What is Enterprise Imaging?

• A patient-centric view of all clinical information on a patient, including images, accessible from the point of care, enables the care provider to make better and quicker clinical decisions. The patient can more easily be kept up to date on their condition and treatment.
• The availability of imaging data in the electronic health record (and its accessibility by imaging analytics and AI applications) has positive repercussions for macro-level preventative efforts: by managing health population-wide.
• There are also financial savings that can be achieved as a result of consolidating imaging data into a smaller number of repositories, even with the initial investment required to purchase a new system. Centralized data management cuts maintenance costs significantly, reducing or entirely eliminating the necessity of data migrations.

Healthcare costs continue to rise for the average American, as do patient expectations related to the convenience of care. A Kelton Global survey found that 94% of patients believed that their medical data and records should be centrally stored and electronically accessible. Patients are used to having their financial details at their fingertips and are often dissatisfied when their personal health records are not easily accessible.

Enterprise healthcare providers use medical images to help diagnose disease, document abnormalities or interventions, and guide treatment for their patients. As a point of reference, nearly 40 million MRI scans are performed annually in the United States. In addition to MRI scans, medical imaging includes CT scans, PET scans, ultrasounds, X-rays, arthrograms, myelograms, and several types of mammography. Together, these images help to tell the story of each patient’s clinical journey. Unfortunately, the majority of images are not visible to the team of doctors, nurses, therapists, technologists, and other clinicians caring for a patient. This is true for a number of reasons, most importantly including a lack of systems and workflows required to acquire, upload, and view images. While historically, the radiology and cardiology services have done a good job creating automated workflows for image acquisition and information systems for image distribution, these practices have not been adopted by other services in the hospital.

As images have increased in importance, hospitals have struggled to effectively store, display, and
distribute these images throughout the enterprise. This has remained a struggle because of inefficient workflow and incomplete solutions.

• Workflow Adaptations
• Patient Identification
• Information Needed in an Image
• Reporting
• Metadata Data Normalization
• Legal and Regulatory Concerns
• Mobile Device Integration
• Storage
• Cloud vs. On-Prem Infrastructure
• AI Integration

While each medical specialty acquires and uses images differently, most begin with an order placed by a referring physician. Once the order is placed, it is transferred to the Radiology Information System (RIS). The RIS uses the information contained within the order to create a worklist for the imaging modality. Technologists select the patient from the worklist, ensuring that all demographic and order information is correct. After the images are obtained, they are sent to PACS/MIMPS for storage and viewing. Even though this workflow is fairly simple, it is not standard. There are numerous variations to the workflow, depending on the ordering physician and their specialty, the differential diagnosis, the time and location of the clinician’s evaluation, and many other factors.

Healthcare organizations can also experience workflow challenges related to: patient identification, information needed in an image, reporting, metadata, legal concerns, and mobile devices.

One of the most pressing health IT concerns in the industry is patient data security and keeping patient information protected. Healthcare providers represent significant targets for cyber attackers. Digital security threats are constantly emerging from unexpected avenues. One potential downside of an enterprise imaging solution is that a centralized network, while offering substantial efficiency gains and savings on storage solutions, is more vulnerable to cybersecurity threats than networks acting individually. Cyber attacks can quickly spread malware and compromise vital operations. Security must be taken seriously by any enterprise that implements an integrated care delivery network. If a hacker is able to penetrate a network to interfere with a medical imaging acquisition device, its safe operation can be jeopardized, which in turn endangers patient safety. Organizational cybersecurity requires a unified effort from departmental staff and the rest of the enterprise. In a 2014 statement, IBM identified ‘human error’ as a contributing factor in over 95% of all cybersecurity incidents.

In its 2022 Healthcare Cybersecurity Year in Review, and a 2023 Look-Ahead, the Office of Information Security shared that Healthcare data breaches have consistently trended upward from 2012–2021. According to IBM, ransomware attacks are increasing in their speed, especially when measuring the “time on target”. Additionally, the average ransom demand grew by 45% from 2020 to 2021, when it was $247,000.

Cyber resiliency is the capacity of an organization to detect, protect, respond to, and recover from a cyber attack with minimal impact. In response to the increased threats and attacks, today’s image management infrastructure offers new capabilities to ensure that the data residing in PACS/VNA/EI archives is being done securely and that proper cyber resiliency tools are in place to not only secure the data but to preserve users’ access to it.

1. Minimize network exposure for all control system devices and/or systems, and ensure they are NOT accessible from the Internet. DICOM is not a secure protocol.
2. Locate control system networks and remote devices behind firewalls and isolate them from business and other end-user networks.
3. Use DICOM over TLS as it is highly desirable and recommended.
4. Ensure a valid certificate is loaded on the server for DICOM over TLS and HTTPS traffic. It can be signed by a local CA authority but must be valid. Encryption ciphers need to be verified and complied with the latest version. The cipher suite has been whittled down substantially for TLS 1.3, to the point where there are five recommended cipher suites:
   • TLS_AES_256_GCM_SHA384
   • TLS_CHACHA20_POLY1305_SHA256
   • TLS_AES_128_GCM_SHA256
   • TLS_AES_128_CCM_8_SHA256
   • TLS_AES_128_CCM_SHA256
5. If secure transmission over TLS is not available and remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities of their own and should be routinely updated to the most current version available. Also recognize VPN is only as secure as the devices connected within its boundaries.
6. Only allow access to devices you are communicating with and make sure promiscuous access is disabled. Imaging device vendors can only allow DICOM traffic from/to specific devices.
7. Don’t run programs as root. Run programs as a user with restricted access.
8. Make sure permissions are set to restrict access to specific files for users running the application. The rest should have no access.
9. Introduce chroot access. A program that is in a modified environment and cannot name (and therefore normally cannot access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail. Containers are chroots on steroids.
10. No remote access for admin users (root) and Active Directory or single sign-on authentication for regular users for remote access.

Preventing cybersecurity risks involves a delicate, closely monitored, system of people, processes, and technologies. IT departments must work closely with imaging service lines to develop operational plans and strategies that are practical and robust. Imaging staff must be kept aware of best practices and cybersecurity threats. Healthcare organizations are now looking at Artificial Intelligence (AI) to rise to the challenge to help ransomware victims fight back.

Another challenge in enterprise imaging is the use of different data standards for medical imaging as opposed to non-imaged data. Perhaps the most well-known standard is Digital Imaging and Communications in Medicine (DICOM), which was specially developed by the American College of Radiologists (ACR) and the National Electrical Manufacturers Association (NEMA). The DICOM standard applies to imaging equipment, printers, and PACS/MIMPS. This format focuses on the workflow of images, as well as provides protocols for the integration of image data. It also allows functions like film printing or CD burning. Data standards are critical for enabling the seamless and secure sharing of medical images and related data across different systems and devices, which is essential for modern enterprise imaging environments. By providing a consistent format for medical images and related data, regardless of the equipment or software used, the DICOM standard enables reliable interpretation and comparison of medical images over time, which is essential for accurate diagnosis and treatment.

Patient privacy is another challenge for enterprise imaging. Per federal law, all patient data must be protected and HIPAA-compliant. However, one of the main advantages of enterprise imaging is the possibility of sharing significant data banks with other enterprises for medical research, AI training, and similar projects. It is essential that, whenever data sharing is offered, identifying information is stripped away to protect individuals’ medical data. De-identification is the most common method of performing this information removal for DICOM data in Cross-Enterprise Document Sharing (also known as XDS-I). DICOM files consist of the image and the header, which contain meta-elements containing patient information, as well as institution and study data. The patient name and number must be obscured to prevent the patient from being identified. Hence, de-identification. De-identification in healthcare removes all direct identifiers from patient data and allows organizations to share it without the potential of violating HIPAA. Direct identifiers, known as Protected Health Information, can include a patient’s name, address, and medical record information, and convey a patient’s physical or mental health condition, any healthcare services rendered to that individual, as well as financial data related to healthcare. For example, medical records, hospital bills, and lab results are all PHI.

• Sharing health information with non-privileged parties
• Creating datasets from multiple sources and analyzing them
• Anonymizing data so that it can be used in machine-learning models
• Providing public health warnings without revealing PHI
• A company that licenses de-identified patient data to analyze trends and patterns that help verify efficacy or buying trends.

There are two main approaches to de-identification: anonymization and pseudonymization. Anonymization is considered to be more secure, as it involves removing all sensitive information from the header to irreversibly remove any probability of revealing the patient’s identity.

A format that is seeking wider acceptance is Health Level Seven (HL7), intended for the general use of electronic health information in hospitals. This format manages non-imaging data and provides protocols for the exchange, management, and integration of clinical and administrative electronic health data. It allows interoperability between different systems including patient administration, laboratory information systems, billing systems, electronic medical records and health record systems, and more.

The field of enterprise imaging is one with a great deal of potential but also challenges to be surmounted. It took the U.S. healthcare industry almost a decade to adjust after its investment in enterprise EHR. What’s more, the changing legislative environment and consolidations of hospital infrastructure have quenched enthusiasm for pursuing the kind of complex implementations enterprise imaging needs. Certain departments and care areas are, as a general rule, more enthusiastic about converting to enterprise imaging than others. Radiology is one of them, but Dermatology, non-invasive Cardiology, and standard Mammography are also typically receptive to the shift. Departments with which progress for the adoption of enterprise imaging is generally less keen include core Pathology, Genomics, multimedia Endoscopy, and Oncology. The reasons vary but may involve a lack of leadership, a reliance on a committee or cross-department decision-making, adherence to a broader contract involving non-software equipment and services, or a desire to use a dedicated best-of-breed functionality in a specific care area.

The long-term impact of enterprise imaging will be substantial and measurable. From small community hospitals to large institutions, enterprise imaging is an essential component of information technology infrastructure that can promote interoperability between different sites. Communication, via image sharing and other means, within the hospital and beyond, is made easier along different points of the care continuum. As a result of healthcare increasingly being absorbed into the Cloud, data migrations will become obsolete. This in turn will reduce the image management role of healthcare IT vendors and place more power in the hands of the providers. Vendor-neutral data will give providers the freedom to innovate their solutions to progress, rather than obeying the strictures of the vendors. The most tangible benefit of this shift in imaging structure will be better patient care, under faster diagnosis and imaging orders.

One innovation in enterprise imaging is the ability to facilitate the ‘on-ramp’ of artificial intelligence for diagnostics. Thanks to AI, radiologists foresee a future in which machines enhance patient outcomes and reduce misdiagnosis. AI algorithms can assist organizations with workflow improvements. AI tools can reduce the workload of radiologists by automating repetitive tasks, which means they can place more focus on complex cases. As more departments and enterprises consolidate their image management into enterprise imaging health systems, AI developers’ ability to source the terabytes of deidentified images necessary to train their machine learning diagnostician algorithms will increase. By automating repetitive tasks such as image tagging and analysis, AI can improve workflow efficiency. The ability of machines in a split second, to assess a mammogram, MRI, or other medical scan and accurately (more accurately than any human diagnostician) diagnose a patient will represent a significant leap forward in the efficiency of medicine as a whole.

A Vendor Neutral Archive (VNA) is highly beneficial for healthcare systems. The ability to switch PACS/MIMPS vendors regardless of image data migration/conversion is highly significant. A cloud-based archive can remove one of the biggest impediments to implementing a VNA: how to store all that data? The demand for the use of the cloud in image management deployments is growing. Cloud-hosted, hybrid-cloud, and cloud-adjacent solutions are now being offered by solution providers and the benefits include on-demand scalability and as-a-service cost models. Data migrations within a cloud offer lower operational and maintenance costs for data storage. Additional benefits include scalability and the capability to homogenize data from disparate systems. Data stored on a cloud is much more affordable to recover in a disaster. Furthermore, many solutions expand the capabilities and longevity of a client’s current PACS/MIMPS. In addition, these solutions de-identify personal and healthcare information contained in DICOM metadata and pixels helping protect patients’ confidentiality and offering greater research possibilities.