Categories
DICOM GDPR

DICOM explained Part 2: GDPR, Security and Personal Information – The Challenges with DICOM Data

In part 1 of our DICOM explained-series, you already learned that imaging plays an important role in modern medicine and that the focus is on files in DICOM format. You got to know what is behind the abbreviation DICOM, how it is used in healthcare, how a DICOM file is structured and that the DICOM headers and tags contain a lot of personal data. In part 2 of our DICOM series, we will go into detail about the latter and explain what problems the data contained can cause when working with DICOMs in practice.

Of course, it has many advantages that DICOM images contain a lot of technical and personal data (you don’t remember exactly which ones? Then go back and take a look into part 1 of our DICOM explained-series here). However, this is also problematic at the same time: If DICOMs are sent unencrypted by mail on a CD, for example – as it is still regularly done today, e.g., as part of a study or to obtain a second opinion – they can be directly assigned to the patient; and this is, of course, not in compliance with data protection laws. Who would want their neighbor to find out unintentionally that they suffer from a certain illness? Especially since the General Data Protection Regulation (GDPR) came into force in May 2018, there are many discussions and unknowns that lead to uncertainty among clinicians and healthcare workers who work with medical images. There are many aspects to consider, but here we will focus on personal identifiable data in DICOM images and its technical aspects.

DICOM data: Anonymization vs. pseudonymization

In this context, there are two terms that are often misused when talking about privacy protection of medical images. “anonymization” and “pseudonymization.” Anonymization means that there is no way to retrieve or identify the patient if you only have the medical images. Often physicians or study nurses use this term when informing the patient that “all data will be completely anonymized,” for example, in the context of clinical trials or eligibility testing by outside medical experts. However, the recipient of the images, a core lab or central reader, in most cases needs to know the date of the exam and from which location the images were sent, as these identifiers are an essential parameter of the clinical trial or project. Often, the purpose of a clinical project is to obtain a second opinion on a treatment recommendation, meaning it is imperative to match the right patient to the right images and verify the outcome. In these cases, the data is absolutely not anonymous. 

Is that a problem? No. But first, you would have to obtain written consent from a well-informed patient, and second, you would have to make sure that the data processor provides a technical and organizational GDPR-compliant environment. And if data must be shared for such a purpose, one should pseudonymize the data sets as much as possible. Pseudonymization means that identifying information (name, date of birth, etc.) is removed or replaced, reducing the possibility of tracing it back to the patient.

Where can I find personal information in DICOM data?

When viewing medical images with a DICOM viewer, one does not necessarily see the personal information immediately. As described above, a patient’s personal data, but possibly also that of the operator, is part of the well-defined DICOM tags. Viewers can usually make these DICOM headers or metadata visible and even allow them to be edited.

Another source where personal data can be part of the DICOM data are the so-called “burned-in annotations”. The following example shows that the patient’s name and date of birth: As you can see the personal information Max Mustermann, born on 19 August 1938 – don’t worry, this is a fake person – is part of the pixel information and can only be removed with special tools, usually by drawing black boxes over the visible information.

Figure 1: Burned-in annotations in echocardiography

Also, DICOM studies often contain series which hold patient reports or dicomized letters with patient private information. These reports are normally in series marked with modalities like PR, SR or OT.

Depending on the needs of a clinical project, the user must be cautious and decide which information shall be shared or not. Finally, we want to mention, that the reconstruction or 3D rendering of images by an increasing special resolution, can lead to a patient identification. If for example CT or MRI slices of a head from a patient are rendered, the facial features can be reconstructed and allowing the identification of patients.

It’s our article’s objective to increase the awareness of healthcare professionals dealing with medical images and as such with personal patient information or often called Private Health Information (PHI). However, you might be glad to hear, that exchanging does not need to be complicated at all, for example with the use our dicomdrop- and decidemedical-tools.

You would like to learn about different ways to exchange DICOM files? Then stay with us: In part 3 of our DICOM explained-series, we will explain the different options available for DICOM-exchange and will tell you more about their pros and cons.

For more information on our ClinFlows-solutions, visit our website or get in touch via info(at)clinflows.com!

Categories
Clients decidemedical DICOM

Leading medical device maker chooses ClinFlows’ decidemedical application for complex European clinical trial

A leading medical technology company headquartered in the US, trusts in ClinFlows’ decidemedical solution for its upcoming EU Trial. Via the web-based platform, the complete patient screening process of the study including the subsequent 5-year follow-up phase will be organized and conducted: All medical images (DICOM) and documents will be handed in, reviewed, and evaluated in a GDPR-compliant manner via ClinFlows’ online service.

“We are excited to see this complex exchange of medical images and study documents, within such groundbreaking clinical trial, realized on our decidemedical platform, involving multiple prominent researchers in the cardiovascular space”, says Uwe Gladbach, founder and CEO of ClinFlows.

The online submission and review of required data allows fast turn around times between the study teams, when it comes to subject eligibility checks – also very beneficial for the patients to be treated in a timely manner.

ClinFlows’ decidemedical platform has registered users from 96 countries worldwide and is in use since more than 10 years.

Categories
decidemedical Products

decidemedical: Say Hello to Version 10!

#ClinFlows10Years: For us, our 10th anniversary is the best reason to shout out to version 10 of decidemedical and to make our popular platform even better. Find out, what’s new! 

Want to find out more? Visit our website or decidemedical.com.

Categories
anniversary Team

10 years of ClinFlows: “Business is done by, with and for people.” 

Interview with company founder Uwe Gladbach

In this interview on ClinFlows’ 10th anniversary, founder Uwe Gladbach provides insights into his very personal funding story and gives outlooks on the company’s future as well as the development of the industry.

When you look back ten years, why did you decide to found ClinFlows back then?

Well, it was actually more or less by chance. At the end of 2010, I had the opportunity to take over a software from a failed startup. Based on my many years of experience in various management positions in medical technology, I was convinced that this software would add a lot of value to the medical industry: remember that the internet was different back then and sending gigabytes around the globe was a huge deal. At the same time, after 20 years of being an employee, I felt that it would be great to start my own business and do “my own thing”. No sooner said than done, ClinFlows was founded together with Jeff our CTO .

Wasn’t it a big step for you to become self-employed?

Yes, it definitely was. But the anticipation of self-determination outweighed it. I found the idea exciting of taking responsibility for all the strategic decisions of my own business, setting the right priorities, and being confronted with the good and, of course, sometimes not so good results. In any case, I haven’t regretted my decision for a second so far and I think the fact that our products decidemedical and dicomdrop are now used in 94 countries and by the big players in the industry speaks for itself.

What is it like today: What do you like best about your work?

Well, one the one hand, it’s being in touch with the most innovative technologies in medicine, the progressiveness of our industry, developing state-of-the art technology that helps people. And on the other hand, it’s our global reach, connecting specialists worldwide for the benefit of the patient and the impact this has on the individual and their health.

What moment in the last ten years with ClinFlows stands out in your mind?

There are many special moments when you lead a company for 10 years. For me, the above-average team spirit and the high level of customer orientation in ClinFlows are of the utmost importance. One situation that has particularly stuck in my memory is therefore the following:

At the beginning of each year – when Covid-19 is not dominating the world – we typically spend a few days with the entire ClinFlows team at a winter sports resort – we call it the ClinFlows WinterCamp. There, we discuss strategies, do roundtable discussions, and hold internal meetings. And, of course, we also enjoy some nice ski days together. 

Years ago, there was this evening after skiing when the whole team was sitting in an Italian restaurant after a very sporty day, all pretty exhausted and tired and ready to spend a nice evening together. But then my phone rang and a customer from California was on the line, complaining that there was a problem, and she couldn’t retrieve some medical images from our platform, which she urgently needed because the patient needed surgery the same day, thus the case review was urgent. When I described the situation to my team, one immediately grabbed his tablet, the other trudged through the snow to get his laptop from the hotel. And then we all sat at the table in the restaurant, reviewed the situation and fixed the problem so the data could be reviewed and the patient operated. No one groaned, everyone was very focused and motivated. That was a very satisfying moment for all of us.

What was the most important lesson you learned in ten years of ClinFlows?

Clearly, “Business is done by, with and for people.” I think it’s quite important to keep reminding ourselves of this, because even though we are software providers and thus deal mainly with IT and artificial intelligence, the focus on people and health drives us. 

Let’s venture a look into the future: Where do you think your industry will develop in the next 10 years?

I am convinced that artificial intelligence will play an increasingly important role as well as personalized medicine to provide individual treatment plans and options. In the space of clinical trials it will be most interesting to see developments with regard to the concept around Human Digital Twins and its consequences to speed up innovation in medicine.  

Thank you, Uwe, for the open conversation!

Categories
Team

May we introduce? Our new team member Sam!

Our new colleague Samuel Mayer Watts has recently joined ClinFlows to support us at operations. In a short interview, he reveals how he came to ClinFlows and what he enjoys most in his private life.

How did you come to ClinFlows and why?

I found a job offer on the internet that included exactly the position I wanted to have. I thought it was serendipitous and the company description sounded great and innovative, so I did not hesitate to apply and hand in my CV.

What is part of your job at ClinFlows? What are the things you take care of on a daily basis?

As Project Manager Operations, I have the responsibility of running daily operations, which means that I am the first contact for our clients that among others are major medical device manufacturers. One of my most important tasks is to understand their needs when it comes to medical image (DICOM) transfers and to tailor our platform to their individual requirements. 

What did you do before joining ClinFlows’ team?

Before joining the ClinFlows team I had been working as an in-house Clinical Research Associate at a multinational Clinical Research Organization. There, I monitored sites to support them in making sure study protocol expectations were being met.

How were your first weeks at ClinFlows? 

My first weeks at ClinFlows went by really fast, I hit the ground running, and was taught all the particulars of the complex system. At the moment, I am still learning, but learning by doing, which in my opinion is the best way to do so. The team was very warm and welcoming. The only thing I did not like is that I wanted to get to know everything at once.

Your job in three words?

BEST.JOB.EVER! Just kidding… I’d say: Patients. Service. Images.

Work is only half of life. What do you like to do in your spare time?

I am the proud father of two girls, and I love to spend my time with them. Next to this, I regularly practice Win Tsun Kung Fu.

What things do you always carry with you?

Since 2020, well… a mask. But my everyday carry includes my phone, a multitool, a lighter, ear buds, and a lucky silver coin.

What food could you not live without?

Since I have been living in Germany since 2012, I miss all the food from Mexico where I grew up, especially Mexican street food. But of what is available I can’t live without having Sushi occasionally, or slow cooked ribs.

What can you laugh about?

Absolutely everything! But if you would like me to be more precise: a good pun, a quick-witted response, even jokes that come with word play I find funny. Also, I enjoy watching stand-up comedy very much!

Which moment was so beautiful that you would like to relive it?

Tough question, as there are many… If I had to choose one single moment it would be my wedding day. I had been in a long-distance relationship for over 10 years to my now wife. It was the culmination of love, dedication, patience, sacrifice, and commitment that truly taught me that with enough effort and against all odds I can achieve everything of what I truly want in life.

We are looking forward to working with Sam and wish him a lot of fun with us at ClinFlows!

Are you also looking for a new challenge? Then get in touch via info@clinflows.com

Categories
Case Study Clients decidemedical

Case study: How a leading TAVI manufacturer manages case reviews and eligibility checks to serve clients

When launching innovative medical treatments, reviewing cases, and doing eligibility checks is of vital importance. Implanting physicians, who are located all over the world, benefit from the expertise and the support of the clinical specialists of the medical device company when treating their patients. This case study shows how communication via our clinical software decidemedical can simplify the associated complex processes for everyone involved in an easy, efficient, and regulatory-compliant manner. Skilled people combined with smart tools result in safety and excellent benefits for the patients!

Client:

One of the worldwide leading TAVI (Trans Aortic Valve Implantation) manufacturers 

Challenge:

The heart valve manufacturer, which has a highly skilled support team in the Netherlands and California, offers GDPR-compliant, fast, and easy clinical decision sizing- and support-services to its physicians which are located all over the world. Clinical information and medical images (CTs, Echos, Angios) have to be exchanged in a GDPR compliant manner. 

Solution:

On its web-based platform decidemedical, ClinFlows sets up individualized workflows based on the client’s requirements. With secured access, participating sites, from all around the world, can upload clinical data and medical images such as echos, CT’s, and angios of their potential TAVI patients. Defined DICOM tags, included in the medical images are automatically anonymized resulting in a pseudonymized data set. As soon as physicians upload a new case, the TAVI-support team is notified. The team members can directly download the clinical data and medical images, process and analyse them and send their final report as well as recommendations to the treating physician via decidemedical. The physician, in turn, is notified by email that the case has been reviewed and can consider the expert’s measurements and recommendations when treating the patient.

Workflow in practice (based on decidemedical real audit trail data):

10:11am: In the morning, a physician from Czech Republic logs in to ClinFlows’ decidemedical platform via his web-browser. The physician creates a case, enters clinical information, and uploads CT data. The individual DICOM tags included in the CT images are automatically anonymized resulting in a pseudonymized, GDPR-compliant data set.

10:16am: Only five minutes later, the physician hits the submit button to send the filled case to the company’s expert team for review, who is notified via email.

10:41am: The expert located in the Netherlands logs in to ClinFlows decidemedical platform, downloads the CT data from the Czech Republic and starts the analysis and measurements.

12:25pm: Right before lunch, the expert finishes the task and uploads the analysis outcome, i.e., the detailed report containing measurements and screenshots to decidemedical. A notification is automatically sent to the physician straight away.

1:08pm: The Czech physician logs in to decidemedial and reviews the analysis report he uploaded less than 3 hours ago.

Result:

It took the physician just 5 minutes to upload a TAVI case to decidemedical including several hundreds of MegaByte of CT data – and he didn’t even need to install any software. Despite the local distance, after 2 hours and 14 minutes only, a detailed TAVI expert analysis report was made available to him via decidemedical – in an easy, safe and compliant way. This presents a great way to support physicians, leverage medical expertise and offer excellent client service.

How does your team organize case reviews, eligibility checks or similar tasks? What challenges do you face when doing so?

Discuss here or contact us at info(at)clinflows.com

Image: ijeab – de.freepik.com

Categories
Clients

ClinFlows’ software helps children with heart disease across the globe

Congenital cardiac malformations are the main cause of death among children. Worldwide, more than 6 million children suffer from heart diseases, while 80 percent of newborns affected by these malformations do not survive in developing countries. Bambini Cardiopatici nel Mondo, an Italian nonprofit organization (NGO), works hard to change this condition. Along with other groups, the NGO leads medical missions abroad to visit, treat and operate on children affected by congenital heart diseases. Furthermore, it provides training and education to physicians and health personnel. 

Our platform supports global communication about children’s clinical cases

Our donation allows the NGO to use our web-based decidemedical online platform at no cost, benefiting children across the world. This software allows the NGO to share clinical data and medical images among various stakeholders involved in the treatment of children in various countries.

By using the platform, hospitals can submit cases with clinical information and medical images online. As soon as cases are uploaded, the medical team at Bambini Cardiopatici nel Mondo is notified, allowing the team to review and download the provided case information. With this information, case eligibility and treatment options can be discussed and advice provided – all centralized, remotely and quickly.

“This collaborative initiative allows us to further improve our activities aimed at treating and increasing life expectancy for children with heart diseases. At the same time, it helps us to develop distance learning and the real-time exchange of experience and training between doctors and healthcare professionals in developing countries where our association operates,” said Prof. Alessandro Frigiola, president of Bambini Cardiopatici nel Mondo. “The online application also improves the safety, accuracy and timeliness of diagnosis and follow-up for children who need our evaluation.” In total, as part of the donation for the NGO, up to 100 sites can participate and discuss 600 cases annually.

A real matter of the heart for us at ClinFlows

We are very impressed by the work done by the organization and its health professionals to help children with heart diseases around the world. In my first job, I worked as a perfusionist in the operating room, where I observed many children being operated on by skilled and passionate heart surgeons. Therefore, it is a real honor to contribute to this group’s efforts through the donation of our online solution to ease the work of Prof. Frigiola and these hard-working teams. In the truest sense of the word: this is a real matter of the heart for us.

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open heart surgery back in the 90ties. In more than 25 years he gained experience in the medical device industry in various positions, covering clinical research, as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows, which offers e-solutions for clinical workflows.

Categories
GDPR

ECJ invalidates Privacy Shield – what does this mean for you and your company?

The European Court of Justice (ECJ) declared the Privacy Shield invalid in its ruling (C-311/18) on 16 July 2020. We have summarized here what this can mean for you and your company.

Data protection, the exchange of data and what has to be considered – I know that this is not a very funny or entertaining topic. Nevertheless, it is one of great importance, especially in the healthcare market. Why? 

Because in our healthcare market, doctors and industry personnel deal with patients’ personal data on a daily basis and transmit it online, whether for clinical studies, sending medical images (DICOM) to CoreLabs or to obtain a second opinion from medical experts for screening purposes or to check the suitability of a patient for a particular treatment – sometimes across several continents. And here comes the problem:

Following the rejection of the Safe Harbor Agreement in October 2015, the replacement Privacy Shield, which was a self-certifying mechanism for U.S. companies to comply with privacy requirements when transferring personal data from the EU to the United States, was declared invalid in July 2020.

European personal data not protected in the USA: U.S. government may use communications providers to monitor foreign individuals

The reason: the ECJ found that the US surveillance programmes allow the US authorities to carry out large-scale surveillance activities that do not comply with the principles of European standards, in particular with regards to necessity and proportionality. An example of this is the hotly debated Section 702 of the FISA (Foreign Intelligence Surveillance Act), a key provision of the FISA Amendments Act of 2008, which allows the U.S. government, with the help of electronic communications service providers to conduct targeted surveillance of foreign persons located outside the United States in order to obtain foreign information.

Furthermore, the mechanism of the so-called “ombudsperson” embedded in the Privacy Shield does not actually offer a realistic possibility for the persons concerned to bring their legal dispute before an independent court, as provided for in the Charter of Fundamental Rights of the European Union.

The problematic situation was clearly expressed by Mr. Schrems, the founder of the NOYB-European Center for Digital Rights, who stated during a hearing before the EU Commission on September 3: “(…)we have a fundamental clash of laws. We have in the European Union, the Charter of Human Fundamental Rights and in the US, FISA (…) there is a legal clash (…) having two different obligations on the legislative level, in the US to have surveillance and in the EU the obligation to privacy (…)“.

Why could this be a problem for European companies?

Well, the answer is simple: If you and your company rely on service providers for the exchange of European patient data, then you need to check: 

1. where are the data hosted – US or EU?

2. where is the company located processing your data?

If you host your patient data on US servers, or utilize services from a data processor which has its headquarters located in the USA your data is at risk to be surveilled.

The question now is what the European data protection authorities will do about it. It must be remembered that the European Court of Justice’s ruling obliges the authorities to act as the ruling is binding. Their measures are under discussion and must be awaited.

So we are not only dealing with a complex legal situation that makes it difficult for the industry to operate and make clear decisions, but also with questions such as: Are the standard contractual clauses sufficient or should supplementary measures be taken? At present, we also do not know what the consequences of the measures to be taken by the data protection authorities will be.

Will data from your EU patients be transferred to the USA?

I am often surprised when I speak to senior clinical or business managers in the healthcare industry who have to manage the transfer of personal data of patients, such as medical images as part of clinical monitoring or study projects. Often, they have little knowledge of the current discussions regarding data transfer between the EU and the US – often they don’t even know in which country their project data is hosted. Also, the term “anonymized” data is often used incorrectly, because in fact, data is usually only pseudonymized, which has completely different legal consequences than anonymization.

I can clearly recommend any manager who manages the transfer of personal patient data: Make every effort to understand where the relevant data is hosted and whether it is hosted by a U.S. or EU entity that handles the data, so that you can assess how much of a risk the U.S. authorities are monitoring. 

The solution: Hosting European patient data on European servers using European providers

It is clear that it will be almost impossible to prevent the US authorities from monitoring EU-US data transfers and that it will take years, if ever possible, to resolve these issues legally.

Therefore, for the security of the privacy of our patients in Europe in the context described above, it is strongly recommended to ensure that the data is hosted in Europe by a European company as data processor – only then will the US authorities not have access to the data.

And guess what, yes, that is exactly what we offer at ClinFlows: ClinFlows only uses dedicated servers located in Europe to process data – because the security of the patient data we process is our top priority.

And we promise you: We will continue to monitor the recommendations of data protection authorities to ensure that appropriate mechanisms are implemented and that our services remain secure for all parties involved.

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open heart surgery back in the 90ties. In more than 25 years he gained experience in the medical device industry in various positions, covering clinical research, as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows, which offers e-solutions for clinical workflows.

Categories
General

Welcome to the Clinflows Blog!

In this blog, we will share with you information about what we love to do the most: e-solutions for clinical workflows.

We are eager to share with you ideas on how to more efficiently manage your clinical projects and the exchange of clinical data and medical images. Most importantly, how to do so while being regulatory compliant and respecting data privacy rules so that all stakeholders can act easier and faster, and so patients will get the best treatment available as soon as possible.

Here’s what you can look forward to when reading the ClinFlows blog:

  • We’ll share with you information and best practice examples about the latest developments in e-solutions for clinical projects, research, and trials that require clinical decision support. This will include specific cases, success stories, before and after articles, and other highlights from the world of ClinFlows.
  • We’ll let you know what industry experts, manufacturers, and physicians think about the digitalization of healthcare and how they integrate e-solutions into their clinical projects.
  • We’ll provide background knowledge on online patient eligibility checks, screening workflows, and medical proctoring activities as well as on how e-solutions can help when monitoring new product cases, supporting product launches, or creating awareness for new treatment modalities.
  • We’ll introduce you to the people who make ClinFlows what it is.
  • We’ll share valuable expert knowledge on IT topics relating to e-solutions for clinical workflows.
  • We’ll answer your questions about digital solutions for the medical market and associated challenges such as data privacy aspects.

Some thoughts on our future articles

We promise to do everything we can to keep our blog interesting and diverse and to provide added value. We are passionate about our mission of enabling stakeholders of clinical research and trials to fulfill their work as efficiently and easily as possible by sharing clinical data and medical images (DICOM) online while meeting data regulation requirements. We greatly look forward to sharing our expertise. However, please note that all opinions and views expressed in our blog posts are personal perspectives.

If you have any comments, questions or wishes, please do not hesitate to contact us at any time – we will be very happy to come back to you at short notice.

And lastly, thank you for reading and visiting our blog. We are thrilled to have you here!

Stay tuned!

The ClinFlows Blog Team