All patient records and test results should be maintained according to the requirements of the Caldicott Report (1997)8 and Data Protection Act (1998).9
Authorising and reporting of routine test results should be the responsibility of designated laboratory personnel. Consultant grade staff should authorise non-routine and discrepant results, or designate other senior staff to do so.
Results reported by fax should be to a designated fax number. The sender should confirm the telephone number of the receiving fax machine and the designated member of staff to whom the report is to be addressed. The sender should indicate when the report will be sent and, following fax transmission of the report, confirmation that the fax has been received should be obtained from the intended recipient.
Where electronic data interchange is in place either direct to surgeries/hospitals or onto a web browser the system should be based on the principles of the Caldicott Report.8 The system should be validated and password controlled with clearly defined access levels. Data should be encoded with an electronic signature to ensure that the information cannot be altered and can only be viewed by designated individuals.