ISO 9001:2008 – Are you using the right edition?

If you’re certified to ISO 9001, Quality Management Systems – Requirements, you’ll want to make sure you’re using the right edition of the document.

With new changes released in 2009, there’s some confusion over exactly what is the current edition of the ISO-9001:2008.

The problem stems from having a corrected and reprinted edition released at the same time the Technical Corrigendum was issued (7/15/2009).

So in fact, you can have your document one of two ways, and you’re going to be just fine:

1.  You can use the corrected and reprinted 4th Edition from 7/15/2009.  This is a completely reprinted copy with the changes integrated into the text of the standard.

or

2.  You can use the original 4th Edition from 11/15/2008 and the Technical Corrigendum from 7/14/2009.  In this case, the changes are contained in the Corrigendum (correction sheet) only.  So you’ll have to manually integrate the 7 pages of changes into the original 11/15/2008 copy of the standard.

What determines which path you take?  If you get the reprinted and corrected document, you’ll have to pay for the standard again.  If you just get the corrigendum, the costs will be minimal.  But you’ll have to spend the time to get the changes integrated into your original copy.

In either case, Document Center Inc. can help you with copies available of all 3 components.  Just get in touch with us at info@document-center.com, by phone at 650-591-7600 or on our website at www.document-center.com.

Administrative Changes to Standards — What does it all mean?

One of our customers called today just to ask us what some of those odd changes to Standards actually mean.

Since purchasing standards can be expensive, it’s best to know what you’re going to be getting before you plunge ahead.  So let’s review some kinds of changes that can happen to standards and discuss if they should signal a buying opportunity for you or not.

First up: Reapproval, Reaffirmation and Validation.  All three terms mean the same thing — the standard has been reviewed and is still wonderful just the way it was.  If the standard’s still great, why issue this notice or republication?

For the folks who oversee standards, there is a need to prove to the public that the documents are being maintained.  So good standards practice suggests reviewing every standard you’re responsible for (caretaker of) every five years.  The issuing of a notice or the republication of a standard with a reapproval or reaffirmation date is a way to permanently confirm that good practices have been met.  And this periodic review is mandatory for compliance with the rules of  adoption for American National Standards Institute (ANSI) documents.

FYI:  The validation notice states that a document is still valid for U.S. Department of Defense (DOD) procurement.  It is issued by the DOD and reminds us that the mil-spec system is basically support for military purchases.

Next on the list: Editorial Changes.  Most notably used by ASTM International (formerly the American Society for Testing and Materials), an editorial change modifies the document but doesn’t affect the technical content.  You’ll see them as part of the  revision level information in the document number, i.e., ASTM-B899-09e1.  This is the document ASTM B899, 2009 Edition with 1 editorial change.

What could be an editorial change?  Perhaps an association was mentioned in the standard and the address of the association has changed.  Perhaps a phone number was included and the phone number has changed.  Remember, the change will not affect the technical content, so its going to be a non-essential piece of information.

How about a Non-Current or Inactive notification?  Both mean the same thing — The standard is good to use for replacement purposes but is not authorized for new design.  That is, if you have an existing product to maintain, it’s OK to use the standard.  But if you’re going to design something new, use something else.  With luck, the notification will point you to a replacement.  But not always…

A Cancellation Notices is another kind of notice that you may or may not need.  It will be issued for two reasons.  It presents an authorized notification that a standard has been withdrawn and is no longer valid.  And it may provide the caretaker with a way to direct users to a replacement document or to let them know the standard has no superseding document.

All of the changes above are primarily administrative in nature.  They do not make technical changes to the document.  Are they necessary to purchase?

My answer is always, “It depends on the situation.”  For reaffirmations, reapprovals and validations — not necessary unless you have an auditor coming in.  If you use the document for compliance, you’ll want every little thing every time.  If not, then these items are not so critical.

For editorial changes, it’s very much the same situation.  The information can certainly be useful, but if money’s tight it’s not essential.

Cancellation notices are often notated in databases and catalogs.  So unless you need a paper trail (or again, you’re getting audited), it may not be necessary.  But if you have a customer who thinks you should be using an obsolete document, then a cancellation notice or cancellation revision can support your case about as strongly as you would ever want!

There’s a couple more kinds of notices that do cause confusion.  The first is the technical corrigendum.  This is just a fancy name for a change notice.  Don’t let this one go by — It’s got corrections to the document that you will want to know about.  Errata are the same, document corrections that you need to have (usually printing errors to tell you the truth).

Amendments and change notices are in the same category but usually are longer and may offer new information to add to the standard.  Again, don’t leave home without it.

Do you have any questions about the many little things that can be called out to accompany a standard that you’re using or that you need?  Check in with us at Document Center (www.document-center.com) by email at info@document-center.com or give us a call at 650-591-7600.  We’ll be happy to answer your questions and perhaps it will even be included in this posting or a new one!

Attack of the Clones: Why are there so many versions of some ISO standards?

Here is a question I get asked all the time:  “Which standard should I use:  ASQ-Q9000, ISO-9000 or BS-EN-ISO-9000?”

And every day I look at the 2002 poster for World Standards Day with the tag line “One standard, One test, Accepted everywhere.”

So the question is, why are there so many editions of some ISO documents when our stated goal is to just have one?

To get to the bottom of this question, we’ll be talking about 3 concepts:  Jurisdiction, Adoption, and Translation.  When we get done, you’ll at least know the reason for the many “clones” of some of the most widely used ISO standards.

First of all, the concept of jurisdiction.  The ISO standards are meant to be International Standards, hence ISO, International Organization for Standardization.  However, there are other jurisdictions as well — Regional (like the European Union) and National (like the United States).

You might think that once an International Standard is published, everyone should be free to use it and that would be the end of the story.

But no — In the European Union, for example, regional standards are a response to legal regulation (the directives).  In order  to assure legal compliance to regional regulation and laws, EN standards are created as designated by applicable directives.

If an ISO document meets  the requirements of a particular directive, it can be adopted by the European Standards Body (CEN).  Then, it is published for public distribution by each country in Europe as the document is implemented.  That way, it is clear which countries are in compliance at any given time.

So, with the ISO-9000, EN adoption creates 27 differently numbered documents (like, BS-EN-ISO-9000, the official English language edition, DIN-EN-ISO-9000, the official German language edition, and so on), one for each country in the European Union.

ISO standards are also adopted by  countries as well as regions.  An example of this is the Canadian Standards Association document  CSA-ISO-9000.  In this case, the ISO-9000 is republished when Canada adopts the standard, at the national rather than  regional layer of jurisdiction.

One feature to pay attention to is the fact that the ISO standard will be reprinted in it’s entirety when adopted, but will have cover sheet administrative information as well in most cases.  This information may be about what national documents were withdrawn in favor of the ISO or EN adoption, or when the standard must be implemented by users.

And lastly, a country that is involved in the development of an ISO standard has the right to republish the document as a country-specific translation.  So, because ASQ (the American Society for Quality)  participates for the U.S.  in the Quality committee at ISO, the ASQ-Q9000 is the U.S. translation of the ISO-9000.  The U.S. translations are almost word-for-word identical to the English language ISO originals — the only difference is that the ISO standard uses British English spelling, and the U.S. uses American.  So if an ISO standard includes the word “colour” the U.S. translation would have the word spelled “color.”

So in 1992, there were 42 adoptions or translations of ISO-9000 in existence.  In 2002, 134 countries were issuing certificates of compliance and in 2007 there were 175 countries counted.

Our advice to customers is to use the highest level of jurisdiction whenever possible, because it will be revised first at the highest level.  So for the ISO-9000 standard series, ISO (the international jurisdiction) will be the first to issue technical content changes.  All adoptions and translations will happen after the initial ISO release.

However, sometimes there are reasons to choose other editions.  If cost is a factor, a national translation may often be the least expensive way to go, as all revenues go to the publishing organization only, as a way to cover the costs of committee participation.

Another reason to choose a different edition is to cater to either an important customer or a particular auditing body.  If your auditor is from BSI, you might choose the BS-EN-ISO-9000 series so that your auditor is impressed by your concern to follow the administrative information that is published in the adoption section of the publication.  If you do business in Australia, you might use the AS/NZS ISO 9000, the Australian/New Zealand joint adoption of the ISO standard.

This is always a hard concept for many people to understand.  If you’ve still got questions, please ask us by emailing us at info@document-center.com.

For our next blog, we’ll be looking at this same issue but from a different viewpoint.  I’m getting a lot of questions about why EN adoptions of ISO standards are coming out with new revisions when the ISO documents remain unchanged.  So, until next time…


Our Top 10 Health Information Technology Standards — and 4 you must know about…

Having trouble knowing where to start with your Electronic Medical Record implementation?  Here’s our list of some of the most important Health Information Technology Standards to help you get familiar with the field.

1.  ASTM-E2553 – Guide for Implementation of a Voluntary Universal Healthcare Identification System

This guide provides you with implementation principles needed to create a healthcare identification system.  It is intended to help you clearly identify the individuals in your healthcare delivery system.

2.  ASTM-E1714 – Guide for Properties of a Universal Healthcare Identifier (UHID)

Originally intended for the U.S. population, the guide covers a set of requirements “outlining the properties required to create a universal healthcare identifier system.”   The goal:

Positive identification of patients, automatic links to all computer-bases records on that patient, data security, and record handling efficiency.

3.  ISO-27799 – Health informatics — Information security management in health using ISO/IEC 27002

The standard provides you with a set of detailed controls and security best practices.  It will assist in the implementation of a system that maintains confidentiality, integrity of information, and availability of patient health records.  It covers a wide variety of data formats.

4.  ISO-21548 – Health informatics — Security requirements for archiving of electronic health records – Guidelines

A companion to the document below, this is an implementation guide for EMR archiving.

 

5.  ISO-21547 Health informatics — Security requirements for archiving of electronic health records — Principles

This technical specification defines the basic principles required to preserving health records in any format.  It is focused on document and records management, with an emphasis on privacy protection.

6.  ISO-22600-1 – Health informatics — Privilege management and access control — Part 1: Overview and policy management

Another technical specification, this time supporting the needs of record sharing partners as diverse as health insurance companies, patients, government, and other healthcare organizations.

7. ASTM-E1869 – Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

This standard is another take on the issues of patient privacy and confidentiality. It provides the user with basic principles and ethical practices for handling confidential patient information.

8. ASTM-E1985 – Guide for User Authentication and Authorization

This guide can assist healthcare providers who are implementing EMR software by providing information on the design, implementation and use of authentication mechanisms.

9.  ISO-18308 – Health informatics — Requirements for an electronic health record architecture

This technical specification assembles a set of clinical and technical requirements for EMR architecture.  It’s goal is to support the exchange of health records across various sectors and jurisdictions.

10.  ASTM-E1384 – Practice for Content and Structure of the Electronic Health Record (EHR)

This is the ASTM take on what the content and logical data structure of an EMR needs to be.  It provides a common vocabulary to assist in the development, purchase and implementation of EMR systems.  It helps map the content of the EMR to a number of biomedical and other health informatics standards.

And the 4 Standards you need to know about:

HL7-CDA – The Clinical Document Architecture

This standard provides an XML-based model for the exchange of clinical documents (like discharge summaries).  The document creates information that is both machine- and human-readable.  Display is available in web-browsers and wireless applications like cell phones.  It tends to be used in applications for large-scale implementation, like large hospital chains.

CCD – Continuity of Care Document

This is a joint standard generated by ASTM and HL7 to combine the benefits of the ASTM CCR standard (below) and the HL7 CDA standards (above).  It is for use in the U.S. only.  It basically is a method to create simpler documents now (probably from legacy information) with a migration path to the more complex CDA protocol later.

ASTM-E2369 – Specification for Continuity of Care Record (CCR)

This standard also provides for the exchange of clinical documents, with some XML, in a more flexible schema.  The goal in creating the standard was to tag specific elements in a health record so that data could be communicated in a vendor-neutral fashion.  It tends to be used in smaller-venue applications.

DICOM – Digital Imaging and Communications in Medicine

DICOM is a multi-part document created by a joint committee of the American College of Radiology and the National Electrical Manufacturers Association.  It defines standard methods of transmission of medical images and their associated information.  The importance of DICOM in the Health Informatics is that it addresses the integration of specialty application information into the Electronic Health Record.

A complete list of Health Informatics Standards is available at our website:

www.document-center.com

Please contact me, Claudia Bach, with any questions you might have.

Health Informatics — A Classic Standards Tale

What makes a classic standards story?  Money, politics, dueling committees  — listen, health informatics has it all!

Standards for Electronic Medical Records (EMR, also known as Electronic Health Records, EHR) are just a new development in a process that has been going on in the medical industry for some time.  Frankly, many of the document formats and records management protocols in recent years have been in response to the medical sector’s heavy investment in technology to improve patient care.

But with the entry of the U.S. Federal government into the fray with the e-Health initiative that is part of the stimulus package, we’ve definitely entered a new era for standards development and EMR products.  The recent release of the Department of Health and Human Services’ RIN 0991 – AB58  (Interim Final Rule on Health Information Technology:  Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology) makes it clear that the Federal Government is going to be a big player in this process.

Let’s see, money…  Health Informatics has already been identified as a hot growth sector, with estimates of market being in the range of $1 billion in 2005, with a growth potential of $4 billion in 2013.  But, with regulators looking to mandate the use of EMR to submit Medicaid and Medicare transactions, the estimates could be significantly understated.

Politics?  The government’s stated intention to become a major user of EMR has generated responses from Doctors, Health Care Privacy organizations, and from the Standards Organizations that are already involved in this work.  Believe me, the idea of electronic health records in the hands of government bureaucrats gets some people going.  Add to this the draft stimulus package’s requirement to use EMR-generated databases to provide “biosurveillance,” and life gets exciting!

And of course, no standards classic would be complete without competing standards.  Like VHS and BetaMax, there are 2 sides to this story.  ASTM is on one side, with the CCR Standard (Continuity of Care Record) and Health Level 7 (HL7) is on the other with CDA (Clinical Document Architecture) and CCD (Continuity of Care Document).

It appears the the ASTM-led effort has produced a Standard that is less complicated and is used successfully in software products geared for private physician practices.  The HL7 set has been implemented for larger scale products aimed for hospital applications.   And wouldn’t you know it?  Google and Microsoft are getting into this business, with the Google application being based on CCR and Microsoft’s using both the CCR and CDA/CCD approaches!

But wait!  RIN 0991-AB58 suggests that the Dept. of Health and Human Services (DHHS) is going to sponsor a whole new round of standards development in order to satisfy newly issued government requirements.  Thank goodness the American National Standards Institute (ANSI) has created a Standards Panel (HITSP) in the hopes of providing assistance to keep everything straight.  Looks like it’s just another day in the wonderful world of Standards….

Finding Standards Expertise Again

As owner of Document Center Inc. since 1985, I’ve seen tremendous changes in the world of Standards.  And the change that concerns me the most is the lost of Standards Expertise.

Three trends have caused the loss of personnel with real knowledge of standards, the standards process, and how to manage standards collections.

The first was MIL Spec Reform during the mid-1990’s.  When the Department of Defense decided to get out of the spec-writing business, the migration to industry-managed standards was a costly exercise for many business.  Information that had been free or extremely low-cost  was  suddenly 5 to 10 times as expensive.  Of course, the true migration of cost was from tax-payer money to fees from the actual document users.  But the pocket book effect significantly reduced the number of standards most businesses used.  With this reduction came the first loss of standards personnel as large standards libraries became obsolete.

The second trend was the Internationalization of Standards.  As companies started using non-U.S. documents,  the price differential was immediately noticeable.  European information has come with a high price tag.  Again, price pressure caused a reduction in documentation and the personnel to manage that information as companies strove to lower their out-of-pocket costs.

And finally, the repeated down-sizing and loss of manufacturing facilities in the United States has left many organizations without employees who understand what Standards bring to business.  Thus, many companies are limited in their ability to use Standards to their best advantage.

Having been in the business for over 25 years, and hearing customers express confusion about Standards every day, this blog represents the perfect opportunity to discuss  common  Standards and Standardization questions.

I also look forward to discussing trends and issues that are more strategic in nature.  In my mind, standards are one of the foundations of our economy and well-being.  I look forward to being part of a process that improves the effect they have on our world.