Skip to main content
architecture-and-design business computer-science engineering-and-technology medicine-and-health

Poka yoke

Description

Poka-yoke is the design discipline of making mistakes structurally impossible or immediately detectable. Shigeo Shingo formalized the term within the Toyota Production System; the structural shape is eliminate the precondition for the error rather than check for the error after it happens. The connector that fits only one way; the IV line that physically cannot mate with the wrong drug bay; the jig that holds the part in the correct orientation; the cockpit lever whose shape distinguishes it by touch from its dangerous neighbor. The diagnostic distinction is between prevention poka-yoke (the wrong action cannot be performed) and detection poka-yoke (the wrong action can be performed but is immediately, loudly visible). Both are structural — they live in the geometry / coloring / sequencing of the artifact, not in a runtime check layered on top. The cross-domain projection lands on type systems, schema design, and protocol design. Where a manufacturing engineer asks “can this part be inserted backwards?”, a software engineer asks “can this invariant be violated by a value of this type?” — and the prophylactic answer in both is the same: shape the artifact so the wrong state has no representation, no handler, no socket to plug into. The concept’s portability is what makes it the canonical lean-to-software bridge.

Triggers

User-initiated: User describes a problem in terms of “someone keeps doing X wrong” and is reaching for training, documentation, or process. Vocabulary cues: “fool-proof,” “mistake-proof,” “we keep having this happen,” “they can’t seem to remember,” “human error.” Agent-initiated: Engine notices the user is reaching for runtime-detection or training when a structural-prevention move is available. Candidate inference: “this is a poka-yoke target — can the artifact be reshaped so the error cannot occur, rather than caught after it does?” Situation-shape signals: Recurrent operator errors with the same shape; safety-critical systems where the cost of error is severe; physical or procedural artifacts where geometry / sequence / coloring could carry the constraint that’s currently held in documentation; complaints framed as human-error problems.

Exclusions

  • The error is rare enough that structural prevention costs more than occasional defects — adding a keyed connector costs every unit; if the defect occurs once per million, the prevention is overspent.
  • The constraint is conventional, not physical — poka-yoke depends on a substrate that can enforce the constraint by its geometry / sequence; for purely social / conventional rules, the concept is metaphorical.
  • The “wrong action” is context-dependent — poka-yoke requires a clearly-wrong state to design against. Where right and wrong depend on situational judgment, structural prevention category-mismatches.

Structure

Internal structure of poka-yoke: a table of its component slots and the concepts that fill them.

Relationships

Relationship neighborhood of poka-yoke: a graph of the concepts it connects to and the concepts it is a part of.
  • make-wrong-unrepresentable — the cross-substrate analogue in type-system design; same shape, different scale.
  • active-gate-vs-passive-audit — poka-yoke is the canonical active-gate posture made physical.
  • asymmetric-gate — many poka-yoke designs ARE asymmetric-gates physically realized; the cheap direction is “correct insertion,” the expensive direction is “incorrect insertion is structurally impossible.”
  • doctrine — poka-yoke encodes doctrine into geometry instead of into manuals; the doctrine becomes embodied rather than written.

Examples

USB connectors · engineering-and-technology

physically asymmetric so the cable cannot be inserted upside down (Type-A only; Type-C is symmetric and gave up the prevention guarantee for reversibility).

Database constraints · computer-science

NOT NULL, UNIQUE, CHECK, foreign keys; the wrong state cannot be committed because the schema rejects it at write time.
Boeing standardized lever-shape differences after a 1940s wartime accident where pilots retracted the landing gear after touchdown thinking they were retracting flaps. The shapes are now standardized so the controls feel different by touch alone.
require simultaneous press-and-turn; a single motion will not open the bottle.
Norman’s The Design of Everyday Things (1988) reframes user error as a property of design, not of the user, and supplies the user-interface vocabulary for mistake-proofing. His constraints (physical, logical, semantic, cultural) limit the set of possible actions so that wrong ones become hard or impossible, and his forcing functions are the strongest version: interlocks that force a correct sequence (a microwave that will not run with the door open), lock-outs that block dangerous actions, lock-ins that prevent premature exit (the “save changes?” prompt). The shape is identical to the manufacturing poka-yoke device — a part that fits the jig only one way — lifted to the scale of doors, dashboards, and screens.Inference: Norman is the cross-domain bridge that carries poka-yoke from the factory floor to everyday objects and interfaces. The error to prevent is the user action that produces a bad outcome; the constraint is the designed-in physical or logical barrier; the result is that the wrong action is foreclosed at the moment of acting rather than caught afterward. The structural insight Norman adds is the blame relocation: both poka-yoke and forcing functions reject “the user was careless” and instead ask “why did the design permit the mistake?” — making error-prevention a design responsibility, which is why a grayed-out button is a true poka-yoke and a warning label is not.
Grout’s AHRQ monograph (2007) carries poka-yoke from manufacturing into clinical processes, arguing that healthcare should design errors out of the system rather than rely on practitioner vigilance. He organizes mistake-proofing into prevention (making the error impossible), detection (catching it before it reaches the patient), and fail-safes (failing safely when it occurs). His canonical medical examples are pure poka-yoke geometry: enteral and intravenous connectors given incompatible physical shapes so a feeding tube cannot be joined to an IV port; sharps containers with revolving lids that admit needles but exclude hands; self-blunting needles that retract after use.Inference: Grout demonstrates the poka-yoke shape transferring intact to a domain where the cost of error is a patient’s life. The error to prevent is the wrong-line connection or needlestick; the constraint is the shaped connector or the geometry of the container; the payoff is that the dangerous action is foreclosed by physical incompatibility, not by a tired clinician remembering a rule. The structural lesson is that the most robust mistake-proofing pushes the safeguard down into the physical form of the equipment — incompatible shapes cannot be defeated by attention lapses, hierarchy, or time pressure, which is exactly why they outperform protocols and warnings in high-stakes care.
Luer-Lock incompatible with epidural and enteral lines; color-coded and physically keyed to prevent the wrong drug reaching the wrong access route.
canonical lean-manufacturing primitive; Shingo’s system became the discipline’s reference treatment. Cross-domain instances: USB connectors that physically fit only in one orientation; medical IV connectors color-coded and shaped per drug to prevent wrong-line administration; childproof medicine caps requiring two simultaneous motions; aircraft cockpit controls shaped so landing-gear and flap levers feel different by touch alone; surgical-instrument trays where a missing instrument is a missing-shape hole
asymmetric corner notch so the card cannot be inserted in the wrong orientation; user feedback (it doesn’t fit) is structural.
instruments held in shaped foam cutouts; a missing instrument is a visible hole, surfacing the loss before the surgeon discovers it mid-procedure.
Ohno, the architect of the Toyota Production System, supplies the manufacturing-quality context that makes poka-yoke a system rather than a gadget. TPS rests on two pillars: just-in-time and jidoka (autonomation — “automation with a human touch”), the principle that a machine or worker must stop the line the instant an abnormality appears, so quality is built into the process rather than inspected in afterward. Within this frame poka-yoke is the engineering tool that lets the line detect or prevent the abnormality at the source; Ohno classes it alongside fixed-position stops and safety devices as ways of giving machines human intelligence.Inference: Ohno situates the poka-yoke primitive in its enabling environment. The error to prevent is the defect that would otherwise flow downstream; the constraint is the mistake-proofing device; but Ohno’s contribution is the surrounding rule — stop on detection — that gives the device its teeth. A poka-yoke that merely flags an error in a culture that never halts production is decorative; in a stop-the-line culture it becomes a sensory organ that forces root-cause investigation. The structural lesson is that error-prevention devices are only as strong as the system’s commitment to act on what they detect: the safeguard and the response discipline are a unit.