Governance, risk, and quality management in the medical laboratory


Abstract

The aspirational goal of diagnostic pathology laboratories is to always provide the right result for the right test on the right patient at the right time and with the right support. To deliver this outcome systematically, reliably, and safely for the patient, has required the long-term development of an organizational culture and framework by the international laboratory medicine community.

Background

Quality management (QM) is a set of principles for coordinating management and improvement activities to ensure that an organization continuously meets the requirements of its customers (users), even as those needs change. There are many approaches to and tools for deploying these principles, some tools focusing only on selected principles. It is widely regarded as best management practice when these principles are fully adopted as an organizational framework.

Quality management systems (QMS) are consensus-driven structured frameworks for ensuring consistency in the quality of products and services to meet customer needs. Both QM and QMS evolved from technical quality, namely, quality control (QC) and external quality assessment/proficiency testing (EQA/PT) activities, and these elements still play important roles. The International Organization for Standardization (ISO) has developed ISO 15189 as an internationally accepted QMS standard suitable for accreditation of medical laboratories. In some countries, alternative or additional standards or accreditation requirements may apply.

Further evolution and development of this framework is continuing. Laboratory medicine is different to many other industries because it includes the patient, and thus carries additional ethical and legal responsibilities for maintaining patient safety and optimizing and improving patient care—this is addressed under the banner of clinical governance. There is also increasing recognition of the need to prioritize and focus efforts on those organizational activities most vulnerable to failure or with the greatest consequences—this is addressed through risk management. And layered on top of these frameworks and standards is the recognition that leadership and accountability are required to drive and maintain quality improvement.

Content

The most widely adopted QMS used internationally (ISO 15189) is described in some detail and is compared with an alternative or supplementary framework (Clinical and Laboratory Standards Institute [CLSI] QMS01). The role of standards and guidelines in self-assessment and in the accreditation and regulation of medical laboratories, and the differences between accreditation and certification are explained. The principles of clinical governance and risk management are described and their links to QMS are explored. Finally, the philosophy and principles of QM are described, and within this, the rationale is explained for a QMS as a means of maintaining and controlling existing operations, as well as systematically improving the quality of test results and organizational services. Various pathways taken by laboratories to implementing QM are considered, and various structured quality improvement tools and management approaches are described.

Introduction

Purpose and scope of a medical laboratory

The services of a medical laboratory play a key role in the practice of modern medicine. In different countries, and indeed within individual countries, there are different views of what constitutes the scope of a medical laboratory service and its purpose. International Organization for Standardization (ISO) 15189 is the international standard for quality and competence in the medical laboratory.

ISO 15189 defines a medical laboratory as a “laboratory for the ... examination of materials derived from the human body for the purpose of providing information for the diagnosis, management, prevention, and treatment of disease in, or assessment of the health of, human beings, and which may provide a consultant advisory service covering all aspects of laboratory investigation.” The standard itself details a specific requirement for advisory services that includes the provision “of advice on the choice of examinations and use of services including repeat frequency and required type of sample” and “where appropriate, interpretation of the results of examinations.”

Note that the definition also states: “Facilities which only collect or prepare samples, or act as a mailing or distribution center, are not considered to be medical or clinical laboratories, although they may be part of a larger laboratory or system.”

Defining quality in the medical laboratory

Discussions of quality in relation to the medical laboratory often invoke phrases such as “fit for purpose” or, in the case of a laboratory test or examination, as being “fit for its intended use.” The importance of these phrases is that they link the quality requirement to its purpose.

The ISO definitions of quality have evolved over a number of years with ISO 9000 defining quality as the “degree to which a set of inherent characteristics fulfills requirements,” where requirement is a “need that is either stated, generally implied or obligatory.” The bias and imprecision of a measurement process are examples of inherent characteristics (i.e., inbuilt features, as distinct from, say, the price charged for a particular test, which is an assigned characteristic).

Quality, as defined, is judged by the ability to reliably meet needs and expectations. This concept of quality as not being an absolute, but rather being matched to specific needs, has important implications. For example, a patient with suspected hypoglycemia would have a different requirement for the timeliness of a blood glucose result compared with an asymptomatic person being screened for diabetes. A test might have inherent characteristics that meet appropriate analytical and biological goals and yet still not be fit for purpose because it was not delivered in a timely manner and thus failed to fulfill the stated requirements.

In later chapters, statistical techniques are described for ensuring that analytical processes remain in control (see Chapter 6 ) and for ensuring that analytical results meet biological requirements (see Chapter 8 ).

It should also be noted that, with rapid change in all of medical practice, scientific advancement, and in broader society, even after optimization to ensure that all laboratory services are of appropriate quality, changing circumstances require ongoing and constant monitoring and adjustment of laboratory performance to ensure that it remains correctly matched to the needs of patients, users, and customers. That is, a systematic continuous improvement process is essential.

Evolution of the approach to quality management

Quality management (QM) had its origins in the 1930s with Shewhart’s work on the understanding and control of analytical variation. This changed the quality process from “inspect for errors after production” to “control the process to reduce the errors produced,” which became the classic quality control (QC) approach and is these days formalized in statistical process control (SPC) (see Chapter 6 ). Shewhart also introduced a cyclic method for making improvements, which has become known as “Plan-Do-Check-Act” (PDCA cycle). This was important because it introduced a systematic approach to improvement, which has since spawned a vast array of improvement methodologies, including the very successful “Define, Measure, Analyze, Improve, Control” (DMAIC) methodology of Six Sigma.

Within the field of laboratory medicine two key themes have driven major improvement: firstly, the introduction of EQA/PT programs, a form of benchmarking, highlighted great variability in laboratory performance first in technical quality and later service quality; and secondly, the introduction of QMS brought a systematic approach to managing, giving greater control to enable improvements to be made and retained in place.

There has always been parallel development of different approaches to the broader management of quality, including governance and risk management outside healthcare. Laboratory medicine has adapted those techniques that work in healthcare. The result is that quality can be seen from several viewpoints, each providing valuable tools for managing laboratory quality.

Although some laboratories see their role as primarily the delivery of analytically correct test results, this is a very narrow view and one that overlooks the reality that an analytically correct result may still be of poor quality because of not meeting, for example, turnaround time, cost, result delivery method, or any of a host of user-specified criteria or expectations. A quality laboratory service is one that knows at all times the users’ criteria and needs and has internal systems that can ensure these are met. Whenever user requirements change, a quality laboratory will have procedures to detect these changes, even if unannounced, and will adapt itself to respond appropriately.

To have the organizational sophistication to be able to achieve these degrees of responsiveness may take time. Although some laboratories see “meeting accreditation standards” as an end in itself, such laboratories will lose the benefit of the culture of organization-wide customer focus and systematic continuous improvement that comes from the use of a QMS to drive overall quality, rather than being merely a tool for achieving the minimum acceptable standard. Laboratory organizations typically evolve or mature through various stages in their understanding and adoption of QMS, and this rate of maturity is generally driven by management leadership. Governments may seek to accelerate this process by mandating that some of these stages are a condition of operation.

The rest of this chapter is presented as four main topics:

  • Governance (including clinical governance), benchmarking, and risk management,

  • QMS, including internationally applicable standards and guidelines and the key components of such systems

  • Accreditation and regulation of medical laboratories, including an international model that includes self-assessment through accreditation and regulation

  • Approaches to QM, integrating its basic principles

Clinical governance, benchmarking, and risk management

Governance

Historically, governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves its objectives, addresses uncertainty, and acts with integrity. Regulatory compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined, e.g., in laws, regulations, contracts, strategies, and policies) including ethical and prudential expectations, assess the state of compliance, assess the risks and potential costs of noncompliance against the projected expenses to achieve compliance, and hence prioritize, fund, and initiate any corrective actions deemed necessary or appropriate.

Governance and management of risk and compliance are not new, and most organizations including laboratories have been governed and their risk and compliance managed in the past, but an understanding of the interlinked nature of these activities is more recent.

Healthcare organizations, both public and private, have traditionally been controlled by boards or equivalent structures, as corporate entities with a focus on the strategic direction of the organization as a whole and ensuring that the operations, finances, and risk management systems are in place to meet statutory and prudential requirements. It has become apparent that errors and omissions probably occur more frequently in healthcare than in other industries or fields of activity, and certainly at a higher rate than is acceptable to the public ; from these findings has emerged acceptance there is a need to have more accountability for clinical care delivery. The term governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures.

In healthcare settings, (clinical) governance of healthcare or more broadly, governance of clinical effectiveness and clinical performance, has become increasingly important. The approach to this challenge has been the integration of QM and risk management under an umbrella of clinical governance.

The term “clinical governance” emerged in health during the 1990s and is used to describe the framework through which health organizations are accountable for continuously improving the quality of their services and safeguarding high standards of care. It is an extension of self-regulation that acknowledges the complexities of the delivery of modern healthcare in an integrated, organization-wide context and has been defined as “a framework through which ... organizations are accountable for continuing to improve the quality of the service and safeguarding high standards of care by creating an environment in which excellence in clinical care would flourish.” Clinical governance can be viewed as a whole system of cultural change that provides the means of developing the organizational capability to deliver sustainable, accountable, patient-focused, and quality-assured healthcare. The main components of clinical governance are described in Table 3.1 .

TABLE 3.1
The Main Components of Clinical Governance
Clear lines of responsibility and accountability for the overall quality of clinical care.

  • a designated senior clinician, ideally at board level, is responsible for ensuring that systems of clinical governance are in place and are monitoring their continued effectiveness

  • an annual report on clinical governance is to be produced which is received centrally and open to public scrutiny

A comprehensive program of quality improvement clinical activities.

  • full participation by all doctors in clinical audit programs

  • ensure clinical standards are implemented

  • workforce planning and development

  • continual professional development, including clinical leadership

  • consultant appraisal leading to revalidation

Clear policies aimed at managing risk, for example development of risk management strategy
Procedures for all professional groups to identify and remedy poor performance.

  • critical incident reporting to ensure that adverse incidents are identified, openly investigated, and lessons are learned

  • professional performance procedures that take effect at an early stage before patients are harmed and which help individuals to improve their performance whenever possible

  • all staff supported in their duty to report any concerns about colleagues’ professional conduct and performance.

Quality initiatives to facilitate clinical governance in the laboratory include accreditation to an external standard such as ISO 15189, and benchmarking.

Benchmarking

Benchmarking is the process of measuring products, services, and practices against peers and leaders in a field, allowing the identification of best practices that might lead to sustained and improved performance. Performance can be compared either in a generic way, in which there is a comparison of a process regardless of the industry, or in a functional way, in which there are comparisons within the same industry. Laboratories seek to benchmark for four main reasons: quality improvement, for accreditation requirements, to meet funder requirements, and to improve competitive advantage.

It has been shown that laboratories that regularly report on a particular aspect of quality tend to perform better on that quality measure than facilities in which this regular monitoring is not taking place and that benchmarking quality over time is also associated with improved performance.

There are a number of benchmarking schemes available to clinical laboratories including The Benchmarking Partnership (UK) and the College of American Pathologists’ (CAP) Q-Probes scheme. Variation in clinical practice between laboratories may be identified through benchmarking and this may lead to an agreement over what should be best or preferred practice.

POINTS TO REMEMBER

Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures.

Clinical governance requires the following:

  • Clear lines of responsibility and accountability for the overall quality of clinical care.

  • A comprehensive program of quality improvement clinical activities.

  • Clear policies aimed at managing risk, for example, development of risk management strategy.

  • Procedures for all professional groups to identify and remedy poor performance.

Benchmarking is the process of measuring products, services, and practices against leaders in a field, allowing the identification of best practices that will lead to sustained and improved performance.

Risk management

Risk management is defined by the European Foundation for Quality Management as: “The systematic use of organization-wide processes to identify, assess, manage, and monitor risks—such that aggregated information can be used to protect, release, and create value.” Risk includes not only clinical risk but financial risk, facilities, workplace health and safety, and reputational risk. There are three types of risks: predictable risks that organizations know they face; the risks which an organization knows it might run but which are caused by chance; and the risks that organizations do not know they are running. The response to risks typically depends on their perceived gravity and involves controlling, avoiding, accepting, or transferring them to a third party.

The ISO standard that describes risk management is ISO 31000:2018, Risk management—Guidelines, which provides principles, framework, and a process for managing risk. The following diagram ( Fig. 3.1 ) is modified from this standard and describes the risk management process and the interconnections with monitoring and review, which are related to QM, and communication and consultation which is a component of governance.

FIGURE 3.1, Model of the Risk Management Framework

Using this approach as our model we will start with the contextualization of risk in a pathology laboratory. The context refers to the question of what is at risk, and the potential sources of risk associated with the preanalytical, analytical, and postanalyticall processes, but should also consider risks associated with operations, such as billing, human resources, security, privacy, and safety.

Risk identification

The assessment task is to understand what is at risk and what events could potentially cause or contribute to harm or benefits, their associated causes, and their potential consequences. There are a number of risks that are easily identified but the value of the risk identification process is the recognition of unexpected threats. Table 3.2 lists the risk points that must be present.

TABLE 3.2
Risk Points that Must be Present in Clinical Laboratory Service
Governance structure
Competence of staff
Patient identification
Specimen integrity
Specimen traceability
Specimen analysis
Verification, validation, and documentation of methods
Quality assurance
Reporting results
Turnaround time
Communication
Sendaway (referral) tests
Reviews of incidents
IT algorithms, systems, and interfaces
Logistics
Skilled workforce
Critical results
Accreditation failure
Business and service continuity
Financial risk
Health and safety risk
Reputational risk

Other tools may be useful to identify risk in a complex process. One of these tools is the process map.

Analysis of risk

Once a risk has been identified there are a wide range of possible responses an organization may take. Deciding what to do will be a management decision based on many factors including cost, understanding of the risk, and a balance between the perceived cost/likelihood of insurance and the cost/likelihood of risk. To inform this decision-making process with some objective process is risk analysis, which is based on likelihood and consequence of a particular risk. Likelihood depends on the probability of occurrence and the frequency of activity.

The most used quantitative risk model is Failure Mode and Effects Analysis (FMEA). This model provides a means to systematically analyze postulated component failures and identify the resultant effects on system operations. There are three factors that are used in the model to calculate a “risk”; occurrence, severity, and detection.

The full model used in industry usually includes all three factors, which are ranked on a scale from 1 to 10 (low risk to high risk), and then multiplied together to give a Risk Priority Number (RPN) to prioritize risks. In healthcare applications, it is common to use a two-factor model that considers only the probability of occurrence and severity of harm, then ranks each factor on scales from 1 to 5 or from 1 to 3, calculates criticality (using RPN), or uses a graphical risk acceptability matrix to describe and prioritize risks. Once risk has been assessed, the next step is to mitigate the effects by preventing or reducing occurrence, improving detection, and reducing harm by corrective or preventive actions and disclosure of information for safety.

The next step is risk evaluation where risks are evaluated against an appropriate risk-acceptance criterion to give a ranking, for example.

  • low (tolerable—These risks are generally considered acceptable. Manage by routine procedures. Monitor and review effectiveness throughout),

  • medium (Manage by specific monitoring or audit procedures),

  • high (Unacceptable level of risk that should be controlled immediately),

  • very high (Dangerous level of risk that is unacceptable and required to be controlled immediately).

To decide whether risk is acceptable, a risk acceptability matrix is used, as shown in Table 3.3 . The matrix shows the ranking for severity of harm across the columns and the ranking for probability of occurrence of harm down the rows. The matrix defines certain row-column combinations as acceptable and others as unacceptable, generally separated by a diagonal from the top left to the lower right. The risk acceptability matrices in ISO 14971 and Clinical and Laboratory Standards Institute (CLSI) EP23A are not identical, even although the EP23A document quotes ISO 14971 as its source. That situation is an indicator of the subjectivity of risk evaluation, which together with the ranking scales should alert the laboratory to the qualitative nature of this methodology.

TABLE 3.3
Risk Matrix to Categorize Risk Criticality From a Combination of Severity and Occurrence
1 Negligible 2 Minor 3 Serious 4 Critical 5 Catastrophic
5 Frequent 5 low 10 medium 15 high 20 very high 25 very high
4 Probable 4 low 8 medium 12 medium 16 high 20 very high
3 Occasional 3 low 6 low 9 medium 12 medium 15 high
2 Remote 2 low 4 low 6 low 8 medium 10 medium
1 Improbable 1 low 2 low 3 low 4 low 5 low
Legend for Risk Matrix
Scales
Occurrence Levels Severity Levels
5 Frequent—once per week 5 Catastrophic—could result in patient death
4 Probable—once per month 4 Critical—could result in permanent or life-threatening injury
3 Occasional—once per year 3 Serious—could result in injury or impairment requiring professional medical intervention
2 Remote—once every few years 2 Minor—could result in temporary injury or impairment requiring professional medical intervention
1 Improbable—once in the lifetime of the measuring system 1 Negligible—could result in inconvenience or temporary discomfort
Risk Management Category Example of Potential Response Matched to Risk Category if Incident Were to Occur
Very high—a dangerous level of risk that is required to be controlled immediately Formal investigation and root cause analysis (RCA) with recommendations reported to board and externally
High—an unacceptable level of risk that should be controlled immediately Formal investigation with recommendations reported to the Executive
Medium—manage by specific monitoring or audit procedures Departmental investigation and improvement summarized in report to operations
Low—manage by routine procedures Local monitoring and KPI
Examples of occurrence and severity are given below from ISO 14971. There is also a CLSI standard on Risk EP23A.

Risk mitigation

The next stage in the process of risk management is the management of the risks which have been identified and prioritized. Management of risks can again be categorized in different ways. Perhaps the simplest of these is the “four Ts”:

  • terminate—cease activities related to the risk (e.g., giving up smoking avoids associated health risks).

  • treat—add control measures or contingency plans to manage the likelihood and consequence of events (e.g., wearing a hard hat reduces the consequences of being hit by a falling object): additional control measures or contingency plans become part of the management system.

  • tolerate—accept the risk; and

  • transfer—move the impact of risks to another entity (e.g., insurance).

You're Reading a Preview

Become a Clinical Tree membership for Full access and enjoy Unlimited articles

Become membership

If you are a member. Log in here