Tools, Technologies and Training for Healthcare Laboratories

The Risk Management Process

A whole host of Risk Management tools, techniques and terminology are headed for the laboratory. New standards and guidelines will make heavy use of these concepts in coming recommendations for laboratory conduct. Do you know what Risk really is? Do you know what Risk Management really means? Dr. Westgard explains some of the words and meanings of this new movement. (Preview)

April 2009

James O. Westgard, PhD and Sten Westgard, MS

We want to be upfront with our concern about the application of risk management in healthcare laboratories. We agree with the principles of risk management – to prevent problems from occurring. It would certainly be ideal if errors can be prevented by manufacturers in their design of analytic systems and minimized by built-in controls and instrument checks, but laboratories are still responsible to “verify the attainment of the intended quality of test results,” according to ISO 15189 [1]. We think that means Statistical QC should be a major part of any analytical QC plan, and we have reservations about the practice guidelines that are emerging, particularly in the US where the motivation has been to reduce the amount of QC performed, rather than to optimize QC to “verify the attainment of the intended quality of test results.”

When the reports of the Institute of Medicine, To Err is Human [2] and Crossing the Quality Chasm [3] were issued in 2000 and 2001, resp., both the public and healthcare professionals alike were shocked by the frequency and severity of medical errors. That heightened awareness motivated the healthcare field to search for new tools to combat and prevent medical errors. Risk Management became one of the new tools to address the problem.

In healthcare, the Joint Commission recommended the use of risk management as part of the Patient Safety Movement. Its accreditation guidelines for 2002 included a requirement that healthcare organizations should perform at least one Failure Modes Effects Analysis (FMEA) each year [4]. Also in response to patient safety issues, the Institute for Healthcare Improvement (IHI) began providing education, training, and support for FMEA via its website [5]. In addition, the Veterans Affairs National Center for Patient Safety supported the use of FMEA throughout its healthcare institutions through the US [6].

Finally, still another thread of history helped bring Risk Management into healthcare institutions - global standards courtesy of ISO. Long accepted by industry, ISO sets rigorous guidelines for processes and products marketed worldwide. Adherence to ISO standards is often a de facto requirement for businesses to compete globally. As ISO standards were expanded and applied to more and different segments of industry, they developed standards for Risk Management in Medical Devices (ISO 14971)[7]. The medical device industry, already an industry where litigation worries mandated a robust analysis of potential design flaws and device hazards, found that the Risk Management techniques married well with their existing efforts to improve quality. From the medical device industry to the medical device marketplace was only a small step. Already ISO 15189 had specified particular requirements for quality and competence in medical laboratories. A further standard, ISO 22367 [8], specifies techniques for the “Reduction of error through Risk Management and continual improvement.”

For laboratories outside the US, ISO standards often replaced, supplemented, or substituted for local government regulations. Some countries simply point to ISO standards and adopt them in their entirety for accreditation of medical laboratories. In the US, however, ISO standards have not been widely adopted because the CLIA regulations have been dominant. With the CLIA Final Rule in 2003 and the subsequent proposal for "Equivalent Quality Control” practices, the door opened wide for alternative quality regulations. Faced with scientific and professional debate about the adequacy of the new EQC guidelines, CLSI began to develop an alternate approach for defining an “Analytical QC Plan” based on risk management guidelines that adhered to the ISO standards. These CLSI guidelines are intended to supplement, if not replace, the CLIA guidelines for EQC. CMS will decide whether the new Risk Management-based QC guidelines can be used to provide "equivalent quality" testing.

We Invite you to read this Complete Article

This entire essay, plus many others covering Risk Management concepts, techniques, and implementations, is available in the online course Introduction to Risk Management. You can register and enroll at for immediate access, or you can purchase the course through our online store.