Care for Quality and Information Security: ISO 9001:2000 certified Health Centre on its way towards ISO/IEC 17799 certification The Slovenska Bistrica Health Centre provides its health services mainly to the residents of the Slovenska Bistrica and Oplotnica municipalities, but heartily accepts also others who turn up at its doors in need of treatment. No matter where the patients come from, we do our best that they are given the best possible health or dental care we are capable of providing, although the various health-awareness events we organise and hold in the aim to contribute to a higher quality of life or to prevent the occurrence of some illness are limited to the area and the residents of the two municipalities. Among the highest objectives guiding every single activity of the Health Centre, categorized as a medium institution, are efficient and successful cooperation with all parties involved in the process of diagnostics, therapy and rehabilitation, and successful business operation of the institution as a whole. The management of our institution therefore annually takes actions or introduces changes necessary to achieve a higher level of business efficiency and to meet the needs of individual patients and local environment as a whole. This year, for example, our plan has been to modernize the Centre a bit by the purchase of new medical equipment and by upgrading our health information system, as well as to continually improve the quality of our services by taking other necessary measures. Already in 2000 we played with the thought of establishing some kind of a standardised quality management system. Namely, we became aware that with the nature of the services we provide we should never allow their quality to be left to chance but to be a result of careful planning, faultless procedures and continuous monitoring where in the centre of everyone’s attention should always be a patient. Furthermore, we were convinced that the quality system in health care should never be established to its own end nor should be a mere imitation of what is certifiable or required by standards or other protocols but should ensure such quality which would be felt as something good by health workers (doctors, nurses) and patients alike. Therefore we decided to establish a quality management system according to the ISO 9001:2000 standard as its requirements for quality apply to all our employees regardless of their status - a doctor, nurse, technician, member of medical or non-medical staff - to the satisfaction and good of all involved in the process of health care. A certificate for the established quality management system to the selected standard was granted to us in 2005 by SIQ. As the satisfaction of our patients and continuous improving of our services are the main driving forces of our everyday endeavours, we systematically collect opinions, comments, praise and complaints given by patients as well as by the two municipalities, Health Insurance Institute of Slovenia and our employees, discuss about them, evaluate them and based on findings we develop strategies for the improvement of the quality of our services and the enhancement of the satisfaction of the patients and other parties concerned. To this end we also encourage our staff to continually improve their knowledge thorough training, to share their knowledge among themselves and to co-operate. We have also introduced a system of supplements, due to which we are non-stop able to ensure high quality health services even in the absence of a selected doctor. Health centres also compile huge quantities of confidential data on physical and mental condition of their patients and we are not an exception. There are important databases, electronic exchange of information, the Internet, there are talks about electronic personal health files and other electronic documentation, electronic prescriptions are soon to be introduced. Daily we deal with enormous quantities of information of which safety has not yet been properly ensured. However, we are aware that if we want to enhance the satisfaction of our patients we have to be able to ensure that any information on their health is protected against unauthorised access and abuse. Currently the most appropriate way for us to achieve that is to put our information system in compliance with the requirements of the ISO/IEC 17799 standard, and this is what we are doing now. Although we are aware that the quality of services and information security cannot be achieved overnight, we are lucky to have realised that to manage and maintain them is a never-ending process. Written by Jožica Lešnik, dr. med., Director of Slovenska Bistrica Health Centre, Slovenia Published in SIQ Newsletter, August 2006 Translated and adapted by SIQ Contact: SIQ Slovenian Institute of Quality and Metrology Mr. Branko Markun Trzaska cesta 2 SI-1000 Ljubljana Slovenia Tel: +386 1 4778 100 or Tel: +386 1 4778 155 Fax: +386 1 4778 444 branko.markun@siq.si www.siq.si