using mirc as a research data collector lawrence tarbox, ph.d. electronic radiology lab mallinckrodt...
TRANSCRIPT
Using MIRC as a Using MIRC as a Research Data Research Data CollectorCollector
Lawrence Tarbox, Ph.D.Lawrence Tarbox, Ph.D.
Electronic Radiology LabElectronic Radiology LabMallinckrodt Institute of RadiologyMallinckrodt Institute of RadiologyWashington University in St. Louis School of Washington University in St. Louis School of MedicineMedicine
Requisite Financial Requisite Financial DisclosureDisclosure
• The author receives financial support from RSNA for work in IHE testing tools and connectathon management.
• The author consults with Siemens Medical Solutions on standardization issues (DICOM).
• The author’s retirement fund currently includes a small amount of Siemens, AG stock.
None of the above impacts today’s topic.
Research Dataset Research Dataset AcquisitionAcquisition
From John Perry’s Presentation:• MIRC feature developed with
Mallinckrodt Institute of Radiology• Allows internal researchers to
acquire DICOM images from modalities, store and manage them without using the clinical PACS– Bridges internal networks– Tracks access of PHI for HIPAA
compliance
Problem StatementProblem Statement
• Clinical scanners are often used for research purposes– Researcher-directed acquisitions– Clinical cases of research interest
• Not all researchers have access to the clinical PACS
• Research computer systems and networks often are outside of the HIPAA protected environment
Current SolutionCurrent Solution
• Whenever possible, techs are asked to enter the researcher’s name as the “referring physician”
• Techs asked to not put PHI in study/series descriptions
• Scanners are configured with a MIRC server as a DICOM destination, making it easy for techs to send research data to the MIRC server
• MIRC server remains in the HIPAA protected environment
• Researchers are given controlled access to the MIRC server to pick up their data
Research DataflowResearch DataflowHospital Network Medical School Network
Images containing PHI
Retrieve de-identified images
Retrieve de-identified images via VPNOpen Network
MIRC SetupMIRC Setup
• On receipt, DICOM data is stored both– as received (potentially with PHI)– deidentified/anonymized (no PHI)
• Research data is not published automatically (i.e., is not available to other MIRC servers)
• Protected Health Information (PHI) is not shown in query results list
• User login required to access data• Potential access to PHI is logged for audit
purposes, as required by HIPAA
HIPAA Audit LogsHIPAA Audit Logs
• No audit log entry for queries, since no PHI is shown in list returned
• Patient data accessed audit log entry when user clicks on a query list entry
• Patient data export audit log entry if user downloads non-deidentified data
• Logs both – stored locally on the MIRC server, and – optionally transmitted via http to a log
collection service (RFC 3881 format)
Most Researchers just click here
Queries are allowed, but are limited
Title includes modality and date
Author is referring physician
“Accessed” audit record generated
when title is clicked, logon required
XML template specifies content
of entries
“Export” audit record generated when zip file of
DICOM objects is downloaded
XML template specifies layout
and content
XML template specifies layout
and content
Audit Log ExamplesAudit Log Examples2005-01-13T18:25:04 - Access by MIRCuser @10.39.168.180 SIUID:
1.2.124.113532.128.252.220.117.20030306.133901.10766096
Pt ID: 05-10786-9 Name: PATIENT^NAME
2005-01-13T18:26:14 - Export by MIRCuser @10.39.168.180 SIUID:
1.2.124.113532.128.252.220.117.20030306.133901.10766096
Pt ID: 05-10786-8 Name: PATIENT^NAME
DiscussionDiscussion
• Over 90 GB of data have gone through the collector
• 10 to 20 studies a week• Expanding to include raw data
(sinograms) from scanners