The computerized maintenance management system used by the health care facility may drive the asset data used in determining risk.

Image courtesy of Getty Images

Why does July 5, 2016, stand out in the minds of many health care facility professionals? Whether a manager recorded the date or merely noticed the domino effect forcing the development or major modification of policies, procedures and programs, this was a time of major impact in the world of health care facilities management.

July 5, 2016, was the day in which the 2012 editions of NFPA 101®, Life Safety Code® and NFPA 99, Health Care Facilities Code, were adopted by the Centers for Medicare & Medicaid Services (CMS) and The Joint Commission (TJC).

Although jumping four code cycles, from the 2000 edition to the 2012 edition of NPFA 101, presented many changes, it is important to acknowledge the impact of the 2012 edition of NFPA 99 for three critical reasons.

First, prior to 2012, NFPA 99 was referred to as a standard, which simply meant it was considered “best practice.” The 2012 edition is a legally enforceable code. Second, the rewrite of the document changed it from an occupancy-based document to a risk-based document. Third, the rewrite expanded the scope to include the evaluation of risk to staff and visitors as well. This means health care professionals are now required to approach risk differently, forcing many to reinvent their risk assessment methodology.

Developing a process

Over the past three years, health care organizations successful in producing a defendable risk assessment process have done so individually. Unfortunately, many organizations continue to struggle to demonstrate success. One may argue the reason a standardized approach to assessing risk to patients, staff and visitors has not been used is due to the limited guidance provided by both CMS and TJC.

Though CMS has not standardized the risk assessment procedure, hospitals are still expected to demonstrate to a surveyor the factors that are considered in the risk assessment. The truth is, risk remains allusive for so many due to the lack of data coupled with the complexity of different types of equipment. This complexity presents numerous combinations of potential impact and likelihood of failure.

Providing solutions

Health care organizations are no longer alone on this journey. ASHE has acknowledged proven best practices and partnered with health care professionals to provide a tool to enable health care organizations to manage their most valuable assets. This will aid users in articulating a risk assessment model, and it will provide a comprehensive explanation of how the model enables organizations to maintain compliance.

The journey toward developing an effective asset risk management system (ARMS) begins by taking a step back, examining the current state of the facility’s asset management philosophy and identifying opportunities to programmatically build in regulatory/accreditation compliance. Assessing the whole program is required because the life cycle management of an asset requires an interconnected system, not just a number of one-off processes that independently contribute to the management of an asset.

Once the current program has been assessed, the next steps for developing a defendable ARMS include:

Establishing an “asset” hierarchy. Establish a logical and comprehensive asset classification hierarchy. (Attempting to quantify risk without a comprehensive asset classification hierarchy would only result in adding further complexity to the risk assessment model.)

A complete asset classification hierarchy uses uniform names to group assets into tiers: groups, subgroups and descriptions. Once the first two levels of the asset classification framework are set, the next level of detail is added to expand the naming convention to include the specific asset information. Examples of specific asset information include the use of the asset, the area served by the asset and/or the contents of the asset.

To ensure the asset classification hierarchy is scalable, health facilities professionals should include systems as well as individual system components. This enables smaller facilities, with simple systems, to manage assets as systems as well as provides the larger facilities with the flexibility to break down and manage complex systems.

An example of why a comprehensive asset hierarchy is so important is illustrated below:

  • HVAC — Exhaust fan — Dietary hood exhaust fan.
  • HVAC — Exhaust fan — General exhaust fan.
  • HVAC — Exhaust fan — Hazardous exhaust fan.
  • HVAC — Exhaust fan — Isolation exhaust fan.
  • HVAC — Exhaust fan — Magnetic resonance imaging quench exhaust fan.
  • HVAC — Exhaust fan — Smoke evacuation fan.

All six asset classifications are grouped together as “exhaust fans.” However, each of the asset descriptions are unique to the area served and environmental use. To accurately quantify the impact to the patient, staff or visitors, detailed asset information is required to populate the risk assessment model.

The rationale behind keying risk off of the asset hierarchy in lieu of model or serial number is due to the function of the asset itself. For example, a refrigerator’s model or serial number does not provide enough information to quantify risk to the patient, staff or visitors.

The failure of a refrigerator — which can contain food, blood or medication — would result in a different level of risk to the patient, staff or visitors. Therefore, a comprehensive asset classification hierarchy is required to accurately quantify risk.

The computerized maintenance management system (CMMS) used by the health care facility may drive the asset data used in determining risk. Ideally, a risk assessment model leverages two unique data sources to quantify risk: data relating to the asset classification or asset group, and data unique to the individual asset.

This approach enables asset owners to calculate risk by defaulting unique asset data to the most restrictive, which ensures the risk is not underscored. Once the initial risk score is calculated for each level of the asset hierarchy, the unique asset data can be used to dial in the risk score, based on variables like past performance and reliability, redundancy and demand.

Developing the model. The second step toward developing a defendable ARMS is to develop the risk assessment model itself along with the business rules to govern the model. (An example of a business rule includes always deflating a unique asset variable to most restrictive.) When individuals with appropriate knowledge begin to identify the specific variable and scoring criteria used to populate the mathematical formula, it is important to review current enforceable code and accreditation variables as well as key performance variables. This will ensure the data is relevant to the risk assessment itself, as well as provide relevant information to support asset life cycle management.

The specific key performance variables to consider include, but are not limited to: impact to the patient, staff or visitors; infection control; location(s) served/environmental use; equipment/system redundancy; equipment/utility function; and maintenance/testing frequency. If needed, additional variables can be added to further build out the model. However, this may result in limited return on investment. Once the key performance variables are identified, specific criteria are needed to articulate a range.

In parallel to developing the variables and scoring criteria, a risk formula begins to emerge. When developing a mathematical formula, it is important to recognize not all of the variables influence risk equally. For example, impact to the patient, staff or visitors may have a greater influence on risk than the maintenance and testing frequency.

This imbalance of value is accounted for within a risk formula by multiplying or dividing the criteria with a greater influence on risk and adding or subtracting the remaining variables. This approach carries forward to assigning a numerical value to the variables as well. Variables having a greater impact on risk receive a value that mirrors their influence.

Furthermore, the value may or may not be sequential. When applying this principle, risk could be calculated by using this formula: (Equipment/utility function + maintenance/testing frequency) ÷ redundancy x location served/environmental use ÷ infection control x impact to the patient, staff or visitors = Risk.

Once the risk formula is agreed upon, a numerical value can be assigned to the variables, and the formula is ready for testing. To mitigate risk uncertainty, an effective ARMS models an approximate representation of reality. This means a defendable risk assessment model takes multiple key performance indicators into account to simulate what might happen under differing conditions by transforming inherently complex conditions with countless variables into mathematical relationships to be analyzed and evaluated.

The most effective way to test a risk formula is to start by analyzing (plotting) all possible products of the formula using a line graph with markers. Given the quantity of criteria and key variables associated with the example risk formula, the formula produces 535 unique products (risk scores). After plotting the risk scores, the graph will illustrate a clear delineation between high-risk and non-high-risk assets as well as de minimis/limited risk.

Assigning criteria. The third step toward developing a defendable ARMS is to assign the specific criteria to each of the unique asset classifications. Using the exhaust fan example, each of the unique asset descriptions are listed and then assessed using the criteria.

Health facilities professionals should remember the most restrictive option must be selected when unique asset data can drive the criteria. This is done to ensure all similar assets are managed by a consistent standard. When a specific asset is being assessed, individuals with appropriate knowledge are able to adjust specific variables, resulting in an adjustment to the risk score.

Determining eligibility. Once risk is quantified, the fourth step toward developing a defendable ARMS is to determine program eligibility. Program eligibility is dictated by the risk score and, in some cases, select key variables. To ensure regulatory/accreditation compliance, inspection, testing and maintenance is performed in accordance with specific programs. Examples of these programs include following manufacturer’s recommendations, code-required testing and inspection, alternative equipment maintenance (AEM) and run to fail.

Examples of how risk and, in some cases, select key variables can drive program eligibility include:

  • High risk + life safety = Manufacturer’s recommendations and code-required testing and inspection only.
  • High risk = Manufacturer’s recommendations, code-required testing and inspection and AEM only.
  • Non-high risk = Manufacturer’s recommendations, code-required testing and inspection and AEM only.
  • Non-high risk + limited risk = All; manufacturer’s recommendations, code-required testing and inspection, AEM and run to fail.

Based on program eligibility, individuals with appropriate knowledge are able to determine the management of an asset by weighing the inputs, outputs, strengths and limitations of each program. For example, following manufacturer recommendations could consume additional staffing or vendor-provided resources and ultimately lead to an extended life expectancy.

Furthermore, assets following an AEM require a separate annual evaluation to determine the effectiveness of the AEM program. However, like assets with differing manufacturers can be managed with a single procedure, reducing confusion and complexity. 

Due to the uncertainty and variability relating to risk, this step ensures a deeper understanding of the factors considered to support better-informed decisions, stewardship and ultimately lead to the mitigation of impact to the patient, staff and visitors.

Safety first

With the adoption of the 2012 edition of NFPA 99, health care facility professionals are required to conduct a risk assessment based on impact to the patient, staff and visitors. Additionally, the category definitions, provided by NFPA 99, apply to the design of building systems in health care facilities and are not intended to account for intervention by caregivers or others.

Ultimately, an effective ARMS accounts for risk on a sliding scale from systems expected to work or be available at all times to support patient needs, to systems that have no impact on patient care and would not be noticeable to patients in the event of failure. Considering these key points in developing an ARMS will not only ensure compliance, but ensure the facility is truly putting the occupant’s safety first. 

Ryan Schramm, CHFM, is manager of plant operations at M Health Fairview | St. Joseph’s Hospital, St. Paul, Minn. He can be reached at