Requirements for Information Communication (2007 Edition)

2 - Documentation

Page last updated: 14 January 2008


Laboratories must document security policies and procedures for the receipt of requests and transmission of reports, including electronic messaging.
Laboratories must ensure designated staff are trained to support the transmission, handling, storage and archiving of pathology messages, including electronic messages.
Any breach of security related to the electronic messaging of pathology data must be recorded. Procedures and systems must be reviewed and remedial action must be taken and subsequently monitored.
Laboratories must undertake internal audits of procedures to ensure these standards and guidelines are operating as required.


The documented security policy should include:
(a) the roles and responsibilities of laboratory staff handling pathology orders and reports (including receipt and dispatch)
(b) details of the standards and specific requirements relating to the confidentiality, authenticity, integrity and availability of electronic pathology messages
(c) access rights and controls, including details about what these are and who they relate to, in relation to transmission of electronic pathology messages
(d) the processing of electronic request and electronic report message acknowledgments
(e) storage and archiving requirements, specifically in relation to the transmission of electronic pathology messages.