ISO 22367:2022 – Medical laboratories — Application of risk management to medical laboratories

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test systems. This first edition cancels and replaces (ISO/TS 22367:2008) which has been technically revised. [It also incorporates the Technical corrigendum ISO/TS 22367:2008/Cor.1:2009.]. The main changes compared to the previous edition are as follows:

— Change in title to indicate this document focusses on the complete risk management cycle for all processes in the medical laboratory. The part on continual improvement is left out;

— The numbering of the clauses is in accordance with the formal risk management process as indicated
in Figure 1;

— The content is as far as possible in agreement with the approach used in ISO 14971 Medical devices -Application of risk management to medical devices;

— The relation with ISO 15189:2012 is indicated in Annex A in which Figure A.1 provides a flow chart which indicates how to apply risk management in the laboratory;

— Addition of 10 new annexes, all informative, providing valuable information about the different processes in the risk management cycle without demanding more than justified for the specific purpose;

— Annex F. provides an extensive list of aspects which could be considered as source for risks in the different types of medical laboratories.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

This document provides medical laboratories with a framework within which experience, insight and judgment are applied to manage the risks associated with laboratory examinations. The risk management process spans the complete range of medical laboratory services: pre-examination, examination and post-examination processes, including the design and development of laboratory examinations.

ISO 15189 requires that medical laboratories review their work processes, evaluate the impact of potential failures on examination results, modify the processes to reduce or eliminate the identified risks, and document the decisions and actions taken. This document describes a process for managing these safety risks, primarily to the patient, but also to the operator, other persons, equipment and other property, and the environment. It does not address business enterprise risks, which are the subject of ISO 31000.

Medical laboratories often rely on the use of in vitro medical devices to achieve their quality objectives. Thus, risk management has to be a shared responsibility between the IVD manufacturer and the medical laboratory. Since most IVD manufacturers have already implemented ISO 14971:2007, “Medical devices -Application of risk management to medical devices,” this standard has adopted the same concepts, principles and framework to manage the risks associated with the medical laboratory.

Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of hazards, which can lead directly or indirectly to varying degrees of harm. The concept of risk has two components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.

Risk management is complex because each stakeholder may place a different value on the risk of harm. Alignment of this standard with ISO 14971 and the guidance of the Global Harmonization Task Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD manufacturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit of patients, laboratories and the public health.

Medical laboratories have traditionally focused on detecting errors, which are often the consequence of use errors during routine activities. Use errors can result from a poorly designed instrument interface, or reliance on inadequate information provided by the manufacturer. They can also result from reasonably foreseeable misuse, such as intentional disregard of an IVD manufacturer’s instructions for use, or failure to follow generally accepted medical laboratory practices. These errors can cause or contribute to hazards, which may manifest themselves immediately as a single event, or may be expressed multiple times throughout a system, or may remain latent until other contributory events occur. The emerging field of usability engineering addresses all of these ‘human factors’ as preventable ‘use errors.’ In addition, laboratories also have to contend with occasional failures of their IVD medical devices to perform as intended. Regardless of their cause, risks created by device malfunctions and use errors can be actively managed.

Risk management interfaces with quality management at many points in ISO 15189, in particular complaint management, internal audit, corrective action, preventive action, safety checklist, quality control, management review and external assessment, both accreditation and proficiency testing.

Management of risk also coincides with the management of safety in the medical laboratories, as exemplified by the safety audit checklists in ISO 15190.

Risk management is a planned, systematic process that is best implemented through a structured framework. This standard is intended to assist medical laboratories with the integration of risk management into their routine organization, operation and management.