Laboratory Information System (LIS)
Refer to the NCI/CCR/LP SoftPath™ User Manual for information regarding laboratory computer services.
Help Desk Information Lines
Assistance may be requested by calling the appropriate numbers as indicated below:
- SoftPath LIS 301-480-7187 or Blackberry 877-895-3225
- For all other computer issues, contact the NIH IT Help Desk:
- Local: (301) 496-4357 (6-HELP)
- Email: helpdesk@nih.gov
- Web site: https://service.cancer.gov
- TTY (301) 496-8294
CAP LIS Checklist Questions with Responses
Question/Links | Text of Regulation | Notes |
---|---|---|
GEN. 42750 - Yes | Computer Facility Maintenance | The computer facilities should be clean, well maintained and in a location that is environmentally controlled, as required by the most restrictive vendor specifications. |
GEN. 42800 - Yes | LIS Fire Equipment | Acceptable fire-fighting equipment/extinguishers in areas with information technology equipment may include: 1. Automatic sprinkler systems that are valved separately from other systems 2. Gaseous clean agent extinguishers systems 3. Listed portable fire extinguishers of carbon dioxide or halogenated agent type 4. Listed extinguishers with a minimum rating of 2-A for ordinary combustible material (paper and/or plastics) 5. Gaseous agent inside units or total flooding systems when there is critical need, e.g. to protect data in process, reduce equipment damage and to facilitate a return to service Dry chemical extinguishers are not recommended because of the corrosive damage they cause. In the instance where no other extinguisher is available and there is imminent danger to personnel or property however, a dry extinguisher may be used. |
GEN. 42900 - Yes | LIS Power | Protection from electrical surges and interruptions must be adequate to prevent loss of data. An uninterruptible power system (UPS) or similar protective device (e.g., isolation transformer) must be considered. Periodic testing of this protective equipment to ensure protection of data and proper shutdown of computer equipment is considered best practice. |
GEN. 43022 - Yes Validation Checklist are found in LIS Admin Office File Cabinet | LIS Testing | Computer programs must be checked for proper performance when first installed and after any changes or modifications. Any changes or modifications to the system must be recorded, and the laboratory director or designee must approve all changes, additions and deletions in programs, the test library, and major computer functions before they are released. Records must be retained for at least two years beyond the service life of the system. |
GEN. 43033 - Yes -Revised 07/28/2015 | Custom LIS | The purpose of the computer program, the way it functions, and its interaction with other programs must be clearly stated. The level of detail should be adequate to support trouble-shooting, system modifications, or additional programming. |
GEN. 43040 - Yes - NEW 7/28/2015 Phase II | LIS Policy and Procedure Approval | Procedures should be appropriate to the level of use of the system, and must encompass the day-to-day activities of the laboratory staff as well as the daily operations of the Information Technology staff. |
GEN. 43055 - Yes Revised 7/28/2015 Completed and Signed Competancy Forms are located in the LIS Admin Office | Computer System Training | Review of LIS policies and procedures relevant to the scope of duties must be incorporated into the training. |
GEN. 43066 - Yes | Computer Malfunction Notification
| |
GEN. 43150 - Yes | Access Patient Data | Policies must define those who may only access patient data and users who are authorized to enter patient results, change results, change billing, or alter computer tables or programs. If data in other computer systems can be accessed through the LIS (e.g. pharmacy or medical records), policies must prevent unauthorized access to the data through the LIS. |
GEN. 43200 - Yes | Computer Access Codes | The laboratory should establish security (user) codes to permit only specifically authorized individuals to access patient data or alter programs. A system that allows different levels of user access to the system based on the user's authorization is desirable and usually provides effective security. Examples of best practices include: periodic alteration of passwords by users; minimum character length for passwords; password complexity requirements (e.g. a combination of alphanumeric characters); recording of failed log-on attempts with user lock-out after a defined number of unsuccessful log-on attempts. |
GEN. 43262 - Yes
| Unauthorized Software Installation | Laboratory computers often serve multiple functions. Many of these computers are connected in a network. The security of the system should be sufficient to prevent the casual user from installing software. Such unauthorized installation may cause instability of the operating system or introduce other unwanted consequences. Many operating systems allow procedures to restrict certain users from installing software. |
GEN. 43325 - Yes - REV 7/28/2015 The NIH as a whole and the NCI both have firewalls in place and security personnel that monitor our network. | Public Network Security | Information sent over a public domain such as the Internet or stored in "the cloud," is considered in the public domain. Thus it is potentially accessible to all parties on that network. Systems must be in place to protect network traffic, such as "fire walls" and data encryption schemes. Evidence of Compliance: Written policy defining mechanism for data protection |
GEN. 43450 - N/A | Calculated Patient Data Verification | This checklist requirement applies only to calculations based on formulas modifiable by the user. Errors can be inadvertently introduced into established computer programs. Calculations involving reportable patient results must be rechecked and documented to ensure accuracy. This requirement applies to laboratory information systems, middleware, and analyzers. More frequent checks may be required for certain specific calculations, as delineated elsewhere in the checklists (for example, INR). When calculations are performed by an LIS shared by multiple laboratories, this review only needs to be done at one location and each individual laboratory must have a copy of the review documentation. However, any calculations specific to an individual laboratory's methodology must be reviewed by that laboratory and the documentation of that review must be available. Evidence of Compliance: Records of validation of calculated test results |
GEN. 43750 - Yes | Specimen Quality Comment | Evidence of Compliance: Patient reports Our Pathology System has several mechanisms in place for our staff to input specimen quality information that flags our cases. The resulting system is text driven so this can also be added to the report. |
GEN. 43800 - Yes | Data Input ID | When individual tests from a single test order (e.g., multiple tests with same accession number) are performed by separate individuals and the test result is entered into the LIS, the system must provide an audit trail to document each person involved. For example, a single accession number having orders for electrolytes and a lipid panel may have testing done by two or more individuals. The laboratory should be able to identify the responsible personnel who performed each test and posted the data. This includes sequential corrections made to a single test result. If autoverification is used, then the audit trail should reflect that the result was verified automatically at a given time. With point-of-care testing, if the individual performing the test is different than the individual entering test data into the LIS, both should be uniquely identified by the system and retrievable by audit trail. |
GEN. 43825 - N/A | Result Verification | Data entered into the computer system either manually or by automated methods must be reviewed by an authorized individual who verifies the accuracy of the input data before final acceptance and reporting by the computer. An example of best practices for this step is checking the result against the reportable range and critical results for the test. Depending on the local environment, this may or may not require a second person. Verification procedures must generate an audit trail. |
GEN. 43837 - Yes | Downtime Result Reporting | In Anatomic Pathology, results that need to cross the interface during a downtime situation are held until the system is restored. Once this happens, all the held results will then begin to interface. |
GEN. 43900 - Yes
| Archived Test Result | Stored patient result data and archival information must be easily and readily retrievable within a time frame consistent with patient care needs. All of our results are available on demand from @1957. We have not archived data as of yet. |
GEN. 43920 - N/A
| Multiple Analyzer ID | Best practice is to store these data in the LIS.
|
GEN. 43946 - Yes
| Data Preservation/Destructive Event | Procedures must 1) be adequate to address scheduled and unscheduled interruptions of power or function; 2) be tested periodically for effectiveness; and 3) include systems to backup programs and data. These procedures can include, but are not limited to, 1) steps to limit the extent of the destructive event, 2) periodic backing up and storing of information, 3) off-site storage of backup data, and 4) restoring information from backed up media. The procedures should specifically address the recoverability of patient information. Changes to hardware and software commonly require review and reevaluation of these written procedures. These procedures must specifically address the physical environment and equipment and are often addressed by the organization's disaster plan. |
GEN. 46000 - N/A | Reference Range/Units Transmission | The reference range, including units of measure, may be specific for a given patient result, and should be attached to that result such that it will be displayed along with the patient result. |
GEN. 48500 - Yes | Interface Result Integrity | Verification must be performed prior to implementation of an interface (i.e. pre go-live), and every 2 years thereafter. This includes evaluation of data transmitted from the LIS to other computer systems and their output devices. Reference ranges and comments, as well as actual patient results, must be evaluated. Verification of accurate data transmission from the LIS to other systems must be performed by reviewing data in the first downstream (or interfaced) system in which the ordering clinician may be expected to routinely access patient data. This requirement can be met by printing screen shots or by other methods that document that a verification procedure has been performed. If the LIS has separate interfaces to multiple receiving systems in which patient data can be accessed by clinicians, then reports from each receiving system must be validated. However, where multiple sites use the same recipient system (e.g. the same installed instance of an electronic medical record system), validation need only occur for the interface (i.e. at one of the sites) and not for each individual site that is served by that single installed system. At implementation of a new interface, validation of at least 2 examples of reports from each of the following disciplines, where applicable, satisfies the intent of this checklist requirement. Subsequently, at least 2 examples of reports from at least 4 of these disciplines should be validated every 2 years. Not all of these report types will be applicable to every laboratory: Surgical pathology reports |
GEN. 48750 - Yes | LIS Interface Shutdown/Recovery | These procedures must ensure integrity of patient test data. Procedures must include verifying recovery of interfaced systems, and replacement or updating of data files, as necessary. |