various stages of the process, including hazard identification and risk assessment, incident investigation, and the design of the OH&S controls.
  • Integrated Risk Governance: Occupational Health & Safety Risks are identified and managed together with other risks faced by the organization, such as financial, operational, and reputational risks.

Layer 3: The Outcomes – Strategic Value Creation

Table 3 maps the key ISO 45001 clauses to corresponding High-Reliability Organization principles and their operationalization in healthcare settings.

Table 3 Mapping ISO 45001 Clauses to High-Reliability Organization (HRO) Principles

The third layer of the framework represents the strategic outcomes that can be obtained when implementing ISO 45001 with a focus on governance. These outcomes go beyond typical measurements of the OH&S performance of an organization (eg., lost time injury rates) but represent the additional value that a strong safety culture can create for the organization. This layer includes:

  • Safety Culture Maturity: An active and generative safety culture, in which safety is one of the values of the organization and employees are committed to continuing to improve their OH&S performance.
  • Workforce Well-being: A healthy and supportive workplace that promotes the physical and mental well-being of employees.
  • Patient Safety: Reductions in medical errors and adverse patient outcomes due to improvements in the reliability and safety of the healthcare delivery system.
  • Organizational Resilience: Ability of the organization to anticipate, adapt to, and respond to anticipated and unanticipated disruptions (pandemics, natural disasters, etc).

Anticipating and Addressing Critiques

Any expansion of the scope of a management standard will have to address the potential criticisms which may arise. Most likely, two basic arguments will arise against this governance-oriented model: the financial argument and the operational/bureaucratic argument.

The Financial Argument: One of the most common critiques is that this type of approach to safety is financially burdensome and requires more resources than many healthcare organizations are able to devote, given the many other financial issues they face. There are, however, numerous limitations to that argument, as it often focuses on only the up-front costs associated with developing and implementing a high-quality occupational health and safety (OHS) management system, while failing to take into account the numerous long-term financial benefits of having one. Some examples of these long-term benefits include lower costs associated with employee work-related injuries/illnesses (ie., workers’ compensation, medical expenses, and decreased productivity); higher levels of employee job satisfaction and retention, and consequently lower rates of absenteeism; and a stronger safety culture, which enhances an organization’s reputation and makes it more appealing to both patients and employees.

The Operational/Bureaucracy Argument: Another possible criticism of this framework is that it creates another bureaucratic layer and administrative burden, thereby diverting resources and focus away from the core function of providing quality patient care. This is a legitimate concern, especially if the OHS system is developed and implemented in a rigid or prescriptive manner. Nonetheless, the above-mentioned framework has been developed with flexibility and adaptability in mind and is intended to allow organizations to develop and implement it based upon their specific needs and circumstances. The key is to implement the OHS system as part of current governance and operational structures, as opposed to establishing a new and duplicative administrative system. In doing so, the OHS system can provide a clearer and more comprehensive understanding of risk and, when properly implemented, can also help streamline decision-making and improve organizational efficiency.

Discussion

The proposed Strategic Safety Governance Architecture (SSGA) directly extends ongoing discussions in Risk Management and Healthcare Policy regarding the operationalization of healthcare resilience and safety culture. Previous contributions to the journal have established that transformational leadership and active frontline engagement are critical mediators for improving patient safety culture and mitigating systemic risks.28 Furthermore, country-wide assessments have demonstrated that while formal accreditation processes can drive structural improvements, their ultimate success depends on fostering a genuine, non-punitive safety culture.29 The SSGA addresses these findings by utilizing ISO 45001 as the structural foundation through which these cultural imperatives can be operationalized. For instance, by embedding the HRO principle of deference to expertise within the statutory requirements of ISO 45001 Clause 5 (Worker Participation), the framework provides a standardized mechanism to ensure that leadership accountability translates into the tangible empowerment of clinical staff, addressing a critical need identified in recent healthcare policy literature.28,29 This approach ensures that the transition from compliance to governance is anchored in an internationally recognized standard, providing healthcare leaders with a practical roadmap to achieve the integrated safety culture and workforce well-being envisioned in recent literature.

However, it is important to acknowledge the potential limitations and boundary conditions of this framework. The successful implementation of the SSGA requires significant organizational maturity and resource commitment, which may pose challenges in resource-constrained healthcare settings or smaller clinics. In such environments, the transition from compliance to governance must be phased and carefully adapted to local capabilities. Furthermore, the effectiveness of this model depends heavily on a real, tangible commitment from executive leadership; without a genuine change in behavior at the board level, the model remains at risk of being caught up in the decoupling that it seeks to avoid.

Implications and Future Directions

For Healthcare Leadership

This new framework provides a different way of thinking about and managing workplace health and safety for healthcare leaders. It encourages a shift from a compliance-based paradigm to a more strategic and holistic approach to safety. Building a safety culture, empowering employees, and integrating OHS with other aspects of the organization will be key elements of this strategic approach. In addition, healthcare leaders must also commit to investing the necessary resources and expertise to develop and maintain a high-quality OHS management system.

For Policy and Accreditation

In terms of policymakers and accreditation agencies, the framework will encourage a movement away from a focus solely on compliance toward a more holistic and strategic approach to safety. Accrediting agencies may want to revise their standards and place more weight on developing a safety culture, on having leadership involvement, and on employee involvement in OHS within their standards. They can also provide additional guidance and support to organizations to assist in implementing an effective OHS management system.

For Future Research

Finally, for researchers, the framework presents numerous opportunities for study. There is a need for additional empirical research regarding whether governance-oriented OHS management systems are effective in healthcare organizations. Potential studies may investigate how OHS management systems affect safety culture, employee well-being, and patient safety. Additionally, there is a need for additional research on the factors (eg., leadership, organizational culture, regulatory) that either facilitate or inhibit the successful implementation of governance-oriented OHS management systems.

Table 4 presents proposed strategic outcomes with illustrative leading and lagging indicators, while Table 5 outlines testable propositions and suggested methodological approaches for future empirical research.

Table 4 Strategic Outcomes and Measurement Indicators

Table 5 Testable Research Propositions

Testable Propositions for Future Research

  1. Proposition 1: Organizations that implement a governance-based ISO 45001 framework for their healthcare organizations will have a greater level of maturity in their safety culture than those implementing an ISO 45001 framework based on a compliance perspective.
  2. Proposition 2: The extent to which the occupational health and safety (OHS) management system integrates with the other governance systems of the organization (ie., quality, financial) has a positive association with improved results for both worker and patient safety.
  3. Proposition 3: Accountability of leadership and worker involvement in decision-making processes are the primary mediators in the relationship between implementation of an ISO 45001 framework and improved results for worker well-being within the organization.
  4. Proposition 4: Implementing an ISO 45001 framework from a governance perspective improves an organization’s overall resilience as it increases the organization’s capacity to foresee, recognize, and respond to internal and external disruptions.

Conclusion

The predominant compliance-driven model of ISO 45001 in the area of healthcare has been overlooked. Organizations are unable to realize the full potential of the ISO 45001 standard as a governance strategy by merely using it as a certification requirement. This paper has advocated for a paradigm shift in ISO 45001, from an administrative burden to a sustainable culture of safety through a framework of strategic governance.

The proposed conceptual framework for the development of a culture of safety in healthcare provides a blueprint for achieving such a paradigm shift with its focus on leadership accountability, worker participation, strategic integration, and risk-based thinking. However, as a conceptual model, it requires future empirical validation to test its real-world efficacy across diverse healthcare settings.

For healthcare leaders, there is a clear message: the safety of your workforce directly impacts the safety of your patients and the overall well-being of your organization. By adopting ISO 45001 as a governance model, healthcare leaders will have the ability to transition away from a postured, reactive, compliance-focused environment to a proactive environment where they can manage the risks that jeopardize their employees and their mission. This change in perspective will require a change in mindset, from viewing safety as an expense to minimize to a strategic resource to develop. Operational efficiency is not just a side effect, but an inherent result of integrated risk governance.

The ultimate value of ISO 45001 is not in obtaining the certificate to hang on the wall, but in creating a resilient, learning-oriented, and safe organization. This conclusion serves as a call to action for health regulators and accreditation bodies to begin integrating ISO 45001 into national accreditation instruments, ensuring that the transition from compliance to governance is supported at the systemic level.

Disclosure

The author reports no conflicts of interest in this work.

References

1. International Organization for Standardization. ISO 45001:2018 Occupational Health and Safety Management Systems — Requirements with Guidance for Use. Geneva: ISO; 2018.

2. Bernardo M, Simon A, Tarí JJ, Molina-Azorín JF. Benefits of management systems integration: a literature review. J Cleaner Prod. 2015;94:260–11. doi:10.1016/j.jclepro.2015.01.075

3. Podrecca M, Molinaro M, Sartor M, Orzes G. The impact of ISO 45001 on firms’ performance: an empirical analysis. Corp Soc Responsib Environ Manage. 2024;31(5):4581–4595. doi:10.1002/csr.2782

4. Guler I, Guillén MF, Macpherson JM. Global competition and institutional diffusion of ISO standards. Am J Sociol. 2002;107(1):207–245.

5. Joo I, Baek K. The consequences of ISO 45001: preliminary analysis of cases in Korea. J Occup Health. 2023;66(1):uiad007. doi:10.1093/joccuh/uiad007

6. Boiral O, Henri JF. Modelling the impact of ISO management systems on performance. Int J Oper Prod Manage. 2012;32(5):595–619.

7. Chassin MR, Loeb JM. High-reliability health care. The Milbank Quarterly. 2013;91(3):459–490. doi:10.1111/1468-0009.12023

8. Reason J. Achieving a safe culture: theory and practice. Work Stress. 1998;12(3):293–306. doi:10.1080/02678379808256868

9. Douglas A, Glen D. Integrated management systems in healthcare. TQM J. 2000;12(6):426–435.

10. Pascarella G, Rossi M, Montella E, et al. Risk analysis in healthcare organizations: methodological framework and critical variables. Risk Manag Healthc Policy. 2021;14:2897–2911. doi:10.2147/RMHP.S309098

11. Power M. The Audit Society: Rituals of Verification. Oxford University Press; 1997.

12. Rusjan B, Alič M. Capitalising on ISO 9001 benefits for strategic results. Int J Qual Reliab Manag. 2010;27(7):756–778. doi:10.1108/02656711011062372

13. Macinati MS. The relationship between quality management systems and organizational performance in the Italian national health service. Health Policy. 2008;85(2):228–241. doi:10.1016/j.healthpol.2007.07.013

14. Flin R, Yule S. Leadership for safety: industrial experience. Qual Saf Health Care. 2004;13(Suppl 2):ii45–ii51. doi:10.1136/qshc.2003.009555

15. Robson LS, Clarke JA, Cullen K, et al. The effectiveness of occupational health and safety management system interventions. Safety Science. 2007;45(3):329–353. doi:10.1016/j.ssci.2006.07.003

16. Hale A, Borys D. Working to rule or working safely? Safety Science. 2013;55:1–11.

17. Hopkins A. Failure to Learn: The BP Texas City Refinery Disaster. CCH Australia; 2008.

18. Dekker S. Drift Into Failure. Ashgate; 2011.

19. Christian MS, Bradley JC, Wallace JC, Burke MJ. Workplace safety: a meta-analysis. J Appl Psychol. 2009;94(5):1103–1127. doi:10.1037/a0016172

20. Lengnick-Hall CA, Beck TE, Lengnick-Hall ML. Developing a capacity for organizational resilience. Human Resource Manage Rev. 2011;21(3):243–255. doi:10.1016/j.hrmr.2010.07.001

21. Zanko M, Dawson P. Occupational health and safety management in organizations: a review. Int J Manage Rev. 2012;14(3):328–344. doi:10.1111/j.1468-2370.2011.00319.x

22. Kelmendi AX, Gashi B, Berisha L, et al. Challenges of occupational health and safety management in Kosovo’s healthcare system. Int J Environ Res Public Health. 2024;21(5):548. doi:10.3390/ijerph21050548

23. Loeppke R, Boldrighini J, Bowe J, et al. Interaction of health care worker health and safety and patient health and safety in the US health care system: recommendations from the 2016 summit. J Occup Environ Med. 2017;59(8):723–726. doi:10.1097/JOM.0000000000001100

24. Braithwaite J, Wears RL, Hollnagel E. Resilient health care: turning patient safety on its head. Int J Qual Health Care. 2015;27(5):418–420. doi:10.1093/intqhc/mzv063

25. Karanikas N, Weber D, Bruschi K, Brown S. Identification of systems thinking aspects in ISO 45001:2018 on occupational health & safety management. Safety Science. 2022;148:105671. doi:10.1016/j.ssci.2022.105671

26. Shanafelt TD, Noseworthy JH. Executive leadership and physician well-being. Mayo Clin Proc. 2017;92(1):129–146. doi:10.1016/j.mayocp.2016.10.004

27. Vincent C, Amalberti R. Safer Healthcare: Strategies for the Real World. Springer; 2016.

28. Hamdan M, Jaaffar AH, Khraisat O, Issa MR, Jarrar M. The association of transformational leadership on safety practices among nurses: the mediating role of patient safety culture. Risk Manag Healthc Policy. 2024;17:1687–1700. doi:10.2147/RMHP.S458505

29. ALFadhalah T, Al Mudaf B, Al salem G, et al. The association between patient safety culture and accreditation at primary care centers in kuwait: a country-wide multi-method study. Risk Manag Healthc Policy. 2022;15:2155–2169. doi:10.2147/RMHP.S383925

Creative Commons License © 2026 The Author(s). This work is published and licensed by Dove Medical Press Limited. The full terms of this license are available at https://www.dovepress.com/terms and incorporate the Creative Commons Attribution - Non Commercial (unported, 4.0) License. By accessing the work you hereby accept the Terms. Non-commercial uses of the work are permitted without any further permission from Dove Medical Press Limited, provided the work is properly attributed. For permission for commercial use of this work, please see paragraphs 4.2 and 5 of our Terms.