Requirements for Information Communication (2007 Edition)

4 - Security of data management (including access)

Page last updated: 14 January 2008

Standards

S4.1
Data must be managed to protect its integrity.
S4.2
Each laboratory or laboratory network must identify at least one person whose role includes:
(a) identifying, documenting and maintaining information about databases within the system (e.g. patients, referring doctors and laboratory staff)
(b) ensuring that the system is available when required
(c) ensuring that data are robust and reliable
(d) identifying data retention periods
(e) ensuring archived data are retrievable in a usable form
(f) ensuring formal plans exist for the retiring or destruction of data and/or systems
(g) assigning user identification and access levels all users including non laboratory personnel with access to the results database such as hospital ward or clinical staff.
S4.3
Each user, including non laboratory personnel, must have unique user logins and appropriate access levels.