compliance Archives - Document Center's Standards Forum

Document Control – How to manage a Standards Collection

Quality and Compliance professionals know the importance of standards in the business setting. But keeping a standards collection current and correct can be a challenge for any organization.

Here at Document Center Inc., we’ve been working with standards for over 28 years. So we’ve got some experience in collecting and maintaining standards!

Managing standards is an essential function in any organization. Standards can positively or negatively impact your reputation and cause regulatory and quality problems. And regulatory and quality problems eventually create legal liabilities which are much cheaper to avoid than to repair.

We believe that by separating the documentation function into 5 easy pieces, any organization can have a reliable standards system. Here’s our plan:

Rule 1 – Define

Rule 2 – Assess

Rule 3 – Control Usage

Rule 4 – Procure

Rule 5 – Monitor

I’ll be using subsequent blogs to review the 5 Rules. Each requires some discussion so that you are able to institute good practices throughout the standards lifecycle.

Contact us any time with any questions or for assistance. We can be reached at our website www.document-center.com and via email at info@document-center.com. Of course, feel free to call us at 650-591-7600 or fax 650-591-7617.

Attack of the Clones: Why are there so many versions of some ISO standards?

Here is a question I get asked all the time: “Which standard should I use: ASQ-Q9000, ISO-9000 or BS-EN-ISO-9000?”

And every day I look at the 2002 poster for World Standards Day with the tag line “One standard, One test, Accepted everywhere.”

So the question is, why are there so many editions of some ISO documents when our stated goal is to just have one?

To get to the bottom of this question, we’ll be talking about 3 concepts: Jurisdiction, Adoption, and Translation. When we get done, you’ll at least know the reason for the many “clones” of some of the most widely used ISO standards.

First of all, the concept of jurisdiction. The ISO standards are meant to be International Standards, hence ISO, International Organization for Standardization. However, there are other jurisdictions as well — Regional (like the European Union) and National (like the United States).

You might think that once an International Standard is published, everyone should be free to use it and that would be the end of the story.

But no — In the European Union, for example, regional standards are a response to legal regulation (the directives). In order to assure legal compliance to regional regulation and laws, EN standards are created as designated by applicable directives.

If an ISO document meets the requirements of a particular directive, it can be adopted by the European Standards Body (CEN). Then, it is published for public distribution by each country in Europe as the document is implemented. That way, it is clear which countries are in compliance at any given time.

So, with the ISO-9000, EN adoption creates 27 differently numbered documents (like, BS-EN-ISO-9000, the official English language edition, DIN-EN-ISO-9000, the official German language edition, and so on), one for each country in the European Union.

ISO standards are also adopted by countries as well as regions. An example of this is the Canadian Standards Association document CSA-ISO-9000. In this case, the ISO-9000 is republished when Canada adopts the standard, at the national rather than regional layer of jurisdiction.

One feature to pay attention to is the fact that the ISO standard will be reprinted in it’s entirety when adopted, but will have cover sheet administrative information as well in most cases. This information may be about what national documents were withdrawn in favor of the ISO or EN adoption, or when the standard must be implemented by users.

And lastly, a country that is involved in the development of an ISO standard has the right to republish the document as a country-specific translation. So, because ASQ (the American Society for Quality) participates for the U.S. in the Quality committee at ISO, the ASQ-Q9000 is the U.S. translation of the ISO-9000. The U.S. translations are almost word-for-word identical to the English language ISO originals — the only difference is that the ISO standard uses British English spelling, and the U.S. uses American. So if an ISO standard includes the word “colour” the U.S. translation would have the word spelled “color.”

So in 1992, there were 42 adoptions or translations of ISO-9000 in existence. In 2002, 134 countries were issuing certificates of compliance and in 2007 there were 175 countries counted.

Our advice to customers is to use the highest level of jurisdiction whenever possible, because it will be revised first at the highest level. So for the ISO-9000 standard series, ISO (the international jurisdiction) will be the first to issue technical content changes. All adoptions and translations will happen after the initial ISO release.

However, sometimes there are reasons to choose other editions. If cost is a factor, a national translation may often be the least expensive way to go, as all revenues go to the publishing organization only, as a way to cover the costs of committee participation.

Another reason to choose a different edition is to cater to either an important customer or a particular auditing body. If your auditor is from BSI, you might choose the BS-EN-ISO-9000 series so that your auditor is impressed by your concern to follow the administrative information that is published in the adoption section of the publication. If you do business in Australia, you might use the AS/NZS ISO 9000, the Australian/New Zealand joint adoption of the ISO standard.

This is always a hard concept for many people to understand. If you’ve still got questions, please ask us by emailing us at info@document-center.com.

For our next blog, we’ll be looking at this same issue but from a different viewpoint. I’m getting a lot of questions about why EN adoptions of ISO standards are coming out with new revisions when the ISO documents remain unchanged. So, until next time…

Do you have any Standards questions?

For my next blog topic, I’m going to answer a common question these days — How come there’s so many different editions of ISO documents available?

But in the meantime, if you have any issues or questions that you’d like illuminated, please send along a comment to my blog. I’m actively looking for new subjects to write about!

Our Top 10 Health Information Technology Standards — and 4 you must know about…

Having trouble knowing where to start with your Electronic Medical Record implementation? Here’s our list of some of the most important Health Information Technology Standards to help you get familiar with the field.

1. ASTM-E2553 – Guide for Implementation of a Voluntary Universal Healthcare Identification System

This guide provides you with implementation principles needed to create a healthcare identification system. It is intended to help you clearly identify the individuals in your healthcare delivery system.

2. ASTM-E1714 – Guide for Properties of a Universal Healthcare Identifier (UHID)

Originally intended for the U.S. population, the guide covers a set of requirements “outlining the properties required to create a universal healthcare identifier system.” The goal:

Positive identification of patients, automatic links to all computer-bases records on that patient, data security, and record handling efficiency.

3. ISO-27799 – Health informatics — Information security management in health using ISO/IEC 27002

The standard provides you with a set of detailed controls and security best practices. It will assist in the implementation of a system that maintains confidentiality, integrity of information, and availability of patient health records. It covers a wide variety of data formats.

4. ISO-21548 – Health informatics — Security requirements for archiving of electronic health records – Guidelines

A companion to the document below, this is an implementation guide for EMR archiving.

5. ISO-21547 – Health informatics — Security requirements for archiving of electronic health records — Principles

This technical specification defines the basic principles required to preserving health records in any format. It is focused on document and records management, with an emphasis on privacy protection.

6. ISO-22600-1 – Health informatics — Privilege management and access control — Part 1: Overview and policy management

Another technical specification, this time supporting the needs of record sharing partners as diverse as health insurance companies, patients, government, and other healthcare organizations.

7. ASTM-E1869 – Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

This standard is another take on the issues of patient privacy and confidentiality. It provides the user with basic principles and ethical practices for handling confidential patient information.

8. ASTM-E1985 – Guide for User Authentication and Authorization

This guide can assist healthcare providers who are implementing EMR software by providing information on the design, implementation and use of authentication mechanisms.

9. ISO-18308 – Health informatics — Requirements for an electronic health record architecture

This technical specification assembles a set of clinical and technical requirements for EMR architecture. It’s goal is to support the exchange of health records across various sectors and jurisdictions.

10. ASTM-E1384 – Practice for Content and Structure of the Electronic Health Record (EHR)

This is the ASTM take on what the content and logical data structure of an EMR needs to be. It provides a common vocabulary to assist in the development, purchase and implementation of EMR systems. It helps map the content of the EMR to a number of biomedical and other health informatics standards.

And the 4 Standards you need to know about:

HL7-CDA – The Clinical Document Architecture

This standard provides an XML-based model for the exchange of clinical documents (like discharge summaries). The document creates information that is both machine- and human-readable. Display is available in web-browsers and wireless applications like cell phones. It tends to be used in applications for large-scale implementation, like large hospital chains.

CCD – Continuity of Care Document

This is a joint standard generated by ASTM and HL7 to combine the benefits of the ASTM CCR standard (below) and the HL7 CDA standards (above). It is for use in the U.S. only. It basically is a method to create simpler documents now (probably from legacy information) with a migration path to the more complex CDA protocol later.

ASTM-E2369 – Specification for Continuity of Care Record (CCR)

This standard also provides for the exchange of clinical documents, with some XML, in a more flexible schema. The goal in creating the standard was to tag specific elements in a health record so that data could be communicated in a vendor-neutral fashion. It tends to be used in smaller-venue applications.

DICOM – Digital Imaging and Communications in Medicine

DICOM is a multi-part document created by a joint committee of the American College of Radiology and the National Electrical Manufacturers Association. It defines standard methods of transmission of medical images and their associated information. The importance of DICOM in the Health Informatics is that it addresses the integration of specialty application information into the Electronic Health Record.

A complete list of Health Informatics Standards is available at our website:

www.document-center.com

Please contact me, Claudia Bach, with any questions you might have.

Finding Standards Expertise Again

As owner of Document Center Inc. since 1985, I’ve seen tremendous changes in the world of Standards. And the change that concerns me the most is the lost of Standards Expertise.

Three trends have caused the loss of personnel with real knowledge of standards, the standards process, and how to manage standards collections.

The first was MIL Spec Reform during the mid-1990’s. When the Department of Defense decided to get out of the spec-writing business, the migration to industry-managed standards was a costly exercise for many business. Information that had been free or extremely low-cost was suddenly 5 to 10 times as expensive. Of course, the true migration of cost was from tax-payer money to fees from the actual document users. But the pocket book effect significantly reduced the number of standards most businesses used. With this reduction came the first loss of standards personnel as large standards libraries became obsolete.

The second trend was the Internationalization of Standards. As companies started using non-U.S. documents, the price differential was immediately noticeable. European information has come with a high price tag. Again, price pressure caused a reduction in documentation and the personnel to manage that information as companies strove to lower their out-of-pocket costs.

And finally, the repeated down-sizing and loss of manufacturing facilities in the United States has left many organizations without employees who understand what Standards bring to business. Thus, many companies are limited in their ability to use Standards to their best advantage.

Having been in the business for over 25 years, and hearing customers express confusion about Standards every day, this blog represents the perfect opportunity to discuss common Standards and Standardization questions.

I also look forward to discussing trends and issues that are more strategic in nature. In my mind, standards are one of the foundations of our economy and well-being. I look forward to being part of a process that improves the effect they have on our world.