Healthcare organizations have been described by management legend Peter Drucker as "the most complex systems ever designed by man." To those of us working within these structures, this observation comes as no surprise. Multiple stakeholders, cross-functional services, cutting-edge technologies and highly skilled workers work in a coordinated fashion to add value to improve our health. Indeed, modern healthcare is a noble profession, whether you sit in the CEO suite, provide care at the bedside or in the operating room or work in any of the ancillary services that keep the system moving forward.
In the clinical setting, care providers rely upon years of training for each case they treat, supported by clinical protocols that have evolved over many more years of research and practice. Clinical protocols are designed to keep patients and practitioners safe by prescribing the care and interventions necessary for the most favorable outcome. The concept of protocol-driven care can be traced back to the origins of medicine, and are now strengthened further by evidence-based care and our ability to leverage massive amounts of data.
In the management setting, protocols are not as universal in scope. It is certainly true that healthcare managers are highly skilled. However, once they enter the profession, leave formal education behind and eventually reach a leadership position, they must select a system for managing that suits their own style, while being compatible with the culture of their organization. A competent management system would offer the management protocols necessary to produce favorable results across the entire enterprise.
Thus, the purpose of this article is to introduce healthcare executives to an opportunity that combines implementation of a management system with potential industry accreditation. The system can be overlaid on existing management subsystems and initiatives (such as Lean, Six Sigma or PDCA) and will integrate, roll up all activity and inform the C-suite on existing performance and future strategic opportunities.
A system for all systems
A number of approaches are available to healthcare leaders to manage within the complex systems they lead: PDCA, Balanced Scorecard, Baldrige, Lean Six Sigma, etc. Each of these approaches offer different advantages and demands. Any management system is better than none, but the proliferation of these approaches can cause confusion as an organization seeks to anchor itself in an approach that represents the best fit. Worse than this is the risk that an organization creates its own "blind spot" by embracing an approach that does not reach into all areas or does not sufficiently inform the development of strategy.
It is rare to find an organization that has fully mastered the creation of management subsystems that feed into a corporate operating system, and these organizations often receive the national recognition they deserve through the Malcolm Baldrige Award and similar competitions. However, setting sights on any award without regard to how the organization will sustain its efforts will not produce the long-term benefits that feed value creation, nor will it create a true operating system for management that reaches into all areas of the organization. For all its merits, the Baldrige approach does not necessarily translate into sustainable outcomes.
The significance of this situation is not lost on industry regulators. Indeed, The Joint Commission has consistently emphasized the importance of a management system that will protect the organization from failure. DNV, the relatively new alternative to TJC, takes this thinking one step further: All hospitals that seek DNV accreditation must be compliant with "ISO-9001" protocols within three years of registration. TJC is similarly interested to support hospital efforts to implement ISO standards. The focus on ISO from these agencies demands the attention of healthcare executives.
History of ISO
"ISO" refers to the International Organization for Standardization and to the standards it produces. Its history can be traced back to 1926, but its influence grew most significantly after World War II. Then and now it was an international organization made up of its member nations' standards organizations (the U.S. representative being the American National Standards Institute, or ANSI), and its sole purpose is to develop standards for an expanding variety of industries. In addition to standards, it publishes technical reports, specifications and related documents, most of which are developed by a network of 2,700 committees, subcommittees and working groups.
The predecessor to ISO 9001 emerged in 1959 from a quality/inspection-based standard for the U.S. Defense Department. In 1987, a new revision emerged as ISO 9000, which continued to evolve, being republished in 2000 as a management system standard suitable for both manufacturing and service industries. ISO 9000 specifies the fundamentals and vocabulary underpinning ISO 9001, which evolved in parallel with ISO 9000. The latest revision is ISO 9001:2008.
ISO's broad reach
ISO 9001 is often referred to as a quality system, but technically it is not. It does establish, however, a quality system standard. It has also been described as a meta-management system. This is a fine point to argue, but keeping it in mind can help avoid confusion over what ISO 9001 offers, as to dismiss it as merely a quality initiative sells the system far short of its potential and is at the root of implementations that failed to support the needs of the C-suite.
ISO 9001 does not describe a specific quality tool, like Lean or Six Sigma. Instead, it specifies the types of components a quality system must have in order to improve processes and increase value. It also requires development of a quality manual, but it does not provide a rigid outline or table of contents. Instead, it states eight principles that underlie effective quality management and then defines the processes required to incorporate those principles into a quality management system. ISO 9001 leaves it up to each organization to develop the quality manual that is most appropriate to its own operations. It is not a how-to book; it shows you how to write your own how-to book.
The eight principles in ISO 9001 are:
• Customer focus
• Leadership
• Involvement of people
• Process approach
• System approach to management
• Continual improvement
• Factual approach to decision making
• Mutually beneficial supplier relationships
These principles, taken together, allow leaders to undertake a holistic view of their business — and to begin the process of creating a management system free from gaps and unanticipated risks.
Why ISO matters
In 2008, ISO 9001 was introduced to healthcare organizations when the CMS approved Det Norske Veritas as a deeming authority for Medicare certification and payments. DNV was the first new deeming authority named by CMS in over 40 years, and ISO 9001:2008 — considered both a comprehensive and effective standard for quality improvement systems — played a key role in the decision. DNV had just completed development of a system it calls the National Integrated Accreditation of Healthcare Organizations, which it now uses to accredit hospitals under CMS' Conditions of Participation. NIAHO combines the CoPs standards with the ISO 9001:2008 quality standards developed by the International Organization for Standardization. Healthcare providers must meet the CoPs quality and safety standards in order to be reimbursed for treating patients under Medicare and Medicaid; by virtue of these developments, ISO 9001 has become the best system available to achieve accreditation and maintain the standards necessary to keep it.
By granting deeming authority to DNV, CMS (which is itself ISO 9001 certified) seems to have signaled its determination to control rising healthcare costs in the U.S. without reducing the quality of care.
Accreditation Organizations with CMS Deeming Authority
| Accreditor | Scope of authority | # of accredited customers (CoPs) | ISO connection |
| The Joint Commission | Hospitals, labs, durable medical equipment, home Health, Hospice, other | Around 5,000 hospitals and over 10,000 other institutions | Affiliated with SGS to offer the option of ISO certification to members |
| DNV Healthcare | Critical access hospitals, acute-care hospitals | Around 300 hospitals (over 1,200 through DNV international groups) | Requires ISO 9001 certification within three years |
| American Osteopathic Association (HFAP) | Critical access hospitals, acute-care hospitals, ambulatory surgical centers, behavioral health, labs | Around 230 hospitals and 200 other institutions | No ISO relationship |
| ACHC | Home health, hospice, durable medical equipment (DMEPOS) | No hospitals, 8,700 DMEPOS, 1,400 home health, and 300 hospices | ISO-certified itself but not offering ISO certification to clients |
The argument for ISO-inspired management in hospitals can be established on many levels. For example, ISO demands a strict discipline for document control, and a mature ISO organization will rely upon a limited number of documented procedures to govern the activities of the organization. It is not uncommon for hospitals to have 3,000 or more policies and procedures, a number that expands organically with time, giving rise to multiple policies — potentially contradicting each other — for the same process. The same ISO-compliant hospital might reduce this number to just 300. Hospitals with a view toward regulatory compliance will focus on ensuring their thousands of policies are current, in a never-ending process that must feel like a dog chasing its tail; hospitals with an ISO orientation are focused not only on compliance, but also on effectiveness, made possible by focusing on those relatively few processes that must be documented. Finally, hospitals with robust performance improvement programs may point to multiple projects across the enterprise of varying merit; ISO-compliant hospitals direct their improvement efforts from the top-down and focused on improvement in the eight principles.
One hospital's journey
In 2010, Scottsdale (Ariz.) Healthcare conducted a comparison of two accreditation agencies, The Joint Commission and DNV. "One of the deciding factors for choosing DNV Healthcare was the ISO component and its close linkage with the Baldrige criteria," recalls Deb Weller, the organization's manager of patient safety. Merely making the selection, however, marked the initiation of major changes in how the organization approached quality management.
One of the organization's biggest challenges, not surprisingly, was document control. "When we withdrew from The Joint Commission, we realized we had way too many P&Ps," recalls Michael Hildebrandt, the system's associate vice president of supply chain. "We've since cut the P&P database to one third of its previous size." The organization is now focused on forms standardization in partnership with their forms vendor to consolidate, eliminate redundancy, achieve consistency across facilities and streamline the forms management process.
Embracing ISO introduced hospital staff to an entirely new operating philosophy, with an emphasis on "3Cs": consistency, customer satisfaction and continual improvement. Internal staff is now trained in conducting internal audits, and a standard performance improvement tool is applied to every finding from these exercises.
By all accounts, Scottsdale Healthcare has found ISO and DNV accreditation as adding value, not merely ensuring compliance for compliance sake. Ms. Weller sums it up: "We just jumped in with both feet and never looked back. But it has been a very good experience for our people and patients."
A virtual compass
Just as ISO provides a framework for managing a complex business enterprise like a hospital, it also gives direction to management that might otherwise lose its way. When a hospital implements a new performance improvement initiative like Lean, for example, it experiences a form of unbridled enthusiasm to fix everything. ISO places aim squarely on the most important processes and functions. Lean and Six Sigma efforts are put to use in the areas where they are needed most. And the focus that ISO places on internal audits ensures the feedback loop to management is constant — no more unpleasant surprises from unscheduled visits by regulators. For organizations seeking to achieve ISO compliance within the timelines set by DNV, the combination of ISO, Lean and Six Sigma can create a laser-beam focus for management that ensures complete alignment between customer requirements and financial performance.
Go slow to go fast
Hospital managers and their quality experts face two contradictory pitfalls in their consideration of ISO: waiting too long to implement, and rushing in before they fully understand the purpose, principles and processes of the standard. When the time comes, everyone in the organization must understand the part they play in implementation. Getting the right training for management and staff is critical. And every hospital will find it must strengthen and maintain its focus on customer need, perceived satisfaction and value creation. Luckily, ISO 9001, in its principles and requirements, clearly outlines the quality process, from the initial definition of processes through the documented follow-through on every correction made to improve on the improvements.
Pros and cons of ISO 9001 implementation
| Pro | Con |
| Proven management system | Change is necessary |
| Natural companion to Lean, Six Sigma and Baldrige efforts | Education is necessary |
| Adapts to your organization | Commitment from the top is necessary |
| Grows with your organization | Locks in improvements |
| Focused effort needed to implement | Requires continuous monitoring |
| Provides data for decision making | Data requirements grow over time |
Implementing ISO 9001 is not a task you can delegate to a single manager or subcommittee. It is a strategic decision that affects the entire organization, top to bottom and, hopefully, for the rest of its existence. To be sure, ISO 9001 — used correctly — is a transformational tool.
Ian R. Lazarus and M. Weston Chapman are principals with Creative Healthcare, a company providing tools and technologies to healthcare organizations to support their efforts in performance improvement, including Lean, Six Sigma and ISO training and certification.