Post on 08-Jun-2020
Requirements of ISO 15189:2012 for Clinical Bioinformatics
Kirsty McCaffrey
Clinical Scientist, Bioinformatics
Incorporating: Manchester Royal Eye Hospital
Manchester Royal Infirmary Royal Manchester Children’s Hospital
Saint Mary’s Hospital University Dental Hospital of Manchester
Community Services Trafford Hospitals
• ISO 15189:2012- Medical Laboratories-- Requirements for quality and competence
• Other ISO Standards and Standards – ISO 27001:2013- Information Security Management – ISO 13485:2016- Medical Devices-- Quality management
systems – Computer programming best practices – Best Practice Guidelines
• How to demonstrate conformance to standards
– Implementation of ISO 15189:2012
Outline
• Within the UK medical laboratory accreditation is not compulsory.
• At present accreditation is moving from CPA accreditation to ISO 15189:2012 through UKAS.
• The discipline of Bioinformatics has never been monitored or accredited under CPA.
Background to ISO 15189:2012
• How does this standard apply to bioinformatics?
• How can we show conformance?
• What about aspects of bioinformatics not covered by this standard?
Implementation of ISO 15189:2012
• Methods
– Gap Analysis, Drill down and Requirements gathering
How to map standards to practice?
1
• Your initial gap analysis will indicate areas where the practices of bioinformatics do not meet the standards of ISO 15189:2012
• Examples: – Version Control (4.13) – Risk Management and enabling the automation of
processes (4.14.6) – Examination Procedures (Validation and Verification
(5.5.1)) – Quality Control (5.6.2)
• Maintaining compliance with ISO 15189:2012
Relevance to Clinical Bioinformatics?
• How do you monitor:
– Reference files and data
– Scripts
– Requests made to the group, monitoring of progress?
• Access- can files be altered? How can you ensure security and maintenance?
Version Control
• ACGS Best Practice Guidelines for NGS Bioinformatics:
– State that a version control system must be used for all software and scripts.
– This can system can also be used for audit purposes, improving traceability and accountability
– And can also be used for code review before merging into production.
Version Control
• Standard 4.14.6 of ISO 15189:2012 concerns risk management, and how laboratories should work to “reduce or eliminate” identified risks to prevent potential detrimental impact on samples.
• In bioinformatics, one of the greatest risks comes from processes which are entirely manual
Risk Management and the Automation of Processes
• Applies to both in house and commercial software
• Verification: – A validated procedure, used without modification
– Example commercial tool
• Validation – In house design
– Non-standard or modified method
Validation and Verification
1
• Laboratories must have and use QC material which reacts in a similar manner to patient samples and can be used to verify the quality of results
• Within Bioinformatics: 1. To test and examine new and updated scripts. The type of IQC
material used will depend on the script which is being tested.
2. To run together with new sequencing data to ensure results are
consistent across runs and even individuals running the pipelines.
Internal Quality Control
• Other aspects of ISO 15189:2012 which need to be considered are:
– The creation of service level agreements (standard
4.4),
– Storage concerns of NGS data- including how long should we store this data for? (Standard 5.2.3),
– Resilient methods for the validation and verification of examination procedures (Standard 5.5.1)
Adapting practice to meet ISO 15189
• Additionally, not all aspects of bioinformatics are covered by solely adhering to ISO 15189:2012,
• Therefore need to look to other internationally recognised standards.
• Other standards including those specifically aimed at computer sciences, to cover topics such as unit testing, code review and coding style.
For Bioinformatics as a specialism?
• ISO 13485 Medical Device Guidance.
– Software as a medical device • Having procedures in place for non-conforming products or how to
undertake preventative or corrective actions.
• ISO 27001 Information Security Management
– Concerns the security of materials such as: • intellectual property (bioinformatics pipelines),
• sensitive information and
• information from third parties
ISO 13485 and ISO 27001
• ISO 15189:2012 standards can be applied to bioinformatics, and within a clinical setting is need for Accreditation. – It applies to all parts of a bioinformatics pipeline
• Validation of pipelines • Version control of scripts and references • Testing
• However, there needs to be on-going research
into standards/ best practice guidelines specifically designed for bioinformatics practices
Conclusions
• Manchester Centre for Genomic Medicine
• Sandy Bhaskar and the Bioinformatics team at MCGM
• Andrea Naughton
• Andy Brass, Ang Davies and Mike Cornell at the University of Manchester
Acknowledgements
References:
1. http://www.screenmedia.co.uk/blog/2014/08/what-is-agile-development-a-brief-introduction/
2. http://www.institute.nhs.uk/quality_and_service_improvement_tools/quality_and_service_improvement_tools/plan_do_study_act.html
3. https://www.ukas.com/download/CPA/Standards%20for%20the%20Medical%20Laboratory.pd
4. Assuring the quality of next-generation sequencing on clinical laboratory practice (2012) Nature [online]. 30(11):1033-1036.
5. Human Tissue Act 2004, (c.30) London: The Stationary Office.
6. http://www.iso.org/iso/catalogue_detail?csnumber=56115
7. http://www.ukas.com/services/CPA/Clinical_Pathology_Accreditation_CPA.asp