Laboratory Information System User Roles & Permissions
Home / Clinical Modules / Laboratory Information System / Roles & Permissions

Laboratory Information System User Roles & Permissions

The LIS module supports end‑to‑end laboratory workflows (orders, specimens, analyzers, results, QC, critical values, microbiology, pathology, send‑outs) across UAE facilities. Role‑based and context‑based access control must comply with UAE PDPL, Federal Law No. 2 of 2019 (ICT in health fields), DOH ADHICS, and DHA/NABIDH security requirements, while supporting safe, efficient lab operations.

Role Definitions

Note: Authentication, base user identity, and employment relationships are managed in ehr-patient-mgmt (users, roles, permissions). The LIS module defines LIS‑specific roles and permissions that are assigned to those users.

Phlebotomist

  • Description: Frontline staff responsible for specimen collection, bedside labeling, and initial chain‑of‑custody documentation.
  • Typical UAE Job Titles:
  • Phlebotomist
  • Laboratory Assistant – Phlebotomy
  • Scope of Access:
  • Patients: Patients scheduled for collection on their assigned locations/rounds (ward, OPD, collection center) during active shift.
  • Data:
    • View: basic demographics, identifiers (MRN, Emirates ID masked), location, active lab orders, collection requirements, allergy flags.
    • Edit: specimen collection details (time, site, condition), chain‑of‑custody events, specimen rejection reasons.
    • No access to detailed lab results beyond simple “collected/received” status.
  • Reporting Hierarchy:
  • Reports to: Lab Supervisor or Phlebotomy Supervisor.
  • Operational direction from: Nursing Unit Manager for ward‑based collections.

Lab Technologist

  • Description: Core technical staff performing specimen processing, running analyzers, entering and verifying routine results, and managing day‑to‑day QC.
  • Typical UAE Job Titles:
  • Medical Laboratory Technologist
  • Medical Laboratory Technician
  • Scope of Access:
  • Patients: All patients with specimens or orders in their assigned lab section(s) (e.g., chemistry, hematology, coagulation) and facility.
  • Data:
    • View: full order details, specimen details, analyzer worklists, QC records, historical results for the same test/section.
    • Edit: specimen receipt/accessioning, result entry (manual), preliminary verification for routine tests, QC entries, analyzer run comments.
    • Cannot modify reference ranges, critical thresholds, or test catalog.
  • Reporting Hierarchy:
  • Reports to: Senior Lab Technologist and Lab Supervisor.
  • Clinical oversight: Pathologist / Lab Director.

Senior Lab Technologist

  • Description: Experienced technologist with advanced responsibilities, including complex result verification, analyzer troubleshooting, and send‑out coordination.
  • Typical UAE Job Titles:
  • Senior Medical Laboratory Technologist
  • Section In‑Charge (e.g., Senior Technologist – Chemistry)
  • Scope of Access:
  • Patients: All patients with lab activity in their section; may have cross‑section visibility for troubleshooting.
  • Data:
    • Inherits all Lab Technologist permissions.
    • Additional: override certain auto‑validation rules (e.g., delta check), approve complex results, manage send‑out orders, manage section‑level analyzer configurations (non‑global).
  • Cannot change global LIS configuration or regulatory settings.
  • Reporting Hierarchy:
  • Reports to: Lab Supervisor / Section Head.
  • Provides guidance to: Lab Technologists and Phlebotomists.

Lab Supervisor

  • Description: Operational manager responsible for staffing, section oversight, QC approval, analyzer configuration, and performance reporting.
  • Typical UAE Job Titles:
  • Laboratory Supervisor
  • Laboratory Manager
  • Section Supervisor (e.g., Hematology Supervisor)
  • Scope of Access:
  • Patients: All patients whose specimens are processed in the supervised lab(s) and facility.
  • Data:
    • Inherits all Senior Lab Technologist permissions.
    • Additional: manage staff worklists/assignments, approve QC corrective actions, maintain reference ranges (within governance), manage analyzer configuration, generate operational and quality reports.
  • No authority to sign out pathology diagnoses unless also a pathologist.
  • Reporting Hierarchy:
  • Reports to: Pathologist / Lab Director.
  • Manages: Phlebotomists, Lab Technologists, Senior Lab Technologists, QC Officer (operationally).

Pathologist / Lab Director

  • Description: Clinically responsible physician for laboratory services, with final authority on results, test catalog, and regulatory compliance.
  • Typical UAE Job Titles:
  • Consultant Pathologist
  • Specialist Pathologist
  • Laboratory Medical Director
  • Scope of Access:
  • Patients: All patients whose tests are processed by the laboratory (facility‑wide, multi‑facility if director is responsible across sites).
  • Data:
    • Inherits all Lab Supervisor permissions.
    • Additional: sign out pathology cases, approve complex/microbiology results, final authority on result amendments, manage test catalog and panels, approve critical value policies, sign off QC reviews, access all lab analytics and audit logs.
  • May have “sealed envelope” access to restricted tests (e.g., HIV) with enhanced auditing.
  • Reporting Hierarchy:
  • Reports to: Medical Director / Chief Medical Officer.
  • Clinical governance over: Lab Supervisor, Microbiologist, QC Officer.

QC Officer

  • Description: Specialist responsible for quality control programs, Westgard rule configuration, proficiency testing, and compliance audits.
  • Typical UAE Job Titles:
  • Quality Officer – Laboratory
  • Laboratory Quality Coordinator
  • Scope of Access:
  • Patients: Indirect; primarily works with de‑identified or aggregated QC data. Direct patient‑level access is limited to what is necessary for QC investigations.
  • Data:
    • Manage QC programs, Westgard rules, QC review workflows, proficiency testing records.
    • View QC‑related result details when investigating out‑of‑control events (with purpose logged as “quality/safety”).
    • Cannot modify clinical results or test orders.
  • Reporting Hierarchy:
  • Reports to: Lab Supervisor and Pathologist / Lab Director.
  • Works with: Hospital Quality & Patient Safety Department.

Microbiologist

  • Description: Specialist overseeing microbiology cultures, organism identification, sensitivities, and antimicrobial stewardship rules.
  • Typical UAE Job Titles:
  • Clinical Microbiologist
  • Consultant Microbiologist
  • Scope of Access:
  • Patients: All patients with microbiology orders/specimens in the facility (or multi‑facility if centralized micro lab).
  • Data:
    • View and verify microbiology results, organism identifications, sensitivity matrices.
    • Manage antibiogram generation, cascade reporting rules, and stewardship rules.
    • Cannot change non‑micro test catalog or non‑micro reference ranges.
  • Reporting Hierarchy:
  • Reports to: Pathologist / Lab Director.
  • Collaborates with: Pharmacy (Antimicrobial Stewardship), Infection Control.

Ordering Physician (External Role)

This is a clinical role defined in CPOE/Physician Portal; LIS permissions are scoped to result viewing and critical value acknowledgement.

  • Description: Licensed physician who orders laboratory tests and consumes lab results.
  • Typical UAE Job Titles:
  • Consultant / Specialist Physician
  • General Practitioner
  • Scope of Access:
  • Patients: Patients under their care (attending, consulting, or covering) as defined in ehr-patient-mgmt and CPOE.
  • Data:
    • View lab results and trends for their patients.
    • Acknowledge critical value notifications.
    • Request add‑on tests on existing specimens where allowed.
    • No access to internal QC, analyzer configuration, or other patients’ results.
  • Reporting Hierarchy:
  • Reports to: Department Chair / Medical Director (outside LIS).
  • Interacts with: Lab Technologist, Microbiologist, Pathologist for clarifications.

Permission Matrix

Legend:

  • ✅ = Allowed
  • ❌ = Not allowed
  • 🔒 = Conditional (context‑based, requires additional conditions such as section assignment, facility, or approval)
Permission / Function Phlebotomist Lab Technologist Senior Lab Technologist Lab Supervisor Pathologist / Lab Director QC Officer Microbiologist Ordering Physician
Patient & Order Access
View basic patient demographics (name, MRN, DOB, gender, location) 🔒
View full patient identifiers (Emirates ID, mobile, address) 🔒 🔒 🔒 🔒
View lab order details (tests, priority, clinical indication) 🔒 ✅ (own patients)
View order status & TAT 🔒 ✅ (own patients)
Create manual lab order (within LIS) 🔒 (section only) 🔒 (facility) 🔒 (facility) ✅ (via CPOE only)
Request add‑on test on existing specimen 🔒 ✅ (own patients)
Specimen Collection & Accessioning
View specimen collection worklist ✅ (micro only)
Record specimen collection (time, site, condition) 🔒 (micro collections)
Print / reprint specimen labels
Reject specimen and record rejection reason
Accession specimen (assign accession number, route to section) 🔒 ✅ (micro)
Manage chain‑of‑custody events
Analyzer & Worklist Management
View analyzer worklist ✅ (micro instruments)
Assign specimens to analyzer / rack
Manually release analyzer results to LIS (from pending interface queue)
Configure analyzer interface mapping 🔒 (section‑level) 🔒 (micro analyzers)
Disable/enable analyzer for maintenance 🔒 🔒
Result Entry, Verification & Amendments
Enter manual test results ✅ (micro)
Edit unverified results
Perform initial result verification (routine tests)
Verify complex / specialized results (e.g., pathology, complex coagulation) 🔒 ✅ (micro)
Override auto‑verification / delta‑check failure 🔒
Approve final result release to EHR/HIE 🔒 (routine)
Amend/correct a finalized result 🔒
View full result history and trends for a patient 🔒 🔒 ✅ (own patients)
Critical Values & Notifications
Flag result as critical
Generate critical value notification record
Acknowledge critical value (provider acknowledgement) ✅ (own patients)
Override critical notification escalation (document justification) 🔒 🔒
View critical value audit log 🔒 🔒 (own patients only)
Microbiology & Pathology
Manage microbiology culture records 🔒 (micro techs) ✅ (micro section)
Enter/edit organism identification and sensitivities 🔒 (micro techs)
Approve microbiology results 🔒 🔒 🔒
Manage antibiogram and cascade reporting rules 🔒
View and edit pathology case details 🔒 (grossing only) 🔒 🔒 (read‑only for own patients)
Sign out pathology reports
Quality Control & Reference Data
Enter QC run results ✅ (micro QC)
View Levey‑Jennings charts
Configure Westgard rules 🔒 🔒 (micro)
Approve QC corrective actions 🔒 🔒
Manage reference ranges 🔒 (advisory) 🔒 (micro‑specific)
Manage critical value thresholds 🔒 🔒 (advisory) 🔒 (micro‑specific)
Manage test catalog and panels 🔒 🔒 (advisory) 🔒 (micro‑specific)
Send‑Outs & External Labs
Create reference lab send‑out order 🔒 (request via CPOE)
Update send‑out shipment details (tracking, courier)
Enter/verify send‑out results
Reporting, Analytics & Administration
View section‑level workload and TAT dashboards
View facility‑wide lab analytics 🔒 🔒
Export de‑identified QC and performance data 🔒
Manage staff assignments / worklists 🔒
View LIS audit logs (user actions, BTG events) 🔒 🔒
Security & Special Access
Break‑the‑glass access to restricted lab data 🔒 🔒 🔒 🔒 🔒 (for QC investigations) 🔒 🔒 (own patients only)
Override context‑based access restrictions (e.g., cross‑facility) 🔒 🔒

Notes:

  • 🔒 permissions must be governed by configuration and context rules (section assignment, facility, on‑call status, approval workflows).
  • Creation of lab orders is normally via CPOE; LIS‑side order creation is restricted to exceptional workflows (e.g., walk‑in, external specimen) and must be tightly controlled.

Role Hierarchy

Permissions inherit downward; higher roles include all permissions of roles beneath them within their domain, subject to segregation‑of‑duties constraints.

flowchart TD A["Pathologist / Lab Director"] --> B["Lab Supervisor"] B --> C["Senior Lab Technologist"] C --> D["Lab Technologist"] B --> E["Phlebotomist"] A --> F["Microbiologist"] A --> G["QC Officer"] subgraph External Clinical Roles H["Ordering Physician"] end
  • Pathologist / Lab Director: Top of LIS clinical hierarchy; inherits all lab operational permissions plus authority to sign out pathology and approve policies.
  • Lab Supervisor: Inherits Senior Technologist and Technologist permissions, plus staff management and configuration.
  • Senior Lab Technologist: Inherits Technologist permissions, plus overrides and complex verification.
  • Phlebotomist: Specialized branch focused on collection; does not inherit technologist analytical permissions.
  • Microbiologist and QC Officer: Lateral specialist roles; they do not automatically inherit all Supervisor permissions but have elevated rights in their domains.
  • Ordering Physician: External role; LIS grants only result‑consumption and critical acknowledgement permissions based on treating relationship.

Context-Based Access Rules

Context‑based controls must be enforced in addition to RBAC, in line with Federal Law No. 2/2019, UAE PDPL, ADHICS, and NABIDH/Malaffi requirements.

1. Facility‑Based Restrictions (Multi‑Facility)

  1. Users are associated with one or more facilities in facilities and departments.
  2. Default rule: LIS users can only access orders, specimens, and results where: - lab_orders.facility_id is in the user’s permitted facility list, or - The lab is a centralized reference lab explicitly configured as multi‑facility.
  3. Cross‑facility access (e.g., central lab serving multiple hospitals) must: - Be configured per role (e.g., central chemistry technologists). - Be logged with facility context in audit logs.
  4. Pathologist / Lab Director may have multi‑facility access if they are formally responsible across sites; this must be documented in role configuration.

2. Department / Section‑Based Restrictions

  1. Each user is assigned one or more lab sections (chemistry, hematology, microbiology, pathology, blood bank, etc.).
  2. Lab Technologists and Senior Technologists: - Can only view and act on tests where lab_order_tests.lab_section is in their assigned sections.
  3. Microbiologist: - Has full access to lab_micro_cultures, lab_micro_sensitivities, and microbiology‑related lab_results, but not necessarily to pathology or other sections.
  4. QC Officer: - Access to patient‑level data is limited to tests/sections under active QC investigation; otherwise, they work with aggregated/de‑identified data.

3. Patient Relationship Requirements

  1. Ordering Physician: - May view results only for patients where they are:
    • Attending, consulting, or covering provider on the active encounter (encounters), or
    • Explicitly granted access (e.g., multi‑disciplinary team).
    • Relationship is validated via encounters and providers tables.
  2. Lab Staff: - Access is based on operational need (tests processed in their section), not direct treating relationship. - However, access to highly sensitive tests (e.g., HIV, genetic tests, mental health markers) may be restricted to designated staff and pathologists, using a “sealed envelope” model:
    • Record is visible as “restricted result exists” but content is hidden unless user has explicit permission or uses BTG.

4. Time‑Based Access (Shift‑Based)

  1. Each LIS user has defined shift schedules (from HR or scheduling system).
  2. By default, non‑emergency access to LIS is limited to active shift plus configurable grace period (e.g., 30 minutes before/after).
  3. Outside shift: - Read‑only access may be allowed for certain roles (Pathologist on call). - Write operations (result entry, verification, QC approval) are blocked unless:
    • User is flagged as “on‑call” for that period, or
    • BTG is invoked for emergency access (with justification).
  4. Night‑shift specific rules: - Certain high‑risk actions (e.g., result amendments) may require dual verification or supervisor approval during off‑hours.

5. Emergency / On‑Call Overrides

  1. On‑call Pathologists, Microbiologists, and Lab Supervisors may be granted extended access windows and cross‑section visibility during on‑call periods.
  2. Emergency overrides (e.g., mass casualty, code blue) may: - Temporarily relax some context restrictions (e.g., cross‑facility viewing) for designated roles. - Require explicit activation of an “emergency mode” by authorized users (e.g., Lab Supervisor), with:
    • Start/end timestamps,
    • Reason,
    • Automatic high‑sensitivity auditing.
  3. All emergency overrides must be: - Time‑limited, - Logged with purpose (“vital interest / emergency care”), - Subject to post‑event review.

Break-the-Glass (BTG) Procedures

BTG is required when a user with a legitimate clinical or safety need must access lab data that is otherwise restricted by role, facility, section, or sealed‑envelope rules.

1. When BTG is Required

Examples:

  1. Pathologist needs to view restricted HIV results for a patient with life‑threatening condition, but is not in the designated HIV team.
  2. Microbiologist on call needs to access microbiology results from another facility during a sepsis alert.
  3. QC Officer must inspect patient‑level results to investigate a serious QC failure impacting multiple patients.
  4. Ordering Physician needs urgent access to a restricted test result (e.g., genetic test) not normally visible in their specialty, to manage an emergency.

2. BTG Workflow

  1. Trigger: - User attempts to access a restricted record (e.g., sealed result, cross‑facility record, restricted test type).
  2. Warning Dialog: - System displays a clear warning:
    • “You are attempting to access restricted laboratory data. This action is permitted only in genuine clinical or safety emergencies and will be fully audited.”
  3. Justification Entry: - User must:
    • Select a reason from a controlled list (e.g., “Emergency treatment”, “QC investigation”, “Public health requirement”).
    • Enter free‑text justification (minimum length enforced).
  4. Optional Approval (Configurable): - For certain categories (e.g., mental health, HIV), system may require:
    • Real‑time approval by Pathologist / Lab Director or Lab Supervisor, or
    • Dual BTG confirmation (two users) before access is granted.
  5. Access Grant: - System grants temporary access to the specific record(s) requested:
    • Scope‑limited (patient, test, time window).
    • Time‑bounded (e.g., 15–30 minutes).
  6. Audit Logging: - For each BTG event, system records:
    • User ID, role, department, facility.
    • Patient ID, encounter ID.
    • Data accessed (tests, results, tables).
    • Reason code and free‑text justification.
    • Timestamp, workstation/IP, session ID.
    • Whether additional approval was required and by whom.
  7. Notification: - Automated notification sent to:
    • Lab Supervisor and Lab Director.
    • Data Protection Officer / Privacy Officer (per facility policy).
  8. Post‑Access Review: - Within a defined SLA (e.g., 24–72 hours), compliance or quality team reviews:
    • Legitimacy of BTG use.
    • Scope of data accessed.
    • Any anomalies or misuse.
    • Outcomes:
    • “Justified” (documented in patient record if clinically relevant).
    • “Questionable” (education and monitoring).
    • “Unjustified” (escalation, potential disciplinary action, access restriction).

3. UAE PDPL and Federal Law No. 2/2019 Implications

  • BTG events must be treated as high‑risk processing of sensitive personal data (health data).
  • Legal basis:
  • Typically “vital interests of the data subject” or “healthcare exemption for diagnosis/treatment” under PDPL and Federal Law No. 2/2019.
  • Requirements:
  • Strict necessity and proportionality: access only to data required for the emergency purpose.
  • Enhanced logging and monitoring.
  • Ability to demonstrate compliance to regulators (UAE Data Office, DOH, DHA) upon request.
  • BTG logs must be retained in line with clinical record retention policies and PDPL requirements.

Segregation of Duties

To reduce risk of fraud, data manipulation, and regulatory non‑compliance, certain role combinations and actions must be segregated.

1. Conflicting Role Combinations

The following combinations must not be assigned to the same user account:

  1. Lab Supervisor + QC Officer: - QC Officer must be independent enough to objectively review QC issues and corrective actions.
  2. Pathologist / Lab Director + QC Officer: - While the Lab Director oversees quality, day‑to‑day QC monitoring should be performed by a separate QC Officer.
  3. Microbiologist + QC Officer (for same section): - Microbiologist may advise on QC but should not be sole QC authority for microbiology.
  4. Phlebotomist + Lab Supervisor: - Prevents a single individual from both performing and approving their own work across the entire process.
  5. Senior Lab Technologist + Pathologist / Lab Director: - In general, clinical sign‑out (pathologist) and operational result entry (technologist) should be separate; combined roles should be exceptional and documented.

If a facility chooses to combine such roles due to size constraints (e.g., small clinic), this must be explicitly documented in configuration and subject to enhanced audit and external review.

2. Dual Sign‑Off Requirements

Certain high‑risk actions require dual sign‑off (two distinct users with appropriate roles):

  1. Result Amendments After Final Release: - Required roles: Senior Lab Technologist (or Lab Supervisor) + Pathologist / Lab Director. - System enforces:
    • First user proposes amendment with justification.
    • Second user reviews and approves before change is applied.
  2. Critical Reference Range or Critical Value Threshold Changes: - Required roles: Lab Supervisor + Pathologist / Lab Director (QC Officer may propose). - Changes must be versioned and effective dates tracked.
  3. Test Catalog Changes (Add/Deactivate Tests, Panels): - Required roles: Lab Supervisor (or Section Head) + Pathologist / Lab Director. - For microbiology stewardship rules, Microbiologist approval is also required.
  4. QC Rule Configuration (Westgard Rules) for High‑Risk Tests: - Required roles: QC Officer + Lab Supervisor or Pathologist / Lab Director.
  5. BTG Access to Highly Restricted Data Categories (e.g., HIV, genetic tests, mental health markers): - Required roles: Requesting clinician (e.g., Pathologist, Microbiologist) + Lab Supervisor or Privacy Officer, depending on facility policy.

The system must technically enforce dual sign‑off by:

  • Preventing the same user from fulfilling both approval steps.
  • Recording both user IDs, timestamps, and justification in an immutable audit log.

UAE Regulatory Compliance

The LIS roles and permissions model must support and demonstrate compliance with UAE healthcare and data protection regulations:

  1. Federal Law No. 2 of 2019 (ICT in Health Fields): - Ensures confidentiality of health data and restricts unauthorized access. - LIS RBAC and BTG mechanisms enforce “need‑to‑know” access and provide detailed audit trails. - Integration with NABIDH (Dubai) and Malaffi (Abu Dhabi) respects facility and patient consent configurations.

  2. UAE PDPL (Federal Decree‑Law No. 45/2021): - Health data is classified as sensitive personal data. - LIS must:

    • Implement privacy‑by‑design: data minimization, purpose limitation, and strict access control.
    • Support data subject rights indirectly (e.g., accurate results, audit logs) as orchestrated by the EHR/portal.
    • Log legal basis for processing where relevant (treatment, public health, quality, explicit consent).

  3. DOH ADHICS & DHA/NABIDH Security Requirements: - Strong authentication and authorization for LIS users. - Context‑based access controls (facility, department, shift). - Comprehensive audit logging for:

    • Result access and modifications.
    • QC actions.
    • BTG events.
    • Encryption in transit and at rest (implemented at platform level; LIS must not bypass).

  4. Quality and Accreditation (e.g., CAP, ISO 15189 as adopted locally): - QC Officer and Lab Supervisor roles support structured QC programs, Westgard rules, and proficiency testing documentation. - Dual sign‑off for critical configuration changes and result amendments aligns with accreditation expectations.

  5. Health Information Exchange (NABIDH / Malaffi): - Only finalized, authorized results are shared externally. - Role‑based verification ensures that only appropriately credentialed staff can release results to HIEs. - Critical value workflows and audit trails support regulatory audits of timely communication.

By implementing the above roles, permissions, and context‑based controls, the LIS module provides a robust, auditable security model that aligns with UAE regulatory expectations while enabling efficient laboratory operations.

← Previous Laboratory Information System Workflows Next → Laboratory Information System Data Specifications
content/clinical/lis/02-roles-permissions.md Generated 2026-02-20 22:54