ISO 7101:2023

INTERNATIONAL ISO
STANDARD 7101
First edition
2023-10
Healthcare organization
management — Management systems
for quality in healthcare organizations
— Requirements
Management des organisations de soins de santé — Systèmes de
management pour la qualité dans les organisations de soins de santé
— Exigences
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization .7
4.1 Understanding the organization and its context . 7
4.2 Understanding the needs and expectations of stakeholders . 8
4.3 Determining the scope of the management system for quality in healthcare
organizations . 8
4.4 Management system for quality in healthcare organizations. 8
5 Leadership . 9
5.1 Leadership and commitment . 9
5.2 Healthcare quality policy . 10
5.3 Roles, responsibilities and authorities . 10
5.4 Service user focus . 10
5.5 Access to care . 11
6 Planning .11
6.1 Actions to address risks and opportunities . 11
6.1.1 General . 11
6.1.2 Risk culture .12
6.1.3 Risk management processes .12
6.2 Healthcare quality objectives and planning to achieve them .12
6.3 Planning of changes .13
7 Support .13
7.1 Resources . 13
7.2 Competence . 14
7.3 Awareness . 14
7.4 Communication . 14
7.4.1 General . 14
7.4.2 Service user communication . 15
7.4.3 Clinical communication . .15
7.4.4 External communications . 15
7.5 Documented information . 15
7.5.1 General .15
7.5.2 Creating and updating documented information . 16
7.5.3 Control of documented information . 16
7.5.4 Information management systems . 16
7.5.5 Control and management of electronic information . 17
7.5.6 Audit of records . 17
8 Operation .18
8.1 Operational planning and control . 18
8.2 Healthcare facilities management and maintenance . 18
8.2.1 General . 18
8.2.2 Contingency planning for facilities and services . 19
8.2.3 Equipment . 19
8.3 Waste management . 20
8.3.1 General .20
8.3.2 Waste reduction . 20
8.3.3 Environmental responsibility . 20
8.4 Handling and storage of materials . 20
iii
8.5 Service user belongings . 21
8.6 Emerging technologies . 21
8.7 Service design in healthcare . 21
8.8 Supplies and services from external providers. 22
8.9 Provision of services .23
8.10 People-centred care . 23
8.10.1 General .23
8.10.2 Service user experience . 23
8.10.3 Compassionate care . 24
8.10.4 Inclusivity and diversity . 24
8.10.5 Health literacy .25
8.10.6 Co-production . 25
8.10.7 Workforce wellbeing . 25
8.11 Ethics . 26
8.12 Patient safety . 26
8.12.1 General . 26
8.12.2 Knowledge and learning in safety . 26
8.12.3 Patient identification . 26
8.12.4 Medication safety. 27
8.12.5 Surgical safety . 27
8.12.6 Infection prevention and control (IPC) . 27
8.12.7 Prevention of falls, pressure ulcers and thromboembolism .28
8.12.8 Diagnostic safety .28
8.12.9 Blood transfusions .28
9 Performance evaluation .29
9.1 Monitoring, measurement, analysis, and evaluation .29
9.1.1 General .29
9.1.2 Healthcare quality indicators .30
9.1.3 Methods . 30
9.1.4 Results .30
9.2 Internal audit . 31
9.2.1 General . 31
9.2.2 Internal audit programme . 31
9.3 Management review . 31
9.3.1 General . 31
9.3.2 Management review inputs . 31
9.3.3 Management review results . 32
10 Improvement .32
10.1 Continual improvement . 32
10.2 Nonconformity and corrective action . 33
10.2.1 General . 33
10.2.2 Management of nonconformity and corrective action . 33
Bibliography .35
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use
of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 304, Healthcare organization management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1  General
Healthcare systems and organizations of all sizes and structures embrace a culture of quality and
continual improvement with the objective of providing timely, safe, effective, efficient, equitable and
people-centred care. Given the current and future challenges in healthcare, more than ever it is vital to
improve service user experience, quality of care, and provide sustainable solutions.
Healthcare organizations around the world have been facing significant threats such as decreasing
financial resources, workforce shortages, increase in the number of people needing care as a result of
ageing populations, increasing rates of chronic disease, lack of shared data for decision making, scarcity
or inadequacy of medical equipment and medications, and an absence of clear healthcare system
governance. Many countries have embarked on universal health coverage, while others struggle with
rising healthcare costs. To compound this, a global pandemic has highlighted the importance of virtual
healthcare, new technologies, and the need to create and adapt approaches to healthcare management
and delivery. These health and organizational challenges require bold and innovative steps to improve
healthcare quality around the world.
This document provides requirements for management systems for quality in healthcare organizations.
As such, its target audience is broad, including any healthcare system, organization, or entity that aims
to increase the quality of its healthcare delivery and care outcomes. This includes ministries of health,
public and private healthcare systems, hospitals, clinics, non-governmental organizations and agencies
that provide healthcare services, and more.
This document conforms to ISO’s requirements for management system standards. These requirements
include a harmonized structure, identical core text, and common terms with core definitions, designed
to benefit users implementing multiple ISO management system standards.
This document contains the requirements used to assess conformity. An organization that wishes to
demonstrate conformity with this document can do so by:
— making a self-determination and self-declaration;
— seeking confirmation of its conformity by parties having an interest in the healthcare organization,
such as service users;
— seeking confirmation of its self-declaration by a party external to the organization; or
— seeking certification/registration of its management system for quality in the healthcare
organization by an external organization.
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of this document
0.2  Aim of a management system for quality in healthcare organizations
The aims of a management system for quality in healthcare organizations include the following:
— create a culture of quality starting with strong top management;
— embrace a healthcare system based on people-centred care, respect, compassion, co-production,
equity and dignity;
vi
— identify and address risks;
— ensure patient and workforce safety and wellbeing;
— control service delivery through documented processes and documented information;
— monitor and evaluate clinical and non-clinical performance;
— continually improve its processes and results.
0.3  Success factors
The success of a management system for quality in a healthcare organization depends on the
commitment from all levels and functions of the organization, led by top management. The top
management structure of the organization can create a culture of quality by including quality principles
in the organization’s strategic direction, decision making, and aligning them with other operational
priorities. Successful implementation of this document can demonstrate to stakeholders that an
effective management system for quality in the healthcare organization is in place.
The level of detail and complexity of a management system for quality in the healthcare organization
varies depending on the context of the organization, the scope of its work, its regional, national, and
international conformity obligations, the nature of its activities, services provided, and resources
available.
0.4  Plan-Do-Study-Act model
The approach underlying a management system for quality in healthcare organizations is based on
the concept of Plan-Do-Study Act (PDSA) (see Figure 1). The PDSA model provides an iterative process
used by organizations to achieve continual improvement through cycles of ongoing measurement
of performance and assessment of changes. It can be applied to a management system for quality in
healthcare organizations and is briefly described as follows.
— Plan: establish healthcare quality objectives and processes necessary to deliver results in accordance
with the organization’s healthcare quality policy (Clause 6).
— Do: implement the processes as planned (Clauses 7 and 8).
— Study: monitor, measure and assess processes against the organization’s policies, including its
commitments, objectives and operating criteria and report the results (Clause 9).
— Act: take actions to continually improve (Clause 10).
Figure 1 — Elements of a management system for quality in healthcare organizations
vii
INTERNATIONAL STANDARD ISO 7101:2023(E)
Healthcare organization management — Management
systems for quality in healthcare organizations —
Requirements
1 Scope
The purpose of this document is to provide organizations with requirements to deliver high-quality
healthcare and specifies requirements for management systems for quality in healthcare organizations
when an organization desires to:
a) demonstrate its ability to consistently meet service user, stakeholder, and applicable statutory and
regulatory requirements;
b) enhance service user experience during the continuum of care and continually improve healthcare
quality; and
c) create and maintain processes that ensure timely, safe, effective, efficient, equitable, and people-
centred care.
The requirements of this document are based on recognized best practices and are intended to be
applicable to any organization providing healthcare services, regardless of its type, size, or the services
it provides.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.6)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
Note 2 to entry: If the organization is part of a larger entity, the term “organization” refers only to the part of the
larger entity that is within the scope of the healthcare (3.23) quality management system (3.4).
Note 3 to entry: In the case of healthcare (3.23), the organization is developed for the delivery of healthcare (3.23)
services by specialized workforces (3.30) to defined communities, populations, individuals or markets.
3.2
stakeholder
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision
or activity
Note 1 to entry: Stakeholders can include but are not limited to: Ministry or Department of Health, Finance,
Treasury, Education; non-governmental organizations and not-for-profit sector; community groups and civil
society organizations; local government, health insurance groups and other healthcare funders; donor and aid
agencies, UN agencies (including the WHO), health professions associations, regulatory bodies, health workers’
organizations and networks; patients, families, caregivers, and other health service users (3.28).
3.3
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the
organization.
Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top
management refers to those who direct and control that part of the organization.
Note 3 to entry: In some countries, and within differing organizational structures, additional terms can be used
such as “board”, “board of directors”, “trustees”, or “governance.”
3.4
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.5) and
objectives (3.6), as well as processes (3.8) to achieve those objectives (3.6)
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities,
planning and operation.
3.5
policy
intentions and direction of an organization (3.1) as formally expressed by its top management (3.3)
3.6
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as finance, health and safety, and environment).
They can be, for example, organization-wide or specific to a project, product or process (3.8).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended result, as a purpose, as an
operational criterion, as a healthcare (3.23) quality objective or by the use of other words with similar meaning
(e.g. aim, goal, or target).
Note 4 to entry: In the context of healthcare (3.23) quality management systems (3.4), healthcare (3.23) quality
objectives are set by the organization (3.1), consistent with the healthcare (3.23) quality policy (3.5), to achieve
specific results.
3.7
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (as defined in ISO Guide 73) and
consequences (as defined in ISO Guide 73), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood (as defined in ISO Guide 73) of occurrence.
3.8
process
set of interrelated or interacting activities that uses or transforms inputs to deliver a result
Note 1 to entry: Whether the result of a process is called an output, a product or a service depends on the context
of the reference.
3.9
competence
ability to apply knowledge and skills to achieve intended results
3.10
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
a) the management system (3.4), including related processes (3.8);
b) information created in order for the organization to operate (documentation);
c) evidence of results achieved (records).
3.11
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to managing activities, processes (3.8), products, services, systems or
organizations (3.1).
3.12
continual improvement
recurring activity to enhance performance (3.11)
3.13
effectiveness
extent to which planned activities are realized and planned results are achieved
3.14
effective
producing a desired or intended result
3.15
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1) and
stakeholders (3.2) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information (3.10).
3.16
conformity
fulfilment of a requirement (3.15)
3.17
nonconformity
non-fulfilment of a requirement (3.15)
3.18
corrective action
action to eliminate the cause(s) of a nonconformity (3.17) and to prevent recurrence
3.19
audit
systematic and independent process (3.8) for obtaining evidence and evaluating it objectively to
determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.1) itself, or by an external party on its
behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.20
measurement
process (3.8) to determine a value
3.21
monitoring
determining the status of a system, a process (3.8) or an activity
Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.
3.22
safe
free from risk (3.7) which is not tolerable
Note 1 to entry: In the healthcare (3.23) setting, "safe" refers to circumstances and services affecting all
stakeholders (3.2), not only patients.
[SOURCE: ISO/IEC Guide 51:2014, 3.14, modified — The term has been changed from "safety" to "safe";
in the definition, "freedom" has been changed to "free"; note 1 to entry has been added.]
3.23
healthcare
organized provision of services to individuals or a community in order to address, manage and improve
their physical, mental, and social wellbeing (3.24)
3.24
wellbeing
state of optimal physical, mental, emotional and social health (3.32)
[SOURCE: ISO 22886:2020, 3.11.4]
3.25
efficient
using inputs to the health (3.32) system (in the form of expenditure and other resources)
in a way to secure valued healthcare (3.23) system objectives (3.6)
3.26
equitable
providing healthcare (3.23) in a manner that is fair and impartial
Note 1 to entry: Impartiality can relate to age, sex, gender, behavioural or clinical diagnosis, race, ethnicity,
geographical location, religion, socioeconomic status, linguistic or political affiliation.
3.27
people-centred care
approach to healthcare (3.23) delivery that engages patients, families, caregivers and communities,
incorporating their unique needs, experiences and preferences
3.28
service user
person or stakeholder (3.2) that could or does receive a service that is intended for, or required by, this
person or stakeholder (3.2)
Note 1 to entry: Similar terms include patient, healthcare (3.23) consumer, user, client, and end user.
Note 2 to entry: Service users can include a wide range of individuals including patients, families, caregivers, and
their support networks.
3.29
service user experience
perceptions and responses of a service user (3.28) that result from the use of a product, system, or
service
3.30
workforce
staff
personnel
all individuals employed by the organization (3.1)
Note 1 to entry: This concept includes full-time, part-time, casual or contract, clinical and non-clinical workers.
3.31
universal health coverage
all people having access to the health (3.32) services they need, when and where they need them,
without financial hardship
[SOURCE: World Health Organization, Universal health coverage]
3.32
health
state of complete physical, mental and social wellbeing (3.24) and not merely the absence of disease or
infirmity
[SOURCE: Preamble to the Constitution of the World Health Organization, 1948]
3.33
co-production
practice of designing and implementing healthcare (3.23) service and delivery based on the
collaborative relationships and experiences between healthcare (3.23) providers, service users (3.28),
family members, caregivers and advocacy groups
3.34
health literacy
ability of individuals to gain access to, understand and use information in ways which promote and
maintain good health (3.32) for themselves, their families and their communities
[SOURCE: World Health Organization, Health Literacy]
3.35
dignity
recognition by others of one’s inherent value, worth, and right to ethical treatment
3.36
risk assessment
overall process (3.8) of risk (3.7) identification, risk analysis and risk evaluation
[SOURCE: ISO 31073:2022, 3.3.8]
3.37
risk management
systematic application of management policies (3.5), procedures, and practices to the tasks of analysing,
evaluating, controlling and monitoring (3.21) risk (3.7)
[SOURCE: ISO/IEC Guide 63:2019, 3.15]
3.38
health indicator
measure designed to summarize information about a given priority topic in population health (3.32) or
healthcare (3.23) system performance (3.11)
Note 1 to entry: Health indicators provide comparable and actionable information across different geographic,
organizational or administrative boundaries and/or can track progress over time.
3.39
knowledge management
holistic, cross-functional discipline and set of practices focused on knowledge that improve
organizational performance (3.11)
Note 1 to entry: Knowledge management includes, but is not limited to, the creation, acquisition, application,
maintenance, sharing and protection of knowledge to create organizational value.
[SOURCE: ISO 30400:2022, 3.12.2]
3.40
just culture
atmosphere of trust in which healthcare (3.23) workers are supported and treated fairly when
something goes wrong in the delivery of care for service users (3.28)
3.41
patient safety
service user safety
framework of organized activities that creates cultures, processes (3.8), procedures, behaviours,
technologies and environments in healthcare (3.23) that consistently and sustainably lower risks (3.7),
reduce the occurrence of an avoidable harm (3.47), make an error (3.46) less likely and reduce its impact
when it does occur
Note 1 to entry: Activities can include the creation of cultures, processes and procedures, behaviours,
technologies, and environments in healthcare (3.23).
[SOURCE: Global Patient Safety Action Plan 2021-2030: Towards eliminating avoidable harm in health
care. (2021)]
3.42
incident
event or circumstance that has caused or could have caused unnecessary harm (3.47) to a patient
Note 1 to entry: Incidents include events, near misses, adverse events, and sentinel events.
3.43
credentialing
process (3.8) of establishing the qualifications of licensed medical professionals and assessing their
background and legitimacy
3.44
privileging
granting permission to or authorizing an individual to perform specific activities in a hospital or
healthcare (3.23) organization (3.1)
3.45
compassionate care
manner of providing care that seeks to understand another’s pain or suffering involving an authentic
desire to help
3.46
error
act of mistake or omission that contributes to an incident (3.42)
3.47
harm
injury or damage to the health (3.32) of people, or damage to property or the environment
3.48
environmentally friendly
pertaining to goods and services, guidelines and policies (3.5) that claim reduced, minimal, or no harm
(3.47) upon ecosystems or the environment
3.49
intelligent kindness
recognizing and bearing in mind the kinship of service users (3.28) – being of the same kind, depending
on each other for survival, wellbeing (3.24), and success – in relationships with each other and those
who work to heal or treat service users
[SOURCE: Intelligent Kindness: Rehabilitating the Welfare State]
3.50
human factors
ergonomics
characteristics of individuals, teams, organizations (3.1) and systems used in the application of design
and evaluation to ensure the compatibility with needs, capabilities and limitations of people
3.51
healthcare associated infection
infection that occurs during the provision of care or during hospitalization that was not present at the
time of entry into the healthcare (3.23) system
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that
affect its ability to achieve the intended result(s) of the management system for quality in the healthcare
organization.
The organization shall determine whether climate change is a relevant issue.
The organization shall be an entity that can be held legally responsible for its activities.
NOTE 1 External context can include factors related to legal, political, technological, clinical, ethical, cultural,
religious, socioeconomic conditions, and social determinants of health, whether international, national, regional
or local.
NOTE 2 Internal context can include factors relating to the organizational vision, values, goals and objectives,
workforce values, culture, power structures, religion, knowledge, access to resources, and social determinants of
health.
4.2 Understanding the needs and expectations of stakeholders
The organization shall determine:
— the stakeholders that are relevant to the management system for quality in the healthcare
organization;
— the relevant requirements of these stakeholders;
— which of these requirements will be addressed through the management system for quality in the
healthcare organization.
NOTE Relevant stakeholders can have requirements related to climate change.
This shall include where applicable global financing partners, governmental, intergovernmental, and
non-governmental organizations with whom the organization has stated agreements.
The organization shall monitor stakeholder information and their requirements, maintain documented
information, and demonstrate accountability towards agreed-upon expectations of stakeholders.
4.3 Determining the scope of the management system for quality in healthcare
organizations
The organization shall determine the boundaries and applicability of the management system for
quality in the healthcare organization to establish its scope.
When determining this scope, the organization shall consider:
— the external and internal issues referred to in 4.1;
— the requirements referred to
...