|
Managing and Reviewing Corrective Actions
by: Ted Schmidt, RPh, CERM ISO is not about being perfect or error free….we know that. ISO even accommodates for our imperfections; these are called corrective actions and risk management (which includes the former requirement affectionately known as “preventive action”). These two activities go hand-in-hand, even though they are two separate activities, each with their own intention, which is this…helping us achieve our hospitals purpose! |
First, some definitions: nonconformance- a requirement not met; correction- fixing a problem (dealing with the aftermath and putting steps into place to fix the problem, usually just until we can complete a corrective action- fixing a problem so that it does not recur or occur elsewhere. I define only these terms, as I see some of misunderstanding with surveyors and ISO users.
First, for a true nonconformance, you have to have a requirement not being met…key word here is requirement. This could be from NIAHO, ISO 9001, corporate, internal, etc. but a requirement…not a perceived requirement such as “everyone does this thing that way” or “I think you need to do this”. Corrections can be our only response to nonconformances if the evaluation of the need to eliminate the cause does not meet your requirements. Caution is warranted that you should define exact criteria to define what is a correction (stop the bleeding and clean up the mess) versus a corrective action, otherwise you may fall in the pitfall of labelling everything or anything a correction. Corrective Action is where we will focus on in this article, as it is an opportunity for all users of ISO 9001.
In healthcare, we sometimes have a tendency to “overdo” things. Managing corrective actions should not be one of these “things” we overdue, just something we need to do more effectively! No one wants to deal with problems, but we must. It’s actually considered an improvement activity by ISO definition….fixing a problem is an improvement! Our patients expect it from us!
Our corrective action processes are just an organized means of addressing problems, to the extent appropriate to that these problems do not recur. This organized means is summarized well in ISO 9001. We just have to right-size the details for our hospitals culture, our competencies and our resources so that we meet the requirements and their intent so that the problem does not recur.
Did you know that the second most common ISO 9001 nonconformance in third party audits/survey is corrective action (right behind document control!)? It seems that we don’t find time to perform effective corrective actions, but we make time to perform repeat corrective actions. Our corrective action process needs to be right-sized for our hospital and something that people will use and trust that it is a good process. Here are some common reasons for not trusting the process:
Our processes need to facilitate effective corrective actions, not inhibit them. You may need to streamline your processes if they are not working. Again, right-sizing them for you is an easy first step!
So, if you’ve determined that a problem requires corrective action (clause 10.2.1 review and analyze the nonconformance), you need to be sure that you have a great understanding of the actual problem (aka- is your nonconformance report written for you to fix the problem)….hint- if you don’t know the problem, firmly define the problem statement. Note- nonconformances made easy: There should be three parts to a nonconformance report. 1) what is the requirement not being met. 2) a simple statement about the requirement not being met. 3) evidence to support that statement. An oversimplified example. Requirement- The pharmacist should be doing “A” while mixing chemotherapy drugs. Nonconformance statement- The pharmacist is not doing “A” while mixing chemotherapy drugs. Evidence- Upon interview during an internal audit, it was discovered that the pharmacist was doing “B” and “C” while mixing chemotherapy drugs. Your nonconformance statement should define the problem…”we’re not doing “A”. Only when you have the problem properly identified will you then need to determine the cause or causes of the problem, but the problem has to be well defined.
Finding the root cause is the heavy lift. Albert Einstein once said something like this : if you give me an hour to fix the problem, I’ll spend 55 minutes determining the cause and 5 minutes to determine the fix. Determining the cause or causes (there may be more than one AND this process may take you more than one iteration to figure this out) is the hardest part. Be sure to have the right people present who know the problem process from all angles. Be firm on their participation! Don’t let the biggest title or largest personality run the process, you may even need ground rules….other high-reliability industries OUTSIDE of healthcare use ground rules for this part.
Use a root cause tool that works for you….again, DO use a mountain when you only need a mole hill. Your RCA tool can be something simple or elaborate, you decide. We’ve seen the 8 Disciplines (8-D) used a lot, others use 5-whys, fishbone, etc…find one that works for you and modify it if needed for your hospital. The bottom line is this; use a scientific approach, not your gut. Deming said, “In God we trust, all others bring data”.
Remember, the corrective action process is a part of a larger system, our quality system of management…all wrapped around our hospital’s purpose! So you must also determine if this nonconformance exists or might exist somewhere else in your management system. This can be determined by including those persons that affect or are affected by the process under review in the corrective action.
Einstein also said he would need just 5 minutes of his hour to determine the solution. While that may not always be the case, it does give perspective for the need to conduct a thorough analysis to determine the cause or causes of the problem. Typically, the largest personality on the team will jump to their perceived root cause than immediately follow-up with his/her fix. Avoid this as much as possible. Even if the proposed root cause is actually the true root cause, depending on the risk associated with the process, you may spend much more than 1/12th of the time coming up with the solution to fix the problem. Remember, you have already stopped the bleeding and you have cleaned up the mess, so take your time to create the best solution. This may include redesigning the process. The design and development of processes is a different article, though the benefits of an organized process redesign is most valuable in high risk problem solving. Some processes should be redesigned to prevent or greatly reduce human error. This step in improvement is exactly what ISO 9001 wants us to do….use the basic requirements to spring into much more robust quality tools (such as design for six sigma, Kaizen, etc.)…..again, this is what other high-reliability industries do daily.
Once you have determined the actions to correct the nonconformance, you need to review other risks and opportunities to ensure that there are not changes to be made. Same with process directions (maybe forms, policies, etc.). Part of the corrective actions should include training on any changes made to all affected parties. NOTE of Caution: for too long, users of ISO 9001 have used the cause of “invalid or incorrect information in documentation” and the fix has been to review and revise the documentation and train the masses. In a very few cases, this may actually be correct. However in most cases, it is not. Again, a different article is available that discusses this in more detail. Rest assured that the reason that the 2nd most common nonconformance in the ISO 9001 world is corrective actions is because we simply fall back on the easy cause; fix the documentation and train the people....then 6 months, twelve months go by and the problem returns.
Once the fix is implemented, you should have determined the means for reviewing the effectiveness. This may include subsequent audits, simple process monitoring (and possibly measuring) or an extensive follow-up, maybe over several years, to ensure that the fix is actually effective. There is no requirement that a corrective action has to be complete and determined effective in a certain time period.
We need to plan our corrective actions in a timely manner but we are not required to complete and implement the fix, then conduct the effectiveness review in a certain time frame. It may take weeks, months or years to really ensure that the corrective action is effective. That’s the sign of a mature management system and your system working for you, not you working for your system. Please review your processes now, and if you created arbitrary dates for “closing” corrective actions, re-visit that and determine if that is the most appropriate method for your system. High reliability organizations outside of healthcare may monitor corrective actions for years, depending on the risk associated with the processes.
The rigor and discipline involved in the corrective action process should match the risk associated with the problem. Obviously, a sentinel event will warrant deep dives into the cause(s) and likely a process redesign to correct the problem(s). Unfortunately, we’ve seen too much evidence of grave problems and sentinel events determine the cause as being documentation and training issues. This practice is not allowed in other high-reliability industries.
Obviously, we need to maintain evidence of all of these activities and the results of these activities. What a treat it is for a surveyor to show evidence of the root cause analysis, the determination of the fix to correct the problem, then evidence of the effectiveness review plan that spans over 24 months…due in part to the severity of the problem. Believe me, surveyors don’t want to find repeat nonconformances due to a weak corrective action process. What a treat for our patients when they can receive the care and treatment that they expect.
When we have a mature corrective action process in place, it is built on our process management platform and we are aware of how our solutions will interact with the rest of our management system. We can then begin to collect financial information related to the cost of poor quality (how much did this problem cost us?). When leadership gets wind of the cost of poor quality over a period of time, heads turn. Effective leadership should drive the culture of prevention (risk mitigation) rather than correction. It’s must less costly and much more patient friendly!
Great are the benefits of an effective and maturing management system. In our current healthcare environment, we are all well aware of the costs, legal considerations, regulatory changes, and on and on. An outdated mantra from other high-reliability organizations is “we don’t have time to do it right, but we have time to do it over”. It is outdated because these organizations have dug their heels in on the corrective action process and they fix it right the first time, no matter how long it takes. They realize the long term benefits of effective corrective actions in a process management system. One of the best benefits for hospitals is a safer patient experience.
In a training class for hospitals at DNV GL (Katy, TX) years ago, I was training about process management and a passionate nurse was debating a retired Navy aviator about safety in hospitals versus safety in commercial aviation. I let them banter for a bit (as a pharmacist I know my place with nurses) when the nurse boldly stated: ”well in healthcare, we kill our customers one at a time”! She won the battle, but as of today, she is still losing the war!
Ted Schmidt is a Pharmacist, a Certified Enterprise Risk Manager (CERM©), and a Senior Advisor with BlueSynergy Associates, LLC. BlueSynergy Associates maximize innovation, experience and customer perspective to reduce risk and make hospitals a safer environment. He currently advises and instructs high reliability organizations, including hospitals in quality, risk, safety and environmental management systems. Ted led the largest ISO 9001 implementation in healthcare at the Veterans Administration. He is a Senior Member of the American Society for Quality and a certified Lead Auditor in quality management systems by Exemplar Global. He can be reached by email at tschmidt@bluesynergyassociates.com. Follow BlueSynergy on LinkedIn and Twitter
First, for a true nonconformance, you have to have a requirement not being met…key word here is requirement. This could be from NIAHO, ISO 9001, corporate, internal, etc. but a requirement…not a perceived requirement such as “everyone does this thing that way” or “I think you need to do this”. Corrections can be our only response to nonconformances if the evaluation of the need to eliminate the cause does not meet your requirements. Caution is warranted that you should define exact criteria to define what is a correction (stop the bleeding and clean up the mess) versus a corrective action, otherwise you may fall in the pitfall of labelling everything or anything a correction. Corrective Action is where we will focus on in this article, as it is an opportunity for all users of ISO 9001.
In healthcare, we sometimes have a tendency to “overdo” things. Managing corrective actions should not be one of these “things” we overdue, just something we need to do more effectively! No one wants to deal with problems, but we must. It’s actually considered an improvement activity by ISO definition….fixing a problem is an improvement! Our patients expect it from us!
Our corrective action processes are just an organized means of addressing problems, to the extent appropriate to that these problems do not recur. This organized means is summarized well in ISO 9001. We just have to right-size the details for our hospitals culture, our competencies and our resources so that we meet the requirements and their intent so that the problem does not recur.
Did you know that the second most common ISO 9001 nonconformance in third party audits/survey is corrective action (right behind document control!)? It seems that we don’t find time to perform effective corrective actions, but we make time to perform repeat corrective actions. Our corrective action process needs to be right-sized for our hospital and something that people will use and trust that it is a good process. Here are some common reasons for not trusting the process:
- Corrective action process is too cumbersome.
- We don’t know how to use our root cause tool.
- We can’t get everyone together.
- Process owners are wanting to make it “easy”.
- We have “arbitrary” deadlines for “closing” nonconformance .
- Too much confusing jargon
Our processes need to facilitate effective corrective actions, not inhibit them. You may need to streamline your processes if they are not working. Again, right-sizing them for you is an easy first step!
So, if you’ve determined that a problem requires corrective action (clause 10.2.1 review and analyze the nonconformance), you need to be sure that you have a great understanding of the actual problem (aka- is your nonconformance report written for you to fix the problem)….hint- if you don’t know the problem, firmly define the problem statement. Note- nonconformances made easy: There should be three parts to a nonconformance report. 1) what is the requirement not being met. 2) a simple statement about the requirement not being met. 3) evidence to support that statement. An oversimplified example. Requirement- The pharmacist should be doing “A” while mixing chemotherapy drugs. Nonconformance statement- The pharmacist is not doing “A” while mixing chemotherapy drugs. Evidence- Upon interview during an internal audit, it was discovered that the pharmacist was doing “B” and “C” while mixing chemotherapy drugs. Your nonconformance statement should define the problem…”we’re not doing “A”. Only when you have the problem properly identified will you then need to determine the cause or causes of the problem, but the problem has to be well defined.
Finding the root cause is the heavy lift. Albert Einstein once said something like this : if you give me an hour to fix the problem, I’ll spend 55 minutes determining the cause and 5 minutes to determine the fix. Determining the cause or causes (there may be more than one AND this process may take you more than one iteration to figure this out) is the hardest part. Be sure to have the right people present who know the problem process from all angles. Be firm on their participation! Don’t let the biggest title or largest personality run the process, you may even need ground rules….other high-reliability industries OUTSIDE of healthcare use ground rules for this part.
Use a root cause tool that works for you….again, DO use a mountain when you only need a mole hill. Your RCA tool can be something simple or elaborate, you decide. We’ve seen the 8 Disciplines (8-D) used a lot, others use 5-whys, fishbone, etc…find one that works for you and modify it if needed for your hospital. The bottom line is this; use a scientific approach, not your gut. Deming said, “In God we trust, all others bring data”.
Remember, the corrective action process is a part of a larger system, our quality system of management…all wrapped around our hospital’s purpose! So you must also determine if this nonconformance exists or might exist somewhere else in your management system. This can be determined by including those persons that affect or are affected by the process under review in the corrective action.
Einstein also said he would need just 5 minutes of his hour to determine the solution. While that may not always be the case, it does give perspective for the need to conduct a thorough analysis to determine the cause or causes of the problem. Typically, the largest personality on the team will jump to their perceived root cause than immediately follow-up with his/her fix. Avoid this as much as possible. Even if the proposed root cause is actually the true root cause, depending on the risk associated with the process, you may spend much more than 1/12th of the time coming up with the solution to fix the problem. Remember, you have already stopped the bleeding and you have cleaned up the mess, so take your time to create the best solution. This may include redesigning the process. The design and development of processes is a different article, though the benefits of an organized process redesign is most valuable in high risk problem solving. Some processes should be redesigned to prevent or greatly reduce human error. This step in improvement is exactly what ISO 9001 wants us to do….use the basic requirements to spring into much more robust quality tools (such as design for six sigma, Kaizen, etc.)…..again, this is what other high-reliability industries do daily.
Once you have determined the actions to correct the nonconformance, you need to review other risks and opportunities to ensure that there are not changes to be made. Same with process directions (maybe forms, policies, etc.). Part of the corrective actions should include training on any changes made to all affected parties. NOTE of Caution: for too long, users of ISO 9001 have used the cause of “invalid or incorrect information in documentation” and the fix has been to review and revise the documentation and train the masses. In a very few cases, this may actually be correct. However in most cases, it is not. Again, a different article is available that discusses this in more detail. Rest assured that the reason that the 2nd most common nonconformance in the ISO 9001 world is corrective actions is because we simply fall back on the easy cause; fix the documentation and train the people....then 6 months, twelve months go by and the problem returns.
Once the fix is implemented, you should have determined the means for reviewing the effectiveness. This may include subsequent audits, simple process monitoring (and possibly measuring) or an extensive follow-up, maybe over several years, to ensure that the fix is actually effective. There is no requirement that a corrective action has to be complete and determined effective in a certain time period.
We need to plan our corrective actions in a timely manner but we are not required to complete and implement the fix, then conduct the effectiveness review in a certain time frame. It may take weeks, months or years to really ensure that the corrective action is effective. That’s the sign of a mature management system and your system working for you, not you working for your system. Please review your processes now, and if you created arbitrary dates for “closing” corrective actions, re-visit that and determine if that is the most appropriate method for your system. High reliability organizations outside of healthcare may monitor corrective actions for years, depending on the risk associated with the processes.
The rigor and discipline involved in the corrective action process should match the risk associated with the problem. Obviously, a sentinel event will warrant deep dives into the cause(s) and likely a process redesign to correct the problem(s). Unfortunately, we’ve seen too much evidence of grave problems and sentinel events determine the cause as being documentation and training issues. This practice is not allowed in other high-reliability industries.
Obviously, we need to maintain evidence of all of these activities and the results of these activities. What a treat it is for a surveyor to show evidence of the root cause analysis, the determination of the fix to correct the problem, then evidence of the effectiveness review plan that spans over 24 months…due in part to the severity of the problem. Believe me, surveyors don’t want to find repeat nonconformances due to a weak corrective action process. What a treat for our patients when they can receive the care and treatment that they expect.
When we have a mature corrective action process in place, it is built on our process management platform and we are aware of how our solutions will interact with the rest of our management system. We can then begin to collect financial information related to the cost of poor quality (how much did this problem cost us?). When leadership gets wind of the cost of poor quality over a period of time, heads turn. Effective leadership should drive the culture of prevention (risk mitigation) rather than correction. It’s must less costly and much more patient friendly!
Great are the benefits of an effective and maturing management system. In our current healthcare environment, we are all well aware of the costs, legal considerations, regulatory changes, and on and on. An outdated mantra from other high-reliability organizations is “we don’t have time to do it right, but we have time to do it over”. It is outdated because these organizations have dug their heels in on the corrective action process and they fix it right the first time, no matter how long it takes. They realize the long term benefits of effective corrective actions in a process management system. One of the best benefits for hospitals is a safer patient experience.
In a training class for hospitals at DNV GL (Katy, TX) years ago, I was training about process management and a passionate nurse was debating a retired Navy aviator about safety in hospitals versus safety in commercial aviation. I let them banter for a bit (as a pharmacist I know my place with nurses) when the nurse boldly stated: ”well in healthcare, we kill our customers one at a time”! She won the battle, but as of today, she is still losing the war!
Ted Schmidt is a Pharmacist, a Certified Enterprise Risk Manager (CERM©), and a Senior Advisor with BlueSynergy Associates, LLC. BlueSynergy Associates maximize innovation, experience and customer perspective to reduce risk and make hospitals a safer environment. He currently advises and instructs high reliability organizations, including hospitals in quality, risk, safety and environmental management systems. Ted led the largest ISO 9001 implementation in healthcare at the Veterans Administration. He is a Senior Member of the American Society for Quality and a certified Lead Auditor in quality management systems by Exemplar Global. He can be reached by email at tschmidt@bluesynergyassociates.com. Follow BlueSynergy on LinkedIn and Twitter