home page
iso 9000 healthcare graphic
iso 14001 link graphic
iso/ts 16949 link aka ts-16949 graphic
as9100 consulting graphic
healthcare consulting for iso 9001 graphic
Other services graphic

Frequently Asked Questions about ISO 9001

What is ISO?

An International Quality Management System Standard. "ISO" means equal. It is a business management system standard that applies equally to any type of service or manufacturing organization. Over 130 countries support ISO.

What are the ISO 9001:2000 Standards?

ISO 9001:2000 is a quality management system standard that requires the organization to define its key business processes, their interaction and control, and to define and measure goals and objectives to assure continued conformity and effectiveness. This process management system stresses the importance of identifying patient/customer needs and expectations prior to carrying out service delivery and then delivering the agreed upon services or products. The guidance to management offered in this International Standard is based on eight quality management principles:

  1. Customer (Patient) Focus
  2. Leadership
  3. Involvement of People
  4. Process Approach
  5. System Approach to Management
  6. Continual Improvement
  7. Factual Approach to Decision Making
  8. Mutually Beneficial Supplier Relationships

As required by the ISO Standard, the organization’s quality management system must address not only the ISO requirements but also any and all customer regulator requirements. In other words, the Quality Management Model must adhere to all local, state and national law, rules, regulations, ordinances or any and all accreditation standards.

What is ANAB?

The ANSI-ASQ National Accreditation Board (ANAB) is the U.S. accreditation body for management systems. ANAB accredits certification bodies for ISO 9001 quality management systems and ISO 14001 environmental management systems, as well as a number of industry-specific requirements documents based on ISO 9001.

What is a Certification Body (Registrar)?

A Certification Body or Registrar is the external auditor that would audit your business/quality management system to ensure it conforms to the ISO 9001:2000 Standard. In order for a Certifying Body to achieve Healthcare Certification, the Certifying Body would be required to assemble an audit team including a certified lead auditor with healthcare expertise. An industry specific checklist could be utilized; such as the Medicare/Medicaid Hospital Survey Report and the Life Safety Code. The certifying body must provide training to their auditors to ensure appropriate, on-going qualifications and must provide periodic evaluation of continued competence, including on-site witnessing of auditors (per IAF Guidance to Guide 62, G 2.2.10 and 2.2.11).

What is the Process for Certification to the ISO 9001:2000 Standard?

After the healthcare organization obtains management commitment, a gap analysis should be performed. Many organizations that are accredited by the Joint Commission and correspondingly meet the Medicare Conditions of Participation and state laws and rules have many components of the ISO Standard in place. The organization must define the scope of its Business Management System (e.g. hospital, health system, physician office, and ambulatory surgery center). The organization would then develop the appropriate documentation (define and document its business processes and define their sequence and interaction). The organization would then implement its defined and documented business processes and monitor/measure them for effectiveness. Where processes do not achieve desired outcomes, actions are required to be implemented. Once an organization feels its system has been successfully implemented a pre-assessment (mock survey) would be conducted. If successful, the organization would invite the Registrar (external auditors) in for an audit. The Registrar would then assess the organization’s documented system to ensure adequacy, and then come on-site to audit the documented system for conformance and effectiveness.

How Much Does the Certification Audit Cost?

Depending on the number of employees and identified business processes (complexity of your organization), the below are estimated certification audit costs for medium-size community hospital:

  • Estimated Certification Audit (16 man-days) = $22,000 + travel expenses
  • Semi-Annual Surveillance Audits (3 man-days) = $4,500 + travel expenses or Annual Surveillance Audits (6 man-days) = $9,000 + travel expenses

Note: This would be a medium complexity hospital with 900 employees.
 

ISO certification will save your hospital not only money but also other resources such as time spent in redoing a task, or performing unnecessary or duplicate tasks. ISO is unique in that it relies on the individual organization to “establish, document, maintain and improve its processes. It is a quality management tool that can help organizations streamline processes and remove any unnecessary steps.

By defining your business management system and capturing any and all Federal, State and Local laws and rules, other accreditation standards and best practices; you essentially have positioned yourself to sustain performance improvements and adherence to any and all applicable laws.

How Often Must an Organization be Re-Audited to Maintain its Certification?

The organization is surveyed on a triennial cycle with surveillance audits occurring either every six months or every year as chosen by the organization. The Management Review, Internal Audit and Corrective Action Business Processes will always be audited, along with a review of any changes made to the system; and progress against improvement objectives. The audits are planned/scheduled with the Certification Body (Registrar).

What Happens if the External Auditors (Registrars) Find Nonconformance's or Opportunities for Improvement?
A Nonconformance is a failure to meet a specified requirement. Nonconformities (Minor or Major) identified during the audit must be resolved and closed within the designated time frame (following the on-site audit). Formal responses are required. Generally the Registrar provides a corresponding Corrective Action Request. Based upon the severity of the nonconformance, the registrar may close out the nonconformance off-line or on-site.

Opportunities for Improvement observed during the audit are provided by the auditors. These observations may prove beneficial toward making the system more effective. Formal, written responses are not required; however, if you concur, effective actions should be applied. It is the Lead Auditor’s discretion as to which, if any, OFIs will be reviewed at the next surveillance.

How Long will it take the Organization to Become Certified?

Most organizations take between one to three years in order to become certified to the ISO 9001:2000 Standard. The timeline should be based upon the scope of the system, required efforts, and available resources. By carefully defining and designing your business management system, your system will benefit tremendously from laying the groundwork correctly and not consume wasted resources in having to redefine processes.

Will I need more people to help the Organization Become Certified?

Many organizations already have a quality manager(s), risk manager(s), Joint Commission Liaison and other support persons located in their organization. By making the commitment to become certified to the ISO Standard, this will become a priority focus in your organization. You should be able to capture the synergies of the management team and quality/risk management departments as everyone concentrates their activities in defining the business management system.

What other Resources are Needed?

In defining and developing their business management system, many organizations have defined best practices and system wide standard approaches. Some organizations have invested capital resources in standardizing equipment, electronic document (medical record) systems, document inventory systems and identified new products and service lines. Some organizations have identified the need to expand the hours of operations for some of their service lines and hence additional resources may be necessary. Also internal auditors must be selected and trained. In most organizations the internal auditors are existing employees. It is critical, however, that some portion of their time be allocated for performing these audits.

Is Training for the Management Team, Employees and Medical Staff Needed?

The organization will have to appoint a Management Representative that is responsible for overall coordination of the system’s design, development, implementation, and improvement efforts; as well as reporting on the performance of the system to management. The Management Representative would need extensive training.

ISO requires the organization to perform audits on each identified business process. Each process must be audited once per year with additional audits scheduled based upon “status” of the processes and importance. A consulting company could perform these audits or you may elect to have identified individuals in the organization trained to be internal auditors. The typical training is two days.

The Executive Management Team will need training on the ISO Standard, their roles and responsibilities, and the Organization’s Business Management System specifically the Internal Audit process, Corrective and Preventive Action processes and Management Review process.

The Middle Management Team will need training on the ISO Standard, the Organization’s Business Management System specifically the Internal Audit process, Corrective and Preventive Action processes, Document Control process and Record Control process.

Employees and the Medical Staff will need training on the Organization’s Business Management System and Benefits of certification to the ISO Standard.

What are the Benefits of ISO?

  • Development If a healthcare provider is certified to ISO 9001, any other survey process or accreditation requirement will be less costly in regards to time, effort, and dollars
  • Documentation of “Best Practice” health-system/hospital-wide processes, with reference to supporting documentation
  • Systemic breakdowns are recognized and addressed
  • Reduced errors associated with “hand-offs”
  • Improved documentation and records
  • Improved understanding of roles and responsibilities
  • Strengthened customer/community/physician confidence and relationships
  • Alignment of Health-system/Hospital-wide, Departments, Individual objectives
  • Foundation for on-going improvement initiatives (e.g., Baldrige, Lean, Six Sigma)

Will ISO Replace JCAHO?

At this time, no. If the JCAHO or other did not accredit the hospital recognized organization that has deemed status, the hospital would have to select the State Department of Health to conduct its Medicare survey.

Do Managed Care Organizations Recognize ISO?

Yes, some managed care organizations recognize ISO and understand that ISO is a business management system. Some employers belonging to the airline, auto and manufacturing industries are certified to the ISO Standards and are pressuring managed care organizations to drive down healthcare costs. As a result, better negotiated rates may be possible.

Do Insurers and Excess Carriers Recognize ISO?

Some Insurers and Excess Carriers insuring other industries including healthcare recognize ISO. Insurers and Excess Carriers want assurance that the healthcare organization has a risk management and patient safety program. ISO provides the Business/Quality Management System in which various business processes are defined and documented such as: Event/Incident Report/Occurrence Management; Compliance Management; Product Recall; Corrective/Preventive Action; Preventable Safety System; Internal Audits; Performance Monitoring and Improvement and Customer Feedback.
 

 

Our Approach

  • Customized Implementation Plan
  • Straight-forward and effective business system development, documentation and implementation
  • Comprehensive Service, including Planning, Training and Consulting
  • Project Management, Documentation Development, and Auditing
  • Focus on Continual Performance Improvements
  • Program Management by single consultant with organizational support
  • Commitment to Total Customer Satisfaction
  • Streamlined, effective Business Management System
 

Healthcare ISO 9001 | ISO 14001 | ISO/TS 16949 | AS9100 | ISO 9001:2000 Consulting