Difference between revisions of "User:Shawndouglas/sandbox/sublevel45"

From LIMSWiki
Jump to navigationJump to search
 
(42 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[File:NIST Cloud Computing Security Reference Architecture (9029002396).jpg|right|500px|thumb|'''Figure 3.''' The ''NIST Cloud Computing Security Reference Architecture'' provides a security overlay to the ''NIST Cloud Computing Reference Architecture'', published in 2011.]]Numerous organizations have taken up the mantle in developing and disseminating cloud compliance standards, guidelines, and recommendations since the late 2000s, some independently (e.g., the Storage Networking Industry Association) and others by government mandate (e.g., National Institute of Standards and Technology). Some organizations have tailored their content to a specific industry (e.g., PCI Security Standards Council and the financial industry), while others have focused on a sector of business (e.g., FedRAMP and the U.S. Federal government). As the development of these standards, guidelines, and recommendations has continued, the groundwork has been created for future updates. NIST's early work with its SP 500-293 ''NIST Cloud Computing Technology Roadmap, Volume I and II'' and SP 500-299 ''NIST Cloud Computing Security Reference Architecture'' (Figure 3) have gone on to further define a modern approach to categorizing, evaluating, comparing, and selecting cloud services.<ref name="SimmonEval18">{{cite web |url=https://www.nist.gov/publications/evaluation-cloud-computing-services-based-nist-sp-800-145 |title=Evaluation of Cloud Computing Services Based on NIST SP 800-145 |author=Simmon, E.D. |publisher=NIST |date=23 February 2018 |accessdate=21 August 2021}}</ref> And those documents were influenced by even earlier work by the Cloud Security Alliance's Enterprise Architecture efforts.<ref name="CSAEnt20">{{cite web |url=https://cloudsecurityalliance.org/artifacts/enterprise-architecture-reference-guide-v2/ |title=CSA Enterprise Architecture Reference Guide v2 |publisher=Cloud Security Alliance |date=2020 |accessdate=21 August 2021}}</ref>
===Broad feature set of a pathology information management solution===


The work to improve and expand upon existing standards continues today, even as new service models for cloud computing emerge. Examples of the prior mentioned and other organizations contributing to these efforts are shown in Table 3.
A pathology information management solution (PIMS) ...


{|
| STYLE="vertical-align:top;"|
{| class="wikitable" border="1" cellpadding="5" cellspacing="0" width="70%"
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;" colspan="3"|'''Table 3.''' Organizations that have developed and are developing cloud compliance standards, guidelines, recommendations, and frameworks
|-
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Organization
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Description
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Link to standards, etc.
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Crown Commercial Services and G-Cloud
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Though not a standards organization, the U.K. Crown Commercial Service's (CSS's) G-Cloud program and framework allows companies considering selling cloud-based services to the U.K. government to make their services available "through a front-end catalogue called the Digital Marketplace." The framework agreements place specific requirements on the various services being offered by the provider, and in return, the provider can bid on government opportunities without going through the full procurement process.<ref name="AdviceCloudUltimate">{{cite web |url=https://advice-cloud.co.uk/ultimate-guide-gcloud/ |title=Ultimate Guide to G-Cloud |publisher=AdviceCloud |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.gov.uk/government/publications/g-cloud-12-framework-agreement G-Cloud standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|DMTF
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Formerly known as the Distributed Management Task Force, DMTF "creates open manageability standards spanning diverse emerging and traditional IT infrastructures."<ref name="DMTFAbout">{{cite web |url=https://www.dmtf.org/about |title=About DMTF |publisher=DMTF |accessdate=21 August 2021}}</ref> This includes cloud standards, [[virtualization]] standards, networking standards, and more.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.dmtf.org/standards/cloud DMTF standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|European Telecommunications Standards Institute
  | style="background-color:white; padding-left:10px; padding-right:10px;"|ETSI "supports the timely development, ratification and testing of globally applicable standards" for information and communications technology (ICT) hardware, software, and services.<ref name="ETSIAbout">{{cite web |url=https://www.etsi.org/about |title=About ETSI |publisher=European Telecommunications Standards Institute |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.etsi.org/standards#page=1&search=cloud ETSI standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|General Services Administration and FedRAMP
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Though not a standards organization, the U.S. General Services Administration's (GSA's) FedRAMP program "provides a standardized approach to security authorizations for cloud service offerings" for the U.S. Federal government.<ref name="FedRAMP">{{cite web |url=https://www.fedramp.gov/ |title=FedRAMP |publisher=General Services Administration |accessdate=21 August 2021}}</ref> FedRAMP "standardizes security requirements for the authorization and ongoing cybersecurity of cloud services" as authorized by a number of regulations and policies.<ref name="FedRAMPProg">{{cite web |url=https://www.fedramp.gov/program-basics/ |title=Program Basics |publisher=General Services Administration |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.fedramp.gov/documents-templates/ FedRAMP standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|IEEE Standards Association
  | style="background-color:white; padding-left:10px; padding-right:10px;"|IEEE's Standards Association, which attempts "to facilitate standards development and standards related collaboration," has a Cloud Computing Initiative that has developed several working drafts related to cloud computing.<ref name="IEEESAStandards">{{cite web |url=https://cloudcomputing.ieee.org/standards |title=Standards in Cloud Computing |author=IEEE Cloud Computing Initiative |publisher=IEEE Standards Association |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://cloudcomputing.ieee.org/standards IEEE SA standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|International Organization for Standardization (ISO)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The ISO is a primary global standards organization that has been developing a wide variety of standards for decades. Numerous cloud-computing standards have been published under International Classification for Standards (ICS) code 35.210.<ref name="ISO35.210">{{cite web |url=https://www.iso.org/ics/35.210/x/ |title=ICS > 35: 35.210 Cloud Computing |publisher=International Organization for Standardization |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.iso.org/ics/35.210/x/ ISO standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|International Telecommunication Union (ITU)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The ITU is the United Nation's specialized agency for information communication technologies (ICTs). Among their activities, the agency develops technical standards and facilitates international connectivity in communication networks.<ref name="ITUAbout">{{cite web |url=https://www.itu.int/en/about/Pages/default.aspx |title=About International Telecommunication Union (ITU) |publisher=International Telecommunication Union |accessdate=21 August 2021}}</ref> Many recommendation documents have been developed through its Telecommunication Standardization Sector (ITU-T), SG13 Study Group, including cloud computing recommendations (Y Series).
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.itu.int/ITU-T/recommendations/index_sg.aspx?sg=13 ITU-T standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|National Institute of Standards and Technology (NIST)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|NIST is a U.S. Department of Commerce institute which focuses on scientific measurement and standardization. They have developed a numbers roadmaps, guidelines, and definitions through its SAJACC<ref name="NISTStand18">{{cite web |url=https://www.nist.gov/itl/standards-acceleration-jumpstart-adoption-cloud-computing-sajacc |title=Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) |publisher=National Institute of Standards and Technology |date=03 June 2018 |accessdate=21 August 2021}}</ref> and NCCP<ref name="NIST_NCCP19">{{cite web |url=https://www.nist.gov/programs-projects/nist-cloud-computing-program-nccp |title=NIST Cloud Computing Program - NCCP |publisher=National Institute of Standards and Technology |date=09 July 2019 |accessdate=21 August 2021}}</ref> initiatives.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.nist.gov/news-events/news-updates/topic/248706 NIST standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|OMG Cloud Working Group
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Previously known as the Cloud Standards Customer Council (CSCC), OMG's Cloud Working Group (CWG) "publishes vendor-neutral guidance on important considerations for cloud computing adoption, highlighting standards, opportunities for standardization, cloud customer requirements, and best practices to foster an ecosystem of open, standards-based cloud computing technologies."<ref name="OMGCloud">{{cite web |url=https://www.omg.org/cloud/ |title=Cloud Working Group |publisher=Object Management Group |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.omg.org/cloud/deliverables/index.htm CWG standards, etc.]
|- 
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Open Grid Forum (OGF)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The OGF is "an open global community committed to driving the rapid evolution and adoption of modern advanced applied distributed computing, including cloud, grid and associated storage, networking and workflow methods."<ref name="OGFHome">{{cite web |url=https://www.ogf.org/ogf/doku.php |title=Open Grid Forum |publisher=Open Grid Forum |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.ogf.org/ogf/doku.php/documents/documents OGF standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Organization for the Advancement of Structured Information Standards (OASIS)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|OASIS Open is a standards body that "offers projects—including open source projects—a path to standardization and de jure approval for reference in international policy and procurement."<ref name="OASISAbout">{{cite web |url=https://www.oasis-open.org/org/ |title=About Us |publisher=OASIS Open |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.oasis-open.org/standards/ OASIS Open standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|PCI Security Standards Council (PCI SSC)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|PCI SSC "is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide."<ref name=PCISecAbout">{{cite web |url=https://www.pcisecuritystandards.org/about_us/ |title=About Us |publisher=PCI Security Standards Council |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.pcisecuritystandards.org/document_library PCI SSC Open standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Storage Networking Industry Association (SNIA)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|SNIA develops and promotes "vendor-neutral architectures, standards, and educational services that facilitate the efficient management, movement, and security of information,"<ref name="SNIAVision">{{cite web |url=https://www.snia.org/about/vision-mission |title=Vision and Mission |publisher=Storage Networking Industry Association |accessdate=21 August 2021}}</ref> including the Cloud Data Management Interface (CDMI) standard.<ref name="SNIAStand">{{cite web |url=https://www.snia.org/tech_activities/standards/curr_standards |title=Standards Portfolio |publisher=Storage Networking Industry Association |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.snia.org/tech_activities/standards/curr_standards SNIA standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The Open Group
  | style="background-color:white; padding-left:10px; padding-right:10px;"|This organization attempts "to capture, clarify, and integrate current and emerging requirements, establish standards and policies, and share best practices."<ref name="TOGHome">{{cite web |url=https://www.opengroup.org/ |title=The Open Group |publisher=The Open Group |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.opengroup.org/subject-areas-0 Open Group standards, etc.]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|TM Forum
  | style="background-color:white; padding-left:10px; padding-right:10px;"|This global alliance attempts "to collaboratively solve complex industry-wide challenges, deploy new services and create technology breakthroughs to accelerate change."<ref name="TMForumAbout">{{cite web |url=https://www.tmforum.org/about-tm-forum/ |title=About Us |publisher=TM Forum |accessdate=21 August 2021}}</ref> As a result of this collaboration, several technical documents and guides related to cloud computing have been developed.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.tmforum.org/?s=cloud&post_type=product TM Forum standards, etc.]
|-
|}
|}


However, organizational standards, guidelines, and recommendations alone do not influence how cloud computing services can and should be implemented and operated. Regulatory bodies, legislative bodies, and government agencies also directly or indirectly have an impact on cloud service operations. In some cases, the law, regulation, or guidance coming from such bodies may not even mention "cloud computing," yet because they mandate how specific data and information can be managed, used, and distributed, they ultimately influence what a cloud service provider (CSP) does and how they do it. This can be observed by more than a few of the examples in Table 4. The California Consumer Privacy Act, for example, makes no mention of the word "cloud," but CSPs and cloud users alike must consider aspects of the regulation, e.g., what can and cannot be done with a consumer's information based on location of the stored information.<ref name="Cal1.18.5">{{cite web |url=https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 |title=TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100] |work=California Legislative Information |publisher=Legislative Counsel Bureau |accessdate=21 August 2021}}</ref>
* '''automated reflex testing''': Some PIMS vendors include pre-loaded, customizable lists of reflex tests associated with certain pathology procedures and their associated diagnoses. Optimally, these reflex texts are automatically suggested at specimen reception, based on specimen and/or pathology test type.<ref name="NPSoftware13">{{cite web |url=https://www.novopath.com/content/pdf/novopathbrochure.pdf |format=PDF |title=NovoPath - Software Advancing Patient Diagnostics |publisher=NovoPath, Inc |date=2013 |accessdate=05 September 2020}}</ref><ref name="PsycheWindo">{{cite web |url=https://psychesystems.com/enterprise-laboratory-information-software/windopath/ |title=WindoPath Ē.ssential |publisher=Psychē Systems Corporation |accessdate=05 September 2020}}</ref> Examples of pathology-driven reflex testing in use today include testing for additional biomarkers for non-small-cell lung carcinoma (NSCLC) adenocarcinoma<ref name="SundinPath19">{{cite journal |url=https://www.medlabmag.com/article/1619 |title=Pathology-Driven Reflex Testing of Biomarkers |journal=Medical Lab Management |author=Sundin, T. |volume=8 |issue=11 |page=6 |year=2019}}</ref>, HPV testing in addition to cervical cytology examination<ref name="FDANewApproaches19">{{cite web |url=https://www.fda.gov/media/122799/download |title=New Approaches in the Evaluation for High-Risk Human Papillomavirus Nucleic Acid Detection Devices |author=U.S. Food and Drug Administration |publisher=U.S. Food and Drug Administration |date=08 March 2019 |accessdate=05 September 2020}}</ref><ref name="StolerAdjunctive15">{{cite book |chapter=Chapter 9: Adjunctive Testing |title=The Bethesda System for Reporting Cervical Cytology |author=Stoler, M.H.; Raab, S.S.; Wilbur, D.C. |editor=Nayar, R.; Wilbur, D. |publisher=Springer |pages=287–94 |year=2015 |doi=10.1007/978-3-319-11074-5_9 |isbn=9783319110745}}</ref> (discussed further in "adjunctive testing"), and additional automatic testing based off routine coagulation assays at hemostasis labs.<ref name="MohammedDevel19">{{cite journal |title=Development and implementation of an expert rule set for automated reflex testing and validation of routine coagulation tests in a large pathology network |journal=International Journal of Laboratory Hematology |author=Mohammed, S.; Priebbenow, V.U.; Pasalic, L. et al. |volume=41 |issue=5 |pages=642–49 |year=2019 |doi=10.1111/ijlh.13078 |pmid=31271498}}</ref>


{|
* '''adjunctive testing''': Adjunctive testing is testing "that provides information that adds to or helps interpret the results of other tests, and provides information useful for risk assessment."<ref name="SegensAdjunct11">{{cite web |url=https://medical-dictionary.thefreedictionary.com/adjunct+test |title=adjunct test |work=Segen's Medical Dictionary |date=2011 |accessdate=05 September 2020}}</ref> A common adjunctive test performed in [[cytopathology]] is HPV testing.<ref name="FDANewApproaches19" /><ref name="StolerAdjunctive15" /> The FDA described this as such in 2003, specifically in regards to expanding the use of the Digene HC2 assay as an adjunct to cytology<ref name="FDANewApproaches19" />:
| STYLE="vertical-align:top;"|
{| class="wikitable" border="1" cellpadding="5" cellspacing="0" width="70%"
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;" colspan="4"|'''Table 4.''' Examples of some common regulations, recommendations, and guidance that shape the proper use of cloud-computing platforms
|-
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Regulation, recommendation, or guidance
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Creator
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Description
  ! style="background-color:#e2e2e2; padding-left:10px; padding-right:10px;"|Link
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|California Consumer Privacy Act (CCPA)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The State of California
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The CCPA "provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the 'sale' of their personal information."<ref name="GoogleCCPA">{{cite web |url=https://cloud.google.com/security/compliance/ccpa |title=California Consumer Privacy Act (CCPA) |publisher=Google Cloud |accessdate=21 August 2021}}</ref> Cloud solutions such as Google Cloud attempt to help users meet CCPA obligations, as well as meet their own commitments.<ref name="GoogleCCPA" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Cloud Computing Regulatory Framework (CCRF)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Kingdom of Saudi Arabia
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The KSA's CCRF "is based on international best practices and governs the rights and obligations of cloud service providers (CSPs), individual customers, government entities and businesses."<ref name="GuseyvaData20">{{cite web |url=https://incountry.com/blog/data-residency-laws-by-country-overview/ |title=Data residency laws by country: An overview |author=Guseyva, V. |work=InCountry |date=18 September 2020 |accessdate=21 August 2021}}</ref> It is one of only a few existing cloud-specific regulatory frameworks created by a government.<ref name="GuseyvaData20" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.citc.gov.sa/en/RulesandSystems/RegulatoryDocuments/Pages/CCRF.aspx Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Cloud Security Principles
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Government of the United Kingdom
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The U.K. developed a collection of 14 Cloud Security Principles that "include important considerations such as protection of data in transit, supply chain security, identity and authentication, and secure use of cloud services."<ref name="GoogleUKCloud">{{cite web |url=https://cloud.google.com/security/compliance/uk-ncsc |title=UK’s Cloud Security Principles |publisher=Google Cloud |accessdate=21 August 2021}}</ref> This is an example of a national government developing a cloud-specific set of guidance for its public sector.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.ncsc.gov.uk/collection/cloud-security/implementing-the-cloud-security-principles Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Federal Information Security Modernization Act of 2014 (FISMA)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|United States Government
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Amending the prior FISMA 2002, FISMA 2014 achieves several things, chief among them giving Federal government the ability to better respond to cybersecurity attacks on its departments and agencies. Compliance with FISMA means implementing "recommended information security controls for federal information systems as identified in the NIST SP 800-53."<ref name="PAWhatIs21">{{cite web |url=https://www.paloaltonetworks.com/cyberpedia/difference-between-fisma-and-fedramp |title=What is the Difference between FISMA and FedRAMP? |publisher=PaloAlto Networks |date=2021 |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.cisa.gov/federal-information-security-modernization-act Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[[General Data Protection Regulation]] (GDPR)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|European Union
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The GDPR is a non-trivial regulatory hurdle with positive intentions, with the goal of strengthening personal data protection in Europe. The regulation "lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe."<ref name="GoogleGDPR">{{cite web |url=https://cloud.google.com/security/gdpr |title=Google Cloud & the General Data Protection Regulation (GDPR) |publisher=Google Cloud |accessdate=21 August 2021}}</ref> Cloud vendors like Google may stipulate in their contracts with European clients how they meet that guidance, as well as offer tools, documentation, and other resources to assist with assessment of the vendor's services.<ref name="GoogleGDPR" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Guidance on Outsourcing to Cloud Service Providers
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Germany's Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|BaFin's Guidance document on cloud service outsourcing "provides specific outsourcing guidance for financial institutions on contractual terms, including information and audit rights, the right to issue instructions, data security / protection, termination and chain outsourcing."<ref name="GoogleBaFinCloud">{{cite web |url=https://cloud.google.com/security/compliance/bafin |title=BaFin Cloud Outsourcing Guidance |publisher=Google Cloud |accessdate=21 August 2021}}</ref> Cloud vendors like Google may stipulate in their contracts with German clients how they meet that guidance.<ref name="GoogleBaFinCloud" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.bafin.de/SharedDocs/Downloads/EN/Merkblatt/BA/dl_181108_orientierungshilfe_zu_auslagerungen_an_cloud_anbieter_ba_en.html?nn=9866146 Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[[Health Insurance Portability and Accountability Act]] (HIPAA)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|United States Government
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The HIPAA Rules "establish important protections for individually identifiable health information ..., including limitations on uses and disclosures of such information, safeguards against inappropriate uses and disclosures, and individuals’ rights with respect to their health information."<ref name="HHSGuidance20">{{cite web |url=https://www.hhs.gov/hipaa/for-professionals/special-topics/health-information-technology/cloud-computing/index.html |title=Guidance on HIPAA & Cloud Computing |author=Office for Civil Rights |work=Health Information Privacy |publisher=U.S. Department of Health & Human Services |date=24 November 2020 |accessdate=21 August 2021}}</ref> HIPAA compliance is so vital for some organizations that U.S. government entities like the U.S. Department of Health & Human Services (HHS) have published their own guidance towards how HIPAA covered entities can best comply when using cloud services.<ref name="HHSGuidance20" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.hhs.gov/hipaa/for-professionals/index.html Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Joint Statement: Security in a Cloud Computing Environment
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Federal Financial Institutions Examination Council (FFIEC)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|In this document, the FFIEC—an interagency group of federal and state banking regulators—addresses "the use of cloud computing services and security risk management principles in the financial services sector" and "highlights examples of risk management practices for a financial institution’s safe and sound use of cloud computing services and safeguards to protect customers’ sensitive information from risks that pose potential consumer harm."<ref name="FFIECJoint20">{{cite web |url=https://www.ffiec.gov/press/PDF/FFIEC_Cloud_Computing_Statement.pdf |format=PDF |title=Joint Statement: Security in a Cloud Computing Environment |date=30 April 2020 |accessdate=21 August 2021}}</ref><ref name="RossUS20">{{cite web |url=https://www.regulationtomorrow.com/us/us-bank-regulators-issue-cloud-computing-security-guidance/ |title=US bank regulators issue cloud computing security guidance |author=Ross, S.; Scott, K. |work=Financial Services: Regulation Tomorrow |publisher=Norton Rose Fulbright |date=06 May 2020 |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.ffiec.gov/press/PDF/FFIEC_Cloud_Computing_Statement.pdf Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|OMB Circular A-130, Managing Information as a Strategic Resource
  | style="background-color:white; padding-left:10px; padding-right:10px;"|United States Government
  | style="background-color:white; padding-left:10px; padding-right:10px;"|This (revised) Obama-era circular "establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services," including cloud services.<ref name="WHOMBA-130_16">{{cite web |url=https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/circulars/A130/a130revised.pdf |format=PDF |title=OMB Circular A-130, Managing Information as a Strategic Resource |publisher=The White House |date=28 July 2016 |accessdate=21 August 2021}}</ref> In addition to FISMA, this circular supports the FedRAMP program and its standardized security requirements.<ref name="FedRAMP" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/circulars/A130/a130revised.pdf Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Personal Data Protection Law (KVKK)
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Government of Turkey
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Turkey's KVKK (Kişisel Verileri Koruma Kanunu) "regulates the protection of personal data and outlines the obligations that entities and individuals dealing with personal data must comply with."<ref name="CoosAllYou20">{{cite web |url=https://www.endpointprotector.com/blog/everything-you-need-to-know-about-turkeys-personal-data-protection-law/ |title=All You Need to Know About Turkey’s Personal Data Protection Law (KVKK) |author=Coos, A. |work=Endpoint Protector Blog |date=30 April 2020 |accessdate=21 August 2021}}</ref> It has significant relevancy to cloud computing efforts in the country.<ref name="ErsoyCloud20">{{cite web |url=https://www.kilinclaw.com.tr/en/cloud-computing-technologies-and-its-legal-dimension/ |title=Cloud Computing Technologies and Its Legal Dimension |author=Ersoy, E.C.; Karakaş, M. |publisher=Kılınç Law and Consulting |date=19 June 2020 |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.kvkk.gov.tr/en/ Link]
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Protective Security Policy Framework
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Australian Government
  | style="background-color:white; padding-left:10px; padding-right:10px;"|The PSPF "assists Australian Government entities to protect their people, information, and assets, both at home and overseas." It contains multiple statements about how cloud computing should be handled.<ref name="AGProtect">{{cite web |url=https://www.protectivesecurity.gov.au/ |title=The Protective Security Policy Framework |publisher=Australian Government |accessdate=21 August 2021}}</ref>
  | style="background-color:white; padding-left:10px; padding-right:10px;"|[https://www.protectivesecurity.gov.au/ Link]
|-
|}
|}


While Big Tech was as early as 2010 asking the U.S. government to take a more proactive regulatory approach to cloud computing<ref name="AlpernMicro10">{{cite web |url=https://www.industryweek.com/innovation/article/21932894/microsoft-to-congress-time-for-new-cloud-computing-laws |title=Microsoft to Congress: Time For New Cloud Computing Laws |author=Alpern, P. |work=IndustryWeek |date=10 February 2010 |accessdate=21 August 2021}}</ref>, actual direct regulation of cloud computing by the world's governments has been limited.<ref name="LeviteCloud20">{{cite web |url=https://carnegieendowment.org/2020/11/09/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 |title=Cloud Governance Challenges: A Survey of Policy and Regulatory Issues |author=Levite, A.; Kalwani, G. |publisher=Carnegie Endowment for International Peace |date=09 November 2020 |accessdate=21 August 2021}}</ref><ref name="AliTheRole20">{{cite journal |title=The role of government regulations in the adoption of cloud computing: A case study of local government |journal=Computer Law & Security Review |author=Ali, O.; Osmanaj, V. |volume=36 |at=105396 |year=2020 |doi=10.1016/j.clsr.2020.105396}}</ref> This leads to complicated viewpoints about the value of regulation vs. its drawbacks. Yes, careful regulation can help ensure consistent, affordable, and secure access to cloud services and may even encourage organizations to adopt the technology.<ref name="LeviteCloud20" /> However, a headstrong approach to regulations for CSPs, without sector- and industry-specific considerations, may have unintended consequences, e.g., unduly raising compliance costs or forcing insufficient levels of access control on an entity.<ref name="LeviteCloud20" />
<blockquote>In women 30 years and older, the HC2 High-Risk HPV DNA test can be used with Pap to adjunctively screen to assess the presence or absence of high-risk HPV types. This information, together with the physician’s assessment of cytology history, other risk factors, and professional guidelines, may be used to guide patient management.</blockquote>


At least in the U.S., lawmakers and regulators may soon be pressured to increase regulatory approaches to cloud computing. This may be driven by the increasingly concentrated nature of cloud services in a handful of tech giants, though at the same time hampered by the widely varying approaches to addressing cloud-related issues via policy and regulation at the national and international levels. First, the very nature of these cloud services—and the ever increasing criticality they attain—as centralized services ensures the regulatory eye will increasingly be placed upon those cloud vendors. In fact, discussion about and designation of cloud services as critical infrastructure is already occurring in earnest, as they have "become essential to the performance of a growing swath of other sectors that have not heretofore been massively dependent on centralized cloud functionalities, and hence vulnerable to their disruption."<ref name="LeviteCloud20" /><ref name="MaurerCloud20">{{cite web |url=https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597 |title=Cloud Security: A Primer for Policymakers |author=Maurer, T.; Hinck, G. |publisher=Carnegie Endowment for International Peace |date=31 August 2020 |accessdate=21 August 2021}}</ref> This may lead to policymakers, regulatory bodies, and legislators being left with little choice but to move forward with more policy and regulation. Second, and consequently, the development of such policy and regulation may not occur in a manner more unified with global perceptions but rather largely based upon localized values, interests, and priorities. The failure here is the lack of recognition of CSPs as being integral to individual, retail, corporate, organizational, and government operations around the globe, i.e. their centralized and concentrated position within a changing computing paradigm. As such, greater effort must be made by policymakers, regulators, and legislatures to find at least a minimum level of "compatibility and reconciliation" with other existing governance mechanisms, while carefully addressing both security of operation and operational robustness in tandem, such that there is greater harmonization globally.<ref name="LeviteCloud20" /> And through government-level support of harmonized controls—as well as a vested interest in promoting the responsible "development, dissemination, and operation of cloud infrastructure"—cloud users will stand a greater chance of reaping the economic benefits of adopting cloud computing.<ref name="LeviteCloud20" />
:Some PIMS vendors allow users to manually add an adjunctive test to a primary pathology test, or in some cases this may be enabled as part of an automated reflex testing process.<ref name="TDHistoCyto">{{cite web |url=https://www.technidata-web.com/solutions-services/disciplines/anatomic-pathology |title=TD HistoCyto Livextens |publisher=Technidata SAS |accessdate=05 September 2020}}</ref> However, ensure that any such solution is capable of feeding any adjunctive test results into the final report (see the subsection on this topic).


Current and future regulatory action applies to several areas of cloud computing. How a CSP responds to and notifies affected users of a security breach is one concern. Currently the U.S. government doesn't fully address in a unified fashion aspects of cloud security breaches such as protection obligations, reporting time, and required notification parties, nor any compensation mechanism for those affected.<ref name="MitnickNoMore18">{{cite web |url=https://www.accessnow.org/no-more-waiting-its-time-for-a-federal-data-breach-law-in-the-u-s/ |title=No more waiting: It’s time for a federal data breach law in the U.S. |author=Mitnick, D. |work=Access Now Blog |publisher=Access Now |date=10 April 2018 |accessdate=21 August 2021}}</ref> (All U.S. states and most territories do have their own flavor of breach notification legislation<ref name="NCSLSecurity20">{{cite web |url=https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx |title=Security Breach Notification Laws |publisher=National Conference of State Legislatures |date=17 July 2020 |accessdate=21 August 2021}}</ref>, but like cannabis law, this is problematic in the face of a strong divergence with federal law or lack thereof.) The applications and algorithms that drive and collect data from users of cloud-enabled applications may also face regulatory scrutiny or control by a national government, as was seen with both China's and the U.S.'s scrutiny of the TikTok application, its algorithms, and its security.<ref name="LeviteCloud20" /><ref name="BrandomTrump20">{{cite web |url=https://www.theverge.com/2020/9/2/21418496/tiktok-for-you-page-algorithm-deal-us-china-trump-microsoft |title=Trump’s TikTok deal has hit a serious roadblock |author=Brandom, R. |work=The Verge |date=02 September 2020 |accessdate=21 August 2021}}</ref><ref name="CoxOracle21">{{cite web |url=https://arstechnica.com/tech-policy/2021/02/oracles-tiktok-acquisition-reportedly-shelved-indefinitely/ |title=Oracle’s TikTok acquisition reportedly “shelved” indefinitely |author=Cox, K. |work=Ars Technica |date=10 February 2021 |accessdate=21 August 2021}}</ref> Data localization also remains a significant area of cloud computing regulation, not just for security concerns but also industrial policy, economic policy, privacy concerns, and human rights concerns.<ref name="LeviteCloud20" /> Other areas of concern that may see regulation include interoperability and portability, digital preservation (retention) obligations, and cross-border data transfer.
* '''demand management''': Similar to test optimization or clinical decision support, demand management mechanisms help laboratories reduce the amount of unnecessary and duplicate testing they perform. The idea of using demand management to reduce unnecessary pathology testing has been around since at least the beginning of the twenty-first century, if not well before, in the form of decision support systems and order request menus of informatics systems.<ref name="RaoPath03">{{cite journal |title=Pathology tests: is the time for demand management ripe at last? |journal=Journal of Clinical Pathology |author=Rao, G.G.; Crook, M.; Tillyer, M.L. |volume=56 |issue=4 |pages=243–48 |year=2003 |doi=10.1136/jcp.56.4.243 |pmid=12663633 |pmc=PMC1769923}}</ref> Lang described what the process of demand management would look like in a system like a [[laboratory information management system]] (LIMS) in 2013<ref name="LangLab13">{{cite journal |title=Laboratory demand management of repetitive testing – time for harmonisation and an evidenced based approach |journal=Clinical Chemistry and Laboratory Medicine |author=Lang, T. |volume=51 |issue=6 |pages=1139–40 |year=2013 |doi=10.1515/cclm-2013-0063 |pmid=23420284}}</ref>:


And then there's the proverbial "elephant in the room": overall data privacy and protection considerations in the cloud. This is a major concern typically because of statutes—like the California Consumer Privacy Act<ref name="GoogleCCPA" />—that broadly protect a collective of affected individuals and how their cloud data is collected, preserved, organized, stored, and used not only within the governing entity (e.g., state, country, political and economic union) but also as its transferred to and from the governing entity. The previously mentioned data localization and cross-border data transfer issues fall under this heading.<ref name="EusticeUnder18">{{cite web |url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing |title=Understand the intersection between data privacy laws and cloud computing |author=Eustice, J.C. |work=Legal Technology, Products, and Services |publisher=Thomson Reuters |date=2018 |accessdate=21 August 2021}}</ref> These often prove to be some of the most challenging regulations to develop, as lawmakers and regulators don't always anticipate the rate of change of technology. They're also difficult for CSPs and organizations to comply with, particularly due to the variance in requirements among all governing entities' laws.<ref name="EusticeUnder18" />
<blockquote>When implementing a demand management tool it is important that the system used to manage a laboratory workload can correctly identify the patient and match requests with the patient’s medical record. Ideally there should be one unique identifier used (e.g., NHS number in the UK), which will allow the LIMS to interrogate the patient’s previous pathology result to allow identification of duplicate or inappropriate requests. If a subsequent request is blocked, then it is also important that there is real-time notification of a potential redundant test so that the requestor can make an informed choice on the clinical need of the test and if it is required to override the rule. It is important that there is a facility whereby the laboratory or requestor can record the reason for blocking a request or overriding the rule.</blockquote>


Other approaches to regulation also affect how cloud computing services are implemented and managed. For example, rather than taking a broad approach towards regulation, addressing everyone providing and/or using cloud services, it's possible that regulators and legislators may take a more focused, sector-based approach. But that comes with its own set of problems, as Maurer and Hinck noted in their 2020 Carnegie Endowment paper<ref name="MaurerCloud20" />:
:Today, some PIMS are designed to allow configurable rules and parameters to check for duplicate and unnecessary tests at various levels (e.g., by test ID or catalog type, activity type, or some other order level).<ref name="MorrisDemand18">{{cite journal |title=Demand management and optimization of clinical laboratory services in a tertiary referral center in Saudi Arabia |journal=Annals of Saudi Medicine |author=Morris, T.F.; Ellison, T.L.; Mutabbagani, M. et al. |volume=38 |issue=4 |pages=299–304 |year=2018 |doi=10.5144/0256-4947.2018.299 |pmid=30078029 |pmc=PMC6086671}}</ref><ref name="DXCLab">{{cite web |url=https://www.dxc.technology/healthcare/offerings/139499/139776-dxc_laboratory_information_management_lims |title=DXC Laboratory Information Management (LIMS) |publisher=DXC Technology Services, LLC |accessdate=05 September 2020}}</ref>


<blockquote>[T]he impact of a cloud security incident usually depends on what type of data or service is affected. Thus, the most suitable potential regulatory requirements with respect to security may differ across sectors that deal with different types of data—from the highly sensitive, fast-moving data common in the financial sector to the more privacy-sensitive personal data used by medical service providers. However, crafting regulation on a sector-by-sector basis would likely create conflicting requirements and incomplete standards.</blockquote>
* '''consent management''': In clinical medicine, patients typically must sign a form indicating informed consent to medical treatment.<ref name="AMAInformed">{{cite web |url=https://www.ama-assn.org/delivering-care/ethics/informed-consent |title=Informed Consent |work=Code of Medical Ethics |publisher=American Medical Association |accessdate=22 September 2020}}</ref> Biobanking facilities, which store biospecimens, also must collect consent forms regarding how a patient's biospecimens may be used.<ref name="AveryBiobank18">{{cite web |url=https://www.biobanking.com/biobanking-consent-informing-human-subjects-of-the-possibilities/ |title=Biobanking Consent: Informing Human Subjects of the Possibilities |author=Avery, D. |work=Biobanking.com |date=16 July 2018 |accessdate=22 September 2020}}</ref> In all cases, these consent documents drive how and when certain actions take place. Though not common, some LIMS like LabVantage Pathology by Software Point<ref name="SPLabVantPath">{{cite web |url=https://softwarepoint.com/solutions/product/labvantage-pathology |title=LabVantage Pathology |publisher=Software Point Oy |accessdate=22 September 2020}}</ref> provide consent management mechanisms within their PIMS, giving pathologists the ability to quickly verify consent details electronically. In biobanking solutions, this consent management process may be more rigorous to ensure biospecimen donors' preferences and regulatory requirements are being carefully followed. For example, the system may need to be able to prevent further use of a biospecimen and trigger sample and data deletion protocols when a donor withraws their consent to use.<ref name="BikaNCV15">{{cite web |url=https://www.bikalims.org/downloads/bika-open-source-biobank-management-system/at_download/file |format=PDF |title=NCB-H3A Cape Town Biobank Management System - Functional Requirements Overview & Phase I Objectives |author=SANBI; Bika Lab Systems |publisher=Bika Lab Systems |date=20 November 2015 |accessdate=22 September 2020}}</ref>


Finally, as a third option, rather than direct regulation of the broad market or even specific sectors, some governments may simply use their considerable weight to influence how CSPs provide their services, influencing future regulation, as Levite and Kalwani note in their 2020 paper for the Carnegie Endowment<ref name="LeviteCloud20" />:
* '''case management and review''': Most PIMS provide a means for managing pathology cases, recorded instances of disease and its attendant circumstances.<ref name="FarlexCase12">{{cite web |url=https://medical-dictionary.thefreedictionary.com/case |title=case |work=Farlex Partner Medical Dictionary |date=2012 |accessdate=25 September 2020}}</ref> This includes the management of case history, a collection of data concerning an individual, their family, their environment, their medical history, and other other information valuable for analyzing, diagnosing, reviewing, or otherwise instructing others on the case.<ref name="MKECase03">{{cite web |url=https://medical-dictionary.thefreedictionary.com/case |title=case |work=Miller-Keane Encyclopedia and Dictionary of Medicine, Nursing, and Allied Health, Seventh Edition |date=2003 |accessdate=25 September 2020}}</ref> Having an information system to better manage data entry, data analysis, case tracking, and case storage may aid in secondary and internal case reviews before final report, which have been shown to improve diagnostic accuracies and overall experiential knowledge of pathologists.<ref name="HuckKnowledge15">{{cite book |chapter=Chapter 7: Knowledge, Training, and Experience |title=Error Reduction and Prevention in Surgical Pathology |author=Huck, A.; Nosé, V. |editor=Nakhleh, R.E. |publisher=Springer |pages=103–114 |year=2015 |isbn=9781493923397 |url=https://books.google.com/books?id=HXAKBwAAQBAJ&pg=PA103}}</ref> Aspects of case manamagement and review that a PIMS may handle include automatic case creation, automatic and priority case assignment, and automatic case tracking, as well as limit case acces based on user permissions, and send alerts for clinical history follow-ups and other case statuses.<ref name="LLAnatom" /><ref name="PIMSPathX">{{cite web |url=http://pathxlis.com/downloads/PDFs/PathX%20-%20Capabilities%20Brochure.pdf |format=PDF |title=PathX Laboratory Information System |publisher=Physicians Independent Management Services |accessdate=25 September 2020}}</ref><ref name="LBAperioPathDX">{{cite web |url=https://www.leicabiosystems.com/digital-pathology/manage/aperio-path-dx/ |title=Aperio Path DX - Case Management Software |publisher=Leica Biosystems Nussloch GmbH |accessdate=25 September 2020}}</ref> Note that a handful of vendors such as Leica Biosystems provide stand-alone case management solutions that can be integrated with instruments and other LIS systems.<ref name="LBAperioPathDX" />
 
* '''workflow management''': The tools for workflow management have become increasingly common in PIMS and other laboratory informatics applications over the years, with the idea of using automation to improves efficiencies and accuracies in the lab. However, workflows and protocols can differ—sometimes significantly—from one pathology lab to another. Being able to configure workflow pathways in the PIMS to be compliant with required testing protocols is vital. This is especially important with the gradual transition to more digital pathology methods, where digitally sharing cases and automatically scanned slide images has great value.<ref name="XifinIsYour20">{{cite web |url=https://www.xifin.com/resources/blog/201912/your-lab-ready-ai-digital-pathology-workflow |title=Is Your Lab Ready for an AI Digital Pathology Workflow? |publisher=XIFIN, Inc |date=03 January 2020 |accessdate=25 September 2020}}</ref> As such, vendors such as Orchard Software and XIFIN provide solutions with configurable workflows to help labs translate their workflows into the system.<ref name="OSOrchPath" /><ref name="XIFINLabInfoSys">{{cite web |url=https://www.xifin.com/products/laboratory-information-system |title=Laboratory Information System |publisher=XIFIN, Inc |accessdate=25 September 2020}}</ref>
 
* '''speech recognition and transcription management''': Like other medical fields, pathologists may utilize dictation and transcription services within their workflow. This has traditionally involved the pathologist speaking while a transcriptionist manually records the words to paper, or the pathologist scribbling notes in shorthand, with the transcriptionist "translating" the notes to usable clinical documentation. This could include anything from specimen descriptions and diagnoses to pathology obsevations and procedure notes. PIMS vendors have over the years added more automated methods to such tasks in their solutions, however, such as speech recognition modules and transcription management tools that, for example, automatically assign recordings to a transcriber's pending work list.<ref name="NPSoftware13" /><ref name="SPLabVantPath" /><ref name="AspyraAnaPath" /><ref name="PIMSPathX" />
 
:It's important to note, however, though PIMS vendors may market the speech recognition component of their solution at being 99 percent effective, past studies have shown 88.9 to 96 percent accuracy, though with tiny annual gains as the technology matures.<ref name="HodgsonRisks16">{{cite journal |title=Risks and benefits of speech recognition for clinical documentation: A systematic review |journal=JAMIA |author=Hodgson, T.; Coiera, E. |volume=23 |issue=e1 |pages=e169–79 |year=2016 |doi=10.1093/jamia/ocv152 |pmid=26578226 |pmc=PMC4954615}}</ref><ref name="ZhouAnal18">{{cite journal |title=Analysis of Errors in Dictated Clinical Documents Assisted by Speech Recognition Software and Professional Transcriptionists |journal=JAMA Network Open |author=Zhou, L.; Blackley, S.V.; Kowalski, L. et al. |volume=1 |issue=3 |at=e180530 |year=2018 |doi=10.1001/jamanetworkopen.2018.0530 |pmid=30370424 |pmc=PMC6203313}}</ref> If speech recognition is being used in lieu of a hired transcriptionist, it's especially vital to add manual editing and review before reporting.<ref name="ZhouAnal18" /><ref name="MatthewsWhyMed19">{{cite web |url=https://www.healthitoutcomes.com/doc/why-medical-dictation-is-still-better-than-voice-recognition-for-now-0001 |title=Why Medical Dictation Is Still Better Than Voice Recognition ... For Now |author=Matthews, K. |work=Health IT Outcomes |date=20 December 2019 |accessdate=25 September 2020}}</ref>
 
* '''storage and tissue bank management''': Biorepositories and pathology laboratories go hand-in-hand. A significant example can be found with the relationship medical school biorepositories have with their pathology labs and departments, as with, for example, Duke University<ref name="DukeBiorep">{{cite web |url=https://pathology.duke.edu/core-facilities-services/biorepository-precision-pathology-center |title=Biorepository & Precision Pathology Center |publisher=Duke University School of Medicine |accessdate=22 September 2020}}</ref>, University of Illinois Chicago<ref name="UIC_UIHealthBio">{{cite web |url=https://rrc.uic.edu/cores/rsd/biorepository/ |title=UI Health Biorepository |publisher=University of Illinois Chicago |accessdate=22 September 2020}}</ref>, and the Icahn School of Medicine at Mount Sinai.<ref name="IcahnBiorep">{{cite web |url=https://icahn.mssm.edu/research/portal/resources/deans-cores/biorepository-and-pathology |title=Biorepository and Pathology |publisher=Icahn School of Medicine at Mount Sinai |accessdate=22 September 2020}}</ref> However, even small pathology laboratories must also responsibly store and track their specimens, blocks, and slides, as well as the storage variables affecting them. Any reputable laboratory informatics solution will be able to track the location of such items through barcode or RFID support, as well as allowing for the creation of named storage locations in the system. However, some informatics solutions like AgileBio's LabCollector go a step further, providing data logging modules that are capable of connecting to data logger hardware and other sensors that capture environmental storage information such as temperature, humidity, light level, carbon dioxide level, and pressure. When a variable is out of range, an alert can be sent and logged.<ref name="AgileBioDataLog">{{cite web |url=https://www.labcollector.com/labcollector-lims/add-ons/data-logger/ |title=Data Logger |publisher=AgileBio |accessdate=22 September 2020}}</ref> And full-fledged biorepository management LIMS may have all the bells and whistles, including randomized biospecimen location auditing.<ref name="AIBiobank">{{cite web |url=https://www.autoscribeinformatics.com/industries/biobank-management-systems |title=Biobank Management LIMS |publisher=Autoscribe Informatics, Inc |date=22 September 2020}}</ref>
 
* '''task management''': Task management is a typical feature of a laboratory informatics solution, giving laboratorians the ability to assign tasks to individuals or groups of individuals, including analyses, results review, and more. In pathology labs, additional task and even management may include, for example, case assignment, slide or block assignment, grossing, staining, or some other pathology task. Additionally, some may incorporate this task management and tracking into a dashboard, to facility timely access to short-term status individual cases and specimens, and long-term aggregate data about cases, workflow, and workloads.<ref name="HalwaniAReal16">{{cite journal |title=A real-time dashboard for managing pathology processes |journal=Journal of Pathology Informatics |author=Halwani, F.; Li, W.C.; Banerjee, D. et al. |volume=7 |at=24 |year=2016 |doi=10.4103/2153-3539.181768 |pmid=27217974 |pmc=PMC4872478}}</ref>
 
* '''billing management with code support''': Instead of turning to a separate billing solution, pathology labs can often turn to PIMS for billing management. Vendors of LIS and LIMS have recognized not only the value of adding billing management to their solutions but also the many benefits that come with tying in diagnosis and billing code support. For example, a pathologist scanning a specimen into the system can not only have a case automatically generated but also auto-generate diagnosis codes based on the specimen or slide's code. Additionally, as has been witnessed during the [[COVID-19]] pandemic, billing rules may change rapidly during extraordinary events, requiring rapid used-defined billing rule changes.<ref name="FerranteCOVID20">{{cite web |url=https://www.foley.com/en/insights/publications/2020/04/covid19-cms-monumental-changes-medicare-telehealth |title=COVID-19: CMS Issues Monumental Changes to Medicare Telehealth: What You Need to Know |author=Ferrante, T.B.; Goodman, R.B.; Wein, E.H. |work=Insights, a Foley & Lardner LLP Blog |date=03 April 2020 |accessdate=25 September 2020}}</ref> As such, support for CPT, ICD-10, SNOMED CT, and other types of autocoding are somewhat common in today's PIMS.<ref name="NPSoftware13" /><ref name="LLAnatom" /><ref name="PIMSPathX" /><ref name="AspyraAnaPath" />
 
* '''reflex and adjunctive test reporting''': Ensure that a PIMS is capable of feeding any adjunctive test results into the final report, along with the results from the primary tests. Using adjunctive HPV test results as an example, the report should optimally include details such as assay name, manufacturer, the HPV types it covers, results, and any applicable educational notes and suggestions.<ref name="StolerAdjunctive15" /> Be careful with simple color-coding of results for interpretation, as they can be easily misinterpreted, including by the colorblind. A combination of symbol with color will help limit such misinterpretation.<ref name="SundinPath19" />
 
* '''structured data entry''': The concept of structured data entry (SDE) is relatively simple, but it may still get taken for granted. At its core, SDE is all about ensuring that entered data is based on a set of predefined conditions or rules, usually implemented through standardized forms with pre-determined drop-down and auto-populated fields.<ref name="PHIIUnderst">{{cite web |url=https://www.phii.org/sites/default/files/resource/files/Understanding%20Clinical%20Data%20and%20Workflow%20Guide.docx |format=DOCX |title=Analyzing Clinical Data and Workflows - 4. Understanding Clinical Data and Workflow |work=EHR Toolkit |author=Public Health Informatics Institute |accessdate=22 September 2020}}</ref> This typically confers numerous advantages, including easier data entry, easier and more standardized reporting, decrease costs, improve translational research, and ensure better compatibility and integration across different information systems.<ref name="PHIIUnderst" /><ref name="BataviaUsing18">{{cite journal |title=Using structured data entry systems in the electronic medical record to collect clinical data for quality and research: Can we efficiently serve multiple needs for complex patients with spina bifida? |journal=Journal of Pediatric Rehabilitative Medicine |volume=11 |issue=4 |pages=303–09 |year=2018 |doi=10.3233/PRM-170525 |pmid=30507591 |pmc=PMC6491202}}</ref> As such, some PIMS vendors like NovoPath and Orchard Software describe their solutions as having SDE elements such as enabling intelligent auto-loading of diagnosis and billing codes during case loading, allowing input fields to be required, and synoptic reporting support.<ref name="NPSoftwarePDF">{{cite web |url=https://www.novopath.com/content/pdf/novopathbrochure.pdf |format=PDF |title=NovoPath - Software Advancing Patient Diagnostics |publisher=NovoPath, Inc |date=2013 |accessdate=22 September 2020}}</ref><ref name="OSOrchPath">{{cite web |url=https://www.orchardsoft.com/orchard-pathology.html |title=Orchard Pathology |publisher=Orchard Software Corporation |accessdate=22 September 2020}}</ref>
 
* '''synoptic reporting''': [[LIS feature#Synoptic reporting|Synoptic reporting]] involves a structured, pre-formatted "checklist" of clinically and morphologically relevant data elements that help make pathology reporting more efficient, uniform, and relevant to internal and external stakeholders. Another way to put this is that synoptic reporting is SDE applied to the pathology report, often based upon specific reporting protocols by professional or standards organizations like the College of American Pathologists (CAP).<ref name="LLAnatom">{{cite web |url=https://www.ligolab.com/solutions/anatomic-pathology-solution |title=Anatomic Pathology Solutions |publisher=LigoLab, LLC |accessdate=23 September 2020}}</ref><ref name="NPSoftwarePDF" /> Support for synoptic reporting methods is typical within PIMS solutions, including support for configurable templates that can be adapted to changing and custom reporting protocols.
 
* '''correlative and consultive reporting''': In the late 1930s, the concept of correlating pathology results with clinical observations (and pathology) was beginning to be addressed in student textbooks.<ref name="JAMATextbook40">{{cite journal |title=''Textbook of Pathology. A Correlation of Clinical Observations and Pathological Findings'' |journal=JAMA |volume=114 |issue=2 |page=184 |year=1940 |doi=10.1001/jama.1940.02810020088032}}</ref> Today, the concept remains integral in medical practice and toxicologic study reporting.<ref name="SmithConstruct16">{{cite journal |title=Constructing Comments in a Pathology Report: Advice for the Pathology Resident |journal=Archives of Pathology & Laboratory Medicine |author=Smith, S.M.; Yearsley, M. |volume=140 |issue=10 |pages=1023–24 |year=2016 |doi=10.5858/arpa.2016-0220-ED |pmid=27684971}}</ref><ref name="RamaiahInterp17">{{cite journal |title=Interpreting and Integrating Clinical and Anatomic Pathology Results: Pulling It All Together |journal=Toxicologic Pathology |author=Ramaiah, L.; Hinrichs, M.J.; Skuba, E.V. et al. |volume=45 |issue=1 |pages=223–37 |year=2017 |doi=10.1177/0192623316677068 |pmid=27879439}}</ref><ref name="AulbachOver19">{{cite journal |title=Overview and considerations for the reporting of clinical pathology interpretations in nonclinical toxicology studies |journal=Veterinary Clinical Pathology |author=Aulbach, A.; Vitsky, A.; Arndt, T. et al. |volume=48 |issue=3 |pages=389–99 |year=2019 |doi=10.1111/vcp.12772 |pmid=31556157}}</ref> On the clinical side, a pathologist may include the phrase "clinical correlation is recommended" and additional comments. And in some cases, a third-party pathology consultation, with their own respective comments, is involved with specimen analysis.<ref name="KaplanWhatIs14">{{cite web |url=https://blog.corista.com/corista-digital-pathology-blog/bid/389513/What-is-a-Pathology-Consultation-When-is-it-Used |title=What is a Pathology Consultation? When is it Used? |author=Kaplan, K. |work=Corista Digital Pathology Blog |date=19 June 2014 |accessdate=23 September 2020}}</ref> These correlative and consultive comments or reports play an important part in the overall final pathology report and should not be omitted, particularly if differing opinions are involved. Vendors such as Orchard Software, LigoLab, and Aspyra tout their solutions' ability to tie together multiple reports and comments across pathology disciplines and consultants into one concise report.<ref name="OSOrchPath" /><ref name="LLAnatom" /><ref name="AspyraAnaPath">{{cite web |url=http://aspyra.com/anatomic-pathology/ |title=Anatomic Pathology |publisher=Aspyra, LLC |accessdate=23 September 2020}}</ref>
 
* '''CAP Cancer Reporting Protocol support''': Previously mentioned was CAP and its reporting protocols. In particular, CAP has its Cancer Reporting Protocols, which the CAP describe as providing "guidelines for collecting the essential data elements for complete reporting of malignant tumors and optimal patient care."<ref name="CAPCancerProt20">{{cite web |url=https://www.cap.org/protocols-and-guidelines/cancer-reporting-tools/cancer-protocol-templates |title=Cancer Protocol Templates |publisher=College of American Pathologists |date=April 2020 |accessdate=23 September 2020}}</ref> In conjunction with its electronic Cancer Checklists (eCCs)<ref name="CAPeCC">{{cite web |url=https://www.cap.org/laboratory-improvement/proficiency-testing/cap-ecc |title=CAP eCC |publisher=College of American Pathologists |accessdate=23 September 2020}}</ref>, pathologists are able to integrate CAP cancer reporting protocols of tumors, resections, and select biopsies into their PIMS' workflow and ensure proper reporting outcomes. Some PIMS vendors (e.g., Orchard Software, LigoLab<ref name="OSOrchPath" /><ref name="LLAnatom" />) explicitly indicate their solution integrates CAP's eCC templates and reporting protocols into their solution.
 
* '''annotated organ mapping''': In the world of PIMS, organ mapping refers to the concept of placing location-specific diagnostic information from specimen analyses into an anatomical diagram, typically during reporting, to more clearly communicate the results of those analyses. PIMS vendor WebPathLab, Inc. demonstrates this concept well with its Auto Organ Map Module, which not only shows an organ map in the rport but also simplifies data entry for the pathologist using SDE.<ref name="WPLAuto19">{{cite web |url=https://www.youtube.com/watch?v=NLr5_pLgYpg |title=AutoProstateMap |work=YouTube |author=WebPathLab, Inc |date=22 April 2019 |accessdate=23 September 2020}}</ref><ref name="WPLGUAuto">{{cite web |url=http://webpathlab.com/solutions/gu-auto-organ-map/ |title=GU Auto Organ Map Module |publisher=WebPathLab, Inc |accessdate=23 September 2020}}</ref> They use the prostate as an example, and explain that "selecting the predetermined number of quadrants in the prostate &#91;diagram&#93;, the system autopopulates the specimen description to each corresponding quadrant, and autofills the text for the Gross Description field, leaving only the dimension of each core to be entered by the grosser." NovoPath and Psyche Systems Corporation are additional examples of vendors incorporating organ mapping into their PIMS.<ref name="PsycheWindo" /><ref name="NPSoftwarePDF" />
 
* '''stain panel and unstained/control slide support''': A positive control slide is typically used to qualitatively assess how well a non-hematoxylin-eosin (non-H&E) or "special" stain performs against a gold standard like H&E, and the positive control is usually included with manufactured unstained slides (e.g., see Newcomer Supply's [https://www.newcomersupply.com/documents/product-flyers/Control%20Slide%20Brochure.pdf control slide catalog]). These slides may be used in histopathology (gauging the manifestation of disease in a tissue) and immunopathology (gauging immune response through visualization of an antibody-antigen interaction in a tissue). In particular, immunopathology and its associated immunohistochemistry may turn to special stain panels, which utilize multiple immunochemical stains to visualize the presence of more than one biomarker expression at the same time.<ref name="ShieldImmuno96">{{cite journal |title=Immunocytochemical staining of cytologic specimens. How helpful is it? |journal=American Journal of Clinical Pathology |author=Shield, P.W.; Perkins, G.; Wright, R.G. |volume=105 |issue=2 |pages=157–62 |year=1996 |doi=10.1093/ajcp/105.2.157 |pmid=8607438}}</ref><ref name="MartinEval14">{{cite journal |title=Evaluation of intestinal biopsies for pediatric enteropathy: A proposed immunohistochemical panel approach |journal=American Journal of Surgical Pathology |author=Martin, B.A.; Kerner, J.A.; Hazard, F.K. et al. |volume=38 |issue=10 |pages=1387–95 |year=2014 |doi=10.1097/PAS.0000000000000314 |pmid=25188866}}</ref><ref name="TorbensonImmuno19">{{cite web |url=https://abdominalkey.com/immunohistochemistry-and-special-stains-in-liver-pathology/ |title=Chapter 4. Immunohistochemistry and Special Stains in Liver Pathology |author=Torbenson, M.S. |work=Abdominalkey |date=24 November 2019 |accessdate=23 September 2020}}</ref> Vendors like NovoPath and Integrated Business Solutions Group explicitly state their solution supports the management of these types of slides and stain panels.<ref name="NPSoftwarePDF" /><ref name="IBSGLabLion">{{cite web |url=https://www.lablion.com/lablion-lis-laboratory-information-system |title=LABLION Software Suite |publisher=Integrated Business Solutions Group, LLC |accessdate=23 September 2020}}</ref>
 
* '''grossing support''': In medical terms, the adjective "gross" means "visible without the aid of a microscope."<ref name="MWGross">{{cite web |url=https://www.merriam-webster.com/dictionary/gross |title=Gross |work=Merriam-Webster.com Dictionary |publisher=Merriam-Webster |accessdate=23 September 2020}}</ref> By extension, gross examination (i.e., grossing) involves a macroscopic visual assessment of a biospecimen before preparation for microscopy, in order to gleen diagnostic information. Grossing remains a valuable skill used in modern pathology.<ref name="RutgushreeGrossing18">{{cite journal |title=Grossing of tissue specimens in oral pathology - Elemental guidelines |journal=International Journal of Oral Health Sciences |author=Ruthushree, T.; Harsha, M.; Amberkar, V.S. |volume=8 |issue=2 |pages=63–7 |year=2018 |doi=10.4103/ijohs.ijohs_32_18}}</ref><ref name="SchubertTheArt19">{{cite web |url=https://thepathologist.com/inside-the-lab/the-art-of-grossing |title=The Art of Grossing: Gross examination underpins all diagnoses based on tissue samples – but is this vital skill given the credit it deserves? |author=Schubert, M.; Nashm C; McCoy, J. |work=The Pathologist |date=26 November 2019 |accessdate=23 September 2020}}</ref> Some PIMS provide a grossing menu for pathologists to scan in and include commentary about a gross examination of a specimen.<ref name="LLAnatom" />
 
* '''high-risk patient follow-up''': A 2015 study published in ''Annals of Family Medicine'' showed evidence that "patients with high clinical complexity and high risk of readmission" benefited from early outpatient follow-up.<ref name="JosztHigh15">{{cite web |url=https://www.ajmc.com/view/high-risk-patients-benefit-significantly-from-early-follow-up-post-hospital-discharge |title=High-Risk Patients Benefit Significantly From Early Follow-up Post Hospital Discharge |author=Joszt, L. |work=The American Journal of Managed Care |date=20 April 2015 |accessdate=23 September 2020}}</ref><ref name="JacksonTimeli15">{{cite journal |title=Timeliness of Outpatient Follow-up: An Evidence-Based Approach for Planning After Hospital Discharge |journal=Annals of Family Medicine |author=Jackson, C.; Shahsahebi, M.; Wedlake, T. et al. |volume=13 |issue=2 |pages=115–22 |year=2015 |doi=10.1370/afm.1753}}</ref> The authors concluded : "Follow-up within seven days was associated with meaningful reductions in readmission risk for patients with multiple chronic conditions and a greater than 20% baseline risk of readmission, a group that represented 24% of discharged patients." Presumably some health care systems are synthesizing that information into their patient workflows, likely through some sort of scheduled event and alert in their primary informatics system, e.g., an [[electronic health record]] (EHR) system.<ref name="FutrellHealth18">{{cite web |url=https://www.mlo-online.com/information-technology/lis/article/13009479/health-information-technology-can-support-population-health-management |title=Health information technology can support population health management |author=Futrell, K. |work=Medical Laboratory Observer |date=18 April 2018 |accessdate=23 September 2020}}</ref> Though not common, at least one PIMS vendor—LigoLab, LLC—indicates their solution helps address high-risk patient follow-up, though it's not clear how.<ref name="LLAnatom" />
 
* '''research animal support''': Non-clinical pathology and toxicology laboratories assisting with research and evaluation studies may be handling non-human specimens or even live research animals. Additional data about these animals, animal groups, and animal tissues may need to be carefully documented as part of a study. As such, some solutions such as Instem's Provantis preclinical pathology solution are designed to record specific animal and group identifiers, animal cross-reference information, organ weight ratios, palpable mass diagnoses, and other attributes for reporting.<ref name="InstemProvantis">{{cite web |url=https://www.instem.com/solutions/provantis/index.php#2 |title=Provantis: Integrated preclinical software |publisher=Instem LSS Limited |accessdate=23 September 2020}}</ref>


<blockquote>Finally, some of the efforts to influence CSP behavior may not come through explicit regulation, but rather through exercise of the government’s market power. Cloud adoption strategies and trends in e-governance have made governments some of the largest and most important clients of CSPs. Governments will likely use their market clout and status as a large and powerful consumer as a source of leverage over industry to set standards of contracting fairness and other provisions that transcend the immediate cloud service contracts they enter. While formally these provisions will only apply to government contracts, they could over time cross over to public clouds as well, or at least help set precedents that drive regulatory attention and inform industry standards. Yet over the longer run, government privatization of many services might actually weaken their leverage, given lock-in issues. How the balance between the two parties ultimately will play out remains to be seen.</blockquote>


Whatever direction regulators and legislators take, it ideally will be done with thorough consideration of how to implement regulation, as well as the potential effects regulation will have on various markets.


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}

Latest revision as of 13:27, 6 September 2021

Broad feature set of a pathology information management solution

A pathology information management solution (PIMS) ...


  • automated reflex testing: Some PIMS vendors include pre-loaded, customizable lists of reflex tests associated with certain pathology procedures and their associated diagnoses. Optimally, these reflex texts are automatically suggested at specimen reception, based on specimen and/or pathology test type.[1][2] Examples of pathology-driven reflex testing in use today include testing for additional biomarkers for non-small-cell lung carcinoma (NSCLC) adenocarcinoma[3], HPV testing in addition to cervical cytology examination[4][5] (discussed further in "adjunctive testing"), and additional automatic testing based off routine coagulation assays at hemostasis labs.[6]
  • adjunctive testing: Adjunctive testing is testing "that provides information that adds to or helps interpret the results of other tests, and provides information useful for risk assessment."[7] A common adjunctive test performed in cytopathology is HPV testing.[4][5] The FDA described this as such in 2003, specifically in regards to expanding the use of the Digene HC2 assay as an adjunct to cytology[4]:

In women 30 years and older, the HC2 High-Risk HPV DNA test can be used with Pap to adjunctively screen to assess the presence or absence of high-risk HPV types. This information, together with the physician’s assessment of cytology history, other risk factors, and professional guidelines, may be used to guide patient management.

Some PIMS vendors allow users to manually add an adjunctive test to a primary pathology test, or in some cases this may be enabled as part of an automated reflex testing process.[8] However, ensure that any such solution is capable of feeding any adjunctive test results into the final report (see the subsection on this topic).
  • demand management: Similar to test optimization or clinical decision support, demand management mechanisms help laboratories reduce the amount of unnecessary and duplicate testing they perform. The idea of using demand management to reduce unnecessary pathology testing has been around since at least the beginning of the twenty-first century, if not well before, in the form of decision support systems and order request menus of informatics systems.[9] Lang described what the process of demand management would look like in a system like a laboratory information management system (LIMS) in 2013[10]:

When implementing a demand management tool it is important that the system used to manage a laboratory workload can correctly identify the patient and match requests with the patient’s medical record. Ideally there should be one unique identifier used (e.g., NHS number in the UK), which will allow the LIMS to interrogate the patient’s previous pathology result to allow identification of duplicate or inappropriate requests. If a subsequent request is blocked, then it is also important that there is real-time notification of a potential redundant test so that the requestor can make an informed choice on the clinical need of the test and if it is required to override the rule. It is important that there is a facility whereby the laboratory or requestor can record the reason for blocking a request or overriding the rule.

Today, some PIMS are designed to allow configurable rules and parameters to check for duplicate and unnecessary tests at various levels (e.g., by test ID or catalog type, activity type, or some other order level).[11][12]
  • consent management: In clinical medicine, patients typically must sign a form indicating informed consent to medical treatment.[13] Biobanking facilities, which store biospecimens, also must collect consent forms regarding how a patient's biospecimens may be used.[14] In all cases, these consent documents drive how and when certain actions take place. Though not common, some LIMS like LabVantage Pathology by Software Point[15] provide consent management mechanisms within their PIMS, giving pathologists the ability to quickly verify consent details electronically. In biobanking solutions, this consent management process may be more rigorous to ensure biospecimen donors' preferences and regulatory requirements are being carefully followed. For example, the system may need to be able to prevent further use of a biospecimen and trigger sample and data deletion protocols when a donor withraws their consent to use.[16]
  • case management and review: Most PIMS provide a means for managing pathology cases, recorded instances of disease and its attendant circumstances.[17] This includes the management of case history, a collection of data concerning an individual, their family, their environment, their medical history, and other other information valuable for analyzing, diagnosing, reviewing, or otherwise instructing others on the case.[18] Having an information system to better manage data entry, data analysis, case tracking, and case storage may aid in secondary and internal case reviews before final report, which have been shown to improve diagnostic accuracies and overall experiential knowledge of pathologists.[19] Aspects of case manamagement and review that a PIMS may handle include automatic case creation, automatic and priority case assignment, and automatic case tracking, as well as limit case acces based on user permissions, and send alerts for clinical history follow-ups and other case statuses.[20][21][22] Note that a handful of vendors such as Leica Biosystems provide stand-alone case management solutions that can be integrated with instruments and other LIS systems.[22]
  • workflow management: The tools for workflow management have become increasingly common in PIMS and other laboratory informatics applications over the years, with the idea of using automation to improves efficiencies and accuracies in the lab. However, workflows and protocols can differ—sometimes significantly—from one pathology lab to another. Being able to configure workflow pathways in the PIMS to be compliant with required testing protocols is vital. This is especially important with the gradual transition to more digital pathology methods, where digitally sharing cases and automatically scanned slide images has great value.[23] As such, vendors such as Orchard Software and XIFIN provide solutions with configurable workflows to help labs translate their workflows into the system.[24][25]
  • speech recognition and transcription management: Like other medical fields, pathologists may utilize dictation and transcription services within their workflow. This has traditionally involved the pathologist speaking while a transcriptionist manually records the words to paper, or the pathologist scribbling notes in shorthand, with the transcriptionist "translating" the notes to usable clinical documentation. This could include anything from specimen descriptions and diagnoses to pathology obsevations and procedure notes. PIMS vendors have over the years added more automated methods to such tasks in their solutions, however, such as speech recognition modules and transcription management tools that, for example, automatically assign recordings to a transcriber's pending work list.[1][15][26][21]
It's important to note, however, though PIMS vendors may market the speech recognition component of their solution at being 99 percent effective, past studies have shown 88.9 to 96 percent accuracy, though with tiny annual gains as the technology matures.[27][28] If speech recognition is being used in lieu of a hired transcriptionist, it's especially vital to add manual editing and review before reporting.[28][29]
  • storage and tissue bank management: Biorepositories and pathology laboratories go hand-in-hand. A significant example can be found with the relationship medical school biorepositories have with their pathology labs and departments, as with, for example, Duke University[30], University of Illinois Chicago[31], and the Icahn School of Medicine at Mount Sinai.[32] However, even small pathology laboratories must also responsibly store and track their specimens, blocks, and slides, as well as the storage variables affecting them. Any reputable laboratory informatics solution will be able to track the location of such items through barcode or RFID support, as well as allowing for the creation of named storage locations in the system. However, some informatics solutions like AgileBio's LabCollector go a step further, providing data logging modules that are capable of connecting to data logger hardware and other sensors that capture environmental storage information such as temperature, humidity, light level, carbon dioxide level, and pressure. When a variable is out of range, an alert can be sent and logged.[33] And full-fledged biorepository management LIMS may have all the bells and whistles, including randomized biospecimen location auditing.[34]
  • task management: Task management is a typical feature of a laboratory informatics solution, giving laboratorians the ability to assign tasks to individuals or groups of individuals, including analyses, results review, and more. In pathology labs, additional task and even management may include, for example, case assignment, slide or block assignment, grossing, staining, or some other pathology task. Additionally, some may incorporate this task management and tracking into a dashboard, to facility timely access to short-term status individual cases and specimens, and long-term aggregate data about cases, workflow, and workloads.[35]
  • billing management with code support: Instead of turning to a separate billing solution, pathology labs can often turn to PIMS for billing management. Vendors of LIS and LIMS have recognized not only the value of adding billing management to their solutions but also the many benefits that come with tying in diagnosis and billing code support. For example, a pathologist scanning a specimen into the system can not only have a case automatically generated but also auto-generate diagnosis codes based on the specimen or slide's code. Additionally, as has been witnessed during the COVID-19 pandemic, billing rules may change rapidly during extraordinary events, requiring rapid used-defined billing rule changes.[36] As such, support for CPT, ICD-10, SNOMED CT, and other types of autocoding are somewhat common in today's PIMS.[1][20][21][26]
  • reflex and adjunctive test reporting: Ensure that a PIMS is capable of feeding any adjunctive test results into the final report, along with the results from the primary tests. Using adjunctive HPV test results as an example, the report should optimally include details such as assay name, manufacturer, the HPV types it covers, results, and any applicable educational notes and suggestions.[5] Be careful with simple color-coding of results for interpretation, as they can be easily misinterpreted, including by the colorblind. A combination of symbol with color will help limit such misinterpretation.[3]
  • structured data entry: The concept of structured data entry (SDE) is relatively simple, but it may still get taken for granted. At its core, SDE is all about ensuring that entered data is based on a set of predefined conditions or rules, usually implemented through standardized forms with pre-determined drop-down and auto-populated fields.[37] This typically confers numerous advantages, including easier data entry, easier and more standardized reporting, decrease costs, improve translational research, and ensure better compatibility and integration across different information systems.[37][38] As such, some PIMS vendors like NovoPath and Orchard Software describe their solutions as having SDE elements such as enabling intelligent auto-loading of diagnosis and billing codes during case loading, allowing input fields to be required, and synoptic reporting support.[39][24]
  • synoptic reporting: Synoptic reporting involves a structured, pre-formatted "checklist" of clinically and morphologically relevant data elements that help make pathology reporting more efficient, uniform, and relevant to internal and external stakeholders. Another way to put this is that synoptic reporting is SDE applied to the pathology report, often based upon specific reporting protocols by professional or standards organizations like the College of American Pathologists (CAP).[20][39] Support for synoptic reporting methods is typical within PIMS solutions, including support for configurable templates that can be adapted to changing and custom reporting protocols.
  • correlative and consultive reporting: In the late 1930s, the concept of correlating pathology results with clinical observations (and pathology) was beginning to be addressed in student textbooks.[40] Today, the concept remains integral in medical practice and toxicologic study reporting.[41][42][43] On the clinical side, a pathologist may include the phrase "clinical correlation is recommended" and additional comments. And in some cases, a third-party pathology consultation, with their own respective comments, is involved with specimen analysis.[44] These correlative and consultive comments or reports play an important part in the overall final pathology report and should not be omitted, particularly if differing opinions are involved. Vendors such as Orchard Software, LigoLab, and Aspyra tout their solutions' ability to tie together multiple reports and comments across pathology disciplines and consultants into one concise report.[24][20][26]
  • CAP Cancer Reporting Protocol support: Previously mentioned was CAP and its reporting protocols. In particular, CAP has its Cancer Reporting Protocols, which the CAP describe as providing "guidelines for collecting the essential data elements for complete reporting of malignant tumors and optimal patient care."[45] In conjunction with its electronic Cancer Checklists (eCCs)[46], pathologists are able to integrate CAP cancer reporting protocols of tumors, resections, and select biopsies into their PIMS' workflow and ensure proper reporting outcomes. Some PIMS vendors (e.g., Orchard Software, LigoLab[24][20]) explicitly indicate their solution integrates CAP's eCC templates and reporting protocols into their solution.
  • annotated organ mapping: In the world of PIMS, organ mapping refers to the concept of placing location-specific diagnostic information from specimen analyses into an anatomical diagram, typically during reporting, to more clearly communicate the results of those analyses. PIMS vendor WebPathLab, Inc. demonstrates this concept well with its Auto Organ Map Module, which not only shows an organ map in the rport but also simplifies data entry for the pathologist using SDE.[47][48] They use the prostate as an example, and explain that "selecting the predetermined number of quadrants in the prostate [diagram], the system autopopulates the specimen description to each corresponding quadrant, and autofills the text for the Gross Description field, leaving only the dimension of each core to be entered by the grosser." NovoPath and Psyche Systems Corporation are additional examples of vendors incorporating organ mapping into their PIMS.[2][39]
  • stain panel and unstained/control slide support: A positive control slide is typically used to qualitatively assess how well a non-hematoxylin-eosin (non-H&E) or "special" stain performs against a gold standard like H&E, and the positive control is usually included with manufactured unstained slides (e.g., see Newcomer Supply's control slide catalog). These slides may be used in histopathology (gauging the manifestation of disease in a tissue) and immunopathology (gauging immune response through visualization of an antibody-antigen interaction in a tissue). In particular, immunopathology and its associated immunohistochemistry may turn to special stain panels, which utilize multiple immunochemical stains to visualize the presence of more than one biomarker expression at the same time.[49][50][51] Vendors like NovoPath and Integrated Business Solutions Group explicitly state their solution supports the management of these types of slides and stain panels.[39][52]
  • grossing support: In medical terms, the adjective "gross" means "visible without the aid of a microscope."[53] By extension, gross examination (i.e., grossing) involves a macroscopic visual assessment of a biospecimen before preparation for microscopy, in order to gleen diagnostic information. Grossing remains a valuable skill used in modern pathology.[54][55] Some PIMS provide a grossing menu for pathologists to scan in and include commentary about a gross examination of a specimen.[20]
  • high-risk patient follow-up: A 2015 study published in Annals of Family Medicine showed evidence that "patients with high clinical complexity and high risk of readmission" benefited from early outpatient follow-up.[56][57] The authors concluded : "Follow-up within seven days was associated with meaningful reductions in readmission risk for patients with multiple chronic conditions and a greater than 20% baseline risk of readmission, a group that represented 24% of discharged patients." Presumably some health care systems are synthesizing that information into their patient workflows, likely through some sort of scheduled event and alert in their primary informatics system, e.g., an electronic health record (EHR) system.[58] Though not common, at least one PIMS vendor—LigoLab, LLC—indicates their solution helps address high-risk patient follow-up, though it's not clear how.[20]
  • research animal support: Non-clinical pathology and toxicology laboratories assisting with research and evaluation studies may be handling non-human specimens or even live research animals. Additional data about these animals, animal groups, and animal tissues may need to be carefully documented as part of a study. As such, some solutions such as Instem's Provantis preclinical pathology solution are designed to record specific animal and group identifiers, animal cross-reference information, organ weight ratios, palpable mass diagnoses, and other attributes for reporting.[59]


References

  1. 1.0 1.1 1.2 "NovoPath - Software Advancing Patient Diagnostics" (PDF). NovoPath, Inc. 2013. https://www.novopath.com/content/pdf/novopathbrochure.pdf. Retrieved 05 September 2020. 
  2. 2.0 2.1 "WindoPath Ē.ssential". Psychē Systems Corporation. https://psychesystems.com/enterprise-laboratory-information-software/windopath/. Retrieved 05 September 2020. 
  3. 3.0 3.1 Sundin, T. (2019). "Pathology-Driven Reflex Testing of Biomarkers". Medical Lab Management 8 (11): 6. https://www.medlabmag.com/article/1619. 
  4. 4.0 4.1 4.2 U.S. Food and Drug Administration (8 March 2019). "New Approaches in the Evaluation for High-Risk Human Papillomavirus Nucleic Acid Detection Devices". U.S. Food and Drug Administration. https://www.fda.gov/media/122799/download. Retrieved 05 September 2020. 
  5. 5.0 5.1 5.2 Stoler, M.H.; Raab, S.S.; Wilbur, D.C. (2015). "Chapter 9: Adjunctive Testing". In Nayar, R.; Wilbur, D.. The Bethesda System for Reporting Cervical Cytology. Springer. pp. 287–94. doi:10.1007/978-3-319-11074-5_9. ISBN 9783319110745. 
  6. Mohammed, S.; Priebbenow, V.U.; Pasalic, L. et al. (2019). "Development and implementation of an expert rule set for automated reflex testing and validation of routine coagulation tests in a large pathology network". International Journal of Laboratory Hematology 41 (5): 642–49. doi:10.1111/ijlh.13078. PMID 31271498. 
  7. "adjunct test". Segen's Medical Dictionary. 2011. https://medical-dictionary.thefreedictionary.com/adjunct+test. Retrieved 05 September 2020. 
  8. "TD HistoCyto Livextens". Technidata SAS. https://www.technidata-web.com/solutions-services/disciplines/anatomic-pathology. Retrieved 05 September 2020. 
  9. Rao, G.G.; Crook, M.; Tillyer, M.L. (2003). "Pathology tests: is the time for demand management ripe at last?". Journal of Clinical Pathology 56 (4): 243–48. doi:10.1136/jcp.56.4.243. PMC PMC1769923. PMID 12663633. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1769923. 
  10. Lang, T. (2013). "Laboratory demand management of repetitive testing – time for harmonisation and an evidenced based approach". Clinical Chemistry and Laboratory Medicine 51 (6): 1139–40. doi:10.1515/cclm-2013-0063. PMID 23420284. 
  11. Morris, T.F.; Ellison, T.L.; Mutabbagani, M. et al. (2018). "Demand management and optimization of clinical laboratory services in a tertiary referral center in Saudi Arabia". Annals of Saudi Medicine 38 (4): 299–304. doi:10.5144/0256-4947.2018.299. PMC PMC6086671. PMID 30078029. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6086671. 
  12. "DXC Laboratory Information Management (LIMS)". DXC Technology Services, LLC. https://www.dxc.technology/healthcare/offerings/139499/139776-dxc_laboratory_information_management_lims. Retrieved 05 September 2020. 
  13. "Informed Consent". Code of Medical Ethics. American Medical Association. https://www.ama-assn.org/delivering-care/ethics/informed-consent. Retrieved 22 September 2020. 
  14. Avery, D. (16 July 2018). "Biobanking Consent: Informing Human Subjects of the Possibilities". Biobanking.com. https://www.biobanking.com/biobanking-consent-informing-human-subjects-of-the-possibilities/. Retrieved 22 September 2020. 
  15. 15.0 15.1 "LabVantage Pathology". Software Point Oy. https://softwarepoint.com/solutions/product/labvantage-pathology. Retrieved 22 September 2020. 
  16. SANBI; Bika Lab Systems (20 November 2015). "NCB-H3A Cape Town Biobank Management System - Functional Requirements Overview & Phase I Objectives" (PDF). Bika Lab Systems. https://www.bikalims.org/downloads/bika-open-source-biobank-management-system/at_download/file. Retrieved 22 September 2020. 
  17. "case". Farlex Partner Medical Dictionary. 2012. https://medical-dictionary.thefreedictionary.com/case. Retrieved 25 September 2020. 
  18. "case". Miller-Keane Encyclopedia and Dictionary of Medicine, Nursing, and Allied Health, Seventh Edition. 2003. https://medical-dictionary.thefreedictionary.com/case. Retrieved 25 September 2020. 
  19. Huck, A.; Nosé, V. (2015). "Chapter 7: Knowledge, Training, and Experience". In Nakhleh, R.E.. Error Reduction and Prevention in Surgical Pathology. Springer. pp. 103–114. ISBN 9781493923397. https://books.google.com/books?id=HXAKBwAAQBAJ&pg=PA103. 
  20. 20.0 20.1 20.2 20.3 20.4 20.5 20.6 "Anatomic Pathology Solutions". LigoLab, LLC. https://www.ligolab.com/solutions/anatomic-pathology-solution. Retrieved 23 September 2020. 
  21. 21.0 21.1 21.2 "PathX Laboratory Information System" (PDF). Physicians Independent Management Services. http://pathxlis.com/downloads/PDFs/PathX%20-%20Capabilities%20Brochure.pdf. Retrieved 25 September 2020. 
  22. 22.0 22.1 "Aperio Path DX - Case Management Software". Leica Biosystems Nussloch GmbH. https://www.leicabiosystems.com/digital-pathology/manage/aperio-path-dx/. Retrieved 25 September 2020. 
  23. "Is Your Lab Ready for an AI Digital Pathology Workflow?". XIFIN, Inc. 3 January 2020. https://www.xifin.com/resources/blog/201912/your-lab-ready-ai-digital-pathology-workflow. Retrieved 25 September 2020. 
  24. 24.0 24.1 24.2 24.3 "Orchard Pathology". Orchard Software Corporation. https://www.orchardsoft.com/orchard-pathology.html. Retrieved 22 September 2020. 
  25. "Laboratory Information System". XIFIN, Inc. https://www.xifin.com/products/laboratory-information-system. Retrieved 25 September 2020. 
  26. 26.0 26.1 26.2 "Anatomic Pathology". Aspyra, LLC. http://aspyra.com/anatomic-pathology/. Retrieved 23 September 2020. 
  27. Hodgson, T.; Coiera, E. (2016). "Risks and benefits of speech recognition for clinical documentation: A systematic review". JAMIA 23 (e1): e169–79. doi:10.1093/jamia/ocv152. PMC PMC4954615. PMID 26578226. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4954615. 
  28. 28.0 28.1 Zhou, L.; Blackley, S.V.; Kowalski, L. et al. (2018). "Analysis of Errors in Dictated Clinical Documents Assisted by Speech Recognition Software and Professional Transcriptionists". JAMA Network Open 1 (3): e180530. doi:10.1001/jamanetworkopen.2018.0530. PMC PMC6203313. PMID 30370424. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6203313. 
  29. Matthews, K. (20 December 2019). "Why Medical Dictation Is Still Better Than Voice Recognition ... For Now". Health IT Outcomes. https://www.healthitoutcomes.com/doc/why-medical-dictation-is-still-better-than-voice-recognition-for-now-0001. Retrieved 25 September 2020. 
  30. "Biorepository & Precision Pathology Center". Duke University School of Medicine. https://pathology.duke.edu/core-facilities-services/biorepository-precision-pathology-center. Retrieved 22 September 2020. 
  31. "UI Health Biorepository". University of Illinois Chicago. https://rrc.uic.edu/cores/rsd/biorepository/. Retrieved 22 September 2020. 
  32. "Biorepository and Pathology". Icahn School of Medicine at Mount Sinai. https://icahn.mssm.edu/research/portal/resources/deans-cores/biorepository-and-pathology. Retrieved 22 September 2020. 
  33. "Data Logger". AgileBio. https://www.labcollector.com/labcollector-lims/add-ons/data-logger/. Retrieved 22 September 2020. 
  34. "Biobank Management LIMS". Autoscribe Informatics, Inc. 22 September 2020. https://www.autoscribeinformatics.com/industries/biobank-management-systems. 
  35. Halwani, F.; Li, W.C.; Banerjee, D. et al. (2016). "A real-time dashboard for managing pathology processes". Journal of Pathology Informatics 7: 24. doi:10.4103/2153-3539.181768. PMC PMC4872478. PMID 27217974. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4872478. 
  36. Ferrante, T.B.; Goodman, R.B.; Wein, E.H. (3 April 2020). "COVID-19: CMS Issues Monumental Changes to Medicare Telehealth: What You Need to Know". Insights, a Foley & Lardner LLP Blog. https://www.foley.com/en/insights/publications/2020/04/covid19-cms-monumental-changes-medicare-telehealth. Retrieved 25 September 2020. 
  37. 37.0 37.1 Public Health Informatics Institute. "Analyzing Clinical Data and Workflows - 4. Understanding Clinical Data and Workflow" (DOCX). EHR Toolkit. https://www.phii.org/sites/default/files/resource/files/Understanding%20Clinical%20Data%20and%20Workflow%20Guide.docx. Retrieved 22 September 2020. 
  38. "Using structured data entry systems in the electronic medical record to collect clinical data for quality and research: Can we efficiently serve multiple needs for complex patients with spina bifida?". Journal of Pediatric Rehabilitative Medicine 11 (4): 303–09. 2018. doi:10.3233/PRM-170525. PMC PMC6491202. PMID 30507591. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6491202. 
  39. 39.0 39.1 39.2 39.3 "NovoPath - Software Advancing Patient Diagnostics" (PDF). NovoPath, Inc. 2013. https://www.novopath.com/content/pdf/novopathbrochure.pdf. Retrieved 22 September 2020. 
  40. "Textbook of Pathology. A Correlation of Clinical Observations and Pathological Findings". JAMA 114 (2): 184. 1940. doi:10.1001/jama.1940.02810020088032. 
  41. Smith, S.M.; Yearsley, M. (2016). "Constructing Comments in a Pathology Report: Advice for the Pathology Resident". Archives of Pathology & Laboratory Medicine 140 (10): 1023–24. doi:10.5858/arpa.2016-0220-ED. PMID 27684971. 
  42. Ramaiah, L.; Hinrichs, M.J.; Skuba, E.V. et al. (2017). "Interpreting and Integrating Clinical and Anatomic Pathology Results: Pulling It All Together". Toxicologic Pathology 45 (1): 223–37. doi:10.1177/0192623316677068. PMID 27879439. 
  43. Aulbach, A.; Vitsky, A.; Arndt, T. et al. (2019). "Overview and considerations for the reporting of clinical pathology interpretations in nonclinical toxicology studies". Veterinary Clinical Pathology 48 (3): 389–99. doi:10.1111/vcp.12772. PMID 31556157. 
  44. Kaplan, K. (19 June 2014). "What is a Pathology Consultation? When is it Used?". Corista Digital Pathology Blog. https://blog.corista.com/corista-digital-pathology-blog/bid/389513/What-is-a-Pathology-Consultation-When-is-it-Used. Retrieved 23 September 2020. 
  45. "Cancer Protocol Templates". College of American Pathologists. April 2020. https://www.cap.org/protocols-and-guidelines/cancer-reporting-tools/cancer-protocol-templates. Retrieved 23 September 2020. 
  46. "CAP eCC". College of American Pathologists. https://www.cap.org/laboratory-improvement/proficiency-testing/cap-ecc. Retrieved 23 September 2020. 
  47. WebPathLab, Inc (22 April 2019). "AutoProstateMap". YouTube. https://www.youtube.com/watch?v=NLr5_pLgYpg. Retrieved 23 September 2020. 
  48. "GU Auto Organ Map Module". WebPathLab, Inc. http://webpathlab.com/solutions/gu-auto-organ-map/. Retrieved 23 September 2020. 
  49. Shield, P.W.; Perkins, G.; Wright, R.G. (1996). "Immunocytochemical staining of cytologic specimens. How helpful is it?". American Journal of Clinical Pathology 105 (2): 157–62. doi:10.1093/ajcp/105.2.157. PMID 8607438. 
  50. Martin, B.A.; Kerner, J.A.; Hazard, F.K. et al. (2014). "Evaluation of intestinal biopsies for pediatric enteropathy: A proposed immunohistochemical panel approach". American Journal of Surgical Pathology 38 (10): 1387–95. doi:10.1097/PAS.0000000000000314. PMID 25188866. 
  51. Torbenson, M.S. (24 November 2019). "Chapter 4. Immunohistochemistry and Special Stains in Liver Pathology". Abdominalkey. https://abdominalkey.com/immunohistochemistry-and-special-stains-in-liver-pathology/. Retrieved 23 September 2020. 
  52. "LABLION Software Suite". Integrated Business Solutions Group, LLC. https://www.lablion.com/lablion-lis-laboratory-information-system. Retrieved 23 September 2020. 
  53. "Gross". Merriam-Webster.com Dictionary. Merriam-Webster. https://www.merriam-webster.com/dictionary/gross. Retrieved 23 September 2020. 
  54. Ruthushree, T.; Harsha, M.; Amberkar, V.S. (2018). "Grossing of tissue specimens in oral pathology - Elemental guidelines". International Journal of Oral Health Sciences 8 (2): 63–7. doi:10.4103/ijohs.ijohs_32_18. 
  55. Schubert, M.; Nashm C; McCoy, J. (26 November 2019). "The Art of Grossing: Gross examination underpins all diagnoses based on tissue samples – but is this vital skill given the credit it deserves?". The Pathologist. https://thepathologist.com/inside-the-lab/the-art-of-grossing. Retrieved 23 September 2020. 
  56. Joszt, L. (20 April 2015). "High-Risk Patients Benefit Significantly From Early Follow-up Post Hospital Discharge". The American Journal of Managed Care. https://www.ajmc.com/view/high-risk-patients-benefit-significantly-from-early-follow-up-post-hospital-discharge. Retrieved 23 September 2020. 
  57. Jackson, C.; Shahsahebi, M.; Wedlake, T. et al. (2015). "Timeliness of Outpatient Follow-up: An Evidence-Based Approach for Planning After Hospital Discharge". Annals of Family Medicine 13 (2): 115–22. doi:10.1370/afm.1753. 
  58. Futrell, K. (18 April 2018). "Health information technology can support population health management". Medical Laboratory Observer. https://www.mlo-online.com/information-technology/lis/article/13009479/health-information-technology-can-support-population-health-management. Retrieved 23 September 2020. 
  59. "Provantis: Integrated preclinical software". Instem LSS Limited. https://www.instem.com/solutions/provantis/index.php#2. Retrieved 23 September 2020.