The Effects of Regulatory Agencies on the Laboratory Information Management System Software - Essay Example

Citation] Citation] Citation] 17th March Executive Summary of An Evaluation of the Effects of Regulatory Agencies on the LIMS (Laboratory Information Management System) Software Application) 1. Overall Regulatory Impact on Laboratory Information management System (LIMS) Application A LIMS Application being implemented within a given Laboratory must first and foremost, throughout all the medical specialisms practised by that Laboratory, must meet the Centers for Medicare and Medicaid Services (CMS) Regulations Part 493 Subpart K - Quality System for Nonwaived Testing. To do this, the LIMS application being implemented must carry out the following functions:- Reflect the establishment and maintenance of policies and procedures that implement and monitor a quality systems for all phases of the total testing process (that is, pre-analytic, analytic, and post-analytic) as well as general laboratory systems. A quality assessment component that ensures continuous improvement of the laboratory’s performance and services through ongoing monitoring that identifies, evaluates and resolves problems. Meet all other requirements in Part 493 and must be appropriate for the specialties and subspecialties of testing the laboratory performs, the services it offers, and the clients it serves. The laboratory must establish and follow policies and procedures for an ongoing mechanism to monitor, assess, and, when indicated, correct problems identified in the general laboratory systems requirements specified in all relevant Paragraphs within CMS Regulations Part 493 Subpart K that apply to the laboratory in question. This means that the LIMS implementation will need to provide a Quality Assessment (QA) module that provides functions, that must, when requested by the CMS and other U.S. Federal Medical Regulators, provide Verifiable Demonstrable Evidence (VDS) in the following areas. An ongoing review process that encompasses all facets of the laboratory’s technical and non-technical functions and all locations/sites where testing is performed. QA also extends to the laboratory’s interactions with responsibilities to patients, physicians, and other laboratories ordering tests, and the other non-laboratory areas or departments of the facility of which it is a part. When the laboratory discovers an error or identifies a potential problem, LIMS must allow strong remedial actions to be taken to correct the situation. This correction process must involve identification and resolution of the problem, and development of policies that will prevent recurrence. Policies for preventing problems that have been identified must be formally recorded as well as communicated to the laboratory personnel and other staff, clients, etc., as appropriate. Over time, the LIMS implementation must monitor the corrective action(s) to ensure that the action(s) taken have prevented recurrence of the original problem. All pertinent laboratory staff must be involved in the assessment process through active participation : get them to ‘buy in’ to the amendments, in other words. The LIMS implementation must include assessment practices related to: Patient confidentiality Specimen identification and integrity Complaint investigations Communications System proficiency testing performance The LIMS implementation should (that is to say, good practice, but not a legal requirement) provide a facility to monitor the type and number of complaints received by the laboratory such as, for example, a particular client continuously complaining about the laboratory’s failure to promptly respond to STAT test requests. The laboratory must possess and be able to demonstrate to CMS etc, inspectors documentation that the complaint was investigated and appropriate action taken to correct the problem. Verify that the laboratory has a system in place for monitoring and evaluating confidentiality of patient information. A facility to review of the effectiveness of corrective actions taken to resolve problems, revision of policies and procedures necessary to prevent recurrence of problems, and discussion of general laboratory systems quality assessment reviews with appropriate staff. An Online Help Facility specifying all the procedures for tests, assays, and examinations performed by the laboratory must be available to, and followed by, laboratory personnel. A written User Manual (particularly useful for older staff not familiar with Online Help!) may supplement but not replace the laboratorys written procedures for testing or examining specimens. 2. Clinical Laboratory Improvement Amendments of 1988 (CLIA) The CLIA Amendments, as per Hamilton [Hamilton T. Survey and Certification Group. Centers for Medicare and Medicaid Services (CMS). Clinical Laboratory Improvement Amendments of 1988 (CLIA) – Issuance of Revised Survey Procedures and Interpretive Guidelines for Laboratories and Laboratory Services in Appendix C of the State Operations Manual to Facilitate the Electronic Exchange of Laboratory Information March 1st 2010. Web. 17th March 2014] combine the provisions of Title IV of the Recovery and Reinvestment Act of 2009 (ARRA), which was enacted on February 17, 2009, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. The provisions in the HITECH Act require all licensed medical laboratories in the United States to establish programs to adopt, implement, upgrade or meaningfully use certified Electronic Health Record (HER) technology. The HITECH Act therefore mandates the transformation of the U.S. healthcare system through the development of a nationwide electronic health information system. The term “meaningful use” (see below) is a recognition that better health care does not come solely from the adoption of technology itself but through the exchange and use of health information to best inform practitioners and support clinical decisions at the point of care. This must be borne in mind when dealing with LIMS vendors, in order to forestall the ICT disasters which plague so many public and private domains! The CLIA regulations will continue to impact many aspects of the electronic exchange of laboratory information, particularly in light of State laws, and therefore the affected stakeholder groups must be reassured accordingly, but the CMS strongly believes that CLIA will be a key lever to optimize health information exchange and realize the goals set by ARRA. The CLIA Interpretive Guidelines related to the transmission of laboratory are intended to facilitate the free and secure exchange of electronic health information and represent the beginning of what CMS expects to be an iterative process to upgrade the requirements applications such as LIMS will have to meet in orderr toi achieve this. This will be done through a list of frequently asked questions (FAQs), which will dispel many common misperceptions, provide facts, and assist stakeholders in examining and developing their policies and processes to attain effective and efficient means to maintain their compliance with CLIA while implementing HIT in their practices. Hamilton [15-18] provides this List. The outstanding specific regulatory ARRA requirement [American Recovery and Reinvestment Act (ARRA). Supplementary Buy American Guidance for NIST Construction Grants. National Institute for Standards and Technology. January 12, 2011. Web. 16th March 2014] to be met is that of the ‘Buy American’ clause. This means that, if the LIMS implementation is intended for a public body of any kind within United States sovereignty, only American vendors of LIMS software may be used in order to qualify for a Recovery Act grant. However, if the LIMS implementation is for a privately-owned body, the full range of software vendors may be considered, and still qualify for a grant. These provisions also apply to sub-contractors, notably the suppliers opf the ICT hardware the LIMS will run on, and the medical laboratory equipment that the LIMS implementation in question will interface with. It must be borne in mind that Recovery Act Grants will be monitored by the Federal Dept. of Commerce, although ongoing regulation may be delegated to the CMS. There is no corresponding HITECH impact - implementing the CLIA requirement will cover this. 4. Impact of Meaningful Use The CMS Meaningful use objectives are being implemented through the Electronic Health Records (EHR) Program [CMS Staff. Eligible Professional Meaningful Use Table of Contents Core and Menu Set Objectives. Stage 1. Current. Web. 17th March 2014.]. As of March 2014, the primary set of requirements expected to be satisfied by a given LIMS implementation by the CMS are within the Stage 1 Core and Menu Set Objectives. The main Objective within this Stage is Core Objective 14 (Protect Electronic Health Information) - the other Core and Manu Objectives apply to medical practitioners and pharmacists rather than laboratories. Core Objective 14 (which reflects Part 170 of the CMS Regulations) is essentially an Information Security Measure and sets out what are basically industry-standard Information Security (IS) requirements, but in a medical context. As detailed IS requirements are not often set out in detail outside the corporate environment, it is useful to record them, thus. Access Control : Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. Emergency Access (In practice, a Business Continuity/Disaster Recovery measure) : Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency. Automatic Log-Off : Terminate an electronic session after a predetermined time of inactivity. Audit Log : Firstly, record actions related to electronic health information in accordance with Part 170. Secondly, enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to Part 170. Data Integrity : Firstly : Create a message digest in accordance with the standard specified in Part 170. Secondly, Verify in accordance with the standard specified in Part 170 upon receipt of electronically exchanged health information that such information has not been altered. Thirdly, detect the alteration of audit logs. Authentication : Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. Encrypted Data Storage : Encrypt and decrypt electronic health information in accordance with the standard specified in Part 170, unless the Secretary determines that the use of such encryption algorithm would pose a significant security risk for Certified EHR Technology. Encrypted Data Transmission : Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in Part 170. Financial Information Disclosure : Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in Part 170. The data files held within the LIMS database must also mee the following CMS Regulations Part 170 Criteria. Recording Actions : The date, time, patient identification, and user identification must be recorded when electronic health information is created, modified, accessed, or deleted; and an indication of which actions(s) occurred and by whom must also be recorded. Data Integrity In Transit : A hashing algorithm with a security strength equal to or greater than SHA-1 (Secure Hash Algorithm (SHA-1) as specified by the National Institute of Standards and Technology (NIST) in FIPS PUB 180-3 (October, 2008) must be used to verify that electronic health information has not been altered. Encryption Standard : Any encryption algorithm identified by the National Institute of Standards and Technology (NIST) as an approved security function in Annex A of the Federal Information Processing Standards (FIPS) Publication 140-2 (incorporated by reference in Part 170) and must also apply to any encrypted and integrity protected link - notably those that use Web technology! Treatment, payment & Surgical Procedure Disclosures (where they impact upon LIMS) The date, time, patient identification, user identification, and a description of the disclosure must be recorded for disclosures for treatment, payment, and health care operations, as these terms are defined at 45 CFR 164.501. The CMS, when they inspect the facility where the LIMS implementation is based, will also be looking for physical access measures as a back-up to the electronic information security measures outlined above. These are, again, industry-standard Information Security measures, such as Information Classification levels - patients’ information must therefore by classified as Company Secret (the highest classification) - firewalls on the internet portals of the enterprise, direction finding and traffic analysis software in order to gather the VDE necessary to deal with cyber-attacks, and, most importantly(!), strong access controls. Examples of such controls include a prohibition on ‘private’ devices, such as tablets and smartphones used by staff being connected to the enterprise’s network, only enterprise-approved remote devices being allowed remote access and constant escorting and supervision of contractors’ staff. Works Cited CMS Staff. Centers for Medicare and Medicaid Services (CMS) Regulations Part 493 Subpart K - Quality System for Nonwaived Testing. Current. Web. 17th March 2014. Available : http://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/ downloads/apcsubk1.PDF. Hamilton T. Survey and Certification Group. Centers for Medicare and Medicaid Services (CMS). Clinical Laboratory Improvement Amendments of 1988 (CLIA) – Issuance of Revised Survey Procedures and Interpretive Guidelines for Laboratories and Laboratory Services in Appendix C of the State Operations Manual to Facilitate the Electronic Exchange of Laboratory Information March 1st 2010. Web. 17th March 2014 Available : http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/downloads/SCLetter10-12.pdf American Recovery and Reinvestment Act (ARRA). Supplementary Buy American Guidance for NIST Construction Grants. National Institute for Standards and Technology. January 12, 2011. Web. 16th March 2014. CMS Staff. Eligible Professional Meaningful Use Table of Contents Core and Menu Set Objectives. Stage 1. Current. Web. 17th March 2014. Available : http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/EP-MU-toc.pdf Read More