Healthcare

Standards and Compliance

Standards and Compliance

LIS functions in a clinical laboratory are, critically, designed to help that laboratory comply with applicable regulations and standards, such as 42 CFR 493 and its administrative agencies’ directives, CLIA, HIPAA, CAP and others. Physician office laboratories as a subset of clinical laboratories generally must also ensure they meet requirements, although these are somewhat less comprehensive (and expensive) if they are doing CLIA-waived testing than medium or high complexity CLIA testing. A POL LIS should help them do that. Support for compliance is one of the primary concerns of the POL, both in taking the initial decision to start a POL and in ongoing operation.[1] Here are specifications relating to regulatory standards and compliance that the system should support.

[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_500107_CLIA?action=render: HTTP 500]

CLIA Compliance.png

HealthCloudPOL fully supports all CLIA requirements for the physician office laboratory. In fact, it is designed specifically to help POLs maintain compliance. There are a number of ways the LabLynx, Inc. HealthCloud Physician Office LIS accomplishes this. These include:

  • Correct Methodology – SOPs/Methods can be uploaded to each test for easy reference, and/or to the Document Record Management section so there is never an excuse that it had been misfiled, lost, damaged etc. The test information can include the FDA’s CLIA categorization (i.e. Waived, Moderate Complexity and PPM, High Complexity). Furthermore, each is readily available for producing during any review/inspection.
  • Correct Methodology was Performed – HealthCloudPOL is designed so that each process in any assay or panel is defined in the system ahead of time, and must be performed, in the order prescribed, and completed before the next one is available to be performed. All steps must be complete, including any review steps, before the results report can be issued. The prescribed process steps that comprise any assay or panel are easily called up for review/inspection.
  • CLIA Waiver, Certificate of Compliance (COC) and Certificate of Accreditation (COA) – These can be stored in the LIS.
  • Proficiency Testing (PT) – These samples are easily processed exactly according to required protocol, with full documentation, helping you maintain any required PT performance levels.
  • Any Results Changes are Documented – HealthCloudPOL contains an audit trail that captures all required information related to result values that are changed after initial saving, including the old result, new result, who made the change, when and why.
  • Training Tracking – HealthCloudPOL‘s optional Training Tracking plugin allows you to keep track of scheduled and completed training, with alerts available to be set.
  • Track and report number of cytology slides screened by each tester
  • Track and report numbers and types of tests
  • Track retention of slides, specimens – HealthCloudPOL‘s Lab Inventory feature and optional Storage Management plugin help you to manage these as well as supplies, instruments and more.

HealthCloudPOL helps you ensure you meet these and indeed all applicable aspects of CLIA compliance, so you can concentrate on your patients’ health.

________________________________________________________________________________

[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_500102_HIPAA_and_PII?action=render: HTTP 500]HIPAA for clinical labs, including the physician office lab means primarily keeping patient health information (PHI) and their personal information (PII) secure, and accessible only to authorized parties. HealthCloudPOL‘s built-in password protection and encryption, SSL-protected hosting, firewalled and secure LabLynx Cloud Infrastructure and other security measures all combine to ensure the finest level of PHI protection possible – far beyond most standard lab or small business capabilities.

Data security is an integral characteristic of HealthCloudPOL, and exists on two levels: (1) HealthCloudPOL (the LIS app itself) and (2) our state-of-the-art secure cloud-hosting infrastructure.

Application Security

HealthCloudPOL’s design interacts with the security mechanisms inherent to its SQL Server database. This includes the ability to define individual database logins with encrypted passwords which grant a variety of levels of security on the entire database or individual database objects such as tables and stored procedures. Case-sensitive passwords may be configured to accept defined character types/lengths. The ELab database may be accessed through the application’s SQL Server login and password security. Its predication on Microsoft IIS includes those inherent security protocols, including SSL encryption.

Automatic inactivity logout can be set to a desired length of time. Suspension of a user is set by default after three unsuccessful login attempts. This is configurable by the customer. The system pops up a message to the user, upon their third successive unsuccessful attempt to login, that they have been suspended and need to see the System Administrator. Should a user be inactive for a period of time the system logs them out and the screen displays the message that they have been logged out.

User Password/Timeout Configuration

HCPOL User Config.png

Because users are required to login to gain access to the application, all data modifications are documented. Users are also tracked by primary location so that information available to the individual user is also limited to information belonging to the user’s location or laboratory, creating an audit trail fulfilling both standards and regulatory compliance criteria.

Additionally, standard access-level profiles are provided for assignment to users, based on job function.

Assign Role Profile to User

HCPOL User Set Profile.png

LabLynx Cloud-hosting Security:

  1. All sites are secured through HTTPS which is SSL Encrypted
  2. Customers have their own individual secure databases that are not shared
  3. All hosting servers are protected with the latest Antivirus and Anti-Malware protection
  4. The complete system is backed up each and every night and we keep 10 days rolling backup and offsite backup in a second secure data center
  5. The data centers we are located in are SSAE 16 (previously SAS 70) tier 4, and audited to SOC 2 standard.
  6. Additionally, our data centers have multi-level physical security, including razor wire-topped brick wall around the entire premises, patrolling armed guards, biometric security, mag card security, combination lock security and caged servers, with 10” thick cement ceilings, independent water tanks for cooling, backup generators, redundant systems throughout and smart building monitoring, offering 100% uptime and meeting TIA-942 ANS standard.

LabLynx has many clients with sensitive data, including pharma, county medical examiners offices, competitive food, electronics and other manufacturing companies, clinical (HIPAA-regulated) and government, who are hosted by LabLynx on completely secure dedicated servers.

Additionally here are some links to other documents:

All data transfer and management in HealthCloudPOL complies with applicable standards and regulations, including HIPAA, CLIA and 42 CFR part 493/HITECH. HL7 is used for any data transfer, in line with healthcare industry standards.

For more information on system security, please see:

Security/screen/profile management in HealthCloudPOL’s parent application, ELab. 2:50 http://files.mylablynx.com/share/ebooks/movies/d34/d34.html

________________________________________________________________________________

[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_500103_HITECH?action=render: HTTP 500]

Hipaa-Hitech.jpg

HITECH extended the complete Privacy and Security Provisions of HIPAA to the business associates of covered entities.[2] Therefore, part of the business processes of LabLynx, Inc. with regard to all clinical customers, including those using the free HealthCloud Physician Office LIS, is the signing of a BAA (see Implementation Checklist) and documented HIPAA training for all personnel with any access to PHI.

And while HITECH is really directed at EHRs,[3] nevertheless, the HealthCloud Physician Office LIS (HealthCloudPOL) helps you meet much of its criteria. Here are some ways HealthCloudPOL helps you meet HITECH/MU/MU2 requirements:

  • Computerized order entry – see Order Management in the HealthCloudPOL Manual (available in the Support/manuals and Tutorials section of http://healthcloudpol.com).
  • Capability to exchange key clinical information electronically among providers and patient authorized entities – HealthCLoudPOL transfers information as necessary, and ensures secure protection of PHI according to HIPAA standards, using HL7.
  • Protect electronic health information (privacy & security) – As above. See Security.
  • Incorporate clinical lab-test results into certified EHR as structured data – HealthCloudPOL produces results reports, but is also integration-ready to supply results data to your EHR directly. See Optional Plugins.
  • Provide patients with timely electronic access to their health information (including lab results) – HealthCloudPOL can integrate to your existing Patient Portal, or you can add that Optional Patient Portal Plugin.

Additionally, moving from manual, paper-based or outside test data management to the HealthCloudPOL internal LIS helps your EHR to meet the HITECH requirements itself. And if you don’t have an EHR, ask about our EHR products and services at http://lablynx.com.

________________________________________________________________________________

[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_POL_S0081_MU2-Compliant_Results_Export?action=render: HTTP 500]

MU2.jpg

MU2

The essence of MU2 is Clinical Quality Measures, or CQM and their reporting. These are derived from six key health care policy domains recommended by the Department of Health and Human Services’ National Quality Strategy:

  1. Patient and Family Engagement
  2. Patient Safety
  3. Care Coordination
  4. Population and Public Health
  5. Efficient Use of Healthcare Resources
  6. Clinical Processes/Effectiveness

To demonstrate meaningful use under Stage 2 criteria, eligible professionals (EPs) must meet 17 core objectives and 3 menu objectives that they select from a total list of 6, or a total of 20 core objectives.

Eligible hospitals and critical access hospitals (CAHs) must meet 16 core objectives and 3 menu objectives that they select from a total list of 6, or a total of 19 core objectives.[4]

HealthCloudPOL and MU2

If you are interested in an EHR that supports MU2, contact us at http://lablynx.com to find out more. However, the HealthCloud Physician Office LIS also helps you meet MU2 objectives with your existing EHR. These objectives are supported in either your free HealthCloudPOL Basic, as delivered and set up or with HealthCloudPOL Standard subscription and optional plugins, as indicated:

Stage 2 Core and Menu Objectives

Eligible Professionals

Report on all 17 Core Objectives:

  1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders – Standard order entry. See Order Management.
  2. Record demographic information – All patient information necessary may be entered into patient and/or order screens. See Order Management, Patient Management.
  3. Record and chart changes in vital signs – Any tracked vitals measurements may be set up as tests in the LIS and each is stored, available for review/reporting at any time. See Test Management. They may also be displayed in Control Charts.
  4. Record smoking status for patients 13 years old or older – Use one of the standard fields to record this information, or add any optional fields you want.
  5. Use clinical decision support to improve performance on high-priority health conditions – If a CDS system is used, a custom optional plugin can link to to it for you.
  6. Provide patients the ability to view online, download and transmit their health information – The Patient Portal optional plugin can provide this functionality for you, or use an integration plugin to map to your existing patient portal.
  7. Provide clinical summaries for patients for each office visit – All tests performed and their results are stored in the LIS indefinitely, and may be reviewed there – or automatically uploaded to your EHR and/or patient portal using an optional plugin.
  8. Protect electronic health information created or maintained by the Certified EHR Technology – All information in HealthCloudPOL is fully secure and protected to HIPAA and other applicable standards. See Security.
  9. Incorporate clinical lab-test results into Certified EHR Technology – For “EHR” read “LIS”. The LabLynx HealthCloud Physician Office LIS is specifically designed to manage clinical lab test results. These are available in the patient report and also may be automatically uploaded to your EHR if desired (using an optional integration plugin) or simply saved as a .pdf file, with review/approve/issue function as standard.
  10. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach – If you keep conditions in the Patient Management records, then a filter or report optional plugin may be implemented to enable this functionality.
  11. Use clinically relevant information to identify patients who should receive reminders for preventive/follow-up care – This is typically an EHR feature. However, HealthCloudPOL can be customized to offer this function, through optional plugin.
  12. Use certified EHR technology to identify patient-specific education resources – An EHR or 3rd-party functionality – probably accomplished these days with simple use of the Internet.
  13. Perform medication reconciliation – EHR or 3rd-party app.
  14. Provide summary of care record for each transition of care or referral – EHR.
  15. Submit electronic data to immunization registries – Any data held in the LIS may be transmitted securely (using HL7) directly to any required registries or systems using a custom plugin, or searched and accessed using the HealthCloudPOL filter and exported in report or spreadsheet form.
  16. Use secure electronic messaging to communicate with patients on relevant health information – This requirement was probably written before it was clear that any form of email-type communications are subject to hacking. However, email notifications may be set in HealthCloudPOL using optional plugin, with the actual sensitive data only accessible though secure login/password and SSL encryption.

Report on 3 of 6 Menu Objectives:

  1. Submit electronic syndromic surveillance data to public health agencies – If these data are tracked in the LIS, an optional plugin can be implemented to manage these submissions.
  2. Record electronic notes in patient records – This is a standard feature in the HealthCloudPOL Order Management screen.
  3. Imaging results accessible through CEHRT – Image results are available through HealthCloudPOL, which can serve as a certified electronic health record technology, or CEHRT.
  4. Record patient family health history – With a custom field configuration optional plugin, these and any other data points may easily be entered and retrieved in the LIS.
  5. Identify and report cancer cases to a State cancer registry – If these data are tracked in the LIS, an optional plugin can be implemented to manage these submissions.
  6. Identify and report specific cases to a specialized registry (other than a cancer registry) – Any data tracked in the HealthCloud Physician Office LIS, an optional plugin can be implemented to manage these submissions.

Eligible Hospitals and CAHs

Report on all 16 Core Objectives:

  1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders – Standard order entry. See Order Management.
  2. Record demographic information – All patient information necessary may be entered into patient and/or order screens. See Order Management, Patient Management.
  3. Record smoking status for patients 13 years old or older – Use one of the standard fields to record this information, or add any optional fields you want.
  4. Use clinical decision support to improve performance on high-priority health conditions – If a CDS system is used, a custom optional plugin can link to to it for you.
  5. Provide patients the ability to view online, download and transmit their health information within 36 hours after discharge – The Patient Portal optional plugin can provide this functionality for you, or use an integration plugin to map to your existing patient portal.
  6. Protect electronic health information created or maintained by the Certified EHR Technology – All information in HealthCloudPOL is fully secure and protected to HIPAA and other applicable standards. See Security.
  7. Incorporate clinical lab-test results into Certified EHR Technology – For “EHR” read “LIS”. The LabLynx HealthCloud Physician Office LIS is specifically designed to manage clinical lab test results. These are available in the patient report and also may be automatically uploaded to your EHR if desired (using an optional integration plugin) or simply saved as a .pdf file, with review/approve/issue function as standard.
  8. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach – If you keep conditions in the Patient Management, then a filter or report optional plugin may be implemented to enable this functionality.
  9. Use certified EHR technology to identify patient-specific education resources and provide those resources to the patient if appropriate – An EHR or 3rd-party functionality – probably accomplished these days with simple use of the Internet and sharing of URLs.
  10. Perform medication reconciliation – EHR or 3rd-party app.
  11. Provide summary of care record for each transition of care or referral – EHR.
  12. Submit electronic data to immunization registries – Any data held in the LIS may be transmitted securely (using HL7) directly to any required registries or systems using a custom plugin, or searched and accessed using the HealthCloudPOL filter and exported in report or spreadsheet form.
  13. Submit electronic data on reportable lab results to public health agencies – Any data held in the LIS may be transmitted securely (using HL7) directly to any required registries or systems using a custom plugin, or searched and accessed using the HealthCloudPOL filter and exported in report or spreadsheet form.
  14. Submit electronic syndromic surveillance data to public health agencies – Any data held in the LIS may be transmitted securely (using HL7) directly to any required registries or systems using a custom plugin, or searched and accessed using the HealthCloudPOL filter and exported in report or spreadsheet form.
  15. Automatically track medications with an electronic medication administration record (eMAR) ‘EHR or 3rd-party app.’

Report on 3 of 6 Menu Objectives:

  1. Record whether a patient 65 years old or older has an advance directive – All patient information necessary may be entered into patient and/or order screens. See Order Management, Patient Management.
  2. Record electronic notes in patient records – All patient information necessary may be entered into patient and/or order screens. See Order Management, Patient Management.
  3. Record patient family health history All patient information necessary may be entered into patient and/or order screens. See Order Management, Patient Management.
  4. Generate and transmit permissible discharge prescriptions electronically (eRx) – ‘This is an EHR or 3rd-party app function.’
  5. Provide structured electronic lab results to ambulatory providers – The LabLynx HealthCloud Physician Office LIS is specifically designed to manage clinical lab test results. These are available in the patient report and also may be automatically uploaded to your EHR if desired (using an optional integration plugin), to a patient portal or simply saved as a .pdf file, with review/approve/issue function as standard.
Doctor-and-rep.jpg

________________________________________________________________________________

[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_POL_S0082_42_CFR_part_493?action=render: HTTP 500]The LabLynx HealthCloud Physician Office LIS is a professional-level, proven clinical laboratory information management system, and as such contains a great selection of functionality, along with its fundamental design, that support CLIA as prescribed by 42 CFR part 493. Its stipulations are extensive and can be accessed through the Centers for Medicare and Medicaid Services (CMS) or U.S. Department of Health and Human Services (HHS websites.

HealthCloudPOL is fully 42 CFR part 493/CLIA-compliant, as described here:

CLIA Compliance.png

HealthCloudPOL fully supports all CLIA requirements for the physician office laboratory. In fact, it is designed specifically to help POLs maintain compliance. There are a number of ways the LabLynx, Inc. HealthCloud Physician Office LIS accomplishes this. These include:

  • Correct Methodology – SOPs/Methods can be uploaded to each test for easy reference, and/or to the Document Record Management section so there is never an excuse that it had been misfiled, lost, damaged etc. The test information can include the FDA’s CLIA categorization (i.e. Waived, Moderate Complexity and PPM, High Complexity). Furthermore, each is readily available for producing during any review/inspection.
  • Correct Methodology was Performed – HealthCloudPOL is designed so that each process in any assay or panel is defined in the system ahead of time, and must be performed, in the order prescribed, and completed before the next one is available to be performed. All steps must be complete, including any review steps, before the results report can be issued. The prescribed process steps that comprise any assay or panel are easily called up for review/inspection.
  • CLIA Waiver, Certificate of Compliance (COC) and Certificate of Accreditation (COA) – These can be stored in the LIS.
  • Proficiency Testing (PT) – These samples are easily processed exactly according to required protocol, with full documentation, helping you maintain any required PT performance levels.
  • Any Results Changes are Documented – HealthCloudPOL contains an audit trail that captures all required information related to result values that are changed after initial saving, including the old result, new result, who made the change, when and why.
  • Training Tracking – HealthCloudPOL‘s optional Training Tracking plugin allows you to keep track of scheduled and completed training, with alerts available to be set.
  • Track and report number of cytology slides screened by each tester
  • Track and report numbers and types of tests
  • Track retention of slides, specimens – HealthCloudPOL‘s Lab Inventory feature and optional Storage Management plugin help you to manage these as well as supplies, instruments and more.

HealthCloudPOL helps you ensure you meet these and indeed all applicable aspects of CLIA compliance, so you can concentrate on your patients’ health.

______

Notes

Individual Specifications were transcluded from limspecwiki

__________

  1. “How an office lab can help patients—and your income”. Journal. American College of Physicians–American Society of Internal Medicine. http://www.acpinternist.org/archives/2000/02/officelab.htm. Retrieved 5 Aug 2015. 
  2. “42 U.S.C. §17931”. U.S. Government Publishing Office. http://www.gpo.gov/fdsys/pkg/USCODE-2009-title42/html/USCODE-2009-title42-chap156-subchapIII-partA-sec17931.htm. Retrieved 01 June 2015. 
  3. http://www.limswiki.org/index.php/Health_Information_Technology_for_Economic_and_Clinical_Health_Act
  4. https://www.cms.gov/regulations-and-guidance/legislation/ehrincentiveprograms/downloads/stage2overview_tipsheet.pdf