VII Data Management

Nongynecological Cytology Practice Guidlines

prepared by the American Society of Cytopathology, Cytopathology Practice Committee.

Adopted by the ASC Executive Board, March 2, 2004


VII Data Management and Laboratory Information Systems

Manual methods as well as computerized systems exist for management of laboratory data. Manual methods may include logs and card files organized by date, patient name, specimen number or interpretation. Computerized systems, most often referred to as laboratory information systems (LIS), may stand alone, be part of an integrated anatomic pathology system, part of a multispecialty laboratory system, or integrated with a larger hospital or corporate information system. This section of the Guideline describes data management capabilities required for pre-analytic and analytic laboratory activities in addition to post-analytic information management.

VII.A. Security

All laboratory records are confidential. Access should be limited to authorized individuals. Locked cabinets for paper records and security codes for electronic systems are recommended. Limiting access may deter corruption of computer software or inadvertent change or release of results by unauthorized individuals. Electronic signatures are preferable for reports that are stored in electronic format. A procedure should be in place to assure that the electronic signature identifies the person who is responsible for the case and indicates that they approve of the content of the report. This procedure should prohibit interpretations that require pathologist review from being released by any other individual prior to the pathologist’s authorization.

VII.A.1. Health Insurance Portability and Accountability Act (HIPAA)

National health information privacy standards issued by the U.S. Department of Health and Human Services (DHHS), pursuant to the Health Insurance Portability and Accountability Act of 1996 were enacted in 2003. HIPAA was adopted to ensure health insurance coverage after leaving an employer and also to provide standards for facilitating healthcare-related electronic transactions. The HIPAA Privacy Rule provides the first national standards for protecting the privacy of health information. The Privacy Rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral), but excludes certain educational records and employment records. Among other provisions, the Privacy Rule

  • Gives patients more control over their health information;
  • Sets boundaries on the use and release of health records;
  • Establishes appropriate safeguards that the majority of healthcare providers and others must achieve to protect the privacy of health information;
  • Holds violators accountable with civil and criminal penalties that can be imposed if they violate patients’ privacy rights;
  • Strikes a balance when public health responsibilities support disclosure of certain forms of data;
  • Enables patients to make informed choices based on how individual health information may be used;
  • Enables patients to find out how their information may be used and what disclosures of their information have been made;
  • Generally limits release of information to the minimum reasonably needed for the purpose of the disclosure;
  • Generally gives patients the right to obtain a copy of their own health records and request corrections; and
  • Empower individuals to control certain uses and disclosures of their health information.76

VII.B. Accessioning and Work Flow

The laboratory must assign a unique accession number for each individual case. All patient demographic data required by regulatory agencies should be entered at accessioning. The unique accession number facilitates the tracking of a case through all stages of handling in the cytology laboratory from pre-analytic (accessioning and specimen preparation,) and analytic (screening and interpretation,) through post-analytic processing (reporting, and quality assurance follow up.)77 Labels for paperwork and slides may be handwritten, purchased, printed with a stand-alone printer or generated by the LIS as part of accessioning. Bar coded labels can increase the efficiency and accuracy of this process.

VII.C. Record Storage and Retrieval

The laboratory must have the ability to record and retrieve specimen information and patient reports for the periods specified by regulatory agencies.6,78 The system, whether manual or automated, should allow access to all cytology reports and all available and related surgical pathology reports to facilitate cytologic/histologic correlation. Older data may be electronically archived or records may be stored offsite as long as retrieval does not hinder patient care or delay regulatory inspections. The ability of a system to correlate or merge records when there is an alteration in patient identifiers (such as name, hospital record number or other identifiers) without altering the data in the original records is also desirable. The use of unique identifiers, such as the patient’s hospital record number, allows for more accurate matching.

VII.D. Terminology

Standardized terminology (preferably Systematized Nomenclature of Medicine [SNOMED]) used in the LIS should be stored in the computer database and accessed by use of mnemonics or assigned codes. Free-text capability is necessary for rare or unusual interpretations, microscopic descriptions, and for comments and/or recommendations that are not routine. Manual reporting should be standardized to allow retrieval of data based upon interpretation.

VII.E. Data Transfer

Transfer of clinical information and interpretive data to the report must be precise. This may occur via a manual written report, by manual entry into the LIS, or by use of optical mark readers that are interfaced with the LIS. The accuracy of this information must be monitored through the laboratory’s Quality Assurance Program.79 In addition to storing patient information and reports, laboratory information systems (LIS) may be used to generate billing statements or to transfer data to billing systems, clinician offices, hospital computer systems, Medicare, and other third party payers. Linkage of reports to interpretation and procedure codes [International Classification of Disease (ICD-9)], hospital procedure and billing codes [HCFA Common Procedure Coding System (HCPCS)] and Current Procedural Terminology (CPT) codes may be required for billing purposes. Linkage of reports to SNOMED (Systematized Nomenclature of Medicine) is desirable for statistical reporting.

VII.F. Quality Assurance

Laboratory data must be retrievable for quality assurance purposes and to generate statistical reports required by regulatory agencies and accrediting organizations within the retention period prescribed by CLIA ’88 or applicable state regulations. At a minimum the laboratory must document the number of nongynecological cytology cases.6 Ideally, the system should provide the ability to account for cases by organ or body site in addition to interpretive category if the laboratory chooses to monitor its work with this detail.

If the laboratory chooses to perform quality control rescreening for nongynecological specimens, it is desirable for the LIS to facilitate random or directed selection of cases. The LIS should not allow release of results until the rescreen examination is complete. Patient information should be stored in a manner that easily allows for cytologic/histologic correlation.

Quality management of the LIS is just as significant as the quality assurance functions that the system may provide for laboratory testing.80 The physical environment must provide conditions for optimal computer functioning and there must be systems in place to preserve data and equipment in the event of a natural disaster. Written procedures must cover every function and all circumstances for use. Software developers need rigorous QC processes to verify all functions. As with any other laboratory test or methodology, the end user must verify any new or changed processes.81

VII.G. Variability of Practice

Differences between manual and electronic data management systems are discussed throughout this section and encompass most practice settings.

(Click Here to Advance to the Next Chapter)



6     College of American Pathologists. Commission on Laboratory Accreditation Inspection Checklist 2002 edition, Northfield, Illinois.

76     Centers for Disease Control and Prevention, Morbidity and Mortality Weekly Report, HIPAA Privacy Rule and Public Health, Vol. 52, May 2, 2003.

77     Buffone GJ, Moreau D, Beck JR. Workflow computing.  Improving management and efficiency of pathology diagnostic services. Am J Clin Pathol 1996; 105:S17-24.

78     Clinical Laboratory Improvement Amendments of 1988; Final Rule. Federal Register. Jan. 24, 2003; Vol. 68: 493.1274(f).

79     Clinical Laboratory Improvement Amendments of 1988; Final Rule. Federal Register. Jan. 24, 2003; Vol. 68: 493.1291(a).

80     Aller R.  The laboratory information system a medical device: inspection and accreditation issues.  Clinical Laboratory Management Review 1992; 6:58-64.

81     Clinical Laboratory Improvement Amendments of 1988; Final Rule. Federal Register. Jan. 24, 2003; Vol. 68: 493.1253