Section Title: LABORATORY COMPUTER SERVICES |
Question/Link |
Text |
Notes |
|
If components of the LIS are located at a facility other than the one under this CAP accreditation number, is there evidence that the remote facility complies with CAP requirements for host LIS functions? |
This requirement does not apply if all components of the LIS are under the laboratory's CAP/CLIA registration number. This requirement may be addressed by a copy of the CAP accreditation certificate from other sites, or evidence that the computer facility has been provided a copy of this Checklist, and has satisfactorily addressed the contents of the Computer Facility section, and all other pertinent items, with documentation provided to the laboratory director and the CAP inspector. |
| Phase II |
|
|
Is the computer facility and equipment clean, well-maintained and adequately ventilated with appropriate environmental control? |
The computer facilities should be clean, well maintained, and in a location that is environmentally controlled, as required by the most restrictive vendor specifications . |
| Phase I |
|
|
Fire-fighting equipment (extinguishers) is appropriate for electrical components available?
|
Acceptable fire-fighting equipment/extinguishers in areas with information technology equipment may include: |
| Phase II |
|
| |
1. Automatic sprinkler systems that are valved separately from other systems |
2. Gaseous clean agent extinguishers systems |
3. Listed portable fire extinguishers of carbon dioxide or halogenated agent type |
4. Listed extinguishers with a minimum rating of 2-A for ordinary combustible material (paper and/or plastics) |
5. Gaseous agent inside units or total flooding systems when there is critical need, e.g. to protect data in process, reduce equipment damage and to facilitate a return to service |
| Dry chemical extinguishers are not recommended because of the corrosive damage they cause. In the instance where no other extinguisher is available and there is imminent danger to personnel or property however, a dry extinguisher may be used. |
|
|
Tthe computer system is adequately protected against electrical power interruptions and surges? |
Protection from electrical surges and interruptions must be adequate to prevent loss of data. An uninterruptible power system (UPS) or similar protective device (e.g., isolation transformer) must be considered. Periodic testing of this protective equipment to ensure protection of data and proper shutdown of computer equipment is considered best practice. |
Phase II |
|
|
|
LIS/computer procedures are clearly documented, complete and readily available to all authorized users? |
Procedures should be appropriate to the level of use of the system, and must encompass the day-to-day activities of the laboratory staff as well as the daily operations of the Information Technology staff. It is not required for all procedures to be kept in a single manual, as long as the users have access to the procedures they need to perform their job duties. Current practice must match policy and procedure documents. |
| Phase II |
We have various technical and basic user procedures and a link to our manual located online here |
|
There is documentation that laboratory computer procedures are reviewed at least biennially by the laboratory director or designee? |
A single signature on a title page or index of all procedures is not sufficient documentation that each procedure has been carefully reviewed. Signature or initials on each page of a procedure is not required. |
Phase I |
Manual Located in LIS Admin Office |
|
There is documentation that programs are adequately tested for proper functioning when first installed and after any modifications, and that the laboratory director or designee has approved the use of all new programs and modifications? |
Computer programs must be checked for proper performance when first installed and after any changes or modifications. Any changes or modifications to the system must be documented, and the laboratory director or designee must approve all changes, additions and deletions in programs, the test library, and major computer functions before they are released. Documentation must be retained for at least two years beyond the service life of the system. |
Phase II |
Validation Checklist are found in LIS Admin Office File Cabinet |
|
Customized programs are appropriately documented? |
The purpose of the computer program, the way it functions, and its interaction with other programs must be clearly stated. The level of detail should be adequate to support trouble-shooting, system modifications, or additional programming. |
Phase II |
|
|
There is an adequate tracking system to identify all persons who have added or modified software? |
Evidence of Compliance:
Records of individuals adding or modifying software
|
Phase II |
|
There is documentation that all users of the computer system receive adequate training initially, after system modification, and after installation of a new system? |
|
Phase II |
Completed and Signed Competancy Forms are located in the LIS Admin Office |
|
There is a written policy with instructions for contacting a responsible person ( e.g. Computer System Manager) in case of computer malfunction. |
Evidence of Compliance:
Written LIS policy with instructions for contacting a responsible person in case of system malfunction
|
Phase II |
|
There is a documented process to verify the integrity of the system (operating system, applications and database) after restoration of data files? |
The computer system must be checked after restoration of data files to ensure that no inadvertent alterations have occurred that might affect clinical result reporting. The integrity of the system may be verified, for example, by review of a representative number of computer-generated patient reports, or by generating test (“dummy”) patient reports for review. The laboratory director is responsible for determining verification procedure(s) appropriate to the laboratory. Whether or not the data center is located on site, all facilities served by the data center must participate in the verification of the system(s) integrity following a hardware or software failure.
Evidence of Compliance:
Records of verification after a hardware or software failure
|
Phase II |
This is documented by Tony Barnes and the Soft Computer Support Staff |
|
Data and services are protected from loss |
Policies and procedures must
- Be adequate to address scheduled and unscheduled interruptions of power or function
- Be tested periodically for effectiveness
- Include systems to backup programs and data
- Include a written plan.
|
Phase II |
|
|
This is documented by Tony Barnes and the Soft Computer Support Staff |
|
|
|
There are explicit documented policies that specify who may use the computer system to enter or access patient data, change results, change billing or alter programs? |
Policies must define those who may only access patient data and users who are authorized to enter patient results, change results, change billing, or alter computer tables or programs. |
Phase II |
|
Computer access codes (security codes, user codes) are in place to limit individuals' access to those functions they are authorized to use, and is the security of access codes maintained ( e.g., inactivated when employees leave, not posted on terminals)? |
The laboratory should establish security (user) codes to permit only specifically authorized individuals to access patient data or alter programs. A system that allows different levels of user access to the system based on the user's authorization is desirable and usually provides effective security. Examples of best practices include these requirements: periodic alteration of passwords by users; minimum character length for passwords; password complexity requirements (e.g., a combination of alphanumeric characters); recording of failed log-on attempts with user lock-out after a defined number of unsuccessful log-on attempts. |
Phase I |
|
Policies and procedures are in place to prevent unauthorized installation of software on any computer used by the laboratory? |
Laboratory computers often serve multiple functions. Many of these computers are connected in a network. The security of the system should be sufficient to prevent the casual user from installing software. Such unauthorized installation may cause instability of the operating system or introduce other unwanted consequences. Many operating systems allow procedures to restrict certain users from installing software. |
Phase II |
|
|
If the facility uses a public network, such as the Internet as a data exchange medium, are there adequate network security measures in place to ensure confidentiality of patient data? |
Information sent over a public domain such as the Internet is considered in the public domain. Thus it is potentially accessible to all parties on that network. Systems must be in place to protect network traffic, such as "fire walls" and data encryption schemes. A documented protocol must be in place.
Evidence of Compliance:
Written policy defining mechanism for data protection
|
Phase II |
The NIH as a whole and the NCI both have firewalls in place and security personnel that monitor our network. |
|
Calculated values reported with patient results are reviewed every two years or when a system change is made that may affect the calculations.
|
This checklist requirement applies only to calculations based on formulas modifiable by the user.
Errors can be inadvertently introduced into established computer programs. Calculations involving reportable patient results must be rechecked and documented to ensure accuracy. This requirement applies to laboratory information systems, middleware, and analyzers. More frequent checks may be required for certain specific calculations, as delineated elsewhere in the checklists (for example, INR).
When calculations are performed by an LIS shared by multiple laboratories, this review only needs to be done at one location and each individual laboratory must have a copy of the review documentation. However, any calculations specific to an individual laboratory's methodology must be reviewed by that laboratory and the documentation of that review must be available.
Evidence of Compliance: Records of validation of calculated test results
|
|
The system provides for comments on specimen quality that might compromise the accuracy of analytic results ( e.g. , hemolyzed, lipemic)? |
Evidence of Compliance:
Patient reports
|
Phase II |
Our Pathology System has several mechanisms in place for our staff to input specimen quality information that flags our cases. The resulting system is text driven so this can also be added to the report. |
|
There is an adequate system to identify all individuals who have entered and/or modified patient data or control files? |
When individual tests from a single test order (e.g., multiple tests with same accession number) are performed by separate individuals and the test result is entered into the LIS, the system must provide an audit trail to document each person involved. For example, a single accession number having orders for electrolytes and a lipid panel may have testing done by two or more individuals. The laboratory should be able to identify the responsible personnel who performed each test and posted the data. This includes sequential corrections made to a single test result. If autoverification is used, then the audit trail should reflect that the result was verified automatically at a given time. With point-of-care testing, if the individual performing the test is different than the individual entering test data into the LIS, both should be uniquely identified by the system and retrievable by audit trail. |
Phase II
The Softpath System has two ways of storing patient and case access. See GEN 43044 |
|
The laboratory has a process to ensure appropriate routing of patient test results to physicians? |
During the course of their medical care in a health care system, the location of a patient may change multiple times; i.e., from various inpatient locations, to outpatient, to physician office patient. The intent of the question is to ensure that patient test results are routed to the responsible physician(s) regardless of patient location. For example, after a patient is discharged from the hospital, test reports should be routed to the physician as well as the hospital medical record.
Evidence of Compliance:
Written policy defining process for routing of patient results
|
| Phase I |
All of our results print directly to our Medical Records Department and In-house orders are interfaced to our Hospital System as well. As soon as an order is signed out, notification is sent to the ordering physician that they are available
|
|
Manual and automated result entries are verified before final acceptance and reporting by the computer? |
Data entered into the computer system either manually or by automated methods must be reviewed by an authorized individual who verifies the accuracy of the input data before final acceptance and reporting by the computer. An example of best practices for this step is checking the result against the reportable range and critical results for the test. Depending on the local environment, this may or may not require a second person. Verification procedures must generate an audit trail. |
Phase II |
|
There are documented procedures to ensure reporting of patient results in a prompt and useful fashion during partial or complete downtime and recovery of the system? |
|
Phase II
In Anatomic Pathology, results that need to cross the interface during a downtime situation are held until the system is restored. Once this happens, all the held results will then begin to interface. |
|
There is a policy signed by the laboratory director approving the use of autoverification procedures? |
|
| Phase II |
|
For all test results subject to autoverification, does the laboratory ensure that applicable quality control samples have been run within an appropriate time period, with acceptable results? |
|
Phase II |
|
There is documentation that the autoverification process was validated initially, and is tested at least annually and whenever there is a change to the system that could affect the autoverification logic. |
The range of results for which autoverification is acceptable must be defined for all patient tests subject to autoverification. |
| |
|
Results are compared with an appropriate range of acceptable values prior to autoverification? |
|
| Phase II |
|
Results are checked for flags or warnings prior to autoverification? |
|
| Phase II |
|
The audit trail in the computer system identifies all test results that were autoverified, and the date/time of autoverification? |
|
| Phase II |
|
Tthe autoverification process includes all delta checks that the laboratory performs prior to manual release of test results? |
|
| Phase I |
|
The laboratory has a procedure for rapid suspension of autoverification? |
|
Phase I |
|
A complete copy of archived patient test results can be reprinted, including original reference ranges and interpretive comments, including any flags or footnotes that were present in the original report, and the date of the original report? |
Stored patient result data and archival information must be easily and readily retrievable within a time frame consistent with patient care needs. |
| Phase II |
All of our results are available on demand from @1957. We have not archived data as of yet. |
|
When multiple identical analyzers are used, they are uniquely identified such that a test result may be appropriately traced back to the instrument performing the test. |
Best practice is to store these data in the LIS. |
Phase I |
|
|
There are documented procedures for the preservation of data and equipment in case of an unexpected destructive event ( e.g. , fire, flood), software failure and/or hardware failure, and do these procedures allow for the timely restoration of service? |
These procedures can include (but are not limited to) steps to limit the extent of the destructive event, protocols for periodic backing up and storing of information, procedures for off-site storage of backup data, and protocols/procedures for restoring information from backed up media. The procedures should specifically address the recoverability of patient information. Changes to hardware and software commonly require review and reevaluation of these documented procedures. These procedures must specifically address the physical environment and equipment. This checklist question is often addressed by the organization's disaster plan. |
| Phase II |
|
|
As applicable, are reference ranges and units of measure for every test transmitted with the patient result across the interface? |
The reference range, including units of measure, may be specific for a given patient result, and should be attached to that result such that it will be displayed along with the patient result. |
Phase I |
|
If data in other computer systems can be accessed through the LIS ( e.g. , pharmacy or medical records), are there documented policies to prevent unauthorized access to that data through the LIS? |
|
| Phase II |
|
There is a procedure to verify that patient results are accurately transmitted from the point of data entry (interfaced instruments and manual input) to patient reports (whether paper or electronic).
|
Verification must be performed prior to implementation of an interface (i.e. pre go-live), and every 2 years thereafter. This includes evaluation of data transmitted from the LIS to other computer systems and their output devices. Reference ranges and comments, as well as actual patient results, must be evaluated.
Verification of accurate data transmission from the LIS to other systems must be performed by reviewing data in the first downstream (or interfaced) system in which the ordering clinician may be expected to routinely access patient data. This requirement can be met by printing screen shots or by other methods that document that a verification procedure has been performed. If the LIS has separate interfaces to multiple receiving systems in which patient data can be accessed by clinicians, then reports from each receiving system must be validated. However, where multiple sites use the same recipient system (e.g. the same installed instance of an electronic medical record system), validation need only occur for the interface (i.e. at one of the sites) and not for each individual site that is served by that single installed system.
At implementation of a new interface, validation of at least 2 examples of reports from each of the following disciplines, where applicable, satisfies the intent of this checklist requirement. Subsequently, at least 2 examples of reports from at least 4 of these disciplines should be validated every 2 years. Not all of these report types will be applicable to every laboratory:
- Surgical pathology reports
- Cytopathology reports (preferably gynecologic and non-gynecologic)
- Clinical laboratory textual reports (e.g. molecular, protein electrophoresis, coagulation panel interpretation)
- Quantitative results (e.g. chemistry, hematology, or coagulation)
- Quantitative or categorical results (e.g. serology)
- Microbiology reports (e.g. culture and antimicrobial sensitivity)
- Blood bank reports (e.g. type and screen)
Interface validation should include examples of individual results, test packages or batteries, abnormal flags, and results with comments/footnotes. Initial interface validation should include verification that corrected results for clinical laboratory and anatomic pathology results are handled accurately in the receiving system.
Evidence of Compliance:
Records of verification
|
| Phase II |
|
There are procedures for changes in laboratory functions necessary during partial or complete shutdown and recovery of systems that interface with the laboratory information system? |
These procedures must ensure integrity of patient test data. Procedures must include verifying recovery of interfaced systems, and replacement or updating of data files, as necessary. |
| Phase II
See Gen 43837 |
TELEPATHOLOGY |
|
|
|
There is a method for the telepathologist to ensure that correct patient identification and slides/images are submitted for review? |
There are multiple ways to accomplish positive patient identification, including verbal communications, images of slide identifier, etc. |
| Phase II |
|
|
|
The telepathologist has access to pertinent clinical information at the time of slide/image(s) review? |
Typically this information includes at least the information on the surgical pathology requisition form. |
| Phase I |
|
The methods and systems in place ensure that the system used for telepathology is appropriate for its intended clinical use? |
There should be a policy statement in the procedure manual that identifies appropriate and inappropriate use cases. For example, if a dynamic telemicroscopy system is installed on a microscope in the frozen section suite, the manual might state that this system is intended for use in intra-operative consultation and is not intended for second opinion consultation from pathologists at outside institutions. |
| Phase I |
|
Tthe lab has a procedure addressing training requirements for all users of the telepathology system? |
|
| Phase I |
|
There are procedures in place to ensure that sites engaging in telepathology provide reasonable confidentiality, security and conformance to HIPAA requirements. |
Procedures might include message security, system and user authentication, activity logs, encryption, and access restrictions. |
