Risk Management
How do we comply with laboratory risk management process requirements? What evidence of the records should the lab have?
How do we comply with laboratory risk management process requirements? What evidence of the records should the lab have?
Comments
Risk management is a prominent part of the ISO 15189:2022. The process requires planning so you can apply the PDSA cycle for effective Risk management. The process then begins with the identification of hazards. I think this should be done by well-trained personnel who can identify hazards in every process step. A form should be created to guide and document the hazard identification and incorporate the process map of the activity you are conducting the risk assessment on. Risk estimation should be done by the trained team and documented stating the severity and likelihood of risk identified. The process then continues from there until the risk is mitigated. All steps accomplished in the risk management process should be documented and an action plan should be created after the assessment to help manage the risks identified. All these documentations will serve as evidence of Risk management. In my lab we have created a file for Risk management in which all reports, action plans, minutes of meetings with management, trainings on risk management etc are kept.
Ebenezer's answer sums up the risk management process quite succinctly. To help myself remember these requirements, I simply focus on two things that are always present in the laboratory: 1) risks [of harm to patients] and 2) opportunities [for improving patient care]. Each of these two conditions in turn requires two actions: 1) identification and 2) response. In my laboratory, the evidence that we use to show that we proactively and comprehensively identify risks is the risk register. This is a document (often created using an Excel file) that lists the individual processes being undertaken in the lab, and beside each process, what hazards are present that may translate into risks that can affect that particular process. We score the individual risks based on their likelihood of occurrence, magnitude of impact on patients, and probability of early detection, which enables us to prioritize them and to gauge whether they are acceptable or not. Beside each hazard-risk combo, we list the various ways that we currently eliminate or minimize the risk and provide a numerical estimate their effectiveness. If a risk mitigation measure is deemed insufficiently effective, we propose and document additional actions to address that risk, which are then tested. For the opportunities, the tool that we commonly use is the SWOT analysis, which is held semi-annually in our facility. Along with the strengths (S), weaknesses (W) and threats (T), during strategic planning activities, we examine external or presently non-existent conditions in our laboratory that we can adopt (opportunities, O) to further enhance our services or increase client satisfaction. Plans to address the opportunity are formulated. The outcome of the discussion is consolidated, put in writing, agreed on, and signed by all participants, which serves as a permanent record of the activity held and is actively referred to during the year and retrieved during audits. These are just two simple examples; there are some more that we use as necessary. Hope this helps.
Thanks to Ebenzer and Vladimir comments. After read your comments, I have another question related to tool for used to perform risk management. There are few tools such as Brainstorm analysis, SWOT analysis, and Semi-quantitative tool. Which tool should we use to develop risk management in the lab effectively. Should it be flexible in using these tools according to the situation?
And May I have some idea relate to risk assessment , How to score or categories risk in laboratory ?
I believe the best way to find out is to try them all out in your laboratory. In some cases almost all of them are applicable, since they give your quality management team different kinds of information that you can use to design risk mitigation processes. In other cases there is one particular tool that can give you exactly what you require. For example, brainstorming might be all you need if you just want to generate as many ideas as possible to create your initial risk register. On the other hand, you might want to utilize SWOT analysis, checklists and matrices when dealing with complex risks or opportunities. This is just based on personal experience. I hope I have answered your question.
Hi Pich. One method that we regularly use in our lab is the Risk Priority Number (RPN). In this method, three factors, namely, the Likelihood of Occurrence (O), Ease of Detection (D), and Risk Severity (S), are given arbitrary scores, let's say from 1 to 5. For O, the lowest score corresponds to the lowest probability of harm or an adverse event happening, while the highest score corresponds to absolute certainty that it will happen (100% probability). For D, the lowest score is applied when the non-conformity leading to the harm is expected to be detected almost immediately, while the highest score is used if it is almost impossible to recognize. And for S, the lowest score means an almost insignificant effect on affected parties while the highest score is assigned to the worst possible outcome, such as death or laboratory closure. Once you have obtained your individual scores, you simply multiply them to get your RPN. For example, if the lack of a laboratory information system in a particular facility was given an O of 3, a D of 1 and an S of 5, your RPN would be 3 x 1 x 5 = 15. You can set your own RPN threshold where any risk that exceeds this threshold is considered unacceptable and must either be removed or reduced to an acceptable level before proceeding with your operation. Let me know if this is clear or not.
To meet the ISO 15189 requirements, a systematic approach to risk management is essential, with comprehensive documentation and continuous review to ensure ongoing improvement of laboratory processes. An example of a process and its corresponding evidence:
Risk Identification and Assessment The laboratory must identify the risks associated with all activities, processes, and services. This includes technical, operational, and safety risks.
Evidence: Risk analysis records, including areas with the greatest impact, such as sample processing, transportation, and environmental conditions.
Thank you so much for your value recommendation .
Thank you so much
You're very welcome.
Very informative Vlad. This is the first time I am hearing 'Ease of Detection (D)' as part of the parameters for calculating the RPN. Do you have a Risk Matrix designed for this. I will be glad if you could share I guess it will be three-dimensional. Its becoming interesting and complex. I love it.