PREFACE: This is just a thought, an idea. I am by no means an expert in this area. I have researched this to inspire a thought process of how we can bring together 2 disparate worlds of medical records and imaging with the emerging cloud services for healthcare.
Healthcare has been moving out of its archaic shell in the past few years, and digital healthcare technology and services are booming. And this movement is part of the digital transformation which could eventually lead to a secure and compliant distribution and collaboration of health data, medical imaging and electronic medical records (EMR).
It is a blessing that today’s medical imaging industry has been consolidated with the DICOM (Digital Imaging and Communications in Medicine) standard. DICOM dictates the how medical imaging information and pictures are used, stored, printed, transmitted and exchanged. It is also a communication protocol which runs over TCP/IP, and links up different service class providers (SCPs) and service class users (SCUs), and the backend systems such as PACS (Picture Archiving & Communications Systems) and RIS (Radiology Information Systems).
Another well accepted standard is HL7 (Health Level 7), a similar Layer 7, application-level communication protocol for transferring and exchanging clinical and administrative data.
The diagram below shows a self-contained ecosystem involving the front-end HIS (Hospital Information Systems), and the integration of healthcare, medical systems and other DICOM modalities.
(Picture courtesy of Meddiff Technologies)
The operative words here is “self-contained”, and both DICOM and HL7 are part of a progress in improving the information management and workflow within the hospital information ecosystem. However, I am pretty sure most avant garde medical professionals and practitioners will be positioning this “self-contained” hospital information ecosystem into the cloud, trying to bridge the gap between the 2 worlds.
DICOM PS 3.18-2011 specifies WADO (Web Access to DICOM Persistent Objects), a standard that “webbifies” DICOM medical images and records. It uses the common DICOM UIDs to access DICOM persistent objects over HTTP or HTTPS with the usual CRUD (create, retrieve, update, delete) methods. However, the communication and exchange of medical images and records over the HTTP/HTTPS protocol with WADO does not concentrate much on inter-operable workflows between cloud entities, especially in the public clouds. It also does not dictate inter-exchange of personal data and patient records, perhaps leaving this duty to higher level protocols, applications and policies. Thus it does not lend much to the data protection and data compliance regulations such as HIPAA in the US and NHS with the mandated Caldicott principles in the UK, in a inter-cloud environment.
As disparate and often disjointed cloud entities are formed, standardization becomes important and crucial. This is where SNIA CDMI (Cloud Data Management Interface) could bridge the medical imaging and records divide hosted in different cloud entities. In the words of SNIA, the slide below captures the essence of interoperable cloud standardization:
This standardization ensures data object access and management uniformity and consistency, with a rich and well-known HTTP RESTful operations.
Disparate medical records and imaging systems often rely on proprietary gateways and proxies to provide the network and webscale integration. However, in a cloud environment, these gateways and proxies could introduce integration gaps which might expose security holes and heighten costs and complexity. A very important feature of CDMI is the ability to discover the capability of its corresponding CDMI provider in the cloud. This discovery of CDMI providers’ capability via the metadata in the exchange of data objects not only closes the security holes, it also simplifies and standardizes the communications, access and management of the medical records and imaging data objects.
Therefore, when 2 or more medical imaging services in the cloud exchange data objects, it does not need any special broker like CORBA. The discovery of capabilities and attributes via CDMI data system metadata facilitates the protocol discussion between the 2 or cloud services. Just think of CDMI as the data object multi-lingual translator between cloud entities.
The CDMI cloud storage reference model (with CDMI integration) is shown below:
(Courtesy of SNIA)
Other CDMI features include access control, access security, resource guarantee, billing and even exporting the CDMI object via common network protocols such as iSCSI, NFS, CIFS and WebDAV. Other data requirement can be extended as well to address healthcare and medical object requirements.
I was reading the SNIA CDMI whitepaper for Healthcare discussing about CDMI extensions. It is quite interesting to note how the CDMI extension could be (I borrowed the points from the whitepaper):
- Patient consent according to the BPPC (Basic Patient Privacy Consents) standard
- HL7/FHIR security labels
- Access control information signatures
- Identity information of the cloud service that is requesting access to the data
- Purpose of access for enforcement of patient consent
- Name/features and public key certificate of the cloud service requesting access to the data
Thus (again borrowed the diagram below from the whitepaper), the workflow between Cloud A and Cloud B in the example below could be …
While the workflow above describe what CDMI extension could be for the healthcare inter-cloud communication, the possibility of CDMI to emancipate the medical imaging and record cloud services is there.
And looking of the standards out there for the healthcare industry – DICOM, MINT, WADO – CDMI is in a good position. And the list of vendors adopting CDMI is growing, albeit at a slow pace for now.
Of the growing list, NetApp StorageGrid may be in the best position than the rest. Since its Bycast days (NetApp acquired Bycast in 2010), StorageGrid was already well entrenched in the healthcare industry. It was one of the earliest object storage vendors which conformed to DICOM PS 3.2 as well as the IHE Technical Framework. IHE is Integrating the Healthcare Enterprise. And of recent records, NetApp has just upped its game with StorageGrid, releasing version 10.2 with chockful of goodies. More to come …