2018年世界認證日暨TAF15週年紀念大會

基於ISO31000實踐醫學實驗室病人安全風險管理Risk Management for Patient Safety in Medical Laboratory:

A Pragmatic Approach Based on ISO31000

Speaker: Kao Chih-Hsiung高智雄特助 Date: 2018.09.17 Time:14:20~15:00(40min)

1. Introduction of RM 2. Risk Management Process 3. Practical Experience of RM

Outline

Why we should work with risk management?

以病人為中心Patient

Centeredness

3.及時Timeliness

4.效率 Efficiency

1.公平Equity

2.有效 Effectiveness

5.安全Safety

Net Value= Quality(及時、效率、有效、公平) - Harm(不安全)

病人安全是最基本的要求！作法＝導入風險管理系統

4

主動👉IOM/WHO病人照護的六大目標

實證醫學EBM

資訊科技IT

流程改進CPI

團隊合作TRM

RM

病人價值＝一易、二好、三快、四便宜、五安全＝機會＋危害風險

Lean

被動👉ISO15189:2012 4.14.6 Risk management

An ISO standard says what has to be done. Not how to do it !

TAF-CNLA-R02(3)

2013.07.15 21 60

a)

b)

1

2 ISO 19011

( 4.13)

( 4.10)

4.14.6

4.14.7

醫學實驗室-病人安全風險管理系統

The laboratory shall evaluate the impact of work processes and potential failures on examination results as they affect patient safety, and shall modify processes to reduce or eliminate the identified risks and document decisions and actions taken.

👉Lab要自己找適用的RM方法論

財團法人全國認證基金會 TAF-CNLA-R01(4)

2018.02.15 第 4 頁共 29 頁

舉例：一個通常用於量測水中氮的質量濃度的量測程序，也可被確認為可

用於量測人體血清中氮的質量濃度。

[來源： ISO/IEC Guide 99:2007， 2.45]

4 一般要求

4.1 公正性 4.1.1 實驗室活動應公正進行，並由結構面與管理面維護公正性。

4.1.2 實驗室管理階層應承諾達到公正性。

4.1.3 實驗室應對其實驗室活動的公正性負責，且不應允許商業、財務或其他壓力危害到公正性。

4.1.4 實驗室應持續鑑別對其公正性的風險。這些風險應包括來自實驗室活動、或實驗室的關係、或其人員的關係。然而此種關係不必然使實驗

室面臨公正性的風險。

備考：威脅實驗室公正性的關係，能基於所有權、管轄權、管理階層、

人員、共用資源、財務、合約、行銷 (包括品牌 )，以及給付銷售佣金或介紹新顧客的其他誘因等。

4.1.5 若公正性的風險已被鑑別，實驗室應能展現如何將此類風險消除或減至最小。

4.2 保密

4.2.1 實驗室應透過具法律效力的承諾，負責管理在執行實驗室活動中所獲得或產生的所有資訊。實驗室應事先將預定公開的資訊知會顧客。除

了顧客所公開提供或是實驗室與顧客之間達成協議的資訊 (如為回應抱怨的目的 )，其他所有資訊都被視為專屬資訊，且應予以保密。

4.2.2 當實驗室依法律或合約授權的要求揭露機密資訊時，除非法律禁止，所提供的資訊應通知到相關顧客或個人。

4.2.3 從顧客以外來源 (如抱怨者、法規主管機關 )所獲得關於顧客之資訊，應在顧客與實驗室間加以保密。實驗室應對此類資訊的提供者 (來源 )加以保密，除非獲得來源同意，不應將其透露給顧客得知。

4.2.4 人員，包括任何委員會成員、合約商、外部機構人員或實驗室代表者等代表實驗室的人，除法律要求外，均應對在執行實驗室活動中所獲

得或產生的所有資訊予以保密。

5 架構要求

5.1 實驗室應是對其所有活動負法律責任之法律實體，或是法律實體內已明定的一部分。

被動👉ISO17025:2017 4.1 公正性Impartiality

An ISO standard says what has to be done. Not how to do it ! 測試與校正實驗室-公正性風險管理系統

👉Lab要自己找適用的RM方法論

👉Lab要自己找適用的RM方法論

基於ISO31000實踐醫學實驗室病人安全風險管理Risk Management for Patient Safety in Medical Laboratory:

A Pragmatic Approach Based on ISO31000A Pragmatic Approach Based on ISO31000

Likewise👉測試與校正實驗室-公正性風險管理系統

An ISO standard says what has to be done. Not how to do it !

風險管理入門-名詞概念

危險👉危害風險;急駛而來的車子👉危害/威脅;效應effect👉後果con.

系統性＝策略性＝系統管理＝管理系統法ManagementSystemApproach

👉風險管理＝Proactive預應式/前瞻式管理

誰會像這樣實施「夜跑-風險管理系統」讓自己更安全？

! Patient Safety: the prevention of errors and adverse effects to patients associated with health care (WHO) ! Risk: combination of the probability of occurrence of harm and the severity of that harm (ISO/IEC Guide 51) ! Hazard: source, situation or act with a potential for causing

harm (to the patient) (ISO/IEC Guide 51) ! Safety: freedom from unacceptable risk ! Control: measure that is modifying risk (Risk Control)

Terms and Definitions protecting patients from harm

ISO15189🎯Patient-harm-based Approach🤔ISO17025 🎯Partiality-based Approach

檢驗流程錯誤導致病人傷害的風險分析模型Model for assessing risk of patient harm

Modify from：ISO22367 Medical laboratories - Reduction of error through risk management and continual improvement

醫師

實驗室醫檢師

病人

延遲或不正確的判斷Delayed or incorrect decision

延遲或不正確的診斷或治療Delayed or incorrect diagnosis or

therapy

延遲或不正確的反應Delayed or incorrect response

傷害Harm

(不安全Risk)

摘自：高智雄。醫學實驗室管理，第十章實驗室風險管理第208頁，2015，五南。

程序中錯誤Process error

延遲或不正確的檢驗報告Delayed or incorrect report

Hazards

ISO15189🎯Patient-harm-based Approach

實驗室活動和組織、人員關係導致不公正的風險分析模型

Model for assessing risk of partiality

服務活動(CAB評鑑活動)

組織或人員關係

自身利益、自我審查、熟悉(信任)、恐嚇威脅

無法依據客觀證據作出判斷或利益迴避

出現“利益衝突”或“偏袒”(瓜田李下認知風險或真放水)

Risk of Partiality (不公正的風險)

所有權、管轄權、管理階層、人員、共用資源、財務、合約、行銷、銷售佣金或介紹新顧客的其他誘因...等關係

商業、財務或其他壓力

Hazards

🤔ISO17025 🎯Partiality-based Approach

公正性

關說

逼迫

註：「君子防未然，不處嫌疑間。瓜田不納履，李下不整冠。」「恐嚇」是對未來惡害的告知;「威脅」是現在惡害的告知;逼迫被害人做出與加害人利益有關的決定。ex.”你如果不做XX事;我就做XX行為”

標準化管理Standardized Management

性影響的風險包含 :自身利益威脅“Self-interest Threats”可能源自：過度依賴某一專案服務及其費用、擔心失去客戶、擔心失業等。自我審查威脅

“Self-review Threats”可能源自：組織或該組織人員對於驗證方案中需要執行客戶管理系統評估

採支持或反對之決定且對該客戶仲介或提供顧問

或內部稽核服務。熟悉 (或信任 )威脅“Familiarity (or trust) Threats”可能源自：組織或該組織人員對客戶太熟悉 (或信任)而不是客觀尋求稽核證據。恐嚇威脅“Intimidation Threats”可能源自：組織或該組織人員認知到有公開或私下被脅迫的威脅，例

如：被替換或向主管報告的威脅等。組織或該組織

人員關係影響公正性的風險可能源自：所有權，治

理，管理，人員，共享資源，財務，合同，營銷(包括品牌)，支付銷售傭金或引進新客戶的誘因等。

本文提供的影響公正性之風險評估方法是經簡

化之定性失效模式效應分析 (FMEA) 方法，使用時只要考慮有四個欄位，包括組織中被鑑別的風險

，風險類別，處理風險的措施和措施的控制。組織

中被鑑別的風險：符合性評鑑機構應盡力找到符合

性評鑑內部和／或委外過程中影響公正性的具體和

／或潛在的風險，例如。來自符合性評鑑活動，符

合性評鑑機構的關係或人員關係。風險類別：是指

服務活動，組織或人員關係，鑑別類別可以幫助符

合性評鑑機構偵測風險存在的地方。處理風險的措

施：是風險管制的措施，應包含管理過程中之所有

公正性管理過程，例如：組織架構、員工協議、行

為準則、合規準則、工作說明、作業指導和品質量

管理系統的其他文件中規範中規定的措施以處理該

項風險。措施管制：是管制該風險控制的措施亦為

殘餘風險的管制，並對實施措施的適用性進行驗證

。如具平衡的利益相關方組成之公正性防護機制或

諮詢組織例如公正性防護委員會、稽核、管理系統

的審查或其他管制作業等。經過設計後，本文提出

一簡化之定性失效模式效應分析 (FMEA) 法，以執行公正性風險評估，案例見表2。

應用簡化之定性失效模式效應分析(FMEA)法執行公正性風險評估，應由符合性評鑑流程負責人

每年獨立進行，並由符合性評鑑機構負責人進行

審查，如符合性評鑑機構具平衡的利益相關方組

表 2：應用簡化之定性失效模式效應分析 (FMEA)法執行公正性風險評估案例組織中被鑑別的風險 風險類別 處理風險的措施

措施控制 (剩餘風險的管制 ) 備註

董事會成員在執行驗證專案時可能存在與客戶有私人關係而影響驗證公正性之利益衝突

人員關係&服務活動

1. 驗證過程確保驗證決定之公正性2. 驗證人員有合約義務報告任何利益衝突

1. 外部申訴和內部合規申訴流程報告相關違規行為以防止外部壓力

2. 內部稽核驗證機構人員是客戶股東或熟識客戶可能存在利益衝突

人員關係 1. 依照勞動合同。員工必須向驗證證機構報告驗證證機構以外就業之其他利益衝突 (股東 )

2. 相關人員不得從事這些驗證專案

1. 外部申訴和內部合規申訴流程報告相關違規行為

2. 內部稽核

分包商實驗室為業務競爭者公司所屬之實驗室執行本公司分包工作。可能存在利益衝突

機構的關係&人員關係

1. 公司規範之通用協議：第一和第二方實驗室不具備分包商資格

2. 根據相關程序對分包商進行監督，以符合分包商條件及其分包能力

3. 如果分包商沒有公司規範之通用協議／或監控有不符合分包商條件及其分包能力其分包申請將被拒絕

1. 外部申訴流程和內部合規申訴報告相關違規行為

2. 內部稽核

風險類別：活動，關係或人員關係。活動的風險包括但不限於自利威脅，自我審查威脅，熟悉 (或信任 )威脅，恐嚇威脅等。關係的風險包括但不限於所有權，治理，管理，人員，共享資源，財務，合同，營銷 (包括品牌 )和支付銷售傭金或其他誘導新客戶的誘因等。

25JUL 2017︱ Quality Magazine．Chinese Society for Quality．Vol. 53 No.07

摘⾃：焦經剛，2017，符合性評鑑機構之公正性管理過程。Quality Management, Chinese Society for Quality. Vol.53 No.07

“利益衝突”或“偏坦”

⾃⾝利益：服務專案價錢⾼(財務)、擔⼼失去客⼾(商業)、擔⼼失業(其他壓⼒);(放⽔) ⾃我審查：審查(驗證⽅案)決定客⼾是否「通過」時，組織⼈員對該客⼾仲介或提供 顧問輔導或內稽服務。(利益衝突：因未利益迴避⽽有⽠⽥李下認知⾵險)

熟悉信任：⼈員對客⼾太熟悉或信任⽽不客觀尋求(稽核)證據。(放⽔:抽樣少些) 恐嚇威脅：⼈員認知到公開或私下被脅迫替換或向其主管報告的威脅。(放⽔:偽造)

Risk Management👉Eliminate Unacceptable Risk👉Safety

unknown risks

identified risks

Risk control / Risk treatment

Systematic Risk Identificationacceptable

riskssafety/

impartiality

unacceptable risks︖

unsafety/ partiality

Risk Register

The risk of risk management=unknown riskspatient harm / partiality

!14

to reduce the identified risks to an acceptable level

Unacceptable

Risk (Unsafety) Acceptable

Risk (Safety)

Contingency plan Remedial action

Preventive action

non-detectability

probability

severity of harm

Mitigation action

severity of harm

non-detectability

probability

Risk Management👉Eliminate Unacceptable Risk

👉事後控制不如事中控制，事中控制不如事前控制

風險前 風險後

風險中

Risk control / Risk treatment

1. Introduction of RM 2. Risk Management Process 3. Implementation of RM

Outline

Where can we learn about risk management?

ISO14971:2007*

ISO31000:2009

ISO22367:2008*

CLSI EP18

CLSI EP23Laboratories

Manufacturers

Medical devices- Application of risk management to medical devices

Medical laboratories- Reduction of error through risk management and continual improvement

Risk Management Techniques to Identify and Control Laboratory Error Source

Laboratory Quality Control Based on Risk Management

ISO27001:2013 Risk management – Principles and guidelines

*under revising

(FMEA,FTA,FRACAS)

Comparison of different risk management modelsModel ISO CLSI Industrial

Standard/Guideline

ISO31000, ISO14971, ISO22367

EP18, EP23

JCI accreditation 2002 at least one FMEA each year

TechniquePHA,FMEA,FTA, HAZOP,HACCP,

FRACAS

FMEA, FTA, FRACAS

FMEA, HFMEA i.e.FOCUS-PDCA

Application Field

ISO31000 for All ISO14971 for Manuf. ISO22367 for Lab.

EP18 for Manuf. EP23 for Lab.

FMEA for industrial HFMEA for Healthcare

Risk Estimation

2 factors, (No Detection) Severity*Occurrence Rank 1~3 or 1~5

2 factors,(No Detection) Severity*Occurrence Rank 1~4

3 factors, SEV*OCC*DET Rank 1~10

Risk Evaluation

Acceptability Matrix Criticality Matrix RPN (Risk Priority Number)

©2014 QSG, Inc.

Risk Assessment - Quantitative

January 15, 2015 17

Risk Estimation : Semi-quantitative

from: 2015, Bob Deysher. A “ Risk Based Thinking” Model for ISO9001:2015 http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

©2014 QSG, Inc.

Risk Acceptable Regions

January 15, 2015 18

Generally Acceptable

Generally Un-Acceptable

As Low As

Practical

As Low As �Reasonably�

Practical

Risk Evaluation : Acceptability Matrix

from: 2015, Bob Deysher. A “ Risk Based Thinking” Model for ISO9001:2015 http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

What is the “best practice” of RM in medical lab?

Best Practice 1.Comply with legal requirements and standards 2.Do the right things (effectiveness) 3.Keep it simple (and cost-effective, Lean) 4.Continual improvement (PDCA cycle)

Align with ISO31000

A Pragmatic Approach Based on ISO31000

!23

ＰＤ

CA

Relationship between the risk managementprinciples, framework and process

CQI

Ｐ

ＤＣ

Ａ

ISO31000:2009 Risk Management Process流程”線“

24

ISO 31000:2009(E)

14 © ISO 2009 – All rights reserved

Risk assessment (5.4)

Communication and

consultation(5.2)

Monitoring and

review (5.6)

Establishing the context (5.3)

Risk analysis (5.4.3)

Risk evaluation (5.4.4)

Risk treatment (5.5)

Risk identification (5.4.2)

Figure 3 — Risk management process

5.2 Communication and consultation

Communication and consultation with external and internal stakeholders should take place during all stages of the risk management process.

Therefore, plans for communication and consultation should be developed at an early stage. These should address issues relating to the risk itself, its causes, its consequences (if known), and the measures being taken to treat it. Effective external and internal communication and consultation should take place to ensure that those accountable for implementing the risk management process and stakeholders understand the basis on which decisions are made, and the reasons why particular actions are required.

A consultative team approach may:

⎯ help establish the context appropriately;

⎯ ensure that the interests of stakeholders are understood and considered;

⎯ help ensure that risks are adequately identified;

⎯ bring different areas of expertise together for analyzing risks;

⎯ ensure that different views are appropriately considered when defining risk criteria and in evaluating risks;

⎯ secure endorsement and support for a treatment plan;

Ｐ

Ｄ

Ｃ

Ａ

A Pragmatic Approach Based on ISO31000大部分的人在此卡關😱

風險管理程序Risk Management Process

風險分析Risk Analysis

危害鑑別Hazard

Identification

嚴重度Severity of Harm

可能性Likelihood of Harm

風險Risk

風險評估Risk

Estimation

⾵險評鑑 Risk Assessment

風險評價Risk

Evaluation

不可接受的風險

可接受的風險

增加控制措施/預防措施風險處理計畫

Risk Treatment Plan

Ｐ DC

⾵險監控 Risk

Monitoring

失效事件調查Failure Investigation

A風險審查

Risk Review

• New Hazard?新危害/風險︖ • Greater Severity? • Increased frequency?

摘自：醫學實驗室管理，第十章實驗室風險管理第226頁，2015，五南。高智雄

⾵險控制 Risk

Control記錄執行結果

實施控制措施

Modify from ISO31000 and CLSI EP23

ＰＤＣＡ

©2014 QSG, Inc.

Process(Major Elements & Boundaries)

StartEndProcess Owners:

Outputs Customers(for Whom?)

InputsSuppliers(By Whom)

Materials(With What?)

Measures(Trend Charts)(Metrics)

Manpower(Training)(Skills)

Methods(How?)

Machine(With What?)

Environment (Area Conditions?)

Risks(What Can Go Wrong?)

January 15, 2015 31

SIPOC Process Approach

from: 2015, Bob Deysher. A “ Risk Based Thinking” Model for ISO9001:2015 http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

Integrating Risk Based Thinking with the Process Approach and PDCA

©2014 QSG, Inc.

Plan-Do-Check-Act

January 15, 2015 37

The Plan-Do-Check-Act (PDCA) methodology can be a useful tool to define, implement and control corrective actions and improvements. Extensive literature exists about the PDCA cycle in numerous languages.

Plan�What to do?�How to do it?

Do�Do what wasplanned

Check�Did things happenaccording to plan?

Act�How to improvenext time?

from: 2015, Bob Deysher. A “ Risk Based Thinking” Model for ISO9001:2015 http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

©2014 QSG, Inc.

Inte

ract

ion

with

oth

er p

roce

ss

Interaction with other process

Do �Carry out the process

OUTPUTSINPUTS

Check �monitor/measure process performance

Act-Incorporate improvements as necessary

Plan the process (Extent of planning depends on RISK)

Process + Risk + PDCA Model

January 15, 2015 38

from: 2015, Bob Deysher. A “ Risk Based Thinking” Model for ISO9001:2015 http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

ISO15189:2012 4.14.6 Risk management

The laboratory shall evaluate the impact of work processes and potential failures on examination results as they affect patient safety, and shall modify processes to reduce or eliminate the identified risks and document decisions and actions taken.

Risk management for patient safety in medical laboratory

1.Risk Assessment : Plan 2.Risk Treatment : Do 3.Risk Monitoring : Check 4.Risk Review : Act

!30

TAF-CNLA-R02(3)

2013.07.15 17 60

4.10 (Corrective action)

a)

b)

c)

d)

e) ( 4.13)

f) ( 4.14.5)

4.11 (Preventive action)

a)

b)

c)

d)

e) ( 4.13)

f)

(

)

( )

👉提供風險管理方法論;即風險管理程序

1. risk / hazard identification

2. risk evaluation

3. risk treatment

4. risk monitoring

5. risk review

Consistent with ISO15189 4.11 Preventive Action

＝risk

＝hazard

Residual Risk要可接受

一個有效的「管理系統」方法-可經由PDCA持續改進系統

Risk estimation & evaluation

P

CA

例如:K Test

Risk identification

Risk monitoring

Risk treatment

增加的風險控制措施Risk Control或預防措施

aPPT Test

作業流程/SOP 作業流程/SOP

Riskrisk risk

riskriskris

k

修改作業流程 modify processes

risk

risk

risk

riskris

k

Risk Assessment

highest risk

priorityRisk Review

D人

員溝

通/訓

練

摘自：醫學實驗室管理，第十章實驗室風險管理第226頁，2015，五南。高智雄

安全＝風險管理的一個動態過程與狀態👉夜跑(管理系統)

1. Introduction of RM 2. Risk Management Process 3. Practical Experience of RM

Outline

1.Risk Assessment : Plan 2.Risk Treatment : Do 3.Risk Monitoring : Check 4.Risk Review : Act

Based on ISO31000

天主教聖馬爾定醫院檢驗科實驗室風險管理程序

!33

一個有效的「管理系統」方法-可經由PDCA持續改進系統

建立、文件化風險管理系統

!34

( ) 3/8 H3L0-P-027 1.0

4.13 Integrated risk management

4.14 Risk

OHSAS18001

5. 5.1 ISO 15189 2012 4.14 5.2 5.2 ISO/DIS 31000 2009 Risk Management-principles and Guidelines 5.3 CEN CWA 15793 _ 2008.2 5.4 OHSAS 18001 2007 5.5 _ _2010.4.8 5.6

6. 6.1

SOP

Ｐ

Ｄ

Ｃ

Ａ

Who Should be Involved?主任/品質主管

醫院風險管理的範疇

• 病⼈安全： 醫院評鑑(醫糾)與ISO15189(持續營運計畫應變復原)→營運風險

• 資訊安全： ISO27001、ISO15189(病⼈機密保護)、個資法、EMR→營運風險

• 醫院安全/職業安全/⽣物安全/實驗室安全： ISO45001、職業安全衛⽣法、醫院評鑑/感控→⼈員健康危害風險

• 財務風險、策略風險…→經營風險

ISO31000 5.3 Establishing the context

ISO31000 5.3 Establishing the context

!37

Ｐ風險評鑑

ＤＣＡ

風險管理

4/14 H3L0-P-028 1.0

6. 6.1

DMP

SOP

DMP

SOP

-

-

-

-

10步驟step by step6.2

6.3

6.4

6.5

6.6

6.7

6.8

6.10

6.9

ISO15189:2012

1.Risk Assessment 風險評鑑: Plan

1.

TAF-CNLA-R02(3)

2013.07.15 21 60

a)

b)

1

2 ISO 19011

( 4.13)

( 4.10)

4.14.6

4.14.7

!39

Please see the administrative notes on page ii

RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE AND TO PROVIDE SUPPORT-ING DOCUMENTATION.

IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STAN-DARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.

Reference numberIEC/FDIS 31010:2009(E)

FINAL DRAFT

Secretariat: TMB

Voting begins on: 2009-08-07

Voting terminates on: 2009-10-09

INTERNATIONAL STANDARD

IEC/FDIS31010

Risk management — Risk assessment techniques

Gestion des risques — Techniques d'évaluation des risques

!40

– 22 – 31010/FDIS © IEC

Table A.1 – Applicability of tools used for risk assessment

Risk assessment process

Risk analysis

Tools and techniques Risk Identification Consequence Probability Level of risk

Risk evaluation

See Annex

Brainstorming SA1) NA2) NA NA NA B 01

Structured or semi-structured interviews SA NA NA NA NA B 02

Delphi SA NA NA NA NA B 03

Check-lists SA NA NA NA NA B 04

Primary hazard analysis SA NA NA NA NA B 05

Hazard and operability studies (HAZOP) SA SA A

3) A A B 06

Hazard Analysis and Critical Control Points (HACCP) SA SA NA NA SA B 07

Environmental risk assessment SA SA SA SA SA B 08

Structure « What if? » (SWIFT) SA SA SA SA SA B 09

Scenario analysis SA SA A A A B 10

Business impact analysis A SA A A A B 11

Root cause analysis NA SA SA SA SA B 12

Failure mode effect analysis SA SA SA SA SA B 13

Fault tree analysis A NA SA A A B 14

Event tree analysis A SA A A NA B 15

Cause and consequence analysis A SA SA A A B 16

Cause-and-effect analysis SA SA NA NA NA B 17

Layer protection analysis (LOPA) A SA A A NA B 18

Decision tree NA SA SA A A B 19

Human reliability analysis SA SA SA SA A B 20

Bow tie analysis NA A SA SA A B 21

Reliability centred maintenance SA SA SA SA SA B 22

Sneak circuit analysis A NA NA NA NA B 23

Markov analysis A SA NA NA NA B 24

Monte Carlo simulation NA NA NA NA SA B 25

Bayesian statistics and Bayes Nets NA SA NA NA SA B 26

FN curves A SA SA A SA B 27

Risk indices A SA SA A SA B 28

Consequence/probability matrix SA SA SA SA A B 29

Cost/benefit analysis A SA A A A B 30

Multi-criteria decision analysis (MCDA) A SA A SA A B 31

1) Strongly applicable. 2) Not applicable. 3) Applicable.

失誤樹

RCAFMEA

!41

– 22 – 31010/FDIS © IEC

Table A.1 – Applicability of tools used for risk assessment

Risk assessment process

Risk analysis

Tools and techniques Risk Identification Consequence Probability Level of risk

Risk evaluation

See Annex

Brainstorming SA1) NA2) NA NA NA B 01

Structured or semi-structured interviews SA NA NA NA NA B 02

Delphi SA NA NA NA NA B 03

Check-lists SA NA NA NA NA B 04

Primary hazard analysis SA NA NA NA NA B 05

Hazard and operability studies (HAZOP) SA SA A

3) A A B 06

Hazard Analysis and Critical Control Points (HACCP) SA SA NA NA SA B 07

Environmental risk assessment SA SA SA SA SA B 08

Structure « What if? » (SWIFT) SA SA SA SA SA B 09

Scenario analysis SA SA A A A B 10

Business impact analysis A SA A A A B 11

Root cause analysis NA SA SA SA SA B 12

Failure mode effect analysis SA SA SA SA SA B 13

Fault tree analysis A NA SA A A B 14

Event tree analysis A SA A A NA B 15

Cause and consequence analysis A SA SA A A B 16

Cause-and-effect analysis SA SA NA NA NA B 17

Layer protection analysis (LOPA) A SA A A NA B 18

Decision tree NA SA SA A A B 19

Human reliability analysis SA SA SA SA A B 20

Bow tie analysis NA A SA SA A B 21

Reliability centred maintenance SA SA SA SA SA B 22

Sneak circuit analysis A NA NA NA NA B 23

Markov analysis A SA NA NA NA B 24

Monte Carlo simulation NA NA NA NA SA B 25

Bayesian statistics and Bayes Nets NA SA NA NA SA B 26

FN curves A SA SA A SA B 27

Risk indices A SA SA A SA B 28

Consequence/probability matrix SA SA SA SA A B 29

Cost/benefit analysis A SA A A A B 30

Multi-criteria decision analysis (MCDA) A SA A SA A B 31

1) Strongly applicable. 2) Not applicable. 3) Applicable.

風險矩陣

RPN風險優先指數

魚骨圖

!42

Ｐ風險評鑑

ＤＣＡ

風險管理

4/14 H3L0-P-028 1.0

6. 6.1

DMP

SOP

DMP

SOP

-

-

-

-

10步驟step by step6.2

6.3

6.4

6.5

6.6

6.7

6.8

6.10

6.9

Risk ma

nageme

nt

proces

s!

Process Map in medical laboratory: 1. Identify all aspects of activities(Processes)

Modify from ISO22367:2008

ISO/TS 22367:2008(E)

© ISO 2008 – All rights reserved 7

Annex A (informative)

Failure modes and effects analysis

Failure modes and effects analysis (FMEA) is a methodology for identifying potential points of failure within a process, determining their effects, and identifying actions to mitigate the failures. FMEA is particularly useful when deciding whether to introduce a new process within the laboratory.

While it is not possible to anticipate every failure mode, the team of laboratory participants can formulate as extensive a list of potential failure modes as possible.

A block diagram of the product/process indicating the major process steps should be developed. The major process steps should be linked together by lines that indicate how the components or steps are related. The diagram shows the logical relationships of components and establishes a structure around which the FMEA can be developed.

Figure A.1 gives a typical process map in a medical laboratory, which includes pre-analytic, analytic and post-analytic handling of the sample, reagents, equipment, instruments, calibrators, controls, result presentation and result documentation.

Figure A.1 — Example of process map in a medical laboratory

A failure mode, defined as the manner in which the process could potentially fail, should be identified in a manner that could determine what the ultimate effect will be. A failure effect is defined as the result of a failure mode on the process, as perceived by a test error. It can be described in terms of what the patient might experience should the identified failure mode occur, such as inconvenience or harm resulting from delayed or inaccurate examination results, diagnosis or therapy.

One failure mode in one component can serve as the cause of another failure mode in another activity within the process.

For each failure mode identified, the team should determine what the ultimate effect will be and establish a numerical ranking for the severity of the effect, in order to help determine which failures to address first.

The team then identifies controls and other potential monitoring procedures that can prevent the cause of the failure mode from occurring. Each procedure can be assessed to determine how well it is expected to detect a failure mode.

Once the new process has been in use, previously undetected or unidentified failure modes may appear. The FMEA should then be updated and plans made to address those failures to eliminate them from the product/process. Licensed to TAF/JUICHU CHEN

ISO Store order #:907613/Downloaded:2008-04-29Single user licence only, copying and networking prohibited

Hazard

Interpretation

2.Identify hazards in all aspects of work or activities

除實驗室內危害風險外;還需考慮實驗室外風險👉醫師·實驗室內危害：延遲與錯誤檢驗報告·實驗室外危害：醫師檢驗報告誤判/誤導病情(溝通問題)

範圍：

6.2鑑別所有檢驗作業活動

危害

危害

ISO15189:2012

2.Risk Treatment 風險處理: Do

2.

TAF-CNLA-R02(3)

2013.07.15 21 60

a)

b)

1

2 ISO 19011

( 4.13)

( 4.10)

4.14.6

4.14.7

“Actions speak louder than words.”

ISO15189:2012 TAF-CNLA-R02(3)

2013.07.15 46 60

5.9 (Release of results)

5.9.1

:

a)

b)

- ( ) (

)( 4.5))

-

c)

d)

e)

1 ( )

2

4.9

5.9.2

a)

b)

修改作業流程modify processes

預防檢體遭污染而釋出假性危險值之行動計畫-暨臨床病人個案案例教學3

Speaker:高智雄特助Date:2014.11.5(Wen.) Time:12:50~13:50

服務 Service 信賴 Trust 關懷 Mercy

~檢驗科風險處理之預防措施溝通與訓練~

人員

溝通

/訓練

修改作業流程modify processes

ISO15189:2012

3.Risk Monitoring 風險監控: Check

3.

TAF-CNLA-R02(3)

2013.07.15 21 60

a)

b)

1

2 ISO 19011

( 4.13)

( 4.10)

4.14.6

4.14.7

擬定達成目標的工作方案

!48

Who誰負責做？ When何時做？How如何做？

What要做什麼？ Why要有什麼成效/目標？

將風險控制措施文件化、實施、監控

(通常合併於風險評鑑報告中呈核核准)

4.Risk Review風險審查:Act

TAF-CNLA-R02(3)

2013.07.15 22 60

1

2

( 4.12)

4.14.8

4.15 (Management review)

4.15.1

4.15.2

a) ( 4.14.2)

b) ( 4.14.3) TAF-CNLA-R02(3)

2013.07.15 23 60

c) ( 4.14.4)

d) ( 4.14.5)

e) ( 4.14.6)

f) ( 4.14.7)

g) ( 4.14.8)

h) (PT/EQA)( 5.6.3)

i) ( 4.8)

j) ( 4.6)

k) ( 4.9)

l) ( 4.12) ( 4.10) (

4.11)

m)

n)

o)

4.15.3

( )

4.15.4

a)

b)

c)

12

ISO15189 4.15.2 Review Input

Best Practice 1.Comply with legal requirements and standards 2.Do the right things (effectiveness) 3.Keep it simple (and cost-effective, Lean) 4.Continual improvement (PDCA cycle)

Align with ISO31000👉執⾏行行風險管理理的“點”、“線”、“⾯面”有效性審查

!51

ＰＤ

CA

Ｐ

Ｄ

C

A

Relationship between the risk management principles, framework and process

CQI

Design of framework

for managing risk RM系統”面“

Risk Treatment

Risk Control控制“點”

Risk AssessmentRM流程“線”Risk Monitoring

Risk review

👉The risk of risk management

指導原則1.創造價值2.整合為組織作業流程的一部分3.決策制定的一部分4.明確陳述不確定性5.系統化、結構化且適時的6.根據可取得最佳資訊7.量身訂做適合自身的8.考慮人和文化因素9.透明與包容廣泛的10.動態且反覆因應改變11.促進組織的持續改進

任命與承諾

設計管理理風險的架構

實施風險管理理

監控與審查此架構

持續改進此架構

管理架構

確立內外環境

風險鑑別

風險分析

風險評價

風險處理理

風險監控與風險審查

風險溝通與諮詢

執⾏程序

風險評鑑

ISO31000 風險管理的原則、架構及程序的交互關係

摘自：醫學實驗室管理，第十章實驗室風險管理第223頁，2015，五南。高智雄

Ｐ

D CA

ＰＤ

CA

CQI

👉The risk of risk management🤔如同ISO19011 5.6審查Improving the Audit Programme

RM系統”⾯面“+ 流程“線”

風險管理績效-等級

14 Hai et al., ISO9001: 2015 Revision Practice

Journal of Crisis Management 2017 Vol. 14 No. 2

文件化資訊，作為後續持續增修之依據(範例如表 5)。

再以表 5「出口報關(QM-IE-01-005)」之流程言，其部門之 RPN=5*5*0.6=15，與「出口貨物捆包」流程，同時經部門主管判定為重

大風險，除建立改善措施與「建立查核表，雙

次複驗」之管理方式外，為減少人員疲勞或疏

失，並以「每月抽查出口報關件數 20 件，延遲放行影響交期件數≦1.0 件」之品質目標，納入部門績效管制項目。 風險管理是一種應用科學及藝術的結合，組織

可學習前人的經驗，正確選用管理技術工具，

如定性及定量的評價方法，如何選用？如何降

低主觀判斷的變異？定量用的數據如何取

得？如何決定那些風險是可以接受的？多元

屬性的風險如何交互影響？衍生風險如何鑑

別？多數風險具「時間」性，皆須定期檢視；

但最重要乃是企業風險文化之建立，透過領導

力或部門主管之主導，擴散到組織的成員，部

門作業過程中會逐漸篩選及調適，形成一種風

險管控意識，並有擔當的管理。[19]

表 3：「發生可能性(機率)」等級定義表

分數 評估標準

5 每「日」作業一次

4 每「週」作業一次

3 每「月」作業一次

2 每「季」作業一次

1 每「年」作業一次

表 2：「嚴重性」等級標準定義表

分數 財務影響 生產及訂單影響度 交期延遲

5 ＞3百萬 要求撤單 ＞180日

4 ＞150萬 造成生產線停止 ＞120日

3 ＞30萬 裝置停止聯絡 ＞90日

2 ＞15萬 修理、交換之影響 ＞60日

1 ≦15萬 生產、營運無影響 ＞30日

表 4：「風險控制成效」等級定義表

分數 評估標準

1 1.風險管理的責任部門不明確，只派人對應。 2. 沒有特別採取針對風險的對策。

0.8 1. 風險應對因人而異，與業務負責人的能力關係很大。 2. 關於風險對策進行了文件化（規定、管理辦法等）。 3. 文件化的規程、管理辦法沒有特別進行公開、沒有讓負責人周知。

0.6 1.對文件化的規程、管理辦法進行公開、並讓與業務有關聯者周知。 2. 根據文件化的規程、管理辦法進行運用。

0.4 1. 根據文件化的規程、管理辦法，實施了風險管理的有效性的定期評價（監查）。

0.2 1.接受根據文件化的規程、管理辦法而進行的風險管理的有效性的定期評價（監查），並實施改善活動。 2. 為提高全公司範圍的風險管理機能而實施了對策（教育等）

RM系統”面“+流程“線”

👉The risk of risk management

From:韓慧林、王俊堯、張宏宇，2017，ISO9001:2015改版實務。JournalofCrisisManagement.Vol.14No.2,P14

Incr

easi

ng R

isk

Thank you for your attention ! 感谢您的关注

경청 해 주셔서 감사합니다Terima kasih kerana perhatian anda ขอขอบคุณสำหรับความสนใจของคุณTerima kasih atas perhatian Anda

আপনার &মেনােযাগর জনয্ আপেনাক ধনয/াদСпасибо за внимание.