ASTM E1578-18 Standard Guide for Laboratory Informatics 翻译交流

火页仔

8.8 Phase 7: System Retirement (Replacement, Archive).

8.8第7阶段：系统退役（更换、归档）。



8.8.1 Planning---An LI system may need to be retired for a number of reasons, including obsolescence of the system, closure of the facility, the ending of the program using the system, or a corporate directive for standardization on a different system. The retirement of an application needs to be carefully planned to avoid unintentional disruption to the business now or in the future. A comprehensive plan addresses the following elements: verification that business functions are no longer needed or will be available in a different application; identification of all users and dependent applications; inventory of hardware and software; a timeline for discontinuing or disabling functionality; archival of data in electronic or human-readable form; and a strategy for migrating data to the new system if necessary. The plan needs to be communicated to users and other parties that may be impacted by the retirement.



8.8.1计划--LI系统可能因许多原因而需要停用，包括系统废弃、设施关闭、使用系统的程序结束或在不同系统上标准化的公司指令。应用程序的停用需要仔细规划，以避免现在或未来对业务造成无意的干扰。综合计划涉及以下要素：验证不再需要业务功能或将在不同的应用程序中提供业务功能；识别所有用户和从属应用程序；硬件和软件清单；中止或禁用功能的时间表；电子或人可读形式的数据存档；必要时将数据迁移到新系统的策略。该计划需要传达给用户和可能受退休影响的其他方。


8.8.2 Verification of Obsolescence---This step is relevant in cases in which an application is not being replaced or is being replaced by an application with a different functional footprint. It shall be confirmed that the LI system can be taken out of service without negatively impacting the organization. In the case of replacement, it should be verified that the new system will include any required functionality that exists in the current
system.

8.8.2作废验证--在应用程序未被替换或被具有不同功能足迹的应用程序替换的情况下，与该步骤相关。应确认LI系统可以在不对组织产生负面影响的情况下停用。在更换时，应验证新系统将包括当前系统中存在的任何所需功能。


8.8.3 Users and Dependent Applications--All users of the application and all owners of other applications that depend on it need to be identified so that they can be informed of the planned retirement. They should be informed of the possible impact of the retirement or replacement of the existing system. Users should also have the opportunity to comment on the planned replacement or retirement and any previously unforeseen impact it may have.


8.8.3用户和从属应用程序--需要识别应用程序的所有用户和依赖它的其他应用程序的所有所有者，以便他们可以被告知计划的退役。应告知他们现有系统报废或更换可能产生的影响。用户还应有机会就计划更换或报废以及其可能造成的任何之前无法预见的影响进行评论。


8.8.4 Inventory of Hardware and Software---One objective of a retirement may be cost savings. It may be possible to redeploy hardware and third-party software used by an application, or they may be retired altogether. This includes hardware and software that may be dedicated to nonproduction environments. An inventory of hardware and software associated with the LI system to be retired should be carried out.
Maintenance and support contracts for retired systems should be cancelled.


8.8.4硬件和软件清单--退休的一个目标可能是节约成本。可以重新部署应用程序使用的硬件和第三方软件，或者它们可以完全停用。这包括可能专用于非生产环境的硬件和软件。应清点与即将停用的LI系统相关的硬件和软件。应取消退役系统的维护和支持合同。


8.8.5 Retirement Timeline---Retirement often encompasses many steps that need to be performed in a proper sequence to avoid disruption to the business. A detailed project plan and timeline need to be created, communicated, and managed. All parties need to be kept informed of ongoing progress and reminded of upcoming events. The retirement plans should be supported by a business case.


8.8.5退役时间表--退役通常包括许多步骤，需要按适当的顺序执行，以避免业务中断。需要创建、传达和管理详细的项目计划和时间表。所有各方都需要被告知正在进行的进展，并被提醒即将发生的事件。退休计划应由业务案例支持。


8.8.6 Data Archival---Laboratory data will almost certainly need to be maintained minimally for business and likely for regulatory reasons. Retention schedules will need to be adhered to, and these can vary greatly dependent upon the industry, company, and any regulatory requirements. With advances in technology and virtualization, companies may explore converting to flat tables for future retrieval. Data can be maintained in online read-only state with minimal infrastructure cost.


8.8.6数据存档--几乎可以肯定，出于商业和可能的监管原因，实验室数据将至少需要维护。需要遵守保留时间表，这些时间表可能因行业、公司和任何监管要求而存在很大差异。随着技术和虚拟化的进步，公司可能会探索转换为平坦的表格，以便未来检索。数据可以以在线只读状态维护，基础设施成本最低。


8.8.6.1 Other options include exporting data to a third-party provider to archive it and then retrieve when needed again. There are costs associated with this option, and there is risk of the vendor going out of business. Additionally, there may also be limitations with retrieving the data in a timely manner.


8.8.6.1其他选项包括将数据导出到第三方提供程序进行存档，然后在需要时再次取回。该选项存在相关的成本，并且存在供应商退出业务的风险。此外，及时检索数据也可能存在局限性。


8.8.6.2 If data storage in human-readable form is required, one option is to print the necessary data to paper and archive it in a secure storage repository. Alternatively, the information can be converted into an electronic human-readable format, though the format should be chosen carefully to ensure it will be supportable in the medium and long-term; the PDF format is commonly chosen.


8.8.6.2如果需要以人可读形式存储数据，可以选择打印必要的数据到纸上，并将其存档在安全的存储库中。或者，可以将信息转换为电子人可读格式，但应仔细选择格式，以确保中长期支持；通常选择PDF格式。


8.8.6.3 Careful considerations shall be given to how data are archived according to regulatory demands. For example, do the regulations require that the raw instrument data (such as a chromatograph) can be reprocessed using the original software (such as the chromatography data system)? If so, then the raw data may need to be preserved in its original form, and the original software may need to be preserved in a state where it can be run. This in turn may require the preservation of the hardware environment on which the original software ran.


8.8.6.3应根据监管要求仔细考虑数据的存档方式。例如，法规是否要求使用原始软件（如色谱数据系统）对原始仪器数据（如色谱仪）进行再处理？如果是这样，那么原始数据可能需要以其原始形式保存，原始软件可能需要以可以运行的状态保存。这反过来可能需要保存原始软件运行的硬件环境。


8.8.7 Migration of Data into a New Application---When replacing an application with a new one, an opportunity may exist to leverage new capabilities within the solution and to move the existing laboratory data into the new application as part of the implementation project. When migrating data, business rules need to be established and applied in the requirements-gathering phase relating to how much historical data and which data are to be migrated to the new application. Data migration can be complex, time-consuming, and expensive. The feasibility of data migration depends on the complexity of the data and the data structures---including databasetypes---that exist within the old and new system. It may be a relatively simple operation to migrate user information from one system to another. However, when it comes to migrating the linked batch, sample, test, results, product, and specification data from one system to another, or migrating stability study data (especially if there are currently running studies to be migrated), it becomes a much more difficult exercise and may require the development of complex data transformation routines and a complex and time-consuming validation exercise. Any organization contemplating data migration should carefully weigh the costs and benefits to make sure it makes financial and operational sense. Part of the analysis should include the level of automation associated with the migration. Some data may easily be migrated manually, whereas other data, because of volume/complexity, may be better served using a fully automated migration scheme. Additionally, the compatibility of the existing data with the type of database it is to be migrated to should be considered. For example, migrating data to a database from a different supplier may be more difficult than migrating to the same type of database. If the decision is to migrate data, then rules or policies shall be established by the organization and should take into consideration any compliance, risk management, legal, IT, and business requirements regarding how much and which data need to be migrated to the new LI  system. The definition of these rules will be influenced by how the historical data will be used. If historical data are to be used in reporting, the organization may have additional challenges with any necessary data conversion or report enhancements, or both. Organizations should also investigate whether gaps will be created with other business systems as a result of migrating historical data. If an organization makes the decision not to migrate any---or migrate all---of the data and start with an empty, or at least not fully populated database, then a strategy should be formed regarding how to process out the operational data (especially any data from long-term studies that may extend beyond the introduction of a new system) and archive the historical data.


8.8.7将数据迁移到新的应用程序中--当用一个新的应用程序替换一个应用程序时，可能存在机会利用解决方案中的新功能，并将现有的实验室数据作为实施项目的一部分移动到新的应用程序中。在迁移数据时，需要在请求收集阶段建立和应用业务规则，与要迁移到新应用程序的历史数据和数据的数量有关。数据迁移可能是复杂的、耗时的和昂贵的。数据迁移的可行性取决于数据的复杂性和新旧系统中存在的数据结构（包括数据库类型）。将用户信息从一个系统迁移到另一个系统可能是一个相对简单的操作。然而，当涉及到将关联批次、样品、检测、结果、产品和质量标准数据从一个系统迁移到另一个系统，或迁移稳定性研究数据（特别是如果当前正在运行的研究需要迁移）时，它成为一个更加困难的练习，可能需要开发复杂的数据转换例程和复杂耗时的验证练习。任何考虑数据迁移的组织都应仔细权衡成本和效益，以确保其具有财务和运营意义。部分分析应包括与迁移相关的自动化水平。一些数据可以很容易地手动迁移，而其他数据，由于体积/复杂性，可以使用全自动迁移方案更好地服务。此外，应考虑现有数据与将要迁移的数据库类型的兼容性。例如，将数据从不同的供应商迁移到数据库可能比迁移到相同类型的数据库更困难。如果决定迁移数据，则组织应制定规则或政策，并应考虑关于需要迁移到新LI系统的数量和哪些数据的合规性、风险管理、法律、IT和业务要求。这些规则的定义将受到如何使用历史数据的影响。如果在报告中使用历史数据，组织可能会在任何必要的数据转换或报告增强方面面临额外挑战，或两者兼而有之。组织还应调查是否会因为迁移历史数据而与其他业务系统产生差距。如果一个组织决定不迁移任何一个——或全部迁移——数据，并从一个空的或至少没有完全填充的数据库开始，然后应形成关于如何处理操作数据（尤其是可能超出引入新系统的长期研究的任何数据）和存档历史数据的策略。

火页仔

9. Lean Laboratory and Continuous Improvement Concepts within Laboratory Informatics
9.精益实验室和实验室信息学内的持续改进概念

9.1 Lean Laboratory---Laboratory informatics can be used to support and facilitate lean concept implementation, resulting in significant benefits when they are integrated successfully. Lean concepts can be applied in laboratories to improve productivity, quality, and efficiency while reducing costs. Lean concepts most likely to be facilitated with laboratory informatics include workload leveling and flow, visual management, continuous process improvement, and waste reduction. Each of these concepts is briefly described below.


9.1精益实验室--实验室信息学可以用来支持和促进精益概念的实施，当它们成功整合时，会带来显著的益处。精益概念可以应用于实验室，在降低成本的同时提高生产力、质量和效率。实验室信息学最有可能促进的精益概念包括工作量平衡和流程化、可视化管理、持续过程改进和减少废物。这些概念中的每一个简要描述如下。


9.2 Workload Leveling and Flow--Leveling strategies are used to balance the incoming workload and maintain a consistent workflow to make the best use of the resources available in the laboratory. Leveling is the smoothing of the variability of the incoming demand for work by ensuring that each work day has a consistent workload. Continuous flow concepts keep the work moving through the laboratory processes while minimiz
ing queuing or backlog between steps. (Examples of areas in which workload leveling and flow can be applied include functions C-1, C-2, C-3, C-4, C-5, and E-14 of the laboratory informatics functions map in Fig. 3.)


9.2工作量平衡和流程化---平衡策略用于平衡传入的工作负荷，并保持一致的工作流程，以最佳利用实验室可用的资源。平衡是通过确保每个工作日都有一致的工作量来平滑传入的工作需求的可变性。连续流概念使工作在实验室过程中不断发展，同时尽量减少步骤之间的排队或积压。（可以应用工作量平衡和流程化的领域示例包括图3中实验室信息学功能图的功能C-1、C-2、C-3、C-4、C-5和E-14。)


9.2.1 Laboratory informatics systems contain the data needed to develop workload leveling and flow strategies. This includes expected average incoming workload demand, expected turn-around times for sample testing, actual testing times, optimal testing batch sizes, required sample result due dates by customer, current amount of work in the laboratory, and available staff and equipment.


9.2.1实验室信息学系统包含制定工作量平衡和流程化策略所需的数据。这包括预期的平均进料工作量需求、样本检测的预期周转时间、实际检测时间、最佳检测批量、客户要求的样本结果截止日期、实验室的当前工作量以及可用的工作人员和设备。


9.2.2 Laboratory informatics can be used to automate the release of work into the laboratory based on the workload leveling strategy for each laboratory, thereby minimizing the scheduling and planning effort required to level the daily workload.


9.2.2实验室信息学可用于根据每个实验室的工作量平衡策略，将工作自动释放到实验室中，从而最大限度地减少日常工作量水平所需的调度和规划工作。


9.3 Visual Management---Visual management implementaton allows quick assessment of workflow processes at strategic points and is meant to provide the opportunity to indicate whether a process is working optimally. (Examples of areas where visual management can be applied include functions C-3, C-4, and many of the E functions of the laboratory informatics functions map in Fig. 3.) Laboratory informatics can support this Mean concept by visually displaying summarized data and compiling all needed information into one location to allow all users to identify quickly workload requirements as well as where review and action is required. Laboratory workflows can also be visually displayed by laboratory informatics systems, showing sample queues, sample locations, test status, samples/tests ready for review, and areas that need attention (that is, laboratory investigations).


9.3可视化管理--可视化管理实现允许在战略点快速评估工作流过程，并旨在提供显示流程是否最佳化的机会。（可应用视觉管理的领域示例包括图中实验室信息学功能图3的功能C-3、C-4和许多E功能。)实验室信息学可以通过直观显示汇总数据并将所有需要的信息编译到一个位置来支持这一Mean概念，允许所有用户快速识别工作量要求以及需要审查和行动的地方。实验室信息学系统还可以直观地显示实验室工作流程，显示样本队列、样本位置、检测状态、准备用于审核的样本/检测以及需要注意的区域（即实验室调查）。


9.3.1 Color coding, symbols, and icons that are easily understood and recognizable can be used to allow users to understand statuses and identify issues quickly. For example, dashboards can have colored gauges to represent the percent of work completed on-time, the current turnaround time against a six-month average, or the amount of scheduled work as a percentage of capacity.


9.3.1易于理解和识别的颜色编码、符号和图标可用于允许用户快速理解状态和识别问题。例如，仪表板可以有彩色来表示按时完成的工作百分比、当前周转时间与6个月平均值的比值或计划的工作量占容量的百分比。


9.3.2 Visual management dashboards can be used to provide real time electronic updates on sample status for customers of the laboratory.


9.3.2可视化管理仪表板可用于为实验室客户提供样品状态的实时电子更新。


9.3.3 Other examples include real time-control charts showing key performance indicators versus their warning and control limits, graphs of error rates pinpointing areas of opportunity for improvement, pop-up alerts indicating imminent deadlines, and so forth.


9.3.3其他示例包括显示关键性能指标及其警告和控制限度的实时控制图、精确定位改进机会区域的错误率图、指示即将截止日期的弹出警报等。


9.4 Continuous Process Improvement---Continuous process improvement tools are used to map actual workflow and can help identify potential failure points or places where consolidation or separation of steps would be beneficial. (Examples of areas where continuous process improvement can be applied include many functions but in particular C-3, E-5, and E-13 of the laboratory informatics functions map in Fig. 3.) A key to success with continuous process improvement is to understand the workflow and identify waste at the ground level of laboratory processes, with subsequent implementation of small changes continuously rather than major changes all at once. Laboratory informatics can support this by rendering data onto dashboards and reports and into control charts and production graphs, including data such as error rates, turnaround times, inventory control, and so forth. These can be used to identify bottlenecks and vulnerable steps in the processes and also to monitor the effectiveness of improvements. The data in the laboratory informatics systems can be used to measure and monitor key performance indicators before and after implementation of changes, as well as inform future decisions.


9.4持续流程改进--持续流程改进工具用于绘制实际工作流程，可以帮助确定潜在的故障点或，确定步骤合并或分离将是有益的地方。（可应用持续流程改进的领域示例包括许多功能但特别是图3中实验室信息学功能图的C-3、E-5和E-13。)持续流程改进成功的一个关键是了解工作流程，在实验室流程的基础层面识别浪费，随后连续实施微小变更，而不是一次性实施重大变更。实验室信息学可以通过将数据呈现在仪表板和报告上，并呈现在控制图和生产图中来支持这一点，包括错误率、周转时间、库存控制等数据。这些可以用来确定进程中的瓶颈和脆弱步骤，并监测改进的有效性。实验室信息学系统中的数据可用于测量和监测实施变更前后的关键性能指标，以及为未来的决策提供信息。


9.5 Waste Reduction---Waste reduction as a concept covers many areas, all related by the goal to decrease the amount of effort or time that does not add value to the product from the customer's point of view. Continuous process improvement can be used to reduce waste in laboratory processes. Some key opportunities for waste reduction within laboratories are planning and scheduling work, reviewing and approving data, filing paperwork, documenting, and entering or transcribing data. The following are examples of waste reduction strategies that can result in significant benefits for a laboratory:


9.5减少浪费--减少浪费作为一个概念涵盖了许多领域，所有这些领域都与减少从客户的角度来看不会增加产品价值的工作量或时间的目标有关。可采用持续工艺改进来减少实验室工艺中的浪费。实验室内减少浪费的一些关键机会是计划和安排工作、审查和批准数据、归档文书、记录以及输入或转录数据。以下是可为实验室带来显著益处的废物减少策略示例：


9.5.1 Review by exception is a waste reduction strategy that uses laboratory informatics systems to monitor key process parameters of mature, highly repeatable batch processes, and to evaluate them against specifications that have been configured and validated within the laboratory informatics system. Visual management tools such as color coding or symbols allow out-of-specification results identified by the laboratory informatics system to be flagged for laboratory analyst/supervisor review, while in-specification results are confirmed by the system and do not proceed to a manual review. (Examples of areas where review by exception can be applied include functions C-4 and E-9 of the laboratory informatics functions map in Fig. 3.) Examples of laboratory transactions that can use review by exception concepts include fit for use of equipment, raw materials, and consumables; training records; deviations from standard operating procedures; and so forth. Evaluation of only the failing parameters reduces the time spent reviewing and approving, resulting in a faster time to release, lower cost, and higher throughput.


9.5.1例外情况审查是一种减少浪费的策略，使用实验室信息学系统来监测成熟的、高度可重复的批处理工艺的关键工艺参数，并根据实验室信息学系统内配置和验证的质量标准对其进行评价。可视化管理工具（如颜色编码或符号）允许标记实验室信息学系统识别的超出质量标准的结果，以供实验室分析员/主管审查，而符合质量标准的结果由系统确认，不进行手动审查。（可以应用异常审查的领域示例包括图3中实验室信息学功能图的功能C-4和E-9。)可通过例外情况概念进行审查的实验室活动示例包括适合使用设备、原材料和耗材；培训记录；偏离标准操作规程等。仅对失败的参数进行评估会减少审查和批准所花费的时间，从而缩短放行时间、降低成本并提高吞吐量。


9.5.2 Automation is another waste reduction approach to reduce time spent on processes in which there are set formulae, rules, or steps by using the laboratory informatics system to perform these types of transactions instead of a laboratory analyst. (Examples of areas where automation can be applied include functions E-6 and C-6 of the laboratory informatics functions map in Fig. 3.) Examples of these processes within laboratory informatics include calculations; batching of samples; parsing of data from instruments, spreadsheets, and tracking systems; passing or sharing of information from one system to another; and data compilation. Automation of these processes removes the need for the secondary manual review of accuracy, allowing for more productive work to occur.


9.5.2自动化是另一种减少浪费的方法，通过使用实验室信息学系统而不是实验室分析员来执行这些类型的活动，以减少在设定公式、规则或步骤的过程上花费的时间。（可以应用自动化的领域示例包括图3中实验室信息学功能图的功能E-6和C-6。)实验室信息学中这些过程的示例包括计算；样本批处理；解析仪器、电子表格和跟踪系统的数据；将信息从一个系统传递或共享到另一个系统；以及数据汇编。这些过程的自动化消除了对准确性进行二次手动审查的需要，允许进行更有效的工作。


9.5.3 Paperless laboratory processes are waste reduction tactics to reduce the amount of activities executed on paper. Paper-based transactions can be error prone and require manual reviews to confirm accuracy, are difficult to search for data and information when there are investigations, and require physical handoffs that can increase wait times in laboratory processes. In addition, the paper itself creates wasteful nonvalue-added
tasks, as paper shall be purchased, handled, filed, stored, and destroyed. (Examples of areas where paperless processes can be applied include functions E-1, E-6, E-8, and E-13 of the laboratory informatics functions map in Fig. 3.)


9.5.3无纸实验室流程是减少浪费的策略，以减少纸质文件上执行的活动数量。纸质交易可能容易出错，需要人工审查来确认准确性，有调查时很难搜索数据和信息，需要物理交接，可以增加实验室过程的等待时间。此外，纸张本身会产生浪费性的非增值任务，因为纸张应被购买、处理、存档、储存和销毁。（可应用无纸化过程的区域示例包括图3中实验室信息学功能图的功能E-1、E-6、E-8和E-13。)


Paperless laboratory processes have a high potential of reducing nonvalue-added steps, a key factor in implementing lean. Laboratory informatics is a critical component of paperless laboratory processes, as its associated systems are able to display, store, and transmit information electronically. Laboratry informatics systems are also highly searchable electronic storage systems that allow for rapid retrieval of stored items, or
links to files stored in the informatics system. Going paperless with laboratory informatics includes activities like capturing data directly from a balance, pH meter, or other instrument; linking between systems to allow the sharing of one document without having it stored a second time; and covering the implementation of capturing logbook or notebook entries when a touchscreen or keyboard is used instead of a pen.


无纸实验室过程具有很高的潜力来减少非增值步骤，这是实施精益的关键因素。实验室信息学是无纸化实验室过程的关键组成部分，因为其相关系统能够以电子方式显示、存储和传输信息。实验室信息学系统也是高度可搜索的电子存储系统，允许快速检索存储的项目，或链接到存储在信息学系统中的文件。对实验室信息学进行无纸化处理包括直接从天平、pH计或其他仪器中获取数据；在系统之间建立链接，允许共享一份文件而无需二次存储；并涵盖使用触摸屏或键盘代替笔时捕获日志或笔记本条目的实现。


9.5.4 Mobile devices such as smartphones and tablet PCs that are able to receive notifications from an informatics system regarding imminent or actual issues or that are able to access inventory applications, dashboards, reports, and so forth, also support the lean concept of waste reduction. (Examples of areas where mobile devices can be applied include functions E-5, E-7, E-8, and E-10 of the laboratory informatics functions map in Fig. 3) With such easily accessed information available, decisions regarding remedial or corrective action can be made in a timely fashion, resulting in a quicker resolution of issues, faster turnaround, and greater productivity.


9.5.4移动设备，如智能手机和平板电脑，能够从信息学系统收到关于即将发生或实际问题的通知，或者能够访问库存应用程序、仪表板、报告等，也支持减少浪费的精益概念。（可应用移动设备的领域示例包括图3中实验室信息学功能图的功能E-5、E-7、E-8和E-10。）有了这样容易获得的信息，就可以及时做出关于补救或纠正行动的决定，从而更快地解决问题，更快地周转，提高生产力。


9.5.5 Streamlining laboratory informatics support functions is important to both the initial implementation as well as keeping support costs low. Examples include use of leveling, flow and standard work, and visual management concepts for administrative and support functions like master data maintenance, help desk support calls, change control monitoring, and user account maintenance.


9.5.5精简实验室信息学支持功能对于初始实施和保持支持成本较低都很重要。示例包括使用平衡、流程化和标准工作，以及管理和支持功能的可视化管理概念，如主数据维护、帮助台支持呼叫、变更控制监测和用户帐户维护。


9.5.6 Laboratory informatics can support the implementation of lean concepts in many ways. Informatics systems contain the data needed to summarize and evaluate performance markers and processes. They are responsible for handling the import and export of data, and for the controlled access to those data. Laboratory informatics systems are key elements in the improvement of productivity and efficiency, as well as the reduction of time and effort spent processing laboratory work, decision-making, and improving laboratory performance.


9.5.6实验室信息学可以在许多方面支持精益概念的实施。信息学系统包含总结和评价性能标记和过程所需的数据。他们负责处理数据的导入和导出，以及对这些数据的受控访问。实验室信息学系统是提高生产力和效率，以及减少处理实验室工作、决策和提高实验室性能所花费的时间和精力的关键要素。

火页仔

10. Data Integrity, Cyber Security, and Protection of Personally Identifiable Information

10.数据完整性、网络安全和个人身份信息保护

10.1 Data Integrity---Laboratory data shall be accurate, reliable, and protected. Therefore, data within the laboratory informatics system shall be protected against data's loss, improper or inconsistent use, unauthorized manipulation, obscuration, and distribution that violates privacy.


10.1数据完整性--实验室数据应准确、可靠并受保护。因此，实验室信息系统中的数据应受到保护，防止数据丢失、使用不当或不一致、未经授权的操纵、遮蔽和分发，这些都会侵犯隐私。


10.1.1 General Requirements---laboratory informatics system's ability to ensure data integrity is fundamental. Therefore, a complete data governance program shall start with a thorough understanding of data integrity concerns, whose rigor should be driven by the requirements of the business. These requirements shall take into consideration the criticality of data as it contributes to the system's intended use, the impact on the safety of the subject or environment, how it may aftect the quality of the product or service, the regulations of governing and certifying agencies, and the validity of decisions derived from it. Although much attention is given to computer system data integrity, all systems (people, machines, and methods) shall fully meet the data integrity standards set by the laboratory's business. Because many organizations already publish standards and guidance regarding data integrity, refer to the following for more detailed information:


10.1.1一般要求--实验室信息学系统确保数据完整性的能力是基本要求。因此，完整的数据治理计划应从彻底了解数据完整性问题开始，其严谨性应由业务要求驱动。这些要求应考虑数据的关键性，因为它有助于系统的预期用途、对主题或环境的安全性的影响、它如何影响产品或服务质量、管理机构和认证机构的法规以及由此得出的决策的有效性。虽然对计算机系统数据完整性给予了很大的关注，但所有系统（人、机器和方法）都应完全符合实验室业务设定的数据完整性标准。由于许多组织已经发布了关于数据完整性的标准和指南，更多详细信息请参考以下内容：

10.1.1.1 FDA Data Integrity and Compliance with CGMP: Guidance for Industry.

10.1.1.2 MHRA GxP Data Intègrity Definitions and Guidance for Industry.

10.1.1.3 GAMP Guide: Records & Data Integrity.

10.1.1.4 PIC/S Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments.

10.1.1.5 WHO Technical Report Series, No. 996, Annex 5 Guidance on good data and record management practices.

10.1.2 Key Considerations---When evaluating the data integrity compliance of a system, the following should be considered:


10.1.2关键考虑因素--评估系统的数据完整性合规性时，应考虑以下因素：

10.1.2.1 Data are facts and statistics that have been collected for reference or analysis. Data should be attributable to the person or system that generated it, legible and permanent contemporaneously recorded, original or true-copy in nature, and accurate. These principles---referred to as ALCOA---ensure the completeness, consistency, accuracy, content, and meaning of data endures through its life cycle, and that it is
controlled against intentional and unintentional changes. Laboratory informatics solutions are designed to emphasize the importance of data by supporting the principles of data integrity: data should be attributable.
legible, contemporaneous, original, accurate, complete, consistent, enduring and available (ALCOA+; from the PIC/S DI standard. which incorporates a bit more than the standard ALCOA principles).


10.1.2.1数据是指已收集的用于参考或分析的事实和统计数据。数据应归因于生成数据的人员或系统，同时记录的数据应清晰可读且永久，其性质应为原件或真实副本，且准确。这些原则（称为ALCOA）确保数据在其生命周期中的完整性、一致性、准确性、内容和意义，并控制其有意和无意的变化。实验室信息学解决方案旨在通过支持数据完整性原则来强调数据的重要性：数据应是可归因的。易读性、同期性、原创性、准确性、完整性、一致性、持久性和可用性（ALCOA +；来自PIC/S DI标准。比标准ALCOA原则多一点）。


10.1.2.2 Raw data (source data) represent original records (or true copies) of data, metadata, transformations, and reports of data that have been generated or recorded at the time of the activity. Raw data is stored as a permanent record on durable storage in any format (textual, audio, visual, and so forth) and may be used to reconstruct fully and evaluate the activity when---and to the extent that it is---required. While a true copy of manually captured data may be created later (for example, an accurate reproduction such as scanning to PDF), the reverse does not constitute raw data (raw data captured and stored electronically then printed to paper).


10.1.2.2原始数据（源数据）代表活动时生成或记录的数据、元数据、转换和数据报告的原始记录（或真实副本）。原始数据以任何格式（文本、音频、视觉等）作为持久存储的永久记录存储，可用于全面重建和评估活动（如需要）。虽然之后可以创建手动采集数据的真实副本（例如，准确复制，如扫描成PDF），但反之不构成原始数据（以电子方式采集和储存原始数据，然后打印成纸质）。


10.1.2.3 Without metadata, raw data has no meaning. Therefore, the laboratory informatics system shall protect metadata against loss and misuse using the same data integrity standards as applied to raw data. Further, the relationships between the data and the metadata shall be preserved in a secure and traceable manner so that they are perpetually available during data review and reporting activities.


10.1.2.3没有元数据，原始数据没有意义。因此，实验室信息系统应使用与原始数据相同的数据完整性标准来保护元数据免受丢失和误用。此外，数据和元数据之间的关系应以安全和可追溯的方式保存，以便在数据审查和报告活动期间永久可用。


10.1.2.4 The need to control the integrity of data, such as GxP records, is often driven by government, industry, or market regulations. When referring to GxP records, all data generated to satisfy the regulation both manual (paper) and electronic---shall be maintained in a manner that complies with this section. Data may only be excluded when there is valid, documented, and scientific justification that the data is anomalous or nonrepresentative. The justification for the exclusion shall be documented and remain available for consideration during data review.


10.1.2.4控制数据（如GxP记录）完整性的需求通常由政府、行业或市场法规驱动。当提及GxP记录时，为满足手动（纸质）和电子法规而生成的所有数据应以符合本条规定的方式进行维护。只有当数据是异常或非代表性的有效、记录和科学依据时，才能排除数据。应记录排除的理由，并在数据审查期间随时可供考虑。


10.1.2.5 As a type of metadata, preservation of audit trails and logs is vital. Laboratory informatics systems shall provide details of those items required to reconstruct the manufacturing process or analytical activity. These details attribute the creation, addition, deletion, or modification of data to an individual (or when automatically generated, an original data source), and they include the date and time of the action as well as the reason or context within which the action occurred. When automated audit trail functions are not available, an equivalent control may be implemented in the form of an audit log or book, which describes the nature and justification for the change. As with all metadata, the audit trail shall be available during data review activities, Complex informatics systems including LIMS, ELN, SDMS, and CDS--should include robust audit trail reporting, which is validated and readily available during review and inspection activities.


10.1.2.5作为元数据的一种类型，保留审计跟踪和日志至关重要。实验室信息系统应提供重建生产工艺或分析活动所需项目的详细信息。这些详细信息将数据的创建、添加、删除或修改归因于个人（或当自动生成时，归因于原始数据来源），它们包括操作的日期和时间以及操作发生的原因或上下文。当自动审计跟踪功能不可用时，可以审计日志或账簿的形式实施同等控制，其中描述了变更的性质和理由。与所有元数据一样，审计追踪应在数据审查活动期间可用，包括LIMS、ELN、SDMS和CDS在内的复杂信息学系统应包括稳健的审计追踪报告，其在审查和检查活动期间经过验证且随时可用。


10.1.2.6 Electronic signatures should be supported and controlled by complex laboratory informatics systems. These may be comprised of any symbol---or series of symbols---that have been executed and adopted by an individual and declared to be legally equivalent to the full handwritten signature, initials, or other signing. For specific requirements on electronic signatures, how they are controlled as electronic records, executed and maintained by the individual, and declared for use in record submission, refer to the laws and guidelines of the regulating agency.


10.1.2.6电子签名应由复杂的实验室信息系统支持和控制。这些符号可以由个人已经签署和采用的任何符号或一系列符号组成，并声明在法律上等同于完整的手写签名、姓名首字母缩写或其他签名。关于电子签名的具体要求，如何将其控制为电子记录，由个人执行和维护，并声明用于记录提交，请参阅监管机构的法律和指南。


10.1.2.7 Regulatory agencies are placing more emphasis on the protection of electronic data that is placed in temporary memory in which amendments or deletions can occur before creating the permanent record and alterations are outside the audit trail function. Laboratory informatics systems shall minimize the length of time that data is stored in temporary memory, which minimizes the opportunity to manipulate data into achieving desired results.


10.1.2.7监管机构更加重视对放置在临时存储器中的电子数据的保护，在创建永久记录之前可以进行修订或删除，并且更改在审计跟踪功能的控制之外。实验室信息学系统应最大限度地减少数据存储在临时内存中的时间长度，从而最大限度地减少操纵数据以达到预期结果的机会。

火页仔

10.1.2.8 Routine data review should be a supported feature of the laboratory informatics system. Data review should be able to be performed in a manner that is clear and accurate and include raw data, metadata, audit logs, and electronic signatures. Routine data review is applied to an individual data set and should reflect the organization's risk-based strategies. This review is not intended to be exhaustive or forensic, and methods to streamline the review should be considered, for example, conducting reviews by exception.


10.1.2.8 常规数据审查应是实验室信息学系统所支持的一项功能。数据审查应能以清晰和准确的方式进行，并包括原始数据、元数据、审计日志和电子签名。常规数据审查适用于单个数据集，并应反映组织的基于风险的策略。这种审查不是为了详尽无遗或取证，应考虑简化审查的方法，例如，按例外情况进行审查。


10.1.2.9 A periodic data review is used to verify that data governance controls are adequate to maintain the data integrity of the system and consider the possibility of unauthorized activity. This review should include the integrity of data throughout its life cycle, changes to system configuration, security and user roles, operational permissions, the ability to archive and restore data, and the training on and procedures of the system. The review should include an exhaustive analysis of certain critical datasets to verify the effectiveness of existing data integrity control methods.


10.1.2.9 定期的数据审查用于验证数据治理控制是否足以维护系统的数据完整性，并考虑未经授权活动的可能性。该审查应包括数据在整个生命周期内的完整性、系统配置的变化、安全和用户角色、操作权限、存档和恢复数据的能力，以及系统的培训和程序。该审查应包括对某些关键数据集的详尽分析，以验证现有数据完整性控制方法的有效性。


10.1.2.10 The design of a laboratory informatics system should include a fundamental consideration for the data integrity topics discussed in this section. Complex informatics systems should specifically be designed and delivered out of the box to have detailed audit trails, configurable and compliant electronic signatures, robust data and audit review options, and automatic handling for data manipulations that may occur in temporary memory.


10.1.2.10 实验室信息学系统的设计应包括对本节讨论的数据完整性主题的基本考虑。复杂的信息学系统在设计和交付时应特别考虑到详细的审计跟踪、可配置和符合要求的电子签名、强大的数据和审计审查选项，以及对可能发生在临时存储器中的数据操作的自动处理。


10.1.2.11 Good risk-based strategies shall be used when designing data integrity control methods within the laboratory informatics system. These strategies shall be fully documented and include all supporting  rationale. Control measures should reflect a rigor that is equal to the data's criticality; the risk associated with quality, safety, and efticacy of decisions; and the complexity of the system.


10.1.2.11 在实验室信息学系统内设计数据完整性控制方法时，应采用基于风险的良好策略。这些策略应被完全记录下来，并包括所有的支持性理由。控制措施应反映出与数据的关键性相当的严格性；与质量、安全和决策的 轻重相关的风险；以及系统的复杂性。


10.1.2.12 Documentation of and training on data integrity control measures in the laboratory informatics system should be a part of an overall data governance program. Staff operating and supporting the system shall be trained on these control measures and shall be able to detect data integrity issues when they occur. Training should cover how data integrity controls reduce errors and omissions and how they are used to improve the safety and quality of the product or service.


10.1.2.12 实验室信息学系统中数据完整性控制措施的记录和培训应成为整个数据管理计划的一部分。操作和支持该系统的工作人员应接受有关这些控制措施的培训，并应能在发生数据完整性问题时发现这些问题。培训内容应包括数据完整性控制如何减少错误和遗漏，以及如何利用它们来提高产品或服务的安全性和质量。

火页仔

10.2 Cybersecurity---Much like quality management, cybersecurity is a topic that affects many aspects of an organization.
10.2 网络安全---与质量管理一样，网络安全是一个影响到组织的许多方面的话题。

10.2.1 General Requirements---Organizations shall develop a comprehensive security program that analyzes, assesses, and mitigates vulnerabilities of the laboratory informatics system, as well as other connected systems and peers, both upstream and downstream. For further information, refer to the following standards and resources:

10.2.1 一般要求---组织应制定全面的安全计划，分析、评估和减轻实验室信息学系统以及其他连接的系统的漏洞，包括上游和下游。关于进一步的信息，请参考以下标准和资源。

10.2.1.1 National Institute of Standards and Technology (NIST) Cybersecurity Framework,

10.2.1.2 ISO/IEC 27000 family of standards, and

10.2.1.3 Open Web Application Security Project (OWASP).



10.2.2 Key Considerations---These are the key considerations used to evaluate and verify the security of a laboratory informatics system. These can be applied to any system, whether it is hosted internally or provided by a third party such as in the cloud. These are minimum requirements and may be expanded for systems and data that have less risk tolerance.

10.2.2 关键考虑因素---这些是用于评估和验证实验室信息学系统安全的关键考虑因素。这些可以适用于任何系统，无论它是由内部托管还是由第三方提供，如使用云。这些是最基本的要求，对于风险容忍度较低的系统和数据，可以加以扩展。


10.2.2.1 The organization's information security management system (ISMS) should include cybersecurity as it relates to the laboratory informatics system. The ISMS should include defining the characteristics of the organization; risk assessment approaches; risks unique to the organization; and a suitable methodology to identify, control, and manage these risks.


10.2.2.1 组织的信息安全管理体系（ISMS）应包括与实验室信息学系统相关的网络 安全。ISMS应包括定义组织的特征；风险评估方法；组织特有的风险；以及识别、控制和管理这些风险的适当方法。


10.2.2.2 An organization's ISMS should include a comprehensive set of policies and procedures and the appropriate training programs for IT personnel, developers, administrators, and end users. Training records should be kept and maintained as being accurate and updated to include new cybersecurity threats.

10.2.2.2 一个组织的ISMS应包括一套全面的政策和程序，以及针对IT人员、开发人员、管理员和终端用户的适当培训计划。培训记录应保持和维护其准确性，并更新以包括新的网络安全威胁。


10.2.2.3 The laboratory informaties system---and its connected systems and clients---shall be protected against damage to hardware, software, data, and services. This includes controlling access to physical resources and property, and protecting them against harm coming across electronic connections such as Ethernet, Wi-Fi, serial ports (RS-232), energy infrastructure, electromagnetic radiation, and more. The organization's ISMS should likewise warn against cyber vulnerabilities that come through human interaction such as trickery, social engineering attacks, and intentional or inadvertent misuse. While policies and training are sufficient for many physical and human vulnerabilities, electronic measures shall be taken to secure servers, including a network firewall, malware protection, and active scanning to detect network penetration attempts.


10.2.2.3 实验室信息系统--及其连接的系统和客户--应得到保护，以防止硬件、软件、数据和服务受到损害。这包括控制对物理资源和财产的访问，并保护它们免受来自电子连接的伤害，如以太网、Wi-Fi、串行端口（RS-232）、能源基础设施、电磁辐射等。组织的ISMS同样应该警告那些通过人类互动产生的网络漏洞，如欺诈、社会工程攻击、以及有意或无意的滥用。虽然政策和培训足以应对许多物理和人为的漏洞，但应采取电子措施来保护服务器，包括网络防火墙、恶意软件保护和主动扫描，以检测网络渗透企图。


10.2.2.4 The realm of web application security is constantly changing. Organizations shall receive regular updates on cybersecurity vulnerabilities that may apply to the laboratory informatics system. The WASP maintains The Ten Most Critical Web Application Security Risks, which is a good indicator for risks that may affect any application with computer network access, particularly those operating on the internet. Those ten risks include SQL. OS, and LDAP injecton; broken authentication and session management; sensitive data exposure (for example, healthcare. PID; XML external entities (XXE); broken access control; security misconfigura
tion; cross-site scripting (XSS); insecure deserialization (hostile serialized objects); use of components with known vulnerabilities; and insufficient logging and monitoring. The organization's ISMS should require regularly scheduled scans of all network-connected applications and assess and mitigate the findings according to the risk-based strategy.

10.2.2.4 网络应用安全的领域在不断变化。各组织应定期收到关于可能适用于实验室信息学系统的网络安全漏洞的最新信息。WASP保留了《十大最关键的网络应用程序安全风险》，这是一个很好的风险指标，可能会影响到任何有计算机网络访问的应用程序，特别是那些在互联网上运行的应用程序。这十种风险包括：SQL、OS和LDAP的注入，以及在互联网上运行的应用程序。操作系统和LDAP注入；认证和会话管理被破坏；敏感数据暴露（例如，医疗保健。PID；XML外部实体（XXE）；破坏访问控制；安全错误配置漏洞；跨站脚本（XSS）；不安全的反序列化（有敌意的序列化对象）；使用有已知漏洞的组件；以及日志和监控不足。组织的ISMS应要求定期对所有网络连接的应用程序进行扫描，并根据基于风险的策略评估和缓解调查结果。


10.2.2.5 The security of mobile devices connecting to the laboratory informatics system is an often overlooked area of concern. Key cybersecurity considerations include the use of connection encryption (for example, VPN), the protection of stored data (for example, encryption), the use of security software and settings, and the implementation of malware protection (against viruses, worms, Trojans, and so forth).


10.2.2.5 连接到实验室信息学系统的移动设备的安全性是一个经常被忽视的关注领域。关键的网络安全考虑因素包括使用连接加密（如VPN）、保护存储数据（如加密）、使用安全软件和设置，以及实施恶意软件保护（针对病毒、蠕虫、木马等）。


10.2.2.6 Certain laboratory resources---for example, equipment and instruments---may connect to the laboratory informatics system as internet of things (loT) devices. Some of these might be rudimentary, while others might have complex embedded software. These loT devices can act as inputs to, and can sometimes cause actions within, the laboratory system. Therefore, loT devices shall be controlled according to the organization's security policy as if they were a computing device. Such security policy should take into consideration controlling for authorized access (for example, uniquely authorized accounts, secure APIs), using a firewall or proxy,
updating device firmware and embedded software, limiting access to only required functions, and implementing risk-based validation testing.



10.2.2.6 某些实验室资源--例如设备和仪器--可以作为物联网（loT）设备连接到实验室信息学系统。其中一些可能是简陋的，而另一些可能有复杂的嵌入式软件。这些loT设备可以作为实验室系统的输入，有时也可以引起实验室系统的行动。因此，应根据组织的安全政策对loT设备进行控制，就像它们是一个计算设备一样。这种安全政策应考虑到控制授权访问（例如，唯一授权的账户，安全的API），使用防火墙或代理。更新设备固件和嵌入式软件，限制对必要功能的访问，并实施基于风险的验证测试。

火页仔

10.3 Protection of Personally Identifiable Information---Increasing globalization and utilization of electronic communication platforms are driving the need to redefine personal data privacy and security requirements. There are many national and international privacy-related laws that regulate the collection and use of personal data. Some apply to a certain type of data such as financial or health information. Others apply to certain data-related activities such as telemarketing and commercial e-mail. In addition, there are broad consumer protection laws that are not privacy laws per se but have been used to prohibit unfair or deceptive practices involving the disclosure of, and security procedures for, protecting personal information. Whereas legal statutes and requirements may vary between countries, some fundamental concepts apply to the protection and exchange of personally identifiable information. While it is not the intention of this guide to offer a definitive definition for personal data privacy, laboratory informatics implementations should consider certain fundamental elements of data privacy.


10.3 个人身份信息的保护---日益全球化和电子通信平台的利用促使人们需要重新定义个人数据隐私和安全要求。有许多与隐私有关的国家和国际法律对个人数据的收集和使用进行了规定。有些适用于某种类型的数据，如财务或健康信息。其他适用于某些与数据有关的活动，如电话销售和商业电子邮件。此外，还有一些广泛的消费者保护法，这些法律本身并不是隐私法，但被用来禁止涉及个人信息披露和安全程序保护的不公平或欺骗性做法。尽管各国的法律法规和要求可能有所不同，但一些基本概念适用于个人身份信息的保护和交流。虽然本指南无意为个人数据隐私提供一个明确的定义，但实验室信息学的实施应考虑数据隐私的某些基本要素。


10.3.1 Developing a Data Privacy Program---The data privacy program should be based upon clear quality and legal directives with a focus on customer permission and protection and deline an escalation process when data breaches are discovered. It shall be readable and understandable by everyone, yet be detailed enough to give specific guidance for handling data securely and with privacy in mind. Training, the assignment of roles and responsibilities, and the certification of those who might be exposed to data are important. In addition, a company's program should consider the protection of data being exposed to individuals outside of the company that may include vendors, consultants, and third-party data hosts, including data administrators as well as cloud and backup service providers. The data privacy program should include these eight guiding principles:


10.3.1 制定数据隐私计划--数据隐私计划应以明确的质量和法律指令为基础，重点关注客户许可和保护，并在发现数据泄露时制定一个升级流程。它应该是每个人都可以阅读和理解的，但又要足够详细，为安全地处理数据和牢记隐私提供具体指导。培训、角色和责任的分配以及对可能接触到数据的人的认证都很重要。此外，公司的计划应考虑保护暴露在公司之外的个人的数据，这些个人可能包括供应商、顾问和第三方数据主机，包括数据管理员以及云和备份服务提供商。数据隐私计划应包括以下八个指导原则：


10.3.1.1 Collection and usage of personally identifiable data shall be based upon legitimate grounds with transparency as to how the data is collected, used, and distributed. An individual shall be given an appropriate privacy notice when collecting personally identifiable information.


10.3.1.1 个人身份信息的收集和使用应基于合法的理由，并对数据的收集、使用和分发方式保持透明。在收集个人可识别信息时，应向个人提供适当的隐私通知。


10.3.1.2 Personally identifiable information shall be obtained only for specified and lawful purposes and not further processed such that it would no longer align with those purposes.

10.3.1.2 个人可识别信息应仅为特定和合法的目的而获取，并且不得进一步处理，使其不再符合这些目的。


10.3.1.3 The personally identifiable information to be retained shall only consist of what is required for the reason that has been fully disclosed with no more data collection than is necessary.


10.3.1.3 要保留的个人身份信息应仅包括已充分披露的原因所需的信息，而不会有超过必要的数据收集。


10.3.1.4 Personally identifiable information shall be accurate and kept current as needed. Reasonable steps should be taken to ensure that the data collected is clear and accurate with a consideration as to when and if it is necessary to update the data.


10.3.1.4 个人可识别信息应准确无误，并根据需要保持更新。应采取合理的步骤，确保所收集的数据清晰准确，并考虑何时以及是否有必要更新这些数据。


10.3.1.5 Personally identifiable information should not be kept for longer than necessary. Practices should be in place to establish length of retention and archival needs with policies that ensure secure deletion of data when it goes out-of-date.


10.3.1.5 个人可识别信息的保存时间不应超过必要的时间。应制定惯例，以确定保留时间和存档需求，并制定政策，确保在数据过期时安全删除。


10.3.1.6 Individuals have the right to a copy of their personally identifiable information. Once agreeing to supply their data, individuals have rights to object to use of that data that may cause harm or distress. In addition, the individual has the right to prohibit direct marketing of their data as well as use of automated decision making involving their data. It is the right of the individual to have any inaccuracies associated with
their data corrected, blocked, erased, or destroyed, or combinations thereof. Such inaccuracies may lead to individual compensation for any damage resulting from the misuse, lack of security, or breach of security of their personal data.


10.3.1.6 个人有权获得其个人可识别信息的副本。一旦同意提供他们的数据，个人有权反对使用可能造成伤害或痛苦的数据。此外，个人有权禁止对其数据进行直接营销，以及使用涉及其数据的自动决策。个人有权要求对与他们的数据相关的任何不准确之处进行个人有权要求纠正、阻止、消除或销毁与他们的数据有关的任何不准确之处，或将它们结合起来。这种不准确可能导致个人对其个人数据的滥用、缺乏安全或违反安全所造成的任何损失进行赔偿。


10.3.1.7 Organizations that collect or store personally identifiable information are required to have appropriate security to prevent data from being compromised. Therefore, it is important that policies, procedures, and electronic systems are designed and implemented to accommodate the type of personal data being collected, processed, and stored. Policies and procedures should clearly indicate who is responsible for the security of data and require that audit trails, security logs, and intrusions are reviewed on a periodic basis. Policies, procedures, and systems should have the appropriate security and backup. This requires reliable and well-trained personnel to mitigate and minimize appropriately the impact of any type of security breach of personal data.


10.3.1.7 收集或存储个人身份信息的组织必须具备适当的安全性，以防止数据遭到破坏。因此，必须设计和实施政策、程序和电子系统，以适应正在收集、处理和存储的个人数据类型。政策和程序应明确指出谁对数据的安全负责，并要求定期审查审计跟踪、安全日志和入侵行为。政策、程序和系统应具有适当的安全性和备份。这需要可靠和训练有素的人员，以适当地减轻和减少任何类型的个人数据安全漏洞的影响。


10.3.1.8 Given the different statutes and regulations across countries, transfer of personally identifiable information is complicated. For international transfer of data, equal measures shall be in place and maintained to ensure individual rights to personal data protections. Depending on the context, it may be necessary to notify individuals of the purpose of the transfer. Specific agreements may be required to define how the transferred data will be used, processed, and stored.


10.3.1.8 鉴于各国的法规和条例不同，个人身份信息的转移是复杂的。对于数据的国际转移，应采取并保持同等措施，以确保个人数据保护的权利。根据不同的情况，可能有必要通知个人转移的目的。可能需要签订具体的协议，以确定如何使用、处理和存储所转移的数据。


10.3.2 Summary---In general, the protection of personally identifiable information within the laboratory informatics System shall be a key consideration that starts during early system planning, continues through implementation and regular operation, and ends only when the data has been destroyed. Developing clear and focused policies and procedures is critical to complying with a complex regulatory environment both domestically and internationally.


10.3.2 小结：一般来说，在实验室信息学系统中保护个人可识别信息应是一个关键的考虑因素，它始于早期的系统规划，贯穿于实施和定期运行，并在数据被销毁后才结束。制定明确和集中的政策和程序对于遵守国内和国际上复杂的监管环境至关重要。

火页仔

11. Laboratory Informatics and Artificial Intelligence

11. 实验室信息学和人工智能

11.1 Introduction---Artificial Intelligence (Al)---Al represents a new area of informatics, and the applications of these are evolving rapidly. Al was inspired by the structure of the human brain. At the core of Al is the ability to "learn" from experience without being explicitly programmed to do so and improve upon that learning in the future. This ability is referred to as machine learning. This happens, in part, by looking at a dataset, finding relationships, expanding on existing keywords to find more relevant ones, and expanding search algorithms and variables to make discoveries from the results. Al has the potential to take real world---and real time---actions when operated in conjunction with laboratory IoT devices. As such, judicious use of AI is required until the technology is mature, including taking special precautions when analyzing its security vulnerabilities. If an Al function operates a laboratory informatics system as would a human user, then validation of the Al-enabled function should verify that it has no more access or operational rights than its human counterpart. Organizations using Al or machine learning in the laboratory should continue to monitor academic literature and the laboratory informatics industry for current risks and mitigating practices.


11.1 简介---人工智能（Al）---Al代表了信息学的一个新领域，其应用正在迅速发展。Al的灵感来自于人脑的结构。Al的核心是在没有明确编程的情况下从经验中 "学习 "的能力，并在未来改进这种学习。这种能力被称为机器学习。这部分是通过查看数据集、寻找关系、扩展现有的关键词以找到更相关的关键词，以及扩展搜索算法和变量来从结果中进行发现。当与实验室物联网设备一起操作时，Al有可能采取真实世界---和实时---的行动。因此，在技术成熟之前，需要明智地使用人工智能，包括在分析其安全漏洞时采取特别预防措施。如果人工智能功能像人类用户一样操作实验室信息学系统，那么对人工智能功能的验证应该验证它不比人类用户拥有更多的访问或操作权利。在实验室中使用人工智能或机器学习的组织应继续监测学术文献和实验室信息学行业的当前风险和缓解做法。


11.2 Machine Learning and Training---It is important to understand that training is not "learning" in the human sense, and it is not Al either. Training in the Al world refers to the numeric optimization for a set of model parameters to minimize a cost function. Without explicit instructions, the algorithm can infer from past learning, with continual iterations until the correct target is reached, leveraging the cost function. What is very exciting in machine learning is that once the training examples have been identified, the remainder of the "learning" process is purely a computational problem that does not directly involve humans. The ability to develop artificial intelligence by applying machine learning to the task at hand could allow laboratories to automate a number of processes. This could range from rudimentary tasks such as the development of an on-demand how-to-guide, report generation, and trend analysis to more advanced functions such as predictive analysis.


11.2 机器学习和训练---重要的是要理解训练不是人类意义上的 "学习"，它也不是Al。Al世界中的训练是指对一组模型参数的数值优化，以最小化一个成本函数。在没有明确指示的情况下，算法可以从过去的学习中进行推断，利用成本函数不断地迭代，直到达到正确的目标。机器学习中非常令人兴奋的是，一旦训练实例被确定，"学习 "过程的其余部分就纯粹是一个计算问题，不直接涉及人类。通过将机器学习应用于手头的任务来发展人工智能的能力，可以使实验室实现一些过程的自动化。这可能包括从初级的任务，如开发一个按需提供的指南、报告生成和趋势分析，到更高级的功能，如预测性分析。


11.3 AI in Laboratories---There are numerous uses for Al-based approaches within the domain of laboratory informatics, chiefly among them the creation and definition of unique ontologies, that is, a set of concepts and categories in a subject area or domain that shows their properties and the relations between them. Using the above paradigm rules for data mining, aggregation, transformation, and reporting of data can be facilitated and used to support interrelationship analysis and begin to understand sublime relationships between different domains of data, which may be nonobvious and help drive decision rationale. Largely, Al has been relegated to interpreting text, voice, movement, and tactile expressions to improve the human-machine interface for various systems and applicatons of visualization of complex data sets. Additionally, so-called intelligent data mining and pattern recognition are vital in the analysis of raw and post-compute analysis sets such as genomic data. Al systems are also used to monitor infrastructure and interpret events that are too miniscule or transient to be interpreted in real time by human senses. Monitoring, interpreting, collating, and acting in an automated and systematic self-directed manner can provide a host of meaningful applications that free human operators from menial or, conversely, dramatically complex tasks to focus on transforming data into information and ultimately organizational knowledge.

11.3 实验室中的人工智能---基于人工智能的方法在实验室信息学领域内有许多用途，其中主要是创建和定义独特的本体，即在一个主题领域或领域中的一组概念和类别，显示其属性和它们之间的关系。使用上述范式规则进行数据挖掘、汇总、转换和报告，可以促进和用于支持相互关系分析，并开始理解不同领域数据之间的崇高关系，这些关系可能是非显而易见的，有助于推动决策的合理性。在很大程度上，AI已经被归结为解释文本、语音、运动和触觉表达，以改善各种系统的人机界面和复杂数据集的可视化应用。此外，所谓的智能数据挖掘和模式识别在分析原始和计算后的分析集，如基因组数据方面至关重要。Al系统也被用来监测基础设施和解释那些太过微小或短暂而无法被人类感官实时解释的事件。以自动化和系统化的自我指导方式进行监测、解释、整理和行动，可以提供大量有意义的应用，将人类操作者从琐碎的或相反的、急剧复杂的任务中解放出来，专注于将数据转化为信息和最终的组织知识。


11.3.1 Benefits of Al in the Laboratory---The benefits of Al-enabled tools are many. Chiefly among them is the ability to process previously unmanageably large volumes of data and provide analysis of multivariable problems simultaneously while determining trends, outliers, and counterintuitive complex patterns not noticeable to humans and without emotional or intellectual bias. Al-based tools can capture, organize, and
automate the addition of organizational knowledge from disparate sources while providing an ability to diagnose root causes of observed events to enable organizational enterprise decision support. It is possible for Al to apply existing knowledge to parse, analyze, and classify text- and voice-based data sources to provide visualizations to facilitate human analysis of these complex information forms and create data collections. Various Al applications are used to provide additional layers of security by using new ways of storing and managing data such as decentralized, deconstructed, disparate data stores. Another benefit of Al-based tools is the ability to create constantly increasing data stores from multiple sources to provide the simultaneous ability to enhance sharing of knowledge and information as timely as the information is collected and potentially transformed. Al concepts like knowledge mapping and ontology generation can help to identify and increase the likelihood of organizing data to create information and ultimately organizational domain-based wisdom. Data integrity checking of large data sets in near real time is a possible fit for Al in the laboratory.

11.3.1 AI在实验室中的优势---其中最主要的是能够处理以前无法管理的大量数据，并同时提供对多变量问题的分析，同时确定趋势、异常值和人类无法察觉的反直觉的复杂模式，而且没有情感或智力偏见。基于人工智能的工具可以捕捉、组织和自动增加来自不同来源的组织知识，同时提供诊断观察到的事件的根本原因的能力，以实现组织企业决策支持。Al有可能应用现有的知识来解析、分析和分类基于文本和语音的数据源，以提供可视化，促进人类对这些复杂信息形式的分析，并创建数据集合。各种Al应用通过使用新的数据存储和管理方式，如分散的、解构的、不同的数据存储，来提供额外的安全层。基于Al的工具的另一个好处是能够从多个来源创建不断增加的数据存储，以提供同时加强知识和信息共享的能力，因为信息的收集和潜在的转化是及时的。Al的概念，如知识图谱和本体的生成，可以帮助识别和增加组织数据的可能性，以创造信息和最终的组织领域的智慧。对大型数据集进行近乎实时的数据完整性检查是Al在实验室中可能的适用范围。


11.3.2 Challenges of Al in the Laboratory---While the benefits are numerous, there are challenges to implementing Al technologies as part of core laboratory informatics landscape. The technological expertise of Al is typically lacking in laboratory environments, as well as end user buy-in for the need. This implies a shift in mentality of entire organizations, the requirement for significant upfront investment, and natural difficulties associated with implementation and support of Al systems. It is also a given that Al produces the most benefit from analysis of large data sets. However, depending on the industry, such data might only exist in paper and not digital format. This will inherently limit Al's ability to connect the dots and will require additional organizational effort to convert data to digital format. Another factor to consider is the risk versus reward of this solution. The initial payoff associated with automation of trivial tasks is not significant, and true payoff is not realized until maturity of Al is achieved. However, Al automation can result in over-reliance of the organization on it for its success. As such, a flaw in Al learning could result in significant impact to the organization. Lastly, as AI learns more and is able to find desired relationships across desperate data points, the ability to validate this result and trace the path to conclusion becomes virtually impossible. The human nature of distrust towards Al indicates that persons will need to undergo a similar level of learning in order to arrive at the same conclusion. This process will be more challenging for more desperate data sets and more complex findings. Given these challenges, Al in the laboratory will evolve slowly and will be most likely incorporated into existing laboratory informatics solutions as enhancements to existing functions.


11.3.2 Al在实验室中的挑战---虽然好处很多，但作为实验室核心信息学的一部分，实施Al技术也存在挑战。在实验室环境中通常缺乏Al的技术专长，也缺乏终端用户对需求的认同。这意味着整个组织心态的转变，需要大量的前期投资，以及与Al系统的实施和支持相关的自然困难。另外，从大型数据集的分析中产生最大的效益也是必然的。然而，根据行业的不同，这些数据可能只存在于纸面上而不是数字格式。这将在本质上限制了阿尔的连接能力，并需要额外的组织努力来将数据转换为数字格式。另一个需要考虑的因素是这个解决方案的风险与回报。与琐碎任务的自动化相关的初始回报并不显著，真正的回报要等到Al的成熟度达到后才会实现。然而，自动化可能会导致组织的成功过度依赖它。因此，人工智能学习中的一个缺陷可能会导致对组织的重大影响。最后，随着人工智能学习更多，并能够在绝望的数据点中找到所需的关系，验证这一结果和追踪结论的路径的能力变得几乎不可能。人类对Al不信任的本性表明，人们需要经历类似的学习，才能得出相同的结论。这个过程对于更绝望的数据集和更复杂的结论来说将更具挑战性。鉴于这些挑战，实验室中的人工智能将缓慢发展，很可能被纳入现有的实验室信息学解决方案，作为对现有功能的增强。

小金库

非常感谢分享。