A registered manager’s hardest inspection moment is rarely a wrong result. It is being asked a simple question about a right one. An assessor scrolls back six weeks, lands on a single test, and asks: who ran this, on which analyser, was quality control in date, and how did the number reach the patient’s record? The result is easy to find. The story behind it often is not.

That story is your audit trail. A point-of-care testing audit trail is the running record that lets you account for every result your clinic produces, from the moment a sample is tested to the moment a clinician acts on it. When it is complete, an inspection becomes a short conversation. When it has gaps, one missing detail can cast doubt over a whole testing service.
This article describes what a defensible, tamper-evident record looks like in practice, why assessors care about reconstruction rather than tidy paperwork, and how a digital approach captures the trail as you work instead of after the fact.
When an assessor points at one result
Inspectors do not audit averages. They sample. They pick one result, sometimes at random, sometimes because something about it looks unusual, and they follow it backwards. The exercise is deliberate: if you can fully account for a result chosen at random, you can probably account for all of them.
So the practical question is not “do you keep records?” It is “can you take any single result and rebuild exactly what happened?” That is the bar. Everything below describes the fields that let you clear it.
What a defensible point-of-care testing audit trail contains
A traceable record is more than a results list. Each entry needs to answer a fixed set of questions without anyone having to remember, guess or cross-reference a second system.
Who performed the test
The “who performed the test” record is usually the first thing an assessor checks, and the most common weak point. It is not enough to know that someone tested the sample. You need the named operator, and ideally their competency status at that moment: were they signed off to use that device on that date? A record that links each result to a trained, in-date operator answers a governance question and a safety one at the same time.
Which device, reagent and lot
Two analysers of the same model can behave differently. The record should name the specific device used, plus the reagent or cartridge lot and its expiry. When a manufacturer issues a field safety notice for a particular lot, this is the field that tells you, in minutes rather than days, which patients were affected.
Date, time and sequence
A timestamp does more than mark the day. It places the result in order against quality control, calibration and other tests on the same device. Sequence matters: a result run before its daily control passed is a different story from one run after. Reliable date and time, captured automatically, is the spine that everything else hangs from.
Patient and test identity
The result must attach to an unambiguous patient identifier and a clearly named test. Free-text initials and a scribbled “glucose” are where mismatches begin. A clean record carries a unique identifier and a specific analyte, so a single HbA1c or CRP result can never drift onto the wrong file.
Result and result status
The number alone is not the full picture. Status tells you what happened to it: accepted, rejected, repeated, flagged outside the reference range, commented on, or held for review. Inspectors look closely at results that were repeated or overridden, because that is where judgement enters. A record that shows the status, the reason and the person who decided is far stronger than one that simply shows a final value.
Quality control at the moment of testing
A result is only as trustworthy as the quality control standing behind it. The trail should let an assessor see the control status that applied when the patient sample was run, not just that QC was performed somewhere that week. Linking each patient result to the relevant control run is what turns POCT traceability from a claim into something you can demonstrate.
Why “reconstructable end to end” is the real test
Notice the theme running through those fields: each one exists so the result can be rebuilt later. That is what assessors are really testing. Not whether your folder is neat, but whether the record is faithful enough that a stranger could reconstruct the event months afterwards and reach the same conclusions you did.
Two qualities make that possible.
The first is completeness. Every result carries its operator, device, lot, timing, identity, status and control context, with no field left to memory.
The second is tamper-evidence. A defensible record shows its own history. If a result was amended, the original value, the change, the reason and the author are all preserved, rather than the old value being quietly overwritten. Inspectors are reassured by a record that admits a correction was made and shows it cleanly. They are unsettled by one that looks too perfect to be true, because real testing involves repeats, comments and the occasional fix.
A record that is both complete and tamper-evident lets you say something simple and powerful: pick any result, and we can show you the whole of it.
The trouble with paper and memory
Most clinics start with paper logs and shared spreadsheets, and most discover the same limits under inspection.
- Handwriting captures the result but rarely the device, lot and control status together, so reconstruction depends on stitching three documents into one.
- Operator identity fades. Initials are shared, locums move on, and “who performed the test” becomes a question nobody can answer with confidence.
- Times are rounded or back-filled, which breaks the sequence against quality control.
- Corrections are made with a pen stroke, which removes the original value and the very tamper-evidence an assessor wants to see.
- Records live in different places, so producing one result’s full history means a hunt rather than a click.
None of this means staff are careless. It means manual capture asks people to record, in real time and by hand, more detail than a busy clinic can sustain. The gaps are structural, not personal.
How a digital record captures the trail automatically
The reason a digital approach helps is not that it stores more. It is that it captures the trail at the moment of testing, without adding work. POCTIFY provides digital solutions for point-of-care testing that work with the devices and systems you already use, so each result arrives carrying its own operator, device, lot, timestamp and control status as standard.
In practice that changes the inspection from a search into a demonstration. When an assessor points at a result, you open it and the whole record is already there: who ran it, on which analyser, with which lot, against which control, what its status was, and any amendments with their reasons and authors intact. Operator competency is linked, so an out-of-date sign-off is visible before it becomes a finding. Because the history is preserved rather than overwritten, the tamper-evidence assessors look for is built in rather than assembled by hand.
The point is not to replace clinical judgement. It is to make sure the record never undersells the careful work your team already does.
A quick self-check before your next inspection
Pick one result from three months ago at random, and try to answer all of these from your records in under two minutes:
- Who performed the test, and were they signed off on that device that day?
- Which specific device and reagent lot were used, and was the lot in date?
- What was the exact date and time, and what was the quality control status at that point?
- Which patient and which test, beyond doubt?
- What was the result status, and if it was amended, can you see the original, the change, the reason and the author?
If any answer needs a phone call or a second system, that is precisely the gap an assessor will find. Closing it before inspection is far calmer than explaining it during one. For the wider documentation an assessor expects to see, our guide to point-of-care testing accreditation requirements covers the supporting evidence alongside the record itself.
Standards worth knowing, in plain terms
Several standards and guidance documents shape what a good POCT record looks like. We describe them here in our own words, and recommend reading the official texts in full before you rely on them.
- ISO 15189:2022 sets out quality and competence requirements for medical laboratories and now folds in point-of-care testing, which earlier sat in the separate ISO 22870. In spirit it asks you to show that results are traceable, that staff are competent, and that quality is managed rather than assumed.
- In the UK, the Medicines and Healthcare products Regulatory Agency publishes guidance on the management and use of in vitro diagnostic point-of-care test devices, which speaks directly to operator training, quality control and record keeping.
- Accreditation in the UK is assessed by UKAS against ISO 15189, while registered managers will also recognise the expectations of their care regulator around safe, well-governed services.
Treat these as the destination, not the detail. The official documents are the authority, and they are updated periodically, so consult the current versions rather than a summary.
This article is for educational and operational purposes only and is not medical advice.
Talk to POCTIFY
If your records can produce the result but not always the story behind it, that is a common and fixable position. We can look at how your clinic captures operator, device, timing and quality control today, and where a digital record would close the gaps an inspector tends to find. Talk to POCTIFY about tailored support for your testing service, and we will keep the focus on your workflow rather than ours.
Frequently asked questions
What is a point-of-care testing audit trail?
It is the complete record that lets you account for every result, linking each one to the operator who ran it, the device and reagent lot used, the date and time, the patient and test, the result status, and the quality control that applied. A good trail lets you reconstruct any result from start to finish.
What does the “who performed the test” record mean, and why does it matter?
It is the field that names the operator behind each result, ideally with their competency status on that date. Assessors check it first because a result is only as reliable as the trained person who produced it, and shared initials or missing names are a frequent finding.
Why do inspectors pick one result and trace it backwards?
Sampling a single result tests whether your records hold together under scrutiny. If you can fully reconstruct a randomly chosen result, including its device, timing and control status, an assessor can reasonably trust the rest of your testing.
What makes a record tamper-evident?
When a result is amended, a tamper-evident record preserves the original value, the change, the reason and the author rather than overwriting the old figure. It shows its own history, which reassures assessors that corrections are visible rather than hidden.
How long should we keep POCT records?
Retention periods depend on your standards, regulator and local policy, and they change over time, so set your schedule against the current official guidance rather than a rule of thumb. The principle is that records must stay retrievable and intact for as long as they may be needed.
Can paper records pass an inspection?
They can, but they make end-to-end reconstruction harder because device, lot, timing and control status often live on separate sheets, and pen corrections erase the original value. A digital record captures these together at the point of testing, which is why many clinics move to one as they grow.

