Business Resilience Experts

Integration of ISO standards and business continuity management under the umbrella of KTQ

The “Cooperation for Transparency and Quality in Healthcare”, (german: Kooperation für Transparenz und Qualität im Gesundheitswesen, KTQ), offers a voluntary certification system, according to which hospitals and other companies in the healthcare sector can be certified.

Here, certification according to KTQ offers multiple advantages, as it is specifically tailored to hospitals. The standard is based on a PDCA approach with the patient at its center. This is also where the great strengths of certification according to KTQ lie: employees and patients are at the center and are core areas of KTQ. Both documentation and practice audits are conducted by medical, nursing and economic assessors. This strength also acts as a serious disadvantage for partial aspects of certification, because technical aspects remain in the background. For the inspection within the scope of the certification, about 1.5 hours are planned in the sample inspection plan for the following topics:

It can be assumed that these topics cannot be dealt with in the required depth in such a short time frame. It is true that a document review is carried out by the assessors prior to certification. However, in the critical fields of emergency and crisis management, the review between a documented paper situation and the lived reality is particularly worthy of attention due to the rarity of the events.

In recent months, there has been a noticeable trend for hospitals to be audited specifically for more in-depth and specialized certification systems, such as ISO 27001 information security management systems. The background to this is a spate of cyber security incidents, such as the attack on Lukaskrankenhaus in Neuss, Germany. The power outage in Berlin-Köpenick, Germany, and the vulnerability of the KTQ-certified hospital there have also highlighted the need for more comprehensive emergency preparedness and response. The implementation of business continuity management in accordance with ISO 22301, for example, would be suitable.

ISO 9001 quality management certification of hospitals is also on the rise. The challenge for this approach is now to ensure compatibility between the different management systems. At the same time, double and triple certification of the same contents should be avoided.

An approach developed by IUGITAS GmbH integrates the different standards under the umbrella of KTQ. The PDCA centered approach of KTQ is compatible to the approach in the ISO standards. The structure of ISO standards as defined in Annex SL can be integrated into the KTQ environment. If the specialized and in-depth standards are nested under the KTQ umbrella, the overall system thus sharpened gains significantly in quality:

In the following, only Chapter 3, Safety and Risk Management, will be considered. Here, it makes sense to consider the following concepts with the methods from ISO 31000. The protection and risk concepts should be integrated into a consistent, referenced overall concept. This results in a document that, for the first time in the hospital environment, satisfies the diverse, different requirements of the various standards in terms of the scope and context of the organization, while at the same time providing an overview of these cross-cutting issues. This systematic approach allows mutual dependencies or references, such as the tension between fire protection and data protection in relation to accessibility, to be revealed and contradictions to be avoided.

Among other topics, this subchapter also includes the items “disaster protection” and “failure of systems”. IUGITAS advocates that this content be reorganized:

Requirements for these topics are set out, for example, in the German Kritis Regulation (regulation for critical infrastructure), in ISO 22301 or in BSI 100-4.

The singular consideration of a hospital alarm and response plan (german: Krankenhausalarm- und Einsatzplan, KAEP) only related to a mass casualty/illness incident is increasingly giving way to a more comprehensive consideration. KTQ certification of hospitals offers great advantages, especially in the core areas of patient and employee orientation; this is not comprehensive in the area of safety concepts and risk management. The integration of in-depth standards offers advantages that compensate for the weaknesses of KTQ.

Both emergency preparedness concepts and emergency management are cross-cutting topics that have points of contact with almost all other areas of KTQ: from pharmaceuticals (KritisV) to information security (ISO 27001) to technical facilities (emergency preparedness) to corporate governance (crisis management), topics are affected.

You are certified according to ISO 9001 or KTQ and would like a more in-depth certification? Do you need support in hospital crisis management, would you like an exercise or would you like to expand your precautions? Contact us.

 

 

An article written by Jens von den Berken, published on 09 July 2019
Translated by Charlotte Ley

Exit mobile version