College of American Pathologists
 Point of Care Testing Toolkit


 If you have any questions or  feedback. please email to

Point of Care Testing Toolkit

Download POCT Toolkit (PDF, 245 KB)

  • Introduction & Definitions
  • Advantages & Disadvantages
  • History
  • Current & Projected Technology
  • References
  • Tools
  • Toolkit Authors
  • Pathologist Roles
  • Pathologist as Laboratory Director
  • Pathologist as Clinical Consultant
  • Pathologist’s Regulatory Role
  • Pathologist as Technical Consultant
  • Give us your feedback on this sectionPathologist’s Regulatory Role in Addition to CLIA

    1. In addition to maintaining compliance with the regulations set forth in CLIA88 the Laboratory Director is also responsible for knowing, understanding and maintaining compliance with other Federal and State regulations that pertain to clinical laboratory testing. In the POCT environment, some of these regulations take on a different perspective and often require different solutions or accommodations than in the clinical laboratory. In this section we will briefly discuss the other agencies and regulations that the POCT Laboratory Director must be aware of and some information on how compliance may be achieved.
      1. Food & Drug Administration (FDA): The FDA regulates all laboratory tests and devices used in testing human samples for clinical purposes.
        1. The vast majority of POCT is performed using FDA approved kits and/or instruments. A listing of approved waived and moderately complex tests can be found at: FDA CLIA88 Test Database Search Page
        2. Most FDA enforcement is aimed at tests/kits/reagents that are marketed for clinical use in the U.S. via the 510k Premarket Notification or Pre-Market Approval (PMA) processes.
        3. An overview of Device Regulation and the process to receive FDA approval is available at: FDA Overview of Device Regulation.
          1. 510K Premarket Notification OR via the Code of Federal Regulations: 21 CFR Part 807 Subpart E
          2. Pre-Market Approval (PMA) processes OR in the Code of Federal regulations: 21 CFR Part 814
        4. In terms of POCT, the primary impact of the FDA Approval process is in the manufacturer’s instructions and specifications for the use of the test. Deviation from the manufacturer’s instructions typically will result in the test classification (waived or moderately complex) to immediately be considered ‘high complexity’ with all the ramifications of that classification. Items of particular importance to be cognizant of when initiating a POC test are:
          1. Sample types that are approved for use with the test
          2. Sample collection methods and devices
          3. Sample stability and maximum time from sample collection to testing
          4. Device, reagent, and, if applicable, control material storage conditions. Typically terms such as ‘room temperature’ or ‘refrigerator’ storage are no longer used and manufacturers must specify a temperature range for proper storage. This then, by extension, requires that the temperature of any storage area be monitored. Be sure to note any additional storage conditions such as humidity, light exposure, etc.
          5. Performance of Quality Control: How it is performed, at what frequency, etc.
          6. Reportable range for the test
          7. Requirements for follow-up or confirmatory testing
          8. The testing procedure itself
        5. Analyte Specific Reagents (ASRs):
          NOTE: Although it is atypical for POC tests to use ASR’s we have included this section for completeness.
          1. Definition: ASRs are defined as “antibodies, both polyclonal and monoclonal, specific receptor proteins, ligands, nucleic acid sequences, and similar reagents which, through specific binding or chemical reactions with substances in a specimen, are intended for use in a diagnostic application for identification and quantification of an individual chemical substance or ligand in biological specimens.” Class I ASR’s may be purchased and used by laboratories to develop specific clinical tests (laboratory developed tests; LDTs) that may be used within the laboratory that developed the test for patient testing without specific FDA approval.
          2. There are additional FDA requirements prior to marketing Class II and Class III ASR’s.
            1. Class II ASR: reagent is used as a component in a blood banking test of a type that has been classified as a Class II device (e.g., certain cytomegalovirus serological and treponema pallidum nontreponemal test reagents). 21 CFR 864.4020(b)(2)
            2. Class III ASR: reagent is intended as a component in tests intended either:
              1. to diagnose a contagious condition that is highly likely to result in a fatal outcome and prompt, accurate diagnosis offers the opportunity to mitigate the public health impact of the condition (e.g., human immunodeficiency virus (HIV/AIDS) or tuberculosis (TB)); or
              2. for use in donor screening for conditions for which FDA has recommended or required testing in order to safeguard the blood supply or establish the safe use of blood and blood products (e.g., tests for hepatitis or for identifying blood groups). 21 CFR 864.4020(b)(3).
              3. FDA considers ASRs intended to be used as a component in tests for diagnosis of HIV (including monitoring for viral load or HIV drug resistance mutations) to be Class III ASRs
            1. A good deal of information re: ASR’s can be found at the FDA’s ASR FAQ’s page.
        6. Laboratory Developed Tests (LDT’s);
          NOTE: Although it is atypical for POC tests to be Laboratory Developed Tests we include this section for completeness)
          1. For many years the FDA has adopted a position of ‘enforcement discretion’ with regard to Laboratory Developed Tests (LDTs) for clinical use. As long as there were no specific complaints or adverse patient impacts associated with such tests there was no pre-use approval process. Laboratories were free to develop and use such tests clinically provided they performed the appropriate CLIA validation steps.
          2. Many of these LDT’s utilize one or more ASR’s as a component of the test process
          3. Recently the FDA has identified a specific type of LDT that incorporates the results of several ‘tests’ and via some algorithm (typically proprietary) produces a diagnostic, or prognostic ‘score’. These In Vitro Diagnostic Multivariate Index Assays (IVDMIA’s) will require additional pre-clinical use validation and may require FDA approval prior to clinical use.
        7. The FDA also provides important updates and information (FDA Medwatch) regarding problems with FDA approved tests/instruments such as manufacturer recalls, tests interferences, safety hazards, etc. which may impact patient or operator safety and/or the quality of the test result.
          1. The FDA provides a mechanism to sign up for e-mail alerts regarding specific categories of FDA covered items on this page
      2. Centers for Disease Control and Prevention (
        1. The CDC provides recommendations, and resources for laboratories that may be applicable to POCT testing (search for “point-of-care”) The CDC also provides survey information with regard to use of POCT
        2. Biosafety: specific information regarding biosafety as it applies to communicable agents can be found at: CDC Biosafety
        3. An overall review of good laboratory practices for sites performing waived testing may be found at: MMWR 2005 Good Laboratory Practice.
      3. Occupational Safety & Health Administration (Federal OSHA,) works to promote workplace safety. In the area of POCT, OSHA standards with regard to personnel protective equipment (PPE), biosafety and biohazardous waste disposal are important to review.)
        1. The Needlestick Safety and Prevention Act requires the use of engineering and work practice controls to eliminate or minimize employee exposure to bloodborne pathogens.
        2. Standards
          1. Blood Borne Pathogen Standard (1910.1030) requires the following when there is any reasonably anticipated skin, eye, mucous membrane, or parenteral contact with blood or other potentially infectious materials that may result from the performance of an employee’s duties.
            1. A written Exposure Control Plan
            2. Adherence to “Universal Precautions”: which is an approach to infection control. According to the concept of Universal Precautions, all human blood and certain human body fluids are treated as if known to be infectious for HIV, HBV, and other bloodborne pathogens.
            3. Use of engineering controls: (e.g., sharps disposal containers, self-sheathing needles, safer medical devices, such as sharps with engineered sharps injury protections and needleless systems) that isolates or removes the bloodborne pathogens hazard from the workplace.
            4. Use of work practice controls: e.g. reducing the likelihood of exposure by altering the manner in which a task is performed (e.g., prohibiting recapping of needles by a two-handed technique).
            5. Use of Personal Protective Equipment: specialized clothing or equipment worn by an employee for protection against a hazard. General work clothes (e.g., uniforms, pants, shirts or blouses) not intended to function as protection against a hazard are not considered to be personal protective equipment.
            6. Exposure evaluations
            7. Housekeeping: Employers shall ensure that the worksite is maintained in a clean and sanitary condition. The employer shall determine and implement an appropriate written schedule for cleaning and method of decontamination based upon the location within the facility, type of surface to be cleaned, type of soil present, and tasks or procedures being performed in the area.
            8. Handling and disposal of regulated waste: Although the amount of biologic sample used in most POCT tests is small, all contaminated materials used in testing must be disposed of in compliance with all applicable federal, state and local regulations.
            9. Hepatitis B vaccination: The employer shall make available the hepatitis B vaccine and vaccination series to all employees who have occupational exposure, and post-exposure evaluation and follow-up to all employees who have had an exposure incident.
            10. Labels and signage: Warning labels shall be affixed to containers of regulated waste, refrigerators and freezers containing blood or other potentially infectious material; and other containers used to store, transport or ship blood or other potentially infectious materials
            11. Employee information and training: The employer shall train each employee with occupational exposure in accordance with the requirements of this section. Such training must be provided at no cost to the employee and during working hours. The employer shall institute a training program and ensure employee participation in the program.
          2. Standard Precautions
            1. In 1996, The CDC combined the requirements of Universal Precautions and those of Body Substance Isolation, using the term Standard Precautions. Standard Precautions are based on the assumption that “all blood, body fluids, secretions, excretions, except sweat, nonintact skin, and mucous membranes may contain transmissible infectious agents” and apply to all patients. Included are rules for hand hygiene, use of personal protective equipment, handling of potentially contaminated equipment/items, respiratory hygiene/cough etiquette, and safe injection practices.
            2. CDC: 2007 Guideline for isolation precautions: Preventing transmission of infectious agents in healthcare settings.
          3. Chemical safety: For most POCT hazardous chemical exposure is not a major issue. However, knowledge of the OSHA regulations, the chemicals used in each kit or device, and making provisions for any employee exposure where hazardous chemicals are present is important. Any Material Safety Data Sheets (MSDS) provided by the manufacturer should be available where the device or kit is being utilized.
        3. Twenty-four states plus Puerto Rico and the Virgin Islands have OSHA approved safety programs. While many of these are similar to Federal OSHA rules many have specific and/or more stringent requirements that the laboratory director must be aware of. Links to specific state programs can be found at: State OSHA’s.
      4. State regulations
        1. There are currently two states that have more stringent laboratory regulations that CLIA88 and have been granted exemption from CLIA regulations: New York and Washington.
          1. Pathologists overseeing point of care testing in the states must familiarize themselves with the laboratory regulations for these states.
        2. The following states have some form of laboratory regulation but they are highly variable in their content, requirements and applicability to point of care testing. Pathologists administering point of care testing programs within these states should familiarize themselves with any applicable regulations.
          1. Alabama, Arizona, California, Connecticut, Florida, Georgia, Hawaii, Idaho, Kentucky, Minnesota, Maine, Massachusetts, Maryland, Nevada, New Hampshire, New Jersey, Pennsylvania, Rhode Island, Tennessee, West Virginia, Wyoming
        3. The remaining states have no specific laboratory regulations and rely on CLIA88.
      5. International regulations
        1. Various regulations and standards have been developed in other countries with regard to clinical laboratory testing. Many of these are based on the ISO standards; however, there may be significant variations between different countries and regions. Pathologists involved in point of care testing programs should familiarize themselves with the regulations and standards of the country and or region that they are operating in. Further editions of this Tool Kit will address international regulations in more detail.
      6. Center For Medicare & Medicaid Services & Office of the Inspector General
        1. Medical necessity: Center For Medicare & Medicaid Services (CMS) via National Coverage Determinations (NCD’s) and Local Coverage Determinations (LCD’s) specify the medical conditions that demonstrate medical necessity for certain laboratory tests. Unless the medical necessity requirement is met the test may not be reimbursed by CMS.
        2. Medicare patients presenting with test orders where medical necessity cannot be demonstrated should be asked to sign and Advance Beneficiary Notice (ABN) and accept responsibility for payment. When a laboratory determines that, based on diagnostic information received with the test request, that Medicare is unlikely to reimburse for the test, the laboratory must provide the patient with an ABN that allows the patient to either accept responsibility for payment should Medicare deny reimbursement OR not have the testing performed. Information on the requirements of the ABN
          1. NCD information
          2. LCD information is dependent on the specific Fiscal intermediary (Part A) or Carrier (Part B) that Medicare patient testing is billed through. Knowledge of the LCD’s for your particular region and billing type is required to understand potential reimbursement for POCT. A listing of Intermediaries and Carriers by state is available.
        3. Common Procedural Terminology, 4th Ed (CPT-4) codes: Most laboratory tests, including POCT, are billed via CPT-4 codes. The laboratory must select the most appropriate code for each test billed. CPT-4 codes are developed by the American Medical Association and are available annually in book form and via on-line subscription services
        4. Office of the Inspector General (OIG) Model Compliance Plan for Laboratories: In order to reduce laboratory fraud and abuse CMS via the OIG developed a billing compliance plan for laboratories. If a laboratory is reviewed with regard to billing practices, the presence of an OIG Compliant plan may mitigate (to some degree) the extent of the audit.
      7. Health Insurance Portability and Accountability Act (HIPAA)
        1. The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
        2. In terms of POCT, the primary facets of HIPAA that may be relevant are safeguarding Protected Health Information (PHI), executing Business Associate Agreements, if applicable, and the electronic transmission of test results/PHI.
        3. Protected Health Information: The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)." “Individually identifiable health information” is information, including demographic data, that relates to:
          1. the individual’s past, present or future physical or mental health or condition,
          2. the provision of health care to the individual, or
          3. the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
        1. Business Associate (BA): In general, BA status may not strictly apply to vendors who are contracted to provide POCT materials. However, it may be prudent to execute Business Associate Agreements (see below) with vendors who provide instrumentation that stores PHI and could be accesses during servicing or repair of the instrument
          1. In general, a business associate is a person or organization, other than a member of a covered entity's workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Business associate functions or activities on behalf of a covered entity include claims processing, data analysis, utilization review, and billing. Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services. However, persons or organizations are not considered business associates if their functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all. A covered entity can be the business associate of another covered entity.
          2. Business Associate Agreement (BAA): When a covered entity uses a contractor or other non-workforce member to perform "business associate" services or activities, the Rule requires that the covered entity include certain protections for the information in a BAA. In the business associate contract, a covered entity must impose specified written safeguards on the individually identifiable health information used or disclosed by its business associates.
            1. Sample language may be found at: DHHS Business Associate Contracts.
          3. Electronic Transmission & Security Standards: The HIPAA Security Rule applies to POCT whenever PHI is stored in a test device or transmitted via electronic means from that device. The specifics of the regulations can be found here.
            1. In terms of POCT, when testing is performed with an instrument, it is important to understand what information is entered and stored in the device, and how is it accessed (e.g., password or user code), and to ensure that such information is removed from the device if/when it is returned to the manufacturer for service, repair or replacement
          4. If the instruments are used to transmit results and PHI to an electronic medical record or other electronic repository, then the manner in which the data is transmitted (e.g., encryption, firewall security) and the security and integrity of the repository must be taken into account.
    [Back to Top]