What Is Enterprise Imaging?

• A patient-centric view of all clinical information on a patient, including images, accessible from the point of care, enables the care provider to make better and quicker clinical decisions. The patient can more easily be kept up to date on their condition and treatment.
• The availability of imaging data in the electronic health record (and its accessibility by imaging analytics and AI applications) has positive repercussions for macro-level preventative efforts: by managing health population-wide.
• There are also financial savings that can be achieved as a result of consolidating imaging data into a smaller number of repositories, even with the initial investment required to purchase a new system. Centralized data management cuts maintenance costs significantly, reducing or entirely eliminating the necessity of data migrations.

Enterprise healthcare providers use medical images to help diagnose diseases, document abnormalities or interventions and guide patient treatment. As a point of reference, nearly 40 million MRI scans are performed annually in the United States. In addition to MRI scans, medical imaging includes CT scans, PET scans, ultrasounds, x-rays, arthrograms, myelograms, and several types of mammography. Together, these images help to tell the story of each patient’s clinical journey. Unfortunately, most images are not visible to the team of doctors, nurses, therapists, technologists, and other clinicians caring for a patient for several reasons, including a lack of systems and workflows to acquire, upload, and view images. Historically, radiology and cardiology services have created automated workflows for image acquisition and information systems for image distribution. However, other specialties do not adopt these practices at the same rate.

Every imaging study begins and ends with a workflow. An imaging workflow is the sequence of steps required for the image to be ordered, requested, read, evaluated, and stored. By analyzing clinical and informatics workflow challenges, enterprise imaging companies can identify potential solutions and opportunities for improved workflow and, ultimately, better patient care. Workflow challenges are usually caused by one or more of the categories below:

• Workflow Adaptations
• Patient Identification
• Information Needed in an Image
• Reporting
• Metadata Data Normalization
• Legal and Regulatory Concerns
• Mobile Device Integration
• Storage
• Cloud vs. On-Prem Infrastructure
• AI Integration

While each medical specialty acquires and uses images differently, most begin with an order placed by a referring physician. Once the order is placed, it is transferred to the Radiology Information System (RIS). The RIS uses the information contained within the order to create a worklist for the imaging modality. Technologists select the patient from the worklist, ensuring that all demographic and order information is correct. After the images are obtained, they are sent to PACS/MIMPS for storage and viewing. Even though this workflow is fairly simple, it is not standard. There are numerous variations to the workflow, depending on the ordering physician and their specialty, the differential diagnosis, the time and location of the clinician’s evaluation, and many other factors.

Hospitals have taken one of two approaches to accommodate the numerous variations of workflows. They either use an order-based workflowor the encounter to drive the workflow. In an order-based workflow, the physician order initiates an automated workflow which includes the unique study identifier and a PACS worklist of patient studies that require review. If an order for imaging is not needed by other specialties, an encounter to drive workflow method is used which creates a unique study identifier and patient worklist. Encounter-based imaging is defined as medical imaging that is intentionally performed during a patient encounter without an associated imaging order. Images are generally acquired at the discretion of the provider.

Healthcare organizations can also experience workflow challenges related to: patient identification, information needed in an image, reporting, metadata, legal concerns, and mobile devices.

One of the most pressing health IT concerns in the industry is patient data security and keeping patient information protected. Healthcare providers represent significant targets for cyber attackers. Digital security threats are constantly emerging from unexpected avenues. One potential downside of an enterprise imaging solution is that a centralized network, while offering substantial efficiency gains and savings on storage solutions, is more vulnerable to cybersecurity threats than networks acting individually. Cyber attacks can quickly spread malware and compromise vital operations. Security must be taken seriously by any enterprise that implements an integrated care delivery network. If a hacker is able to penetrate a network to interfere with a medical imaging acquisition device, its safe operation can be jeopardized, which in turn endangers patient safety. Organizational cybersecurity requires a unified effort from departmental staff and the rest of the enterprise. In a 2014 statement, IBM identified ‘human error’ as a contributing factor in over 95% of all cybersecurity incidents.

In its 2022 Healthcare Cybersecurity Year in Review, and a 2023 Look-Ahead, the Office of Information Security shared that Healthcare data breaches have consistently trended upward from 2012–2021. According to IBM, ransomware attacks are increasing in their speed, especially when measuring the “time on target”. Additionally, the average ransom demand grew by 45% from 2020 to 2021, when it was $247,000.

Cyber resiliency is the capacity of an organization to detect, protect, respond to, and recover from a cyber attack with minimal impact. In response to the increased threats and attacks, today’s image management infrastructure offers new capabilities to ensure that the data residing in PACS/VNA/EI archives is being done securely and that proper cyber resiliency tools are in place to not only secure the data but to preserve users’ access to it.

Securing enterprise imaging environments has become crucial to prevent cyber attacks and safeguard sensitive medical data. Here are ten essential steps for protecting an enterprise imaging environment proactively.

1. Minimize network exposure for all control system devices and/or systems, and ensure they are NOT accessible from the Internet. DICOM is not a secure protocol.
2. Locate control system networks and remote devices behind firewalls and isolate them from business and other end-user networks.
3. Use DICOM over TLS as it is highly desirable and recommended.
4. Ensure a valid certificate is loaded on the server for DICOM over TLS and HTTPS traffic. It can be signed by a local CA authority but must be valid. Encryption ciphers need to be verified and complied with the latest version. The cipher suite has been whittled down substantially for TLS 1.3, to the point where there are five recommended cipher suites:
   • TLS_AES_256_GCM_SHA384
   • TLS_CHACHA20_POLY1305_SHA256
   • TLS_AES_128_GCM_SHA256
   • TLS_AES_128_CCM_8_SHA256
   • TLS_AES_128_CCM_SHA256
5. If secure transmission over TLS is not available and remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities of their own and should be routinely updated to the most current version available. Also recognize VPN is only as secure as the devices connected within its boundaries.
6. Only allow access to devices you are communicating with and make sure promiscuous access is disabled. Imaging device vendors can only allow DICOM traffic from/to specific devices.
7. Don’t run programs as root. Run programs as a user with restricted access.
8. Make sure permissions are set to restrict access to specific files for users running the application. The rest should have no access.
9. Introduce chroot access. A program that is in a modified environment and cannot name (and therefore normally cannot access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail. Containers are chroots on steroids.
10. No remote access for admin users (root) and Active Directory or single sign-on authentication for regular users for remote access.

Preventing cybersecurity risks involves a delicate, closely monitored, system of people, processes, and technologies. IT departments must work closely with imaging service lines to develop operational plans and strategies that are practical and robust. Imaging staff must be kept aware of best practices and cybersecurity threats. Healthcare organizations are now looking at Artificial Intelligence (AI) to rise to the challenge to help ransomware victims fight back.

Another challenge in enterprise imaging is the use of different data standards for medical imaging as opposed to non-imaged data. Perhaps the most well-known standard is Digital Imaging and Communications in Medicine (DICOM), which was specially developed by the American College of Radiologists (ACR) and the National Electrical Manufacturers Association (NEMA). The DICOM standard applies to imaging equipment, printers, and PACS/MIMPS. This format focuses on the workflow of images, as well as provides protocols for the integration of image data. It also allows functions like film printing or CD burning. Data standards are critical for enabling the seamless and secure sharing of medical images and related data across different systems and devices, which is essential for modern enterprise imaging environments. By providing a consistent format for medical images and related data, regardless of the equipment or software used, the DICOM standard enables reliable interpretation and comparison of medical images over time, which is essential for accurate diagnosis and treatment.

Patient privacy is another challenge for enterprise imaging. Per federal law, all patient data must be protected and HIPAA-compliant. However, one of the main advantages of enterprise imaging is the possibility of sharing significant data banks with other enterprises for medical research, AI training, and similar projects. It is essential that, whenever data sharing is offered, identifying information is stripped away to protect individuals’ medical data. De-identification is the most common method of performing this information removal for DICOM data in Cross-Enterprise Document Sharing (also known as XDS-I). DICOM files consist of the image and the header, which contain meta-elements containing patient information, as well as institution and study data. The patient name and number must be obscured to prevent the patient from being identified. Hence, de-identification. De-identification in healthcare removes all direct identifiers from patient data and allows organizations to share it without the potential of violating HIPAA. Direct identifiers, known as Protected Health Information, can include a patient’s name, address, and medical record information, and convey a patient’s physical or mental health condition, any healthcare services rendered to that individual, as well as financial data related to healthcare. For example, medical records, hospital bills, and lab results are all PHI.

• Sharing health information with non-privileged parties
• Creating datasets from multiple sources and analyzing them
• Anonymizing data so that it can be used in machine-learning models
• Providing public health warnings without revealing PHI
• A company that licenses de-identified patient data to analyze trends and patterns that help verify efficacy or buying trends.

De-identification preserves patient confidentiality without affecting the values and the information for different research purposes and protects specific health information that could identify living or deceased individuals.

There are two main approaches to de-identification: anonymization and pseudonymization. Anonymization is a process employed in medical image and data management to protect patient privacy by removing or altering personally identifiable information (PII). In the context of DICOM, anonymization focuses on eliminating explicit identifiers that directly link the data to an individual. Anonymization occurs through various techniques, such as de-identification, masking, and pseudonymization. Image masking is the process of finding the identifiers in the file and masking them. Methods of de-identification include blurring, pixelating, or blocking.

Additionally, anonymization techniques may employ generalization methods where data is intentionally generalized or aggregated, making it more challenging to link specific data points to a particular person, with the goal is to protect patient privacy and minimizing the risk of identification.

Anonymization aims to transform the data so that re-identifying individuals becomes highly unlikely or practically impossible. Anonymized DICOM data should not contain explicit information about the patient’s identity. However, anonymization alone may not provide absolute privacy, as there is always a potential risk of re-identification through other indirect means.

In the pseudonymization process, artificial identifiers replace identifying fields in the data record, reducing the identification risk. In certain situations where tracing the actual identity of the subject becomes necessary, the project’s principal investigator or data manager may access the real identity. However, the focus remains on avoiding direct attempts to identify the patient, and any non-essential fields are anonymized during this procedure.

Interoperability is central to the seamless exchange of medical images and related data within enterprise imaging systems, ensuring that diverse modalities and departments can communicate effectively. Health Level Seven (HL7) is a format seeking wider acceptance, intended for the general use of electronic health information in hospitals. This format manages non-imaging data and provides protocols for exchanging, managing, and integrating clinical and administrative electronic health data. It allows interoperability between different systems, including patient administration, laboratory information systems, billing systems, electronic medical records, and health record systems.

The field of enterprise imaging has great potential but also challenges to surmount. It took the U.S. healthcare industry almost a decade to adjust after its investment in enterprise EHR. What’s more, the changing legislative environment and consolidations of hospital infrastructure have quenched enthusiasm for pursuing the kind of complex implementations enterprise imaging needs. Generally, specific departments and care areas are more enthusiastic about converting to enterprise imaging than others. Radiology is one of them, but Dermatology, non-invasive Cardiology, and standard Mammography are also typically receptive to the shift. Dental radiology is a strong candidate for enterprise imaging, particularly for advanced dental imaging and multi-location clinics. Departments with which progress for adopting enterprise imaging is generally less keen include core Pathology, Genomics, multimedia Endoscopy, and Oncology. The reasons vary but may involve a lack of leadership, a reliance on a committee or cross-department decision-making, adherence to a broader contract involving non-software equipment and services, or a desire to use a dedicated best-of-breed functionality in a specific care area.

The long-term impact of enterprise imaging will be substantial and measurable. From small community hospitals to large institutions, enterprise imaging is essential to information technology infrastructure that can promote interoperability between different sites. Communication within the hospital and beyond via image sharing and other means is made more accessible along different points of the care continuum. As a result of healthcare increasingly being absorbed into the Cloud, data migrations will no longer be necessary. This will reduce the image management role of healthcare IT vendors and place more power in the hands of the providers. Vendor-neutral data will allow providers to innovate and adopt scalable and interoperable solutions, ultimately leading to better patient care with faster diagnosis and imaging orders.

One innovation in enterprise imaging is the ability to facilitate the ‘on-ramp’ of artificial intelligence for diagnostics. AI allows radiologists to foresee a future in which machines enhance patient outcomes and reduce misdiagnosis. AI algorithms can assist organizations with workflow improvements. AI tools can reduce the workload of radiologists by automating repetitive tasks, which means they can focus more on complex cases. As more departments and enterprises consolidate their image management into enterprise imaging health systems, AI developers’ ability to source the terabytes of deidentified images necessary to train their machine learning diagnostician algorithms will increase. AI can improve workflow efficiency by automating repetitive tasks such as image tagging and analysis. In a split second, machines’ ability to assess a mammogram, MRI, or other medical scan and accurately (more accurately than any human diagnostician) diagnose a patient will represent a significant leap forward in the efficiency of medicine.

Introducing AI into any environment, mainly enterprise imaging workflows, can be challenging. A thorough understanding of patient data flow is crucial before deployment to improve patient throughput and eliminate latency or bottlenecks. To effectively and accurately deploy an AI app or algorithm in a clinical setting, here are ten rules for successful adoption for reference.

1. Be clinically relevant.
2. Know the Clinician’s perspective.
3. Respect the Clinician’s workflow preferences.
4. Be natively interoperable: use industry standards.
5. Neutralize bias in machine learning methodology.
6. Have a viable long-term business model.
7. Don’t introduce latency in clinical workflows.
8. Be more accurate than a human.
9. Generate and distribute usable results.
10. Be equally deployable on-prem and in the cloud.

A Vendor Neutral Archive (VNA) greatly benefits healthcare systems. The ability to switch PACS/MIMPS vendors regardless of image data migration/conversion is highly significant. A cloud-based archive can remove one of the biggest impediments to implementing a VNA: how to store all that data? The demand for the use of the cloud in image management deployments is growing. Solution providers are now offering Cloud-hosted, hybrid-cloud, and cloud-adjacent solutions, and the benefits include on-demand scalability and as-a-service cost models—data migrations within a cloud offer lower operational and maintenance costs for data storage. Additional benefits include scalability and the capability to homogenize data from disparate systems. Data stored on a cloud is much more affordable to recover in a disaster. Furthermore, many solutions expand a client’s current PACS/MIMPS capabilities and longevity. In addition, these solutions de-identify personal and healthcare information contained in DICOM metadata and pixels helping protect patients’ confidentiality and offering greater research possibilities.

Want to learn more about the Dicom Systems Unifier platform? Meet with one of our enterprise imaging workflow experts.