· Author: Third Wave Analytics

Meet Your Lab’s Regulatory Compliance Requirements with Lockbox LIMS

When working with clinical laboratories that must follow healthcare compliance and public health regulations, lab managers and laboratory operations experts often ask us if Lockbox LIMS can meet the stringent requirements of their laboratory compliance programs.

What you will learn:

  • How Lockbox meets regulatory compliance standards
  • To which privacy standards does Lockbox adhere
  • Audit preparation with a LIMS
  • Lockbox software validation
  • Lockbox’s clinical laboratory versions

Lockbox is Compliance-Ready

While regulatory compliance is essential in many laboratory settings, it’s difficult to meet compliance requirements without comprehensive lab management software, so many labs now turn to Lockbox LIMS to ensure this critical function is up-to-date in their operations.

Lockbox LIMS uses the Salesforce software platform and its robust regulatory compliance features, designed to meet or exceed many global compliance standards. Lockbox LIMS includes features that meet specific laboratory compliance standards, as detailed below. 

Which Laboratory and Regulatory Compliance Standards Does Lockbox address?

CAP/CLIA
21 CFR Part 11 / EU Annex 11
HIPAA
ISO 17025
ISO 13485
GxP

When you use Lockbox LIMS as your lab compliance management software to keep data, test results, standard operating procedures, and controlled documents in a central location, you eliminate the need for paper, filing cabinets, and multiple aging software systems that put a lab at risk for non-compliance. Lockbox LIMS has security at its core. For a detailed discussion on information security features, see The Importance of LIMS Security in Lab Data Management.

CAP/CLIA

The College of American Pathologists (CAP) is a member-based physician organization that inspects and accredits laboratories. CAP is the leader in laboratory quality assurance and maintains the most demanding and exacting standards. The Clinical Laboratory Improvement Amendments (CLIAs) are United States regulatory standards for laboratory test validation. Using a LIMS by CAP/CLIA-certified labs is a facility-driven determination. A LIMS can improve your workflows and help your lab meet compliance guidelines.

  • Profiles and Permission sets: Labs must appropriately set profiles and permission sets so only authorized lab personnel can access data for its intended use.
  • Sample hierarchy: Lockbox enables lab staff to quickly see sample parentage through related lists and sample naming as shown below.
  • Audit trail: Lockbox LIMS helps labs enforce data integrity and traceability. Lab managers can see any fields that have changed in the LIMS and who made the change. They can also view the date and time of the change and more specific details.
  • Reporting: Lockbox has extensive reporting capabilities, detailed in 10 Transformative Ways LIMS Can Refine Sample Reporting in Clinical Laboratories.
  • Inventory Management: Lockbox LIMS allows critical reagent information tracking and storage.
  • Document Control: Lockbox captures Corrective Action and Preventive Action (CAPAs) and Deviations. These can be customized to your lab’s exact quality control and compliance requirements.
Lockbox LIMS sample record page showing sample hierarchy

21 CFR Part 11 / EU Annex 11

For laboratories regulated by the United States Food and Drug Administration (FDA) 21 CFR Part 11, compliance requirements include Subpart A, “General Provisions,” Subpart B, “Electronic Records,” and Subpart C, “Electronic Signatures.”  Lockbox LIMS supports compliance with these FDA requirements through the following:

  • User sign-in and authentication: Lockbox LIMS can prompt users to sign off results/reports at critical points. Lockbox LIMS supports signature manifestations and signature/record linking see Navigating FDA’s 21 CFR Part 11 Regulations with LIMS for more detailed information on these topics.
  • Protocols and Procedures: This allows lab managers to maintain their standard operating procedures – and designate protocols and procedures as they are published, drafted, or archived, as seen below.
  • Training: Lockbox LIMS enables managers and supervisors to document and track employee training using protocols and lab team information to ensure that only trained lab managers can access sensitive or protected data.

Likewise Lockbox supports the requirements of the European Unions equivalent to 21 CRF Part 11 called EU Annex 11.

Lockbox LIMS protocol publication status (draft, published, archived)

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a United States Federal Law that requires national standards to be met to protect sensitive health information from being disclosed without a patient’s knowledge or consent. Third Wave Analytics is HIPAA compliant, and Third Wave Analytics employees with client interaction roles undergo thorough bi-annual HIPAA training to ensure customer data integrity and security.

The following Lockbox LIMS features help laboratories meet HIPAA’s three primary rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. 

  • User Profiles and Permission Sets: These allow Lockbox LIMS administrators to ensure only appropriate personnel have access to the PHI found in lab data.
  • Field Level Encryption: With the help of Salesforce Shield, Lockbox LIMs can encrypt data at a field-based level.
  • Monitor Login History: Lockbox LIMS administrators can monitor all login attempts to their lab’s Lockbox LIMS environment as shown below. This allows the administrator to identify potential data breaches quickly.
Lockbox LIMS login history monitoring

ISO 17025

ISO 17025 is a global benchmark that defines the criteria for laboratory competence. The standard ensures accurate, dependable, and precise tests and calibration of systems within a lab. A LIMS System is the backbone for ISO 17025 compliance because it streamlines complex procedures and helps laboratories maintain granular record-keeping. To meet ISO 17025 requirements Lockbox LIMS provides:

  • Stringent system validation: Lockbox LIMS undergoes rigorous end-to-end validation to ensure it works within the lab environment as intended.
  • Data and information storage: Lockbox LIMS data integrity management features address the heart of ISO 17025 requirements with accurate, reliable, and secure data storage across lab workflows and processes.
  • Audit Trail: Lockbox includes a record of traceability detailing every change to a field within the LIMS and the person who made the change.

To see the Lockbox Modules that meet the ISO 17025 requirements see Ensuring Lab Standards: Meeting ISO17025 Requirements with LIMS, which outlines the ISO 17025 manual sections and Lockbox Modules that meet the requirement.

ISO 13485

ISO 13485 is an international regulatory standard for organizations designing, producing, installing, and servicing medical devices. This standard specifies requirements for a quality management system. Lockbox LIMS includes the necessary features to meet ISO 13485 requirements such as:

  • Deviations and Quality Events: Lockbox LIMS keeps track of all changes made, critical to compliance efforts in biotech, medical device, pharmaceutical, and testing or CLIA laboratories. Laboratories must be equipped to manage the change control process because it is at the top of most auditor’s lists and is the basis of many regulations.
  • Document Control: Lockbox LIMS enables the creation of controlled documents (as shown below), links to team member training records, and implementation of Corrective and Preventive Actions (CAPAs).
  • Audit Trails: Tracking field history is essential to meet compliance. Audit trails allow lab managers and compliance professionals to see what changes have been made to all fields in the LIMS, including sample fields. 
Lockbox LIMS document control record page

GxP (Good Practices)

GxP is an abbreviation for good practice in various life science industries including Good Laboratory Practices (GLP), Good Manufacturing Practices (GMP), Good Clinical Practices (GCP), etc. These regulations have three central requirements: traceability, accountability, and data integrity. Lockbox helps users meet these requirements through the following features:

  • Sample Hierarchy: Lockbox users can view sample parentage through related records and custom indicators automatically included in a child sample name as shown above.
  • Audit trail: An audit trail documents every change made to a field in Lockbox LIMS, and the Lockbox user who made the change.
  • Tracking and Traceability: Within Lockbox LIMS, data is trackable and traceable, including lab reagents, equipment, and custom data fields. See 6 Key Features of Lockbox LIMS for Data Integrity and Traceability to learn more. 

What Privacy Standards Does Lockbox LIMS Meet?

Lockbox has a full suite of features to ensure sensitive laboratory services data remains private and confidential and follows laboratory compliance policies and accreditation guidelines. These features include: 

  • Login security and user authentication tools
  • User permissions and system access controls
  • Vulnerability monitoring tools
  • Complete audit trails
  • Data encryption

With the features listed above, labs can meet global privacy standards to keep sensitive data like Personally Identifiable Information (PII), Protected Health Information (PHI), commercial information, or clinical trial and study data secure.

Lockbox meets many standards including:

General Data Protection Regulation (GDPR) – European Union
California Consumer Privacy Act (CCPA) – United States
Personal Information Protection Act (PIPA) – Japan
Lei Geral de Proteção de Dados (LGPD) – Brazil
Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
Health Data Hosting (HDS) – France

To prepare for laboratory compliance success, we recommend lab managers identify and understand the types of data they collect and then work with the Third Wave Analytics Implementation team to set up Lockbox LIMS for their specific lab environment.

Lockbox is Audit-ready

With Lockbox LIMS your data is secure in one cloud-based location. Excel documents are no longer needed to ensure information is in order before an audit. Lockbox LIMS allows lab compliance managers to find documents and information for lab auditing quickly.

Lockbox features that keep the lab audit ready for evaluation include:

  • Security Encryption
  • Enhanced Fields Audit Trail
  • Lockbox LIMS Software Validation
  • Clinical Laboratory Lockbox LIMS Versions

Lockbox Security Encryption and Enhanced Field Audit Trail

Encryption is a critical security feature. For more details about its role in the lab, see Why Lockbox Is the Most Secure LIMs.

The following encryption features are essential for meeting regulatory compliance especially when working with PII and PHI. Files hold sensitive data, so securing information such as emails, electronic forms, and digital copies of paper test results is mandatory. With file encryption, labs can keep the following protected:

With file encryption, labs can keep the following protected:

Files attached to emails
Files attached to records
Images included in Rich Text Area Fields
Files stored in the database
Files attached to Knowledge articles
Quote PDFs

Lockbox LIMS also allows lab compliance managers to control who has permission to make any changes to encryption in the system, assign editing permissions to roles and profiles, or set it so users need a series of permissions and keys.

Many regulated laboratories deploy Salesforce Shield for comprehensive security related to critical data in their Lockbox LIMS. Salesforce Shield increases native Salesforce encryption from 128 to 256 bits and allows for deterministic or probabilistic encryption options. Users can also use encryption keys. Salesforce Shield increases field audit trails (shown below) to up to 10 years, allowing users to meet most, if not all, regulatory requirements for data retention. Salesforce Shield can be configured with Einstein Data Detect, allowing admins to scan and quickly find sensitive data no matter where they have been entered within Lockbox.

Sample history for Lockbox LIMS audit trail

Lockbox LIMS Software Validation:

Software validation proves Lockbox LIMS performs as intended for the laboratory environment and workflow. Third Wave Analytics follows Good Automated Manufacturing Practice (GAMP5), a risk-based approach to verify every component of Lockbox.

Your laboratory regulatory compliance standards may also indicate your lab’s Lockbox LIMS must be validated to ensure any customizations fit your lab workflows and use cases. Third Wave Analytics creates and implements verification plans and provides guidance on validation best practices to ensure LIMS is ready to use in your environment. To find out more see our article Why LIMS Validation is Essential for Laboratory Success.

Lockbox Clinical Laboratory Versions:

Third Wave Analytics also validates Lockbox LIMS for clinical laboratories. Like other Lockbox releases, the clinical release includes new features and enhancements. However, a clinical release is thoroughly verified and ready for use in a clinical setting. Check out our release notes to learn more.

If you have questions about how Lockbox LIMS can meet your lab compliance management software needs don’t hesitate to contact us! Our experts are here to answer all of your questions.

Please note this is not an exhaustive list of regulations applicable to laboratories. If you work in a regulated environment and do not see your regulatory standard listed please do not hesitate to contact our Sales Team or your Third Wave Analytics Engagement Director. This is not meant to confer legal advice or serve as comprehensive compliance guidance. This should only be used to gain an understanding of Lockbox LIMS capabilities.