Results 1 to 8 of 8

Thread: Log in without ID functions on electronic blood tracking systems

  1. #1
    Forum Member
    Join Date
    Sep 2019
    Posts
    1

    Log in without ID functions on electronic blood tracking systems

    I would appreciate some advice regarding the following. Some electronic blood tracking systems have a "login without ID function" where the user can press this and gain access without the need scan their ID badge. For blood fridges this does of course mean that untrained/unauthorised persons may use this function for access. My question is if this function is used on rare occasions and in an emergency this could be argued as not being a risk to the security of the fridges. However, if this is a "more frequently used" function would this need reporting via SABRE?

  2. #2
    Forum Member
    Join Date
    Nov 2016
    Location
    Surrey, UK
    Posts
    91
    I think you need to review each event that the override is used to see if clinically appropriate or not and why this was used if it isn't an urgent situation. If frequent - then it could be SABRE reportable as there is potential risk to the patient from untrained staff collecting units and potential risk to the blood units too.
    Why don't you give Chris Robbie a call at MHRA to discuss this- he is very helpful and i'm always calling him about things I am unsure about.

    bw

  3. #3
    Forum Member
    Join Date
    Mar 2018
    Posts
    7
    Hi MJWL

    Your query relates to the safe and secure storage of blood and blood components. Within the Good Practice Guide there are many paragraphs related to the general principles for storage but the most relevant to your query is within section 3.5 Storage Area.

    3.5.1. Storage areas must provide for appropriately secure and segregated storage of different categories of blood and blood components and materials, including quarantine and released materials as well as units of blood or blood components collected under special criteria (e.g. autologous donation). Access must be restricted to authorised persons (Directive/2005/62/EC/Annex 3.3.5.1).

    Applied to your query “Access must be restricted to authorised persons” which means there must be no access to stored blood and components by any untrained or unauthorised person. The Access without ID function can be removed or hidden. However, this does not mean that any “log in without ID function” should be removed for emergency and urgent situations as described in a site’s policy, but that the requirement must be controlled by the quality system as a whole. i.e There must be clear policies and procedures, including training that covers storage. There must be provision in place to ensure that there is appropriately trained staff available or to alert the BMS in the lab when emergency blood is required.

    Any single breach which involves untrained and unauthorised access to blood and blood components should be reported to the Competent Authority i.e MHRA via SABRE.

    I hope this helps

  4. #4
    Forum Member
    Join Date
    Jul 2018
    Posts
    3
    If your Blood fridge was in an area of restricted access, could you argue that the people with access to that area are 'authorised' in that they are clincal staff and would only get blood out should there be a clincal need, such as an emergency?

  5. #5
    Hi Carly

    Thank you for your question. In your scenario, I am presuming that the restricted access prevent access by member of the public and certain staff groups, but that the staff groups that do have access would be a mix of staff with and without specific blood collection training. In that scenario, we would still only expect collection of blood by trained members of staff and barriers to untrained members of staff. As Mike posted above, the barrier in that case could be via other aspects of the quality system, such as training people at induction that they are not to collect blood under any normal circumstances. Given that blood may be required in emergencies when there are no trained members of staff available, you will need to build that scenario into you QMS and policies, such as an alternative way to get blood urgently via a BMS as described above. As a last resort, no one who needs blood should be denied it, a concessionary release process would need to be used where the person using the blood takes full responsibility for an untrained member of staff collecting the blood. Your blood collection policies and procedures must therefore reference not just how to collect blood under normal situations, but also detail how to obtain blood in urgent and emergency situations.

  6. #6
    Forum Member
    Join Date
    Oct 2017
    Posts
    3
    We currently have a blood tracking system that has a 'crash code' option for collection by 'untrained' blood collectors and are about to upgrade to a system that no longer has this functionality. We do require this function and are therefore looking at alternatives. The crash code option requires the user to call blood transfusion to obtain the code for access and we can therefore document this concessionary release. We do feel we need this option as we have remote sites with emergency blood and no on-site BMS support. We have needed to use this option twice in the last 4 years. Following investigation of the last occasion, fairly recently, a couple of contributory issues were identified (the collector was actually an authorised and trained collector):
    1. System is linked to active directory - if staff let their Trust network password expire they are unable to access the blood tracking system. This is an issue with porters who very rarely use a PC for everyday work. Password can be reset 24/7 by calling IT staff but this takes time which you don't have in an emergency situation
    2. Each site where emergency blood available should have at least 2 trained blood collectors on duty at anytime - on this occasion one had failed to turn up for shift and the other didn't inform management of this so cover wasn't arranged.

    So when the one trained blood collector can't access the system as they've let their password expiry and a patient is bleeding out you really do need an alternative!

  7. #7
    Forum Member
    Join Date
    Nov 2016
    Location
    Surrey, UK
    Posts
    91
    Can’t the processes be set in a way that accessing the fridge via an override would alert the lab but allow access -perhaps a pop-up screen on the LIMS or a buzzer so lab staff / TP can investigate ASAP? The following concerns me with the various discussion points :

    1. If clinical staff have to phone the lab for codes during an emergency this could result in a significant delay if the lab is unable to take the phone call or the phone system goes down ( think Murphy’s law ).
    2. Can policies/ training state that if the override is used- then only emergency group O units are collected? Obviously this would need monitoring for adherence.

    The key word is ‘emergency’- blood delays to the patient appears to be an increasing trend according to SHOT reports and having greater hurdles for our clinical staff to access units can only risk patient safety. It’s a fine balance.

    I remember a case where some hospitals had key lock fridges in theatres- the blood was so secure that no one could access it during an emergency when the ODA had wandered off with the key in their pocket

    bw

  8. #8
    Forum Member
    Join Date
    Mar 2018
    Posts
    7
    Hi

    Just to clarify if there is a need to access a blood fridge by untrained personnel, such as in an emergency, this would substantiate concessionary access to mitigate the risk of serious patient harm. As such these situations should be avoided as per the regulation highlighted by Chris above. The key here is that in these situations there is a clear audit of who what when how and why is recorded. How you achieve this is up to the site but a site must reassure themselves that the relevant risks associated with these situations are mitigated in accordance with good practice risk principles i.e. such as in the situation described by KarenW above, in your 'crash code' situation, temporary access is granted by a BMS so it could be argued that, in this situation, the person collecting the blood has been granted authorised access and if their actions are recorded and audited, although reactive, risks can be controlled to a degree.

    In the points above:

    1. System is linked to active directory - if staff let their Trust network password expire they are unable to access the blood tracking system. This is an issue with porters who very rarely use a PC for everyday work. Password can be reset 24/7 by calling IT staff but this takes time which you don't have in an emergency situation.

    You could mitigate this by introducing a system that requires passwords to be re set before the actually expire via a checking and audit system of active password by the 'owner' of the database.

    2. Each site where emergency blood available should have at least 2 trained blood collectors on duty at anytime - on this occasion one had failed to turn up for shift and the other didn't inform management of this so cover wasn't arranged.

    You can mitigate this by again having regular audits of trained personnel to ensure that they are always in date and also maybe make sure that at least 3 are trained i.e. 1x on holiday, 1x Sick, 1x Spare. In addition was this situation partly caused by a failure in effective communication or a failure of staff to follow Trust Policy? If it was then you should investigate root cause and then mitigate as appropriate?

    1. If clinical staff have to phone the lab for codes during an emergency this could result in a significant delay if the lab is unable to take the phone call or the phone system goes down ( think Murphy’s law ).

    This should be exercised as part of your BCP self assessment process highlighting what the length of delay might be and what situation actually cause the delay. Once this is assessed you can then introduce mitigation within the context of your business processes.

    2. Can policies/ training state that if the override is used- then only emergency group O units are collected? Obviously this would need monitoring for adherence.

    This is a very fair point however it does not tell the whole story as you are still allowing access to unauthorised staff who may be able to take the wrong thing or tamper with other units in the fridge unless you are using a SMART fridge i.e. bloodtrack fridges.

    Please remember i am only playing devil’s advocate here but the realisation with regards to the regs is that every process must be thought through to identify relevant risk (s) so it can be mitigated effectively to protect patient safety and not to deny essential treatment that may result in major morbidity and not to deny access to emergency treatment in such a rigid way that does not allow flexibility in accordance with possible situations that a site may face.

    Another regulation that you may find a useful reference is:

    9.1.6 Deviations from established procedures should be avoided as much as possible and should be documented and explained. Any errors, accidents or significant deviations that may affect the quality or safety of blood and blood components should be fully recorded and investigated in order to identify systematic problems that require corrective action. Appropriate corrective and preventive actions should be defined and implemented.

    I hope this all makes sense and helps with your thoughts going forwards.

    Kind regards

    Mike

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •