Held in confidence - installing a secure PACS

As the field of medical imaging becomes increasingly digitalised, so the issue of patient confidentiality rises to the fore. While most patients accept that their information is commonly shared within medical teams as a matter of expediency with regards to the provision of care afforded to them, they also need a guarantee that this data remains absolutely protected.

A picture archiving and communication systems (PACS) carries its own set of challenges in this area, but confidentiality still needs to be maintained on the same basis as any other field of medicine.

"Confidentiality is a cornerstone of medical practice, and is the foundation of the doctor-patient relationship," wrote Dr Tony Newman-Sanders, consultant radiologist and clinical lead for the Health and Social Care Information Centre's (HSCIC) National PACS programme, in a 2012 Royal College of Radiology (RCR) report, 'Standards for Patient Confidentiality'."There are professional, ethical, contractual and legal obligations to ensure that information entrusted to healthcare professionals remains within a confidential framework, and to ensure that this information is held in a safe and secure manner.

Sharing concerns

PACS has been deployed across NHS trusts throughout the UK since the rollout of the now-defunct National Programme for IT (NPfIT) in 2004. Over the last decade, its use within and between hospitals and other healthcare organisations has been championed as one of the NPfIT's few positive legacies.

With millions of patient studies archived in local and regional data stores - not to mention the tens of thousands of studies electronically shared each year between organisations - PACS contains more patient data than any other UK information system.

While few would disagree that the quality and safety of patient care has benefitted from the proliferation of such data, radiologists are facing a tricky quandary over what this signifies in terms of patient relationships, and how best to maintain confidentiality.

"Obviously, with new forms of media, you need to be more careful than ever, because data can be shared much more easily digitally than it can on paper," says Dr Neelam Dugar, consultant radiologist at Doncaster and Bassetlaw Hospitals NHS Trust.

"However, the flipside of it is that patient care can be hugely enhanced by the fact that data can be shared and available at the same time in multiple places, which wasn't the case with film.

"Digital media enables me to look at an image, while an orthopaedic surgeon might be looking at it at the same time, somewhere else. So, overall, I think that there is a positive side of being able to share data, as long as appropriate access controls are in place."

Question of confidence

Confidentiality is integral to the professional standards demanded of a healthcare professional, and is upheld by the various regulatory bodies.

For radiologists, the Good Medical Practice - the primary ethical guidance supplied by the General Medical Council (GMC) - explicitly states a doctor's duty: "Patients have a right to expect that information about them will be held in confidence by their doctors. You must treat information about patients as confidential, including after a patient has died."

Furthermore, the Data Protection Act - alongside the Human Rights Act - informs certain aspects of the duty of confidentiality. Under the law, key patient identifiable information (PID) includes the patient's name, address, full postcode, date of birth, pictures, photographs, videos, audio files and other images.

This legal framework is also underpinned by the Caldicott Principles: a set of seven standards born of the 1997 Caldicott Act, which addresses the use of information and confidentiality within the NHS.

The principles, which have subsequently been incorporated into the organisation's confidentiality code of practice, stipulate that medical professionals must justify the purpose of accessing patient data. The articles of the code state that patient-identifiable information must never be used unless it is absolutely necessary; the minimum necessary PID must be used; PID date must only be accessed on a need-to-know basis; PID responsibilities must be born in mind; and the law must be understood and complied with.

"There might even be more that can be done to safeguard patient data, and this will inevitably get trickier with new IT systems, but I believe radiology departments adhere to a pretty rigorous regulatory landscape," says Dugar. "We have learned our lessons from the past."

In general, the use of PID for other legitimate secondary uses, including research, teaching and training and service planning, should only be done with the open consent of patients.

Conversely, casual browsing of images and reports by staff not involved in the care of the patient, as well as the browsing of images and reports by individuals not authorised to access PACS, constitutes a serious lapse in access security.

Radiologists are therefore required to have an entrenched understanding of their professional, contractual and legal responsibilities with regard to viewing PACS data.

Restricted access

"Radiology departments should work with their colleagues in IT to establish, publish and enforce a clear local policy on access and use of PACS," claimed Newman-Sanders in the same RCR report. "Staff working in imaging should all have a clear understanding of the duty of confidentiality and should be supported by written and other materials in order to ensure that all patients are in a position to give implied informed consent for the normal use and sharing of their imaging data to deliver their healthcare and support local clinical audit."

Dugar, a former chair of the UK Imaging Informatics Group, also advocates the constant auditing of PACS usage to ensure that all image viewing can be monitored and justified.

"Access control to an active directory is vital," she says. "If I have looked at someone's data, I need to be able to explain why I have done so. This really pertains to the clinical front end - the clinicians - who are arguably the biggest guardians of patient data.

"So, any time I go into PACS, I should be able to see a log of the date and time, and who has accessed that data. It can act as something that reminds people that, when they are reviewing patient information, they are being logged on the system. I think this would prompt staff to adhere to the appropriate steps."

If the topic of PACS patient confidentiality wasn't complicated enough, several NHS trusts presently face the challenge of brokering new service provider contracts, in light of the disbanding of the NPfIT and the move away from central procurement.

The question on the lips of many radiology departments might well relate to how tall an order it would be to migrate old images onto new PACS systems, and the security consequences of doing so. "You wouldn't use a phone that is 15 years old, and the same principle applies here: you don't want data lying in old systems,"says Dugar.

"The way to get around it is to migrate information to newer hardware. I don't see the logic in keeping data in old, slow and clinically useless hardware, so migration can only be a good thing.

"Patients want their archived data to be of clinical use and for that to happen, it must be stored in modern hardware to ensure that it is accessible and retrievable at all times."

Clouded vision

Then there is the issue of the cloud. While initially slow to take off in medical circles - as a result of misgivings over potential breaches of patient data confidentiality - attitudes have shifted.

When Medical Imaging Technology spoke to Aimie Chapple, Accenture's managing director, UK health industry, and UK and Ireland client innovation, earlier this year, she stated that cloud was "increasingly becoming an option for PACS", due to its potential cost benefits and service reliability. Dugar, however, holds a diametrically opposed view, positively bristling at the mere mention of cloud computing. But surely it could improve data sharing between health organisations?

"I am going to be very cynical about that," she admits. "We've heard all about cloud storage before and it failed miserably through the Central Data Store for local service providers [LSPs]. It cost a huge amount of money and was clinically unusable, because it often took over ten minutes to download from the Central Data Store.

"Cloud is currently a very fashionable idea, but if data is to be clinically useful, it must be displayed within three seconds, otherwise, a radiologist will not be able to review that data and the patient loses out."

From speaking to Dugar, one is left with the overall sense that the medical imaging community shares a common goal in patient data protection, but there are still issues that need to be ironed out, especially as trusts renegotiate new PACS contracts. As for storing data in the cloud, there still appears to be a lack of harmony over whether it is truly the right fit for PACS, or the entire healthcare profession, for that matter.

What is absolutely certain, though, is that radiology departments and trusts will need to engage in great dialogue over such issues. The legal and reputational consequences of not doing so would be disastrous.