The regulation of quality and safety for health service providers in Norway is based on a functional legislation, outlined as enforced self-regulation with
ISO 9001 certification, accreditation and health care regulation
by the Norwegian Board of Health Supervision (NBHS), through the 18 Offices of the County Governors. Most supervision of hospitals takes the form of system audits, whose aim is to ensure and control whether health service is in compliance with national regulations. The internal control system was stated by law in 1984 [86]. The legal requirements are not regarded as prescriptions of performance but confined to what is considered necessary for ensuring sound professional practice and safety and quality in health services [84]. This means that hospitals have the latitude to make decisions about their organization and priorities related to patient treatment, including the authority to instruct hospital personnel within the limits of legal requirements and their obligation to work according to sound professional practice [84]. The legal requirements for internal control systems were inspired by the established acts relating to working environment and the petroleum sector. When the law was enacted in 1984, the term “self-control” was used. It was a more general requirement, stating that every health provider should control its own performance, based on the assumptions for professional self-regulation in medicine and the medical practice [85, 87].
In 1995, the Norwegian Board of Health Supervision published a national strategy aimed at establishing systematic quality management in health care services. The goal was to establish internal control systems in all hospitals by the year 2000 [88]. In 2001, however, a national audit performed by the NBHS concluded that hospitals “have not reached the goal of comprehensive and effective internal control systems/quality systems in health by 2000, as set out in "National strategy for quality improvement in health care [89, Ch. 7].” It added that there was a clear and unquestionable need for a statutory regulation that clarified the law about internal control system. A statutory regulation took effect in January 2003, the year after a guide for internal control in health and social services, "How to Keep Your Own House in Order,” was published by the Norwegian Directorate of Health [90]. The guide explained how the internal control system could help to increase the safety of clients and patients, and how internal control has been a valuable management tool in activities that involve risk. It described internal control as consisting of activities “[...] to ensure that the organization's tasks are planned, organized, performed and maintained in accordance with the requirements of the legislation. The main demand is the requirement for soundness” (p.7). The guide also stated that leaders are responsible for managing internal controls systems and integrate the system
ISO 9001 certification, accreditation and health care regulation
into daily practice. In 2007, more than a decade after the internal control regime was enshrined in the law, a report published by the Norwegian Directorate of Health [91], made by “people from the field of practice”, described the internal control as a new area in the health sector. Internal control, quality management systems and ISO certification were cited as good examples to ensure quality, especially when it came to continual improvement (p. 20).
In parallel with the challenges of establishing well-functioning internal control systems in Norway, the early initiatives of ISO 9001 certifications in hospitals started. In 2002, the Hospital Innlandet HF, Kongsvinger became the first hospital to be certified according to the ISO 9001:2000 standard [92]. Three years later, the Eastern Norway Regional Health Authority3 adopted the ISO-9001 as a guide for all its hospitals, in order to operationalize the internal control system requirements [93]. It was argued that the lack of follow-up on the internal control system could relate to “difficult conceptualizations, vague demands, uncertainties about overall quality management systems and its advantages" [94]. In 2007, the Norwegian Board of Health Supervision carried out supervision of 27 emergency departments in the specialist health service in Norway [95]. The inspectors noted several failures and painted a picture of poor management, prioritization and patient treatment. The Southern and Eastern Norway Regional Health Authority and the Norwegian Accreditation (NA)4 followed up on these challenges in 2008 by initiating a pilot project for certification of emergency wards in Norway according to the ISO 9001:2008.
They also developed extended requirements in order to pilot the future accreditation of emergency departments [96].
The certification initiatives came at a time when the evidence base for certification and accreditation effects was both called for and questioned [23, 31, 97, 98]. In Norway, the lack of evidence was questioned both among
3 On 1 June 2007, the Eastern Norway Regional Health Authority and the Southern Norway Regional Health Authority were merged into the Southern and Eastern Norway Regional Health Authority. There are now four Regional Health Authorities in Norway.
4 NA is the Norwegian body for accreditation of laboratories and sampling organizations, certification bodies, inspection bodies, and environmental verifiers (EMAS). NA represents Norway in the European Co-operation for Accreditation (EA), the International Laboratory Accreditation Cooperation (ILAC) and the International
ISO 9001 certification, accreditation and health care regulation
researchers at the Norwegian Knowledge Centre for the Health Services [43, 99], in policy development and in debates in the Norwegian parliament [100, 101]. The Norwegian Directorate of Health [102] reported that more hospitals and wards had started using ISO 9001 certification in regulating their quality and safety. Such approaches had been used for laboratory and technical activities in hospitals, but to a very little extent in clinics. The Norwegian Directorate of Health considered ISO 9001 as useful in following up on the requirements of internal control regulations, and mentioned that the hospital Asker and Bærum HF had, among others, gained good experience using ISO certification to operationalize the internal control regulations. However, the Norwegian Directorate of Health pointed to the lack of evidence and declined to recommend a mandatory certification or accreditation program.
In 2015, the National Health and Hospital Plan for 2016−2019 reported, “It is the Government's goal to introduce a system for quality certification of hospitals” [103]. This white paper was the first official government policy to take a stance on the establishment of certification systems in hospitals. The ISO 9001 certification was highlighted since it contained many of the same elements for quality improvement as internal control regulation.
In January 2017, the regulation on internal control systems [104] was replaced by the Regulation on Leadership and Quality Improvement in the Health and Care Services [105]. Both in the regulation and the associated guide from the Norwegian Directorate of Health [106] internal control concept was downplayed in favor of leadership and quality improvement. The intention was to make it clear that internal control was an integrated and natural part of the organization’s management system. It also illustrates the close connection between development and application of internal control and quality management [85]. The structure of the regulation and the guide is based on Deming's four step (Plan-Do-Check-Act) management approach for control and continuous improvement of processes and products, which is also the foundation for the ISO 9001 standard [107].
ISO 9001 certification, accreditation and health care regulation
Figure 2: A simplified illustration of the organization of the health care system in Norway in relation to the system for accreditation and certification.
There seems to be a general agreement in policies for internal control and quality management in Norway that the foundational approaches in the ISO 9001 standard itself follows the same foundational principles and approaches as laid down in the Norwegian health care regulation. Despite different efforts, the government has not yet established any mandatory certification programs for quality management systems in hospitals, and the adoption of ISO 9001 certification is voluntary for health care organizations.
Five (four when data for this thesis were collected) commercial certification bodies in Norway have the accreditation to perform hospital certification according to the ISO 9001 standard [108]. These bodies are accredited to perform certification by the Norwegian Accreditation (NA), a national body under the Ministry of Trade, Industry and Fisheries. The Norwegian Accreditation is a signatory of the IAF MLA agreements related to accreditation.
Theory
3 Theory
In order to explore external drivers for hospital certification, the understanding and practice of certification processes, and their possible contribution to performance improvements this thesis draws on four theoretical perspectives.
Taken together, these perspectives explore certification as an institutional and organizing construct that unfolds through interaction between inter-organizational- (macro level) and intra-organizational fields (meso and micro level). The four theoretical contributions are as follows.
1) The institutional perspective and organizations [1-4, 6, 109-113]. This perspective helps to see how macro institutional elements (e.g., management ideas, schemes or regulations) shape or trigger organizations.
2) The sensemaking perspective [114-119] helps to see how people in organizing activities (e.g., certification processes) use institutional structures to give meaning to their actions. Although certification is based on external control mechanisms, it nevertheless requires internal processes within organizations.
3) Governance perspectives [3, 5, 10, 13, 16, 34, 120-123] help to see how organizational accountability and transparency are constructed among external actors, using standards, modes and methods for information gathering and behavior modification (e.g., audits and certification), and the organizations are supposed to give account.
4) Resilience perspective [18, 19, 124-128] helps to explain complex organizations’ (e.g., hospitals) potential to respond to, readjust or recover from variability and disruption, and how organizing activities (e.g., external audit) may shape resilient intra- and inter-organizational performance.
The following chapter outlines the four theoretical perspectives and how they are interrelated. At the end of the chapter the objectives and research questions for the thesis are presented along with the analytical working model.
Theory