There are many installations that rely very
heavily on support by their imaging vendor. If the vendor has an on-site
service engineer, that is fine, however, this practice is getting less common,
and many of these systems rely heavily on remote support or an engineer who
might take up to several hours or even a day to get on-site. The impact of the
decreased support by vendors is that a hospital has become heavily dependent on
in-house expertise.
What are the components of IT expertise for an
imaging and informatics professional? The components include knowledge of information
communications, which includes the network and application level protocols
(DICOM, HL7). This will allow a professional to diagnose, and resolve any
integration and communication issues. It requires possession of computer
hardware and software skills to maintain and support these systems, which could
include both Windows® as well as UNIX®. The professional also
should be able to use troubleshooting tools to diagnose any potential issues
(see related blog).
Most importantly, these professionals are
responsible for the specification and adherence of PACS policies and
procedures. There are many policies ranging from whom and where to import
images from CD’s, to who is merging duplicate patient studies or fixing missing
identifiers in an image header. IT-related PACS policies are critical, for
example, who is doing back-ups, how often is a backup done, where is the
back-up saved, etc. This does not only refer to backing up images or the
corresponding database, but also configuration information, hanging protocols,
audit trails, monitor calibration records, etc.
Policies of who has access to what external
information is critical as well, as these mission-critical systems have to be
extremely well protected from downloading viruses or other malware. In many
institutions, the use of external memory sticks is forbidden, and computers are
configured to disable these external inputs. Virus scanners, firewalls and
intrusion detection systems are critical as well as the definition of Virtual
Local Area Networks (VLANs) to restrict traffic, and VPN’s for any external
connection. If an external connection is used by a vendor, for example, it
should always be routed through an internally managed router, which supports
audit trails, preferably using standards as defined by IHE (there is a
so-called ATNA integration profile defined for audit trails).
In the US, I have heard of a couple of
instances where a system was brought down for several hours or even one or two
days because of virus infection, but that seems to be less and less common. I
am convinced that the decrease is related to strict enforcements of policies, due
to a heavier influence of IT in imaging departments. More PACS administrators
are now reporting to IT, if only with a “dotted line” on the organization chart,
and PACS administrators have also increased their skill sets, witnessed by the
thousands of certified professionals.
By contrast, if I ask in my PACS training
classes that I teach in emerging and developing countries, the number one PACS
support issue is the constant fight against viruses and malware. There is no
question in my mind that this is due to a lack of skills, too few certified professionals,
and the absence or lack of enforcement of sound IT policies.
It is obvious that sub-optimal operation
impacts the availability of timely and accurate information and ultimately patient
care. To resolve this requires building awareness among the decision-makers for
the implementation of these imaging and information systems, and stepping up their
support for their professionals who seek to obtain these skills. Top-down
management support is needed to enforce sound IT policies such as limiting the downloading
of information from the Internet, disallowing the use of external media, and
other critical policies affecting safety and security. Maybe it takes an
incident, such as the case of a hospital in the Northwest United States that
lost the images of hundreds of patients who had to be called back to the
hospital to redo their exams.
In the meantime, the best thing I can do is
keep on writing about this subject, promote the use of policies and procedures,
and keep on teaching. Hopefully, I will be heard and people will start taking
notice.
