Now that health information exchange (HIE) is gaining traction in the industry and becoming a larger part of meaningful use requirements, researchers at Wake Forest School of Medicine in Winston-Salem, N.C., have been trying to figure out how to make radiological images as mobile as other patient health information. Co-investigators Yaorong Ge, Ph.D., associate professor of biomedical engineering, and Jeff Carr, M.D., radiologist and director, TSI Biomedical Informatics Center, have built the Patient-Controlled Access-key REgistry (PCARE), a set of processes that allows patients, with a swipe of a card, to digitally enable unaffiliated institutions to transfer medical images to avoid the hassle of CDs.
“The idea is that the images stay where they are,” says Ge, who demonstrated PCARE at the Radiological Society of North America conference two years ago and was recently featured in the Journal of the American Informatics Association. “That addresses a lot of concerns; not only does it address physician workflow and patient privacy concerns, but also a lot of business interests concerns, such as, why do I want to have my data lumped together with my competitor’s data?”
The impetus for developing this technology was to alleviate the bottlenecks of current workflows involved in transferring radiological images between institutions. At many organizations, patients sign paperwork to obtain their radiological images on a CD, which they then have to hand-deliver to the other institution. Often times the patient forgets the CD, or the CD contains the wrong images, or the physician has trouble loading images because of compatibility or hardware issues.
How PCARE Works
The PCARE project got its start three years ago with a Research and Research Infrastructure “Grand Opportunities” grant funded by the federal American Recovery and Reinvestment Act (ARRA). While developing PCARE, Ge and Carr investigated two main approaches for image exchange: a patient-centric approach, i.e., a personal health record (PHR), which puts the burden on the patient; and an organization-facilitated approach, i.e., HIE where the onus is on the health system. The investigators saw flaws in each method, with the patient-centric approach not fitting into physician workflows and data having to be validated by the physician, while the organization-based approach creating challenges around patient consent.
“This is the critical design feature that sets our framework apart from existing patient-coordinated sharing frameworks such as PHRs,” says Ge. “Instead of dealing with actual clinical data as in a PHR, PCARE is a collection of access keys or secure tokens that uniquely represent clinical datasets. These unique access keys are generated by a healthcare imaging facility upon patient authorization to provide a secure electronic conduit to the actual dataset.”
PCARE capitalizes on the strengths of both the patient-based and organizationally based approaches. The token generated by the healthcare imaging facility contains encoded metadata that identifies the hospital where the images were taken, what time, the facility-generated patient identifier, and the facility-specific URL that links to the actual clinical data. When the patient goes to the second healthcare facility, they swipe a patient identity card, much like a credit card, at a patient controlled portal or kiosk. The patient is asked if they want to share the specified images, and once that option is selected, a digital signature signs a secure token that is then sent to that facility’s edge server, which transmits the token to the original healthcare imaging facility’s edge server, which validates that token and ships the validated token with the image links back to the second facility.
“When images arrive at the new hospital, those images are found in an image cache that acts like a local image repository, and so physicians can use existing workflows to look at those images,” explains Ge. “Because the images are linked with this token that has the information about those hospitals in terms of their local IDs, our system automatically maps [the patient] ID to the local hospital’s ID.”
PCARE leverages open-source technologies and standards like dcm4chee, an image manager/image archive application that contains the DICOM, HL7 services and interfaces that are required to provide storage, retrieval, and workflows; the Cross-Enterprise Document Sharing (XDS) standard; and Indivo, the patient controlled health platform that allows the sharing of health information.
Ge says PCARE also leverages patient participation in its privacy and security practices, given that the patient authorizes the information exchange by being physically present at both healthcare organizations. “We can then physically link the IDs together by the patient’s direct confirmation,” adds Ge, “and therefore we believe it will be much more accurate than an MPI.”
“In most cases based on our survey data, and based on our anecdotal evidence, patients are very comfortable authorizing the sharing of their ongoing medical records with the healthcare providers that are part of their team,” says Carr. “People become more reluctant with the open-ended sharing of their data, say from a group of healthcare providers from the entire state.”
Carr says that the PCARE system is ideal for where most healthcare imaging is performed—at small physician practices or outpatient imaging centers. The PCARE system was designed to have a small footprint, and assuming the organization already has a broadband connection and a PACS, all that is required is a small server placed at the facility, and a kiosk or computer for patient authorization, all of which could cost the organization approximately $15,000, says Carr.
“There might be a competing network or groups of physician practices and smaller players that your patients see that you would like to collaborate with in a very rich way, and right now that is very difficult,” says Carr. “The advantage of PCARE is that you don’t have to set up an agreement between the two hospitals to open up all your databases and image archives.”
A prototype was implemented during a feasibility study between the 800-bed Wake Forest Medical Center in Winston-Salem, N.C. and Lexington Memorial Hospital, a 90-bed community hospital in Lexington, N.C. The performance test showed that, even including the slower network of Lexington Memorial Hospital, PCARE could move 1 gigabyte of data within 15 minutes, which Ge notes is satisfactory compared to most hospital wait times that are at least that long.
PCARE’s next phase hasn’t been completely finalized yet. In the next three to six months, the investigators will partner with a healthcare economist to begin interviews with patients, families, and providers to ascertain what they would like to see in the PCARE platform and how much they would be willing to pay for it.
There are also plans for a regional demonstration project to implement the system to document its challenges and successes. However, more funding is needed for that, and the team is currently in active exploration with interested parties.
Ge emphasizes the cost and time benefits of PCARE; not only can organizations save money on the CDs themselves, but the costs of management of the CDs in storage and personnel. Ge is excited about the many possibilities for this image sharing system and how it can be applied for other purposes like sharing a longitudinal virtual electronic health record, since the token in the PCARE system can link to lab data or any other medical data, for that matter.
“If you look at Stage 2 meaningful use, with the necessity to facilitate real exchange of information between providers and patients, and how that happens, I think our solution can play a role in several scenarios that are likely to be high volume exchanges of information,” says Carr. He adds that beyond enhancing interoperability, another strength of PCARE is that it can maintain an audit record, as well as document patient authorization for the exchange of their medical information, which is necessary for Health Insurance Portability and Accountability Act (HIPAA) requirements.