S8.1Laboratory staff who have access to electronic pathology data and the ability to trigger transmission, change or correction of electronic data must have individual security logins.
S8.2If a paper request is received, then a scanned, hard copy or the original request must be stored keeping all the original content, date, time, location and originator of the request. The same information provided in electronic requests must also be stored. Any changes to the request must be stored with the original.
C8.2Laboratories will also need to be cognisant of additional requirements set out by Medicare Australia.
S8.3Receipt of a request initiates the audit trail. If acknowledgment is received from any transmission (including interim reports) this must also be recorded. The audit trail must include:
(a) request registration
(b) patient record linking and merging
(c) patient master index transmission (e.g. name of the hospital)
(d) validation or auto-validation
(e) results entry and comments
(f) results amendments
(g) results transmission (e.g. date, time and mode)
(h) patient result access by non-laboratory staff (see also S4.2(g)). Alternatively, where it is deemed impractical to include access by such staff into the audit trail then such staff must have received adequate training in the area of jurisdictional privacy legislation
(i) an audit trail of any subsequent changes to a previously validated report.
C8.3aMode of transmission includes printing, faxing, email and electronic transmission. It also includes verbal reporting by phone.
C8.3bThe audit trail is considered part of the patient record.
C8.3cCurrent paper-based and intralaboratory systems provide for traceability of requests, technical procedures, results and reports. These capabilities need to be maintained and enhanced in electronic systems, so that access, actions and changes can be traced where and when necessary.
G8.3Read-only access of patient-identified data by laboratory staff should be included as part of the audit trail.
S8.4The pathology laboratory collecting the audit trail information should notify its staff (and anyone else who accesses patient records):
(a) that their access to patient records will be recorded on the audit trail
(b) for what purposes the audit trail information will be used
(c) to whom the audit trail information may be disclosed.