A Practical Tool for Risk Management in Clinical Laboratories

Risk management constitutes an essential component of the Quality Management System (QMS) of medical laboratories. The international medical laboratory standard for quality and competence, International Standards Organization (ISO) 15189, in its 2012 version, specified risk management for the first time. Since then, there has been much focus on this subject. We authors aimed to develop a practical tool for risk management in a clinical laboratory that contains five major cyclical steps: risk identification, quantification, prioritization, mitigation, and surveillance. The method for risk identification was based on a questionnaire that was formulated by evaluating five major components of laboratory processes, namely i) Specimen, ii) Test system, iii) Reagent, iv) Environment, and v) Testing. All risks that would be identified using the questionnaire can be quantified by calculating the risk priority number (RPN) using the tool, failure modes, and effects analysis (FMEA). Based on the calculated RPN, identified risks then shall be prioritized and mitigated. Based on our collective laboratory management experience, we authors also enlisted and scheduled a few process-specific quality assurances (QA) activities. The listed QA activities intend to monitor new risk emergence and re-emergence of those previously mitigated ones. We authors believe that templates of risk identification, risk quantification, and risk surveillance presented in this article will serve as ready references for supervisors of clinical laboratories.


Introduction
The test results generated by clinical laboratories aid in both diagnosis of patients' medical conditions and their continuous treatment monitoring. Since laboratory test results form an integral part of medical decisions, it becomes an absolute necessity that results generated by the lab are highly reliable and accurate. In recent years the field of laboratory medicine has shown tremendous technological advancements and automation in all of its major processes, which include pre-examination (pre-analytical), examination (analytical), and post-examination (post-analytical) processes. Despite the automation of processes, some risks are persistent, and those, if not controlled adequately, could result in a wrong diagnosis, wrong treatment, and ultimately morbidity and mortality. So identification and mitigation of potential risks associated with laboratory processes shall always be given prime importance. Risk management in laboratories, like any industry, follows similar strategies that include creating a process map that gives a better understanding of process flow among staff. Followed by which potential sources of errors are identified and assessed for their impact based on severity, the likelihood of occurrence, and detectability, implementing controls and checks to prevent and detect error before it harms the patient. This technical report is to emphasize that patients can be harmed not only by the issuance of erratic results but also due to failure of certain processes like delayed result generation or delayed critical results communication, etc.

Risk management and internal standards
The International standards organization (ISO) 3100:2018 standard on principles and generic guidelines on managing risks faced by organizations define risk as 'the effect of uncertainty on objectives'. Though this definition can be interpreted in different ways, in simple terms, it is the probability of an unfortunate occurrence. The standard ISO 15189:2012, which specifies the requirement of quality and competence in medical laboratories states, 'The laboratory shall evaluate the impact of work processes and potential failures on examination results as they affect patient safety and shall modify processes to reduce or eliminate the identified risks and document decisions and actions taken'. It is evident from the above statement that the emphasis is on patient safety rather than risks arising due to lab safety issues, i.e., biological or chemical hazards. However, ignoring these risks could also have serious consequences on testing personnel and the testing environment to an extent causing a temporary or permanent shutdown of laboratories. So as a good laboratory practice and irrespective of accreditation status, risk management assessing all laboratory processes should be carried out to ensure both patients and personnel safety. Risk management is a cyclic preventive action that constitutes risk identification, risk quantification, risk prioritization, risk mitigation, and surveillance through a set of recurrent quality assurance activities [1].

Risk identification
A typical risk management activity starts from the identification of potential risks in current processes. There are three major processes within a clinical laboratory, namely pre-examination (pre-analytical), examination (analytical), and post-analytical. A logical approach for risk identification would be to map the steps within existing processes and evaluate for associated risks. We, the authors, developed a practical tool through the evaluation of the five components, namely i) Specimen, ii) Test system, iii) Reagent, iv) Environment, v) Testing personnel, and have developed a comprehensive seventy-point risk identification questionnaire which is listed in Table 1

Risk quantification
Risk quantification is a process of evaluating identified risks, which is the sentinel step in making the right decisions as to what needs to be done to remove or reduce the chance of its occurrence. Identified risks shall be quantified using the FMEA tool, which is based on the calculation of the RPN. RPN is a multiplication product of scores assigned for severity (S), likelihood of occurrence (O), and likelihood of detection (D), and Table 2 contains the details of the scoring assignment system [2][3].

Severity (S) 1
Effect  If a risk leads to error, how severe it could harm the patient? Scores are assigned between 1 and 10, which means that risks with a score of 1 are very unlikely to harm the patient, and those assigned a score of 10 are very likely to cause severe harm (morbidity or mortality). 2 Likelihood of occurrence (O): How likely is the identified risk that could lead to error? Scores are assigned between 1 and 10, which means that for risks with a score of 1, errors are least likely or rare to occur, and for those assigned a score of 10 errors can occur very frequently. 3 Likelihood of Detection (D): How likely are the errors will be detected? Scores are assigned between 1 and 10, which means errors with a score of 1, are easily detectable/obvious, and those assigned a score of 10 are completely not-detectable [3].

Risk prioritization
In simple terms, it is the process of determining the sequence in which the identified risk will be acted upon. It may appear easier at first glance that this task of assigning priority could easily be achieved by looking at the RPNs. It is a tough task if clusters of risks will be identified and all of them have the same RPNs. In general, most rational approaches are based on answering a few questions, such as How critical it is in compromising patient safety? How imminent is the error? What impact it could cause immediately and in the future on the reputation of the Laboratory? What are the expected financial losses to the Laboratory? Whether the risk has the potential to recur within the period of non-attention when it has not received priority? [4]. All the risks identified shall be listed using the template, as shown in Table 3.

Risk Quantification Mitigation
Re-quantification

S.
No.

Risk mitigation
This step of risk management involves the planning and development of methods and options that are focused on reducing the risks and errors that might occur as a consequence of a risk. There are three important strategies of risk mitigation that are specifically applicable to healthcare settings, namely 1) Avoid: This type of strategy is usually adopted when identified risks have to be completely eliminated as it may have direct effects on the reputation of the organization. For example, suspending routinely requested tests due to the non-availability of reagents or consumables. For example, sudden suspension of cardiac markers or any similar critical testing can have a major negative impact on a patient's clinical management, and labs are always expected to have contingency plans in place for such testing services. 2) Control: This strategy applies to those risks that are repetitive and can never be completely eliminated as they are inherent to an existing system of operation. A classical example in a laboratory for this strategy is analyzing quality control materials before analyzing the patient samples. It is the responsibility of the laboratory to decide upon the frequency of such analysis to keep control of the risk of generating and releasing erratic test results. 3) Watch/Monitor: This strategy is watching and identifying any changes that can affect the impact of the risk. For example, during the COVID-19 pandemic, many healthcare organizations took a risky decision to invest in setting up a molecular diagnostic laboratory, the reason why it is risky is that governments had decided to price cap COVID-19 testing and poorly planned resource allocation could have led to huge financial losses. Another similar example is at the start of the pandemic, there were many rapid card-based test methods with limited or unknown sensitivity, and specificity was used widely. Hospitals that could not afford the state of the art of molecular method opted to use these rapid tests. In such a scenario, watchful surveillance of predictive values of such card-based tests becomes essential [5].

Surveillance
Risk surveillance is a thorough set of quality assurance activities carried out in a scheduled manner, either through brainstorming sessions with the risk management team members or by adopting recommendations of regulatory bodies or published guidelines. The quality assurance activities, as listed in Table 4, could be as small as logging housekeeping of laboratory to hospital server backup activities. Surveillance helps to continuously evaluate the effectiveness of completed risk management activity.

Discussion
The procedure typically starts by forming a risk management committee constituting key personnel of the Laboratory and a few Adhoc members at the discretion of the main members. The committee shall perform a process flow analysis of all laboratory technical processes (pre-examination, examination, and postexamination). Evaluate the five major components of the testing process, namely Specimen, Test system, Reagent, Testing Environment, and Testing personnel, to identify potential sources of errors. In this regard the committee shall meet regularly for brainstorming sessions to review the laboratory's established policies, standard operating procedures, and work instructions; feedback about the front office and phlebotomy services; annual feedback from internal customers (hospital physician and nurses); performance of established quality indicators; equipment records, including major and minor breakdown logs; records of the callback of supplied reagents, calibrators or quality control lots; performance in proficiency testing programs; vendor evaluation records; adverse occurrence/incidents reports; personnel employee training records and training needs assessments.
The current paper presents a seventy-point questionnaire listed in Table 1 that shall serve as a readymade template for laboratorians to complete the risk identification step. This article also presents Table 2, which aids in score assignments for risks identified, and Table 3, which gives a template for initial RPN calculation and recalculation following the implementation of corrective actions. Table 4 presents a list of scheduled quality assurance activities that helps not only in controlling the re-emergence of already mitigated risks but also in the emergence of any potential risks. Figure 1 demonstrates a typical flow of the described risk management procedure.

FIGURE 1: Risk Management Process Flow
There are pieces of literature quoting RPN targets between 300 to 1000, but in a healthcare setting, any risk with RPN greater or equal to 100 has the potential to cause an error and should be eliminated [6]. On the other hand, it is also quite possible that a few of identified risks may have RPN less than 100, but the severity score assigned might be 9 or 10. Such risks should not be ignored based on low RPN only, and control measures should be devised and implemented to eliminate them from the process.

Limitations
Though FMEA-based risk management is considered highly practical and prevalent, there are certain subjective components to it. For example, score assignments for the severity of identified risks are subjective and might directly affect the RPN calculation [7]. There are chances for both under and overestimation of RPN. From the flow of risk management described in Figure 1, it is evident that RPN is the deciding factor of risk mitigation and should be accurate. Table 2, containing the scores and the criteria, to a greater extent, helps to avoid the subjective component in score assignments.

Conclusions
Risk management, though it originates from manufacturing industries, is not a newer concept in healthcare settings. As we are in the era of evidence-based medical practice, there has been a lot of focus on this topic. There are plenty of published pieces of literature on risk management in health information protection, healthcare process management, in-vitro diagnostics production, pharmaceutical production, drug dispensing, and so on. In developed nations, risk management forms an essential component of their patient safety program. Risk management in clinical laboratories is an essential quality improvement activity that must evaluate all processes involved in testing. It is a repetitive preventive action that needs to be carried out by laboratories at least annually. The risk identification questionnaire demonstrated in this article is easy to understand and implement and can be assigned to any supervisory staff for completion without needing additional training. Similarly, the Quality Assurance (QA) activities enlisted are quite comprehensive and include both technical elements and general management elements. The schedules for QA activities are majorly classified into daily, monthly, and annual basis are clearly indicated in the text. These identified QA activities serve as tools for both risk surveillance and capturing quality indicator data of laboratory processes.
As a continuous improvement initiative, these QA activities shall be assessed, and appropriate actions shall be planned, implemented, and documented. We authors, through this report, have tried to provide a sustainable solution to laboratory supervisors for carrying out risk management exercises.

Additional Information Disclosures
Human subjects: All authors have confirmed that this study did not involve human participants or tissue. Animal subjects: All authors have confirmed that this study did not involve animal subjects or tissue.

Conflicts of interest:
In compliance with the ICMJE uniform disclosure form, all authors declare the following: Payment/services info: All authors have declared that no financial support was received from any organization for the submitted work. Financial relationships: All authors have declared that they have no financial relationships at present or within the previous three years with any organizations that might have an interest in the submitted work. Other relationships: All authors have declared that there are no other relationships or activities that could appear to have influenced the submitted work.