Medical imaging is an important element of most healthcare processes and contributes to accurate disease diagnosis and treatment. Medical imaging technology is advancing and improving every day and new devices and techniques are possible. Thus, medical imaging utilisation continues to rise (Bindman et al. 2019).
But it's unclear whether the growth in medical imaging use benefits patients; in fact, it can lead to patient harm (over diagnosis, radiation, etc). Like all aspects of medicine, it's important to make sure imaging is justified and that the potential benefits are balanced against the potential harms (Bindman et al. 2019).
Public health concerns about radiation exposure from medical imaging have intensified globally. In Europe, European Commission regulated safety standards for protection against the dangers arising from exposure to ionising radiation through the Directive 2013/59/EURATOM.
A study published in September in the Journal of the American Medical Association indicates that use of CT, MRI, and ultrasound in the U.S. rapidly increased between 2000 and 2016.
The study results suggest that much more work needs to be done to contain imaging use rates and determine whether the imaging that is used is appropriate. The study also says it’s estimated that 30% or more of imaging examinations may be unnecessary, costing approximately $30 billion annually in the United States. For example, in the trauma space, injured patients often undergo imaging that gets repeated, adding cost and radiation exposure while not significantly altering outcomes. The CT scans that are remotely accessible can delay procedures up to 25 minutes for review due to wasted time (Emick et al. 2012). In the stroke environment, where “Time is Brain”, quick exchange of CT scan is a critical issue.
Radiologists have a real opportunity to work with their referring providers to help guide them in how and when to image, and when not to image. Radiologists also need to figure out ways to be available for consultation. Doing this would have a real impact on testing utilisation.
It is also important that patients are engaged and informed participants as to their care. As initiatives are developed to improve patient access to their medical records, radiologists can play a key role in advocating to reduce barriers to electronic access: widening access to imaging studies should be included in the overarching goal of improving health information transparency and patient-centered care (Carolyn et al. 2019).
Image Studies Delivery to Patients
If hospitals are to support patients as informed healthcare partners, they should be offered copies of their imaging studies in formats that they can easily view, transport, and share. Then the incipient technical obsolescence of CDs is an immediate issue (Lye et al. 2019).
Likewise, humans are fallible by nature and keeping track of medical imaging on CDs offers plenty options for errors (lost, damage, etc) and the process of requesting imaging tests from hospitals is complex and lengthy (forms, picking up, etc).
CD and DVD have been used since early 90’s, and are still the most common media of providing a copy of imaging studies to patients. They are also used to exchange images between professionals outside the hospital and health system.
In parallel, the CD and DVD are becoming obsolete formats. Many computers don’t have a CD/DVD reader anymore and burning robots is a technology that generates several maintenance problems with low availability due to complexity of the robot.
According to research published in June in Radiology (Lye et al. 2019), most hospitals still rely on this archaic medium to provide patients with copies of their imaging studies. In this study, from 80 surveyed top hospitals in the U.S., only six of the hospitals could provide patients with imaging studies over email, and only three offered access via a patient portal. All of them where offering the imaging studies on CD or DVD.
Moreover, the provision of a CD is not immediate. Hospitals commit to an agreed period (24 hours to 30 days) for CD burning and delivery. Some of them were also charging significant costs for the delivery process.
The majority of patients would like to receive copies of their reports and most of them (85%) would also prefer to view their images (Cabarrus et al. 2015).
Cloud Exchange to Replace CD
As commented on above,
- Medical imaging utilisation continues to grow.
- Patient access to medical records and images is beneficial for cost control and patients themselves; and
- Patients are willing to have access to their imaging studies and report.
- But CD is definitely not a useful technology for the exchange and delivery of imaging studies.
Even if the patient gets a CD with the imaging studies, exchanging, reviewing the images and uploading to medical records is still a challenge. Healthcare is changing and new health and global models are emerging. Digital exchange of medical records, including images in a secure way, is key for new process (second opinion, telemedicine, etc). It needs to accelerate the implementation of IT as other sectors have been doing. In the article, Let's Change Before We Have To there is some interesting discussion about the need to implement technology effectively for improved liaising and better health outcomes (Cabrer 2018).
Today’s cloud solutions easily allow to securely exchange, share, collaborate and provide access to documents for different purposes.
According to Becker’s Hospital Review, hospitals are currently spending between $8 and $15 per CD. In some cases, health systems spend as much as $100,000 per year in courier costs alone just to transport CDs from hospital to hospital.
Online remote access to PACS systems and VPN seems the next step for medical image delivery and exchange. By providing a login and password, external users can access and review the images. This has had a high impact in healthcare delivery processes by reducing costs and time to access to medical images.
However, most of those hospitals are still burning CDs due to patients demand or processes where username/password access is complex. Thus, for example, one of the biggest hospitals in Europe, having a portal to access medical images, is still burning 100 CDs per day. What is more important, remote access to PACS is not something CIO recommend since it can directly affect performance and security of the local PACS infrastructure.
Medical Imaging and cloud computing could become the most data and computing intensive activities in future (Shini et al. 2012). There are arising some medical image cloud exchange platforms that can be combined with a local PACS system as a mechanism for easy exchange with outside physicians and patients. Such combinations would also complement and reinforce the PACS architecture by providing a backup and recovery system in case PACS has failover. Some solutions are coming from PACS vendors but some, like Idonia, are vendor neutral and introduce smart ways to deliver images to any patient (Magic Link) to fully replace CD.
Time saving and easy exchange of medical images is becoming a critical element not only for improvements in patient care and satisfaction but also for reducing physician burnout. As an example, at the University of New Mexico (Moya 2010), a digital image exchange platform was put in place that allowed trauma physicians to see patient imaging before the patient arrived. As a result, the physicians were able to determine that many (up to 40% of patients) did in fact not need to be transferred to their facility. The cost reduction and benefit for the patient is huge.
It’s clear then that the cloud exchange of medical images can benefit medical centres to exchange and deliver image studies. Combined with PACS or working independently, it will facilitate the easy exchange of imaging. Using a cloud exchange platform to deliver image studies to patients can reduce costs over 50%.
But then, the data privacy issue appears as a main barrier and concern for delivering medical data over the Internet. Let’s analyse more in depth the regulations and discuss if cloud services are a help or a hindrance.
Data Privacy and Security Regulations
Security is a principle issue for the health sector and patients, and it is the main way to protect the fundamental rights to privacy.
Security is defined as the preservation of confidentiality, integrity and availability of information. Confidentiality is the assurance that information is not made available or disclosed to unauthorised individuals, entities or processes. On the other hand, integrity is the assurance that the data being secured hasn't been tampered (European Council 2016).
The main obstacles to security are the risk and Cyber vulnerabilities (Suryateja 2018), including Data Breaches (hacking and taking over of accounts, insufficient identity credential access management, malware and ransomware, insider theft, human error), lack of due diligence in security regulations, data loss or non-compliance with regulations, such as HIPAA or GDPR.
Precisely new regulations about data protection and security are already making positive contributions to improve security, especially in the health sector. Protecting healthcare information security, privacy and confidentiality is a continuous process and serious responsibility of every healthcare organisation. To ensure the security of information processing, data controllers must implement appropriate technical and organisational measures in order to protect it against unauthorised access or disclosure or destruction.
International and national regulations about privacy and data protection laws have been strongly pushed in the last years (like ISO security standards). In the Unites States, the Health Insurance Portability and Accountability Act (HIPAA) is the sector regulatory in special protected personal data. Korea, Australia and China, are also creating data protection legislation. Generally, this regulation demand additional layers of security for medical data storage, exchange, and use.
In Europe, the General Data Protection Regulation (2016/679 GDPR) has recently been published. The GDPR is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.
This regulation has changed deeply the European privacy framework ensuring data protection in digital environments. The scale and reach of the GDPR extend far beyond the EU’s borders. Any organisation that holds data on EU citizens, regardless of where it is located or operates, is affected by this legislation. Similarly, companies housing, processing or transmitting data within the EU on any data subject, regardless of their location, may also be in scope (INFOSEC 2010).
Data concerning health is defined by GDPR as “personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status”. Therefore, medical images are protected by this regulation.
European citizens, under GDPR, and as holders of data have the right to access and to obtain a copy of it in a common format and the right to the portability of data (Guanyabens 2019).
There are also national initiatives for regulation. Within the scope of the Spanish Electronic Administration, the National Security Scheme (ENS) aims to establish the security policy in the use of electronic media and is constituted by basic principles and minimum requirements that allow adequate protection of information.
Cloud Computing in Healthcare
Cloud computing is emerging as a solution to the challenge of delivering complex services and data interchange over the Internet. It has quickly attracted worldwide usage and is now part of our daily life. The increasing success of cloud computing is due to the low cost and increasing ubiquitous presence of fast networks, which make it economically viable to access large amounts of data remotely and in real time.
Cloud computing raises several ethical concerns in healthcare and there are many detractors. The main reason is because control over data is transferred from the institution to a third party, namely, the service provider for cloud computing.
But Cloud Services can help health organisations to better achieve their security, safety and compliance objectives, sometimes even better than with onsite infrastructure. There are some reasons cloud services can provide secure and GDPR compliant infrastructure (ENISA 2012):
Scaling: all kinds of security measures are cheaper when implemented on a larger scale. This includes all kinds of defensive measures such as filtering, patch management, hardening of virtual machine instances and hypervisors, etc. Other benefits of scale include multiple locations, edge networks (content delivered or processed closer to its destination), timeliness of response to incidents, threat management.
Business (market differentiator): security is a priority concern for many cloud customers; many of them will make buying choices on the basis of the reputation for confidentiality, integrity and resilience of, and the security services offered by, a provider. This is a strong driver for cloud providers to improve security practices.
Effective and efficient updates: they can be rolled out many times more rapidly across a homogenous platform than in traditional client-based systems that rely on the patching model.
Rapid and smart scaling of resources: the ability of the cloud provider to dynamically reallocate resources for filtering, traffic shaping, authentication, encryption, etc, to defensive measures has obvious advantages for resilience.
Resource concentration: although the concentration of resources can have disadvantages for security it has the obvious advantage of cheaper physical perimiterisation and physical access control (per unit resource) and the easier and cheaper application of many security-related processes.
Cloud providers already bring built-in capabilities to easily help health organisations to meet various requirements of the GDPR. Ranging from granular controls that can be defined, to integration with centralised authentication management services and industry-leading methods to protect and maintain the availability of data, offer a wide set of powerful capabilities to address data privacy principles in the data platform tier.
Health organisations will need to invest significantly to ensure the GDPR principles are effectively implemented and sustained in their environments. Cloud computing is quickly evolving into a key service for healthcare organisations, as providers are seeking out the best option to keep personal data secure, easy to maintain, secure to exchange and not hinder daily operations.
Global and main cloud providers are doing efforts in ensuring GDPR compliance while using their services. Google Cloud is making serious efforts to comply with international regulations like GDPR and HIPAA, but also to comply with local regulations. For example, Google Cloud platform is certified by the National Security Scheme (ENS) from the Spanish Government in the Higher Level (required for health data). Amazon (AWS) and Microsoft Cloud (Azzure) are also implementing the mechanism to facilitate relations compliance. The debate between a high-level professional cloud service and ethical concerns of using those services in healthcare is open, but we can agree technology provides the technical mechanisms to adapt to security regulations like GDPR and ensure international transactions can be achieved ensuring the citizens data privacy.
Patient access to medical records and images is beneficial for cost control and patient’s engagement in healthcare processes, and patients want access to their imaging studies and report. CD is becoming obsolete.
Data privacy regulations (GDPR, HIPAA) are helping to protect citizens data privacy, but really complex to manage. Cloud technology provides a secure and regulation compliant solution to facilitate data exchange.
Since cloud services can provide secure mechanisms for GDPR and HIPAA compliance, they will become a proper solution for medical image exchange and delivery. Specialised cloud medical image exchange platforms will be consolidating overall if they also reduce costs and allow easier delivery to patients of their medical studies. We just need to be sure the service allows the coverage of all exchange workflows (including non-digital-expert patients) and so the CD is no longer needed.