Congress passed CLIA (42 CFR 493) in 1988 to establish standards for laboratory testing and ensure the accuracy and reliability of patient test results. CLIA has served as the primary regulatory program governing U.S. clinical laboratory testing since its implementation, and applies to all labs performing testing of human specimens for health assessment. While CLIA regulates physician office labs since many of them perform only waived tests, most CLIA requirements are waived.39 According to the CMS CLIA Database, a June 2008 update identified a total of 206,940 registered labs, of which 126,219 have a CLIA waiver. In addition, there are 108,234 physician office labs, of which 56,291 have a CLIA waiver.40
CLIA regulations place the responsibility of accurate and timely reporting and the privacy of laboratory information on the laboratories performing the tests. CLIA applies to all laboratory test results (with modifications as noted previously for laboratories performing only waived testing), and unlike the currently accepted HL7 message implementation guides, it is not limited to a subset of testing. Although CLIA regulations originated in a paper‐based environment, they are written in a manner that would apply to both electronic and paper‐based exchange. Clinical laboratories originally developed interfaces through their own systems to meet CLIA requirements and are now facing increasing pressures as the number of EHRs on the market continues to grow. CLIA also requires that, unless otherwise specified by state law, laboratories send test results only to ‘authorized persons’. Many state laws are stricter than CLIA regulations and require that labs disclose test results only to the ordering physician or designee. Notably, CLIA also defers to State law in all cases for the definition of ‘authorized person.’
In the context of health information exchange, results are sent to a central ‘switch’ and this information is then routed to multiple end points. This creates risks for labs, as they will not be aware of all uses and displays of data. Hence, labs must trust another organization to ensure that all the lab data is transmitted and that test results are displayed accurately in a manner compliant with both CLIA and state laws.
In the context of health information exchange with other EHRs, the need to capture and transmit all of the CLIA data becomes increasingly important. Examples of such data would include the location of the test performed. This data preservation allows one to always determine the source of the lab regardless of the number of transitions that data made en route to the final system. CLIA typically only regulates clinical laboratories to the point of result delivery to the provider’s EHR or office. However, in some cases (for example, an imminent life‐threatening condition or critical/panic values), CLIA further requires that the laboratory assure that the authorized individual was actually informed of the test result. 41
Although CLIA regulates the timely delivery of test results, there are no current standards or requirements with respect to how, in an EHR or in the context of a RHIO, information is passed back to the lab that the provider has viewed a result. Technically, the EHR can send an HL7 message to inform the laboratory’s LIS that a message has been received, but today there is no specific use case or requirement for an EHR to inform the LIS when the report was actually viewed by the authorized provider. Today, lab portals that are used by health centers and other ambulatory providers allow labs to meet CLIA requirements more easily with respect to data display and timeliness requirements.
In addition to both CLIA and the Health Insurance Portability and Accountability Act (HIPAA), many states have a larger set of confidentiality and data use limitation regulations, policies and laws that must be examined from the context of laboratory information exchange. These variations in confidentiality, privacy, and security practices were evaluated under the Office of the National Coordinators Health Information Exchange Privacy and Security Contract (HIPSC).
Our discussions confirmed that the labs are currently obligated by CLIA to assure that each interface is functional and that the labs are responsible for ensuring that the test results are accurately displayed by the EHR to the authorized person in an appropriate fashion. Clinical Laboratories are also expected to perform this validation at the time of initial installation and periodically under other more stringent requirements from CMS approved accrediting organizations like the College of American Pathologists (CAP) and the Joint Commission. Consequently, CLIA compliance, as opposed to CCHIT certification, therefore extends to all installed instances of lab interfaces and is not limited to a single instance or a one‐time validation. This is an important distinction as CCHIT certification is carried out at a specific time between a specific version of an EHR and the test environment, whereas CLIA verification occurs in an open environment where a wide range of combinations between implementations of LIS and EHRs can occur overtime. Also, as noted previously, while the current HL7 V2.51 implementation guides used in the 2008 CCHIT criteria is CLIA complaint with many clinical labs, including microbiology, it does not cover all test categories. In conclusion, HITSP and CCHIT specifications may not always guarantee that results are displayed to the end user in a compliant manner.
The lab representatives interviewed for this study indicate that they would prefer to not be accountable for how labs are displayed by the EHR system receiving the labs. While the responsibility for ensuring that labs display all the CLIA data accurately to the authorized provider is cumbersome in an environment where a lab has a direct connection with the health center or provider system, in the context of a regional or local health information exchange, where information may be sent from a central location to numerous systems, this is a major impediment. Another issue with respect to this requirement is that some EHRs offer providers different views of the data. For example, a provider may choose a cumulative reporting format to trend patient results. In this case, the lab would have certified some but not all views of the lab results. Finally, while currently CLIA holds labs accountable, it is not clear how this area will evolve in the context of broader HIE or HIT efforts in the future.