Conforming and Protecting Image Transfer
The oral healthcare industry advocates for developing standards
How is the dental industry participating in this transformation?
The American Dental Association (ADA) Standards Committee on Dental Informatics (SCDI) develops informatics standards, specifications, technical reports, and guidelines and interacts with other entities involved in the development of health informatics standards aimed at implementation across the dental profession. These guidelines assist the dental profession with hardware and software selection, digital photography, interoperability, data security, DICOM conformity, and more, and can be found on the ADA website (ada.org), under “Standards, Technical Specifications & Technical Reports.”1
The ADA is also a member of the DICOM Standards Committee. DICOM (Digital Image and Communication in Medicine) is an international standardized format that specifies that images are stored in a format that’s readable and protected against outside manipulation. Representing dental industry interests on this committee is a Dentistry Working Group (DICOM WG 22).
In addition, the ADA serves as secretary of Integrating the Healthcare Enterprise (IHE) for dentistry, which includes a Dental Planning and Technical Committee. Allan Farman, BDS, PhD, DSc, MBA, Professor of Radiology and Imaging Science at the University of Louisville School of Dentistry, notes that the first profile for IHE Dental will be tested at the beginning of 2014. “This will allow not only manufacturers to have DICOM, but also to prove interoperability and to be tested according to the profiles that are being developed,” he explains. Farman reminds practitioners that, starting in 2014, they “should be asking manufacturers for IHE Dentistry as well as DICOM compliance,” adding, “For now, DICOM output for some images is something you have to insist on having.”
The DICOM standard promotes image interoperability between systems for dentistry and throughout the processes of treatment. According to Kirt E. Simmons, DDS, Orthodontic Director at Arkansas Children’s Hospital, DICOM is like a set of rules. “The point of the IHE is to look at the rules and make sure first, that they can be followed; and second, that they will be followed.” Outlining this process, he says, “You set out test criteria, which is what IHE develops, then you test the two systems and make sure they can do what they’re supposed to do using these rules. Then you certify it works. The job of information technology is to help the industry meet these rules and communicate.”
Simmons, who serves as one of two co-chairs of the IHE Dental Domain, describes how he as a clinician interacts with the other co-chair, a member of the dental industry. “The clinicians are the managers of the equipment, but the manufacturers are the providers. I may know what I need this equipment to do, but I don’t know how it does it. The industry people know how it does what it’s supposed to do, but they may not necessarily know what I want it to do or how I want to do it. We need both sides to say how are we going to integrate these rules and make them work? The ultimate goal is to have industry and providers all on the same page. When we finally say these are the rules, this is how it’s going to work, and it’s certified, everyone’s happy.”
DICOM format, says Simmons, enables industry and providers to “speak the same language.” “The point is I know what information I’m conveying to you, you know what information you’re getting. Some companies are very committed to trying to make this work. They see the value of it.”
Systems that produce DICOM images are compatible. Although the images inside the system itself may be in a proprietary format, they will often export and import in DICOM format. A large number of software programs also can be used from DICOM exports. For this reason, Farman suggests that clinicians should be able to provide their patients with a copy with a viewer of any images that are taken. “Those images should also be in DICOM. If they aren’t, then that’s probably not the best system to buy.”
According to Jeffery Price, DDS, Associate Professor in Oral Diagnostic Sciences at University of Maryland School of Dentistry, one of the major issues in electronic records is having an open platform between manufacturers. “For example, I have a patient who transfers in from another practice that has digital imaging. The other office sends the records over securely, and I want to import them into my imaging system, but I can’t read them because they aren’t DICOM compatible. Instead, they’re proprietary to that imaging company’s system.” That, he says, continues to be a problem. Price, who considers this to be “a medical legal issue,” expresses frustration. “If a patient comes into the office and the dentist can’t read the images, we end up having to acquire new radiographs, and the patient is overexposed to radiation. In addition, dentists may charge for the new images, and the patient will become upset. Or the patient returns to the first office and has the radiographs printed on paper, losing the diagnostic qualities. You lose the ability to adjust the contrast or to magnify. And then you are relying on the quality of the other office’s printer. That is a real issue. And every year it gets worse as more offices move to digital.”
David Fincher, Vice President of Dental Sales for Medical Electronic Attachment, notes, “We have had an explosion in digital radiography. It is becoming more the norm than the exception. The ease of use is much better, along with the speed and availability of Internet access, so it has been a lot easier to provide the electronic attachment service. There’s been a phenomenal change over the last 5 years.”
On this point, Farman remarks, “Back in 2000, people were asking how can I print this so I can send it to the insurance company? Now it’s not even a question. In fact, insurance companies are beginning to understand that it’s easier for them to receive everything digitally, and some are beginning to insist upon it.”
In the traditional insurance claim attachment process, the provider would print the claim, and mail the paper claim with the attachment. “Now the claim can go through a claims clearinghouse electronically, and the attachment in our case would come to our repository,” Fincher explains. “The payer would know that the attachment is there to be viewed by looking at the claim. There’s an identifying number in either the notes section or the paperwork section.”
This process allows practices and businesses to communicate with each other in the safest, most economical way—and more efficiently than printing images on paper and mailing them. Fincher adds,“There are some standards that are being created by HIPAA, along with the Health Level 7 (HL7) and ASC X12 standards. At this moment, it’s not all set in stone—the final word on all the requirements is yet to come.”
A number of practice management and imaging software programs are enabling professional and even patient collaboration through secure web-based portals in a HIPAA-compliant environment. This is helping to simplify and enhance communication, collaboration, and patient care.
Compatibility doesn’t end with the software protocols. Once digital images are transferred, they must be adequately viewed. “Get the very best graphics card available for your desktop or laptop,” Price advises. “You should have at least 1 gigabyte of dedicated memory on your graphics card; that’s the key. After that, you will want to have as big a hard drive as you can afford, because all these digital images take space.”
Price recommends practices have at least two top-of-the-line monitors—“one for the dentist to use in a quiet space for interpretation, and the second one for your office manager or treatment coordinator to co-diagnose with your patient,” he explains. “Patients enjoy co-diagnosing and seeing their problems. That way they can own their problems, enabling increased treatment plan acceptance.”
As their records become more digital and centralized, patients will recognize increasing opportunities to consolidate their medical histories. “Whether it’s a dental radiograph, chest radiograph, or a CT scan, the patient demographics are the same," Simmons says. "DICOM puts the patient information in the same place, and it has means of cross-referencing, making sure it’s the correct patient, and recording what machine was used, when it was last calibrated, the exposure parameters, the person who took the image, and the doctor who ordered it.”
However, as with most complex and integrated systems, unintended consequences may result from facilitated record sharing. The same technology that improves the healthcare protection of the patient and that allows patients and providers the ability to share information as necessary also increases the possibility that these records may be inadvertently disclosed.
Title II of The Health Insurance Portability and Accountability Act of 1996 (HIPAA)2 requires the establishment of national standards for electronic healthcare transactions. The administrative simplification provisions address the security and privacy of health data while encouraging the widespread use of electronic data interchange.
To facilitate the transfer of digital images, there are companies that provide ways to send HIPAA-protected medical information through secure email, drop boxes, or share files that are HIPAA-compliant. While everyone agrees that standard non-encrypted email should not be used, there is concern that doctors are taking the chance. The ADA Standards Committee on Dental Informatics has prepared a Technical Report outlining the protocol on how DICOM-conformant images can be securely emailed in a HIPAA-compliant manner.3
“Digital radiographs shouldn’t be simply transmitted by unsecured email,” Price says. “It’s protected medical information.”
There are companies that provide a secure repository that can receive the images and protected health information to be shared in a HIPAA-compliant manner. The deposited information then can be accessed by an appropriate second party to be viewed. That second party must have a user ID and a password to gain access to those images. These companies undergo audits to make sure HIPAA standards are met.
“Because of HIPAA and the HITECH amendments to HIPAA, there are enormous potential fines to practitioners who inadvertently allow dental radiographs or photographs to escape to the greater world,” Farman says.
In managing an imaging service from a university, Farman explains they have to collect waivers and permissions from patients to transmit images for various services such as surgical guides or soliciting opinions from specialists. In other cases, the patient may want to allow transmission of images that were requested by one practitioner to another practitioner, because the patient changed doctors. “First we need to get the appropriate paperwork so we can transmit images, and then we need to manage this securely,” Farman explains. “Fortunately there are a good number of systems available now that permit the secure transmission of information between practitioners and their patients. We use a system that allows the transmission of images and other information to practitioners, secured by password permission. It allows those individuals access only for a limited period of time, designated to extract the information, which can be the entire DICOM file, but it can also be my report and PDFs of my report. I double-protect those by password-protecting the PDFs as well with a specific PDF password that only the practitioner knows.”
In addition to these safeguards, Farman recommends that any practitioner carrying images around on a laptop, for instance, make sure that laptop be totally and completely encrypted. “Not just with a password,” he says. “If they don’t encrypt the drive, then they’re opening themselves up to problems. Laptops are stolen every day. Digital records are no longer anonymous. If you have cone beam CTs of the whole head, the skin surface can be reproduced and produce a perfect image of the patient’s face—even without the patient’s name attached. So practitioners need to be very wary if they are not extremely careful with patients’ information and do not thoroughly follow these HIPAA rules in encrypting and obtaining the patients’ permission for transmission and sharing of any information.”
Practitioners should also ensure that businesses with access to their records are enforcing privacy standards. For example, they should have an agreement on record for HIPAA confidentiality with any laboratory they’re using with digital facilities. “Likewise, the practitioner may have advanced imaging modalities that are being accessed by a manufacturer so they can do calibration and off-site diagnosis for improvement or even for software updates,” Farman says. “Dentists need to have an agreement with those entities as well, because they have access to the files of the patients in those systems.”
Providers are often not aware that they are violating HIPAA requirements. “Even when an image is emailed to another practitioner without any identifying information, if the patient had unusual characteristics and it was a small town or practice, that patient could theoretically be identified,” Simmons says. “Just because there’s not a name attached doesn’t necessarily mean HIPAA rules are not being violated.”
The office staff needs to be thoroughly trained as well. “They need to fully understand the liabilities that are involved in disclosure,” Farman says. Often the dental record isn’t simply images of teeth. There may be other medical issues listed within the record that gets transferred that may be of greater concern.
“However, as we’re trying to achieve better portability and patient care by being able to access health records as appropriate, in situations where the patient’s life may be dependent on having access to the healthcare records, we may find we’ve gone a little bit too far overboard in protecting their information to the detriment of their care,” Farman suggests.
For example, Farman cites the different rules dictated by various state boards of dentistry about the use of transmitted images. “In about half of the states it’s permissible for a practitioner licensed in another state to read them,” he notes. “In the other half of the states, it’s not. So one has to be careful about the specific rules and regulations in the individual states when it comes to reading images and giving opinions. The ADA did produce a technical report4 that suggested that if it’s virtual treatment, virtual interpretation should be possible. Certainly there are a lot of medical issues that need to be considered as we move towards long-distance treatment, not just diagnosis and opinions.”
“We’re at the make or break point now as we advocate for standards,” Price concludes. “The ADA holds the key and can come out in a forceful manner. We will all enjoy faster networking, more collaboration, and more accurate and reliable diagnoses for our patients. The future looks very bright as we transition into a more fully digital imaging world.”