For the modern healthcare organisation, extending better patient care across the service continuum involves — new challenges that surround sharing information over a distributed network. Effectively sharing patient information remains a challenge, while an inability to access these records in a time-sensitive manner results in re-imaging and re-testing the patients — affecting both ‘time-to-treatment’ and the bottom line.

The release process for medical images is altogether complicated — brimming with security related-risks — as images (such as X-Ray Scans, MRI scans, PET scans, etc.), are created and released across several departments and systems, while being purposefully kept ‘out-of-reach’ from a host of unauthorised users.

Training & controls on release policies and procedures require ‘health information management’ expertise — since, Image Handling (electronically) can become susceptible to data corruption, complex accessibility/sharing issues and high security risks —  all of which raises potential red flags for health information management (HIM) professionals.

So how does Medical Image sharing work in this environment, and what, if any — are the safeguards surrounding its ‘release’ process?

First, let’s delve into the term ‘Medical Imaging’ itself. According to the WHO, the technique embodies different imaging modalities and processes to image the human body (creating visual representations) for diagnostic and treatment purposes — making it crucial for improving public health initiatives across all population groups.

Once the image has been captured using a medical imaging device (routine imaging techniques like ultrasound, MRI etc.), then it is necessary to archive and store the images for future use and further processing. Unlike regular images (that we’re more familiar with) stored in more conventional formats like jpeg, png, etc. — medical images are stored in a format known as ‘DICOM’ (Digital Imaging and Communication in Medicine) standard. The medical practitioner responsible for acquiring and interpreting such medical images is a ‘Radiologist’ — while the system they rely on for electronic image data storage is called ‘PACS’ (Picture Archiving and Communication System).

In other words, if a healthcare organization or an outside consultant (physician, clinician) needs access to an individual patient’s medical images, then the access and retrieval will have to go through PACS (typically controlled and operated by the Radiologist itself).

Here is a simple process diagram of a medical imaging system —

A Typical HIPAA-compliant Medical Imaging Management System places a request (for a specific file) to ‘PACS’ via an intermediary system known as ‘Edge Server’. The sole purpose of the Edge Server is to function as a request node, so that other hospitals or physicians can contact the particular radiologist (who possesses the images stored in PACS) and place a request to access a copy of the file in question.

Critical use cases arise for medical image sharing involving support for:

• Remote image viewing (out of network)
• Specialist consults
• Telehealth (examples such as teleburn, telestroke)
• Trauma transfers
• Ambulatory image review

Each of the three highlighted sections (see diagram) can perform various functions, while communication is defined through specific rules and standards that are legally enforced and universally followed.

Medical images (digital) are typically stored locally on a PACS for retrieval. A PACS consists of four major components: The imaging modalities such as X-ray plain film (PF), CT and MRI; a secure network for the transmission of patient information; workstations for interpreting and reviewing images; and archives for the storage and retrieval of images and reports. To communicate with the PACS server we use DICOM messages that are similar to DICOM image ‘headers”, but with different attributes.
The Edge Server manages several functions that allow users to sort through hundreds of thousands of large-volume data and retrieve a specific file from a database either stored in ‘PACS’ or on the ‘MIMS’.

Through the ‘Edge Server’, we can access images stored in PACS. The ‘Management Services’ operation is the first and foremost feature — meaning, a user can control & maintain the complete functionality of the server through this. Using ‘Remote Authentication’ —  a networking protocol operating by way of specific ports, users can obtain centralized authorization and authentication to request files from PACS.

To verify basic DICOM connectivity to the server — i.e, to check if the server is live or not, a C-Echo message is sent to ping the server, after which it will wait for its response. Once the server is identified as live, a user can perform querying and retrieval based operations. Next, the user can begin the process of requesting DICOM images from the Medical Image Management System — known as ‘Ingestion’. DICOM Ingestion is performed via pre-assigned IP and port addresses (default ports are 2104-2111).

Basic DICOM Operations —

To check if the specific image or set of images is actually located on the particular server – a query-based C-FIND operation is performed by sending a request to the server. First, the user establishes a network connection to the PACS server, following which a C-FIND request message (which is a list of DICOM attributes) is prepared. The user fills in the C-FIND request message with ‘keys’ that match. (for e.g. to query for a patient ID, the patient ID attribute is filled with the patient’s ID). Then, the C-FIND request message is sent to the server.

The server sends back to the user, a list of C-FIND response messages, each of which is also a list of DICOM attributes, populated with values for each match. The Images are then retrieved from the PACS server through a C-MOVE request, using the DICOM network protocol. Retrieval can be performed at the Study, Series or Image (instance) level. The C-MOVE request specifies where the retrieved instances should be sent (using separate C-STORE messages). The C-STORE operation, also known as DICOM Push is used to simply push (send) the images to the PACS server (or P2P — Push to PACS). The DICOM storage service is implemented through the C-STORE message — the SCU sends a C-STORE-RQ (request) message to the server, which includes the actual dataset to transfer, and the server answers returning a C-STORE-RSP (response) message to the user, communicating success or failure of the storage request.

These DICOM functions allow health management professionals, physicians, radiologists and indirectly their patients to benefit from utilising secure protocols in handling confidential medical image data — extending the ability to view such images discreetly and instantly; avoiding duplication costs; and reducing unnecessary radiation exposure to patients.

Medical Image Sharing furthers the “Health 2.0” initiative by being able to instantly and electronically exchange medical information between physicians, as well as with patients — improving communication within the industry.