Now that health information exchange (HIE) is gaining traction in the industry and becoming a larger part of meaningful use requirements, researchers at Wake Forest School of Medicine in Winston-Salem, N.C., have been trying to figure out how to make radiological images as mobile as other patient health information. Co-investigators Yaorong Ge, Ph.D., associate professor of biomedical engineering, and Jeff Carr, M.D., radiologist and director, TSI Biomedical Informatics Center, have built the Patient-Controlled Access-key REgistry (PCARE), a set of processes that allows patients, with a swipe of a card, to digitally enable unaffiliated institutions to transfer medical images to avoid the hassle of CDs.
“The idea is that the images stay where they are,” says Ge, who demonstrated PCARE at the Radiological Society of North America conference two years ago and was recently featured in the Journal of the American Informatics Association. “That addresses a lot of concerns; not only does it address physician workflow and patient privacy concerns, but also a lot of business interests concerns, such as, why do I want to have my data lumped together with my competitor’s data?”
The impetus for developing this technology was to alleviate the bottlenecks of current workflows involved in transferring radiological images between institutions. At many organizations, patients sign paperwork to obtain their radiological images on a CD, which they then have to hand-deliver to the other institution. Often times the patient forgets the CD, or the CD contains the wrong images, or the physician has trouble loading images because of compatibility or hardware issues.
How PCARE Works
The PCARE project got its start three years ago with a Research and Research Infrastructure “Grand Opportunities” grant funded by the federal American Recovery and Reinvestment Act (ARRA). While developing PCARE, Ge and Carr investigated two main approaches for image exchange: a patient-centric approach, i.e., a personal health record (PHR), which puts the burden on the patient; and an organization-facilitated approach, i.e., HIE where the onus is on the health system. The investigators saw flaws in each method, with the patient-centric approach not fitting into physician workflows and data having to be validated by the physician, while the organization-based approach creating challenges around patient consent.
“This is the critical design feature that sets our framework apart from existing patient-coordinated sharing frameworks such as PHRs,” says Ge. “Instead of dealing with actual clinical data as in a PHR, PCARE is a collection of access keys or secure tokens that uniquely represent clinical datasets. These unique access keys are generated by a healthcare imaging facility upon patient authorization to provide a secure electronic conduit to the actual dataset.”
PCARE capitalizes on the strengths of both the patient-based and organizationally based approaches. The token generated by the healthcare imaging facility contains encoded metadata that identifies the hospital where the images were taken, what time, the facility-generated patient identifier, and the facility-specific URL that links to the actual clinical data. When the patient goes to the second healthcare facility, they swipe a patient identity card, much like a credit card, at a patient controlled portal or kiosk. The patient is asked if they want to share the specified images, and once that option is selected, a digital signature signs a secure token that is then sent to that facility’s edge server, which transmits the token to the original healthcare imaging facility’s edge server, which validates that token and ships the validated token with the image links back to the second facility.
“When images arrive at the new hospital, those images are found in an image cache that acts like a local image repository, and so physicians can use existing workflows to look at those images,” explains Ge. “Because the images are linked with this token that has the information about those hospitals in terms of their local IDs, our system automatically maps [the patient] ID to the local hospital’s ID.”
PCARE leverages open-source technologies and standards like dcm4chee, an image manager/image archive application that contains the DICOM, HL7 services and interfaces that are required to provide storage, retrieval, and workflows; the Cross-Enterprise Document Sharing (XDS) standard; and Indivo, the patient controlled health platform that allows the sharing of health information.
Ge says PCARE also leverages patient participation in its privacy and security practices, given that the patient authorizes the information exchange by being physically present at both healthcare organizations. “We can then physically link the IDs together by the patient’s direct confirmation,” adds Ge, “and therefore we believe it will be much more accurate than an MPI.”
“In most cases based on our survey data, and based on our anecdotal evidence, patients are very comfortable authorizing the sharing of their ongoing medical records with the healthcare providers that are part of their team,” says Carr. “People become more reluctant with the open-ended sharing of their data, say from a group of healthcare providers from the entire state.”