10. QSE Information Management

The QSE for Information Management refers to the laboratory’s flow of information between the laboratory and the patient. In the past, the information was generated via paper requisitions or order forms and log books tracked the records manually. The information was entered into the log book by date and the information from the patient requisition was transcribed by the technologist. Results were hand written on the requisition once the report was completed and it was then returned to the ordering physician.

Today, the information management is much more easily controlled through a Laboratory Information System (LIS). Although patient test requests may still enter the laboratory via a paper requisition, once they are received, the process is totally computerized. The patient information and test requests are entered into the LIS, labels are generated and the specimens are tracked through the computer system. In many cases, once the results are verified, the computer system automatically generates a report that then goes out to the physician, via web based means or through a printed report that goes in the mail.

Information collected in the LIS regarding testing is now available for use in developing management reports. It is possible to gather data on a variety of topics.

Examples of topics that can be reported on include

• accessioning errors by staff ID
• total number of tests accessioned per day by staff ID
• the # of cancelled specimens categorized by reason
• the number of a particular test performed in a defined time period, who ordered the test, what the results were, whether there was any follow-up testing
• The tests that remain unverified after a defined time period

There is also a wide variety of other information available to be gathered if the need is identified.

In the QMS, the information generated in the laboratory is covered by several policies as described in the CLSI document GP26-A4, p.94

1. Planning for overall information needs
2. Confidentiality and privacy of all patient information
3. Security for data access
4. Integrity of data transmissions

There are also processes and procedures in place with regard to how each of policies work and are used. Some of the common processes and procedures would include:

Processes

• For the assessment of information needs
• For managing confidential information received from internal and external sources
• For the management of requests for patient information
• For the management of passwords
• For assigning security levels
• For auditing the access to data
• For the verification of data integrity

Procedures

• For defining the flow of information
• For developing a form for confidentiality of information and for having it completed
• For managing information from clinical trials
• For the release of patient information
• For establishing and changing security access levels
• For determining who has the authority to change results
• For determining if security has been breached and describing how to deal with such a breach
• For verifying data integrity for any newly installed equipment
• For verifying data transfer after downtime, equipment maintenance, or equipment and software upgrades•For verifying formula calculations
• For changing reference intervals

Common Terms

There are several important terms that you should be familiar with when talking about Laboratory Information Systems.

Operating system – A master computer program that controls the basic functions of the computer

LAN – Local Area Networks – the communications protocols for a group of computers that operate as a system

Network Application – applications that allow many individuals to interact simultaneously with a set of data from a variety of locations

Database management system – systems designed to create and maintain information collections in a network such as the LIS.

Electronic Health Record – a computer based medical record

Interface – the mechanism for transmitting data from one computer system to another. For example, in the laboratory the LIS communicates with the analyzer’s onboard computer system to transmit patient information to the analyzer and then to transmit test results back to the LIS

Hospital Information System – the computer system that manages patient care within the hospital

Best-of-Breed vs Integrated-System – the difference between the accepted systems in an organization to run computer functions. For example, best of breed means that each Department in the hospital would use the laboratory system that is best suited to their service. In NS, Capital Health uses this method. It means that a Cerner product is used for the LIS and for Diagnostic Imaging but a system by another vendor may be used in Pharmacy, another different system in Finance, etc. If an integrated system is used, it means that the whole organization is run on a common platform. All the hospitals outside of Capital Health currently use one common system through their organizations – Meditech.

Data Integrity – refers to the certainty with which the system can maintain and report patient results.

Downtime – refers to the time during which the LIS is not functioning. During that period, specimens and test requisitions may still need to processed, tests must be analyzed and reported, and data must be stored.

(Information on these terms can be found in Teitz Fundamentals of Clinical Chemistry, 6th edition, p.239-248.)

Planning for information needs

When plans are underway to set up an information system, whether paper based or electronically, there are several factors to consider:

1. Unique identifiers
2. Standardized test requisitions
3. The type of logs and worksheets required
4. Checking processes to validate accuracy of data collected and transmitted
5. Security measures – against loss and for confidentiality
6. Reporting systems
7. Effective and timely communication

Before purchasing an LIS, the management team of the laboratory, or a select purchasing team, must identify the specific needs of the lab and determine which product would be most suitable for that organization. These needs may vary depending on the size of the organization and the scope of testing provided by that laboratory. It will also vary depending on the complexity of the management reports required and the variability of users.

Confidentiality of Information

As stated in the AABB Technical Manual, the system, whether it is a paper-based system or an LIS, should “ensure the confidentiality and appropriate use of data and information”.^[1] It is vitally important that patient information and records be kept secure.

Security for Data Access

Most LIS systems have a number of security levels. This means that people with the lowest level of security can access a minimal amount of confidential information and the level varies as the numbers rise. For example, in the laboratory typically the MLAs can access the patient information, tests requested, and results screens. Technologists can access the testing processes through verification of test results. Laboratory Managers will likely be able to access not only the results, but management reports that provide statistical information about the test results to determine how many tests are being performed, where the patients are located, identify any trends that are developing, etc. The LIS informatics team will ultimately have the highest access where they change and adjust reference ranges, testing parameters, and access other specialized information. The overriding issue of importance though is that the patient information be kept confidential so that only those who need to know in order to do their jobs can access it.

Integrity of data transfers and Transmissions

The next area to be covered in this QSE includes the transmission of data from the LIS. Data is transmitted internally throughout the organization and may also be transmitted externally to physician offices and other laboratories. It may be transmitted electronically or in paper format. Regardless of the means of transmission, it is the responsibility of the lab to ensure that all transmissions are kept confidential and are sent to the correct place.

There are 4 main times where the mode of transmission must be rechecked to ensure continuing confidentiality is maintained.

• When new equipment is installed
• After equipment maintenance has been performed or the equipment (analytical equipment or the LIS system) has been down for some length of time for whatever reason
• After equipment changes have been made
• After restoration of data files if the electronic system has been down and after software updates to either the analytical; equipment or the LIS.

One example of a time that document transmissions must be checked would be after an unscheduled downtime of the LIS. It is imperative that the transmissions be checked to ensure the system has not been compromised.

Another example would be when a piece of equipment is replaced. The old equipment must be wiped of all patient data before being disposed of to ensure that sensitive information is not allowed to fall into the wrong hands.

Information Processes for use during Downtime

Information processes for use during downtime are an essential element in making sure all data remains confidential. There need to be processes to ensure that the paper documents are going where they need to go so they don’t fall into the wrong hands and equally important, so that the instructions for testing get to the required bench and are not lost in transport.

There are several aspects of the testing process that must be taken into consideration:

• Secure back-up system to store data
• A ways to label and store data
• A means to sort and retrieve information
• A process notification system to let people know when the system is going down and when it will be coming back
• A process to maintain daily operations while the system is down
• A means for determining the cause of the downtime
• A process to interact with other systems during downtime