Over the past few weeks I’ve been talking to staff at DR Systems about medical imaging in the cloud. DR Systems boasts of offering the first cloud solution for sharing medical images, called eMix. According to my contact Michael Trambert, Lead Radiologist for PACS Reengineering for the Cottage Health System and Sansum Clinic in Santa Barbara, California, eMix started off by offering storage for both images and the reports generated by radiologists, cardiologists, and other imaging specialists. It then expanded to include other medical records in HL7, CDA, CCR, PDF, RTF, and plain text formats. It is vendor neutral, thanks to DICOM (a standard that covers both images and reports) and HL7.
First a bit of background (some of which I offered in an earlier posting). In the U.S., currently, an estimated 30 billion dollars are wasted each year through re-imagining that could be avoided. In addition to cost, there are many reasons to cut down on images: many systems expose patients to small amounts of radiation that pose a cumulative risk over time, and in an emergency situation it’s better to reuse a recent image than to waste time taking another.
The situation was brought home by a conversation I had with CIO Chuck Christian of Vincennes, Indiana’s Good Samaritan Hospital, a customer of eMix. Patients are often tasked with carrying their own images around (originally as print-outs, and more recently as CD-ROMs). These things often get misplaced, or the CDs turn out to be corrupt or incompatible with the receiving IT system. It’s a situation crying out for networked transfer, but HIPAA requires careful attention to security and privacy.
eMix is currently used by about 300 sites, most in the US, and a few in Europe. Uses include remote consulting and sending an eMix image and report “package” to an emergency treatment center ahead of the patient. The eMix package has a built-in viewing capability, so the recipient needs nothing beyond a web browser. Data is protected by encryption on the eMix site and through SSL during transmission.
Sharing is so easy that according to eMix General Manager Florent Saint-Clair, the chief privacy risk in eMix is user error. A sender may type in the wrong email address or accede to a request for an image without ensuring that the recipient is properly authorized to receive it.
This will be an issue with the Direct project, too, when that enters common use. The Direct project will allow the exchange of data over email, but because most doctors’ email accounts are not currently secure, eMix just uses email to notify a recipient that an image is ready. Everything else takes place over the Web. The company stresses a number of measures they take to ensure security: for instance, data is always deleted after 30 days, physical security is robust, and storage is on redundant servers.