Healthcare IT

Article – CIOs push for patient ID progress

dondennison Policy , , , ,

For those of you faced with connecting patient records with different patient ID domains across enterprises, or within an enterprise, this article is worth a read.

Some thoughts…

  • The need/want for privacy is not the real issue. The issue is the general lack of understanding in patient ID management and strategies for dealing with them.
  • I am interested to see what the ONC (through their new Patient Matching Initiative) does to solve this issue. Many enterprises have invested heavily to implement solutions (technical and staffing and policies) for dealing with multiple patient IDs. A new solution, however novel, will not be enthusiastically embraced by organizations that are committed to a path already.
  • Beyond cost and technical issues, there are societal ones. Not all people will be willing to be assigned a number by their government to track all their health data.
  • I believe observations that “nobody under 30 cares about privacy” are misguided and just wrong. It is true that younger people are more open about their social lives and personal interests, but that does not mean they want their sensitive health (or banking) information in the public domain.

Article – New HIPAA rule could change BAA talks

dondennison Policy , , , , , , ,

As this article explains, the rules of accountability need to apply to all parts of the delivery chain, from the healthcare provider to the infrastructure vendor.

It is my experience that the readiness of the vendor to provide the necessary security controls (technical, policy, etc.) is usually not the issue. It is often the healthcare provider staff that lacks the knowledge of appropriate and effective controls that prevents proper security from being in place.

For example, even when proper single sign-on (SSO) methods are available in systems, rather than taking the time to implement this between systems (which often requires some learning), staff will often default back to wanting to simply pass a user ID and password (often a generic one) from one system to the next, because that was all they could do 10 years ago to avoid having the user log into multiple systems.

Key Images are… well, key!

dondennison Healthcare IT , , , , , , ,

As I discuss key images with vendor and healthcare provider staff, I have come to the realization that they are not well understood. Let’s see if we can correct that.

What are key images?

In most contexts, they are images within a medical imaging exams that the Radiologist reviewing the exam wishes to indicate for others, such as the referring physician and clinicians, that they are important in understanding the diagnosis.

In other context, they may represent important images for teaching purposes, quality control, surgical planning or other purposes.

In any case, they serve some importance over other images in the exam and the user wishes to communicate this. That’s why they are ‘key’.

Who creates key images and how?

In the digital world, any authorized user can mark an image as a key image on any system that supports this function. Typically, this function is restricted to authorized users like Radiologists on systems like PACS; however, they may also be created by Technologists/Radiographers on modality workstations or clinical imaging systems, like an Enterprise Viewer in an EMR.

Key images are normally created in one of two ways:

  • Manually by selecting an image and choosing a key image method
  • Automatically by creating some other form of markup or measurement on the image (implying that it has some importance)

The latter capability is important as getting Radiologists to take the time to mark images as key is often difficult. And if they are not created, the consumer does not benefit from them.

Special case: In systems that allow the user to create spine labels, these should not result in automatic key image creation.

Pages: 1 2 3

ACR 2013 – Patient Engagement for Radiology

dondennison Radiology , , , , ,

 

 

 

Presentation by Dr. Alan Kaye (Advanced Radiology Consultants) at ACR 2013 Imaging Informatics Summit, quoting Dr. Rawsson: “It’s hard to put the patient at the center of the universe if you’re sitting there yourself.”

Culture of Patient Engagement

Articles: EHR Stress

dondennison Change Management , , ,

The benefits will come, but we must get through the change and this will be painful. Think of the shift from film to filmless, and paper to paperless (with coded, structured records) is this, times a thousand.

Article: EHR copy and paste? Better think twice

dondennison Healthcare IT , , ,

When I think about how much effort is put into ensuring the right info gets associated with the right patient in standards and interoperable records, the thought that a patient’s clinical info could be “corrupted” through copy-paste by users is very scary.

EHR copy and paste? Better think twice | Healthcare IT News

PACS-centric vs. VNA-centric models for including imaging in the EMR

dondennison Healthcare IT , , , , , , , ,

Like many problems, there are more than one valid solution. For the challenge of getting images to both diagnostic consumers (e.g. Radiologists) and clinical consumers (e.g. ordering physicians, EMR users), there are many ways to define a solution architecture, but two are most obvious: PACS-centric and VNA-centric.

PACS-centric

In this model, the PACS is the primary system, interfacing with modalities, providing a client to diagnostic users, as well as access to clinical users though an enterprise client embedded in the EMR. Mobile access may be direct or via a mobile EMR user interface, but it is getting images from the PACS. Enterprise images are captured and stored in the PACS (though storing to VNA and routing to PACS is also possible). The VNA’s role is primarily as an archive to (one or more) PACS.

PACS-centric

VNA-centric

In this approach, the VNA is the primary image management system. The PACS likely still interfaces with modalities (though not always), but captured enterprise images are stored to the VNA, and sent to the PACS when needed/supported. Clinical viewing in the EMR is done by an Enterprise Viewer, which may or may not be provided by the VNA vendor. Mobile access is also through the Enterprise viewer, getting images from the VNA.

VNA-centric

Pros and Cons

As stated, both are valid approaches, but each has some inherent strengths and challenges.

The PACS-centric solution has a high likelihood of having all parts of the medical imaging record being available in both diagnostic and enterprise viewers. Proprietary data (e.g. markups and key images) not provided through standard data objects (e.g. DICOM GSPS and KOS) are more likely to be visible in all clients. There may also be some common application configuration settings across clients, which would reduce administration complexity and cost. Getting the image management and image viewing (diagnostic and enterprise client) all working together is the burden of the vendor (i.e. it is an engineered solution designed to function as a single system).

The VNA-centric solution is better suited to support a multi-PACS environment, providing a common management and viewing platform for enterprise users—only the single Enterprise Viewer is embedded in the EMR (vs. the multiple ones provided by each PACS). Environments with multiple PACS and Mini-PACS benefit as the VNA is the common sharing (and data quality validation) point among them—this allows for a more “pluggable” solution where systems that address niche needs can be used until the primary PACS is able to replace them. In this model, the integration among the components is more complex and places a higher burden on the institution to get it all working (i.e. the informatics and IT staff need to be willing and able to put this together), even with purchased professional services from all the vendors involved.

Assuming both the PACS and the Enterprise Viewer support LDAP (Lightweight Directory Access Protocol) and/or SSO (Single Sign-On), user authentication may be equal in both approaches.

Both a well-designed PACS and VNA (and Enterprise Viewer) can provide effective multiple patient ID management methods (e.g. MPI or IHE Patient Identifier Cross-Referencing), to allow integration/exchange of patient imaging records across patient ID domains, though the VNA and Enterprise Viewer are traditionally more likely than PACS to support flexible models.

In both models, storage for the long term archive is expanded at the VNA.

FDA and New Cybersecurity Regulations

dondennison Healthcare IT , , , ,

A friend forwarded this post to me.

Links worth checking out…

Here are my thoughts…

  • Frankly, security in healthcare devices ranges from embarrassing to terrifying—especially at the interface point between devices/systems. As more devices become network enabled, the level of risk is exponentially increased. Too often, software in medical devices are built by clinically focused developers, or hardware engineers tasked also with the software layer. Developing for security (and performance) is a specific skill set within software development, and it is not commonly found in the average developer. I have found that developers with experience in Web-based consumer applications (that manage personal data) and those with banking application experience generally “get it” more than others, but that’s just my experience. Also, product managers need to get a lot smarter about security and make it a priority in the product scope.
  • Regulations are brought in when industry fails to protect the public interest, and that is what is happening here. If the medical device industry was better at doing proper risk-based design and validation—which security and protection of data would certainly be an area of focus—and including risk mitigation controls in their designs, the FDA would not need to issue regulations. But, here we are. Now we get to see if government regulators can produce effective regulations, and keep pace with the ever-evolving security model best practices and methods.
  • Where the HIPAA Security and Privacy rule applies to the healthcare provider organization (that is, it is their responsibility), FDA regulations apply to the registered device manufacturer. Regulatory Affairs staff working for the vendor community are going to have to learn a lot more about cybersecurity. Most of the professionals in this field that I know, know very little about this topic. If you are a cybersecurity consultant that knows even a little about healthcare IT application design patterns and existing medical device regulations, this is a goldmine. Hmmm, maybe I will study this FDA stuff in more detail. 🙂

More Post-SIIM 2013 Annual Meeting Reflections

dondennison Healthcare IT , , , ,

For years, I have heard providers lament at the slowing (dormant?) pace of innovation in PACS and RIS from established vendors.

Why might this be happening?

It could be that the current architectures have reached their limits. It could be that, with the saturation of PACS in mature markets, vendors are reducing R&D investment in this area. It could be that they can’t sustain the talent needed to innovate, losing creative and skilled people to more interesting/promising areas of IT. It could be innovation-suppressing regulatory burdens. Or the shift of spending to support staff in order to sustain the now sprawling installed base.

Regardless of the root cause(s), I see the emergence of interest in start-ups (such as those in the SIIM Innovator Alley) and open source projects (as seen by the steady traffic at the SIIM Open Source Plug Fest) that attempt to solve problems that the larger vendors appear not to be interested in solving. It seems providers are starting to accept that they are not going to get everything they need from their incumbent PACS vendor in today’s EMR-enabled, Cloud-hosted, analytics-driven, enterprise-accessible market.

Of course, the challenge of the start-up is breaking into the provider’s enterprise where the incumbent vendor may put up some resistance (overtly or passively). And open source is only as good as the staff (or paid service provider) you have installing, integrating and supporting it.

The informatics skills and knowledge provided by SIIM are more important than ever. If SIIM is to continue to lead in providing its members the knowledge and skills they need to survive and succeed, it will likely have to adapt how it organizes the materials to align with new and evolving learning goals. It also needs to adapt the medium by which its members learn, providing focused, on-line options where travel policies and budgets mean attending the annual meeting is not feasible.

I believe in the SIIM strategic plan and am wholly committed to helping the society that has helped me so much over the years thrive.

Post-SIIM 2013 Annual Meeting Reflections

dondennison Healthcare IT , , , , , , , ,

Another great SIIM annual meeting is behind us and it was great, as always. I am going to post some thoughts and reflections this week.

Today, I have been thinking about analytics and, in particular, the use of a workflow engine and a standardized set of terms and definitions (such as what is being defined in SWIM) to ensure analysis of workflow events (type, timing, relationships, patterns, etc.) consistently across systems.

There were several great talks by Dr. Brad Erickson and Chris Meenan and others on the topic and these were followed by a large turnout of engaged attendees for a SWIM demo (see pic below).

...SWIM lessons
…SWIM lessons

My thoughts…

  • The use of a mature, off-the-shelf (open source or commercial) workflow engine has been considered by PACS and RIS vendors, with some attempting to use them in their product. It has not been widely adopted for two main reasons (I believe)…
  1. Most PACS from large vendors were bought, not built by them—the risk of replacing the built in logic with an external engine without introducing functional regression is high (read as: it would be expensive);
  2. Unless the workflow engine spans several systems, it would not have the full benefit (see more on this below).
  • The workflow examples cited often started with the arrival of the image objects from the modality (initial event that starts the workflow channel). Ideally, the workflow engine extends to before the order is placed, managing the order placement, decision support to ensure the right procedure is ordered, scheduling, protocoloing, and acquisition, along with the reading and post-processing steps. It should also span to the results distribution and archiving, managing the timing and destinations of the report and the lifecycle of the historic imaging data.
  • One of the limitations of using a parallel image management pipeline (e.g. sending images through a system before arriving in PACS) in order to detect the event that triggers the workflow can introduce some points of failure. Consider if the system integrated with the workflow engine goes down and images don’t get to the PACS—this outage would limit the value of the integrated image management and workflow engine system. A possible solution is to extend PACS and other systems, such as the RIS, EMR, CDS, VNA, Enterprise Viewer, document management system, etc. to expose the event information. This would allow the workflow engine to apply the desired workflow rules and orchestrate the data flow and work steps without being a potential bottleneck.

More thoughts from SIIM later. Stay tuned.