I recently became aware of the efforts of Merge Healthcare to reduce software piracy by offering an eFilm amnesty program. Merge is a known RIS/PACS solutions provider. Globally, users have downloaded more than 100,000 copies of its eFilm DICOM viewer. Recently, Merge announced membership in the SIIA (Software Information & Industry Association), and is offering an amnesty program to help organizations comply with license agreements for eFilm Workstation and to address unauthorized use of the software.
PACS has been slow to be embraced by IT organizations, and has in many instances been managed outside of IT as a radiology departmental. Only now, with greater emphasis on enterprise image management and distribution are some of these issues getting the attention they deserve.
I am reminded of the site visit I took several years ago to a PACS installation where the chief of radiology prided himself on having implemented PACS without IT. While on a tour of the department, we visited the computer room, a closet behind the department receptionist, where I observed computers underneath sprinkler heads, and software media out in the open on top of their juke box! There was also a box with the backup tapes sitting above the tape drive, but that’s another story! Clearly, this site had no idea of proper software control and security, and could have easily been at risk in terms of losing software licenses to theft or piracy.
Perhaps one of the reasons PACS vendors, other than Merge, and their customers have been slow to embrace software piracy is the relatively small number of licenses compared with commercial applications. In the early days, it was even less of a problem when many PACS were on less widespread operating systems such as UNIX. With the advent of Microsoft Windows based applications, the problem is bound to increase – especially as imaging becomes a bigger part of enterprise solutions. When PACS was in its infancy, there were a small set of users, namely radiologists, who used the software. AS PACS expands to address more imaging services, there will be more diagnostic and clinical users of viewer applications that may be subject to licensing issues.
Another factor in limiting PACS software piracy has been a move over the past few years toward “site” versus “seat” licenses. By licensing a site for an application, vendors have reduced the level of effort in managing the number of applications installed, and facilities have greater flexibility in installing software at multiple locations where it is needed. Usage is managed by limiting the number of “concurrent” users to the licensed amount. Besides making it easier all around for vendors and users, a site license also helps promote the application’s use, and limits the need to pirate the application. For example, if a radiologist wants to read from home, previously they may have been tempted to pirate a license to install at home. With a site license, the radiologist is free to install the software at home, as long as the number of concurrent users is not exceeded by doing so.
This is not to say that the need to manage software licenses is lessened by concepts such as site licenses. PACS Systems Administrators have a responsibility for maintaining PACS Policies and Procedures, and it would be wise to have a software license management policy in place. The administrator should routinely check on the number of concurrent users, and should maintain documentation on all known installations to protect against pirated or unlicensed installations. In the case of the radiologist with software installed at their home, how does one insure return of the software should the radiologist no longer be associated with that facility? For those that have not had a policy in place, an audit is probably a wise move in setting up such a policy. Establishing a base line and managing to it is good IT practice.
And what about software license security? In the instance I sited above involving the site visit, I could have easily pocketed a few CD’s and walked out the door with their licenses. Just having the piece of paper indicating the license does not insure the replacement of lost media. Therefore, it is a good policy to maintain control over licenses and media by keeping them in a secure location, and managing their access.
While software piracy may not be as big an issue in healthcare today as it is in consumer software, the increase in computer applications in healthcare will increase the potential for abuse. Therefore, the time to react is now by assuring that good IT practices are enforced across the facility, and by employing practices such as site licenses that can help minimize the risk.
I welcome your comments on both policy and practice!