Categories
DICOM GDPR

DICOM explained Part 2: GDPR, Security and Personal Information – The Challenges with DICOM Data

In part 1 of our DICOM explained-series, you already learned that imaging plays an important role in modern medicine and that the focus is on files in DICOM format. You got to know what is behind the abbreviation DICOM, how it is used in healthcare, how a DICOM file is structured and that the DICOM headers and tags contain a lot of personal data. In part 2 of our DICOM series, we will go into detail about the latter and explain what problems the data contained can cause when working with DICOMs in practice.

Of course, it has many advantages that DICOM images contain a lot of technical and personal data (you don’t remember exactly which ones? Then go back and take a look into part 1 of our DICOM explained-series here). However, this is also problematic at the same time: If DICOMs are sent unencrypted by mail on a CD, for example – as it is still regularly done today, e.g., as part of a study or to obtain a second opinion – they can be directly assigned to the patient; and this is, of course, not in compliance with data protection laws. Who would want their neighbor to find out unintentionally that they suffer from a certain illness? Especially since the General Data Protection Regulation (GDPR) came into force in May 2018, there are many discussions and unknowns that lead to uncertainty among clinicians and healthcare workers who work with medical images. There are many aspects to consider, but here we will focus on personal identifiable data in DICOM images and its technical aspects.

DICOM data: Anonymization vs. pseudonymization

In this context, there are two terms that are often misused when talking about privacy protection of medical images. “anonymization” and “pseudonymization.” Anonymization means that there is no way to retrieve or identify the patient if you only have the medical images. Often physicians or study nurses use this term when informing the patient that “all data will be completely anonymized,” for example, in the context of clinical trials or eligibility testing by outside medical experts. However, the recipient of the images, a core lab or central reader, in most cases needs to know the date of the exam and from which location the images were sent, as these identifiers are an essential parameter of the clinical trial or project. Often, the purpose of a clinical project is to obtain a second opinion on a treatment recommendation, meaning it is imperative to match the right patient to the right images and verify the outcome. In these cases, the data is absolutely not anonymous. 

Is that a problem? No. But first, you would have to obtain written consent from a well-informed patient, and second, you would have to make sure that the data processor provides a technical and organizational GDPR-compliant environment. And if data must be shared for such a purpose, one should pseudonymize the data sets as much as possible. Pseudonymization means that identifying information (name, date of birth, etc.) is removed or replaced, reducing the possibility of tracing it back to the patient.

Where can I find personal information in DICOM data?

When viewing medical images with a DICOM viewer, one does not necessarily see the personal information immediately. As described above, a patient’s personal data, but possibly also that of the operator, is part of the well-defined DICOM tags. Viewers can usually make these DICOM headers or metadata visible and even allow them to be edited.

Another source where personal data can be part of the DICOM data are the so-called “burned-in annotations”. The following example shows that the patient’s name and date of birth: As you can see the personal information Max Mustermann, born on 19 August 1938 – don’t worry, this is a fake person – is part of the pixel information and can only be removed with special tools, usually by drawing black boxes over the visible information.

Figure 1: Burned-in annotations in echocardiography

Also, DICOM studies often contain series which hold patient reports or dicomized letters with patient private information. These reports are normally in series marked with modalities like PR, SR or OT.

Depending on the needs of a clinical project, the user must be cautious and decide which information shall be shared or not. Finally, we want to mention, that the reconstruction or 3D rendering of images by an increasing special resolution, can lead to a patient identification. If for example CT or MRI slices of a head from a patient are rendered, the facial features can be reconstructed and allowing the identification of patients.

It’s our article’s objective to increase the awareness of healthcare professionals dealing with medical images and as such with personal patient information or often called Private Health Information (PHI). However, you might be glad to hear, that exchanging does not need to be complicated at all, for example with the use our dicomdrop- and decidemedical-tools.

You would like to learn about different ways to exchange DICOM files? Then stay with us: In part 3 of our DICOM explained-series, we will explain the different options available for DICOM-exchange and will tell you more about their pros and cons.

For more information on our ClinFlows-solutions, visit our website or get in touch via info(at)clinflows.com!

Categories
Non classé

“80 percent of success lies in preparation”

I am convinced that “80 percent of success lies in preparation” when it comes to the role of medical images (DICOM) in the development of medical devices.

In my guest article for the German trade journal MED engineering (please find the current issue here), I tell you why I see it that way.

You can download the article here:


Thanks, MED engineering for featuring us!

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open heart surgery back in the 90ties. In more than 25 years he gained experience in the medical device industry in various positions, covering clinical research, as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows, which offers e-solutions for clinical workflows.

Categories
GDPR

ECJ invalidates Privacy Shield – what does this mean for you and your company?

The European Court of Justice (ECJ) declared the Privacy Shield invalid in its ruling (C-311/18) on 16 July 2020. We have summarized here what this can mean for you and your company.

Data protection, the exchange of data and what has to be considered – I know that this is not a very funny or entertaining topic. Nevertheless, it is one of great importance, especially in the healthcare market. Why? 

Because in our healthcare market, doctors and industry personnel deal with patients’ personal data on a daily basis and transmit it online, whether for clinical studies, sending medical images (DICOM) to CoreLabs or to obtain a second opinion from medical experts for screening purposes or to check the suitability of a patient for a particular treatment – sometimes across several continents. And here comes the problem:

Following the rejection of the Safe Harbor Agreement in October 2015, the replacement Privacy Shield, which was a self-certifying mechanism for U.S. companies to comply with privacy requirements when transferring personal data from the EU to the United States, was declared invalid in July 2020.

European personal data not protected in the USA: U.S. government may use communications providers to monitor foreign individuals

The reason: the ECJ found that the US surveillance programmes allow the US authorities to carry out large-scale surveillance activities that do not comply with the principles of European standards, in particular with regards to necessity and proportionality. An example of this is the hotly debated Section 702 of the FISA (Foreign Intelligence Surveillance Act), a key provision of the FISA Amendments Act of 2008, which allows the U.S. government, with the help of electronic communications service providers to conduct targeted surveillance of foreign persons located outside the United States in order to obtain foreign information.

Furthermore, the mechanism of the so-called “ombudsperson” embedded in the Privacy Shield does not actually offer a realistic possibility for the persons concerned to bring their legal dispute before an independent court, as provided for in the Charter of Fundamental Rights of the European Union.

The problematic situation was clearly expressed by Mr. Schrems, the founder of the NOYB-European Center for Digital Rights, who stated during a hearing before the EU Commission on September 3: “(…)we have a fundamental clash of laws. We have in the European Union, the Charter of Human Fundamental Rights and in the US, FISA (…) there is a legal clash (…) having two different obligations on the legislative level, in the US to have surveillance and in the EU the obligation to privacy (…)“.

Why could this be a problem for European companies?

Well, the answer is simple: If you and your company rely on service providers for the exchange of European patient data, then you need to check: 

1. where are the data hosted – US or EU?

2. where is the company located processing your data?

If you host your patient data on US servers, or utilize services from a data processor which has its headquarters located in the USA your data is at risk to be surveilled.

The question now is what the European data protection authorities will do about it. It must be remembered that the European Court of Justice’s ruling obliges the authorities to act as the ruling is binding. Their measures are under discussion and must be awaited.

So we are not only dealing with a complex legal situation that makes it difficult for the industry to operate and make clear decisions, but also with questions such as: Are the standard contractual clauses sufficient or should supplementary measures be taken? At present, we also do not know what the consequences of the measures to be taken by the data protection authorities will be.

Will data from your EU patients be transferred to the USA?

I am often surprised when I speak to senior clinical or business managers in the healthcare industry who have to manage the transfer of personal data of patients, such as medical images as part of clinical monitoring or study projects. Often, they have little knowledge of the current discussions regarding data transfer between the EU and the US – often they don’t even know in which country their project data is hosted. Also, the term “anonymized” data is often used incorrectly, because in fact, data is usually only pseudonymized, which has completely different legal consequences than anonymization.

I can clearly recommend any manager who manages the transfer of personal patient data: Make every effort to understand where the relevant data is hosted and whether it is hosted by a U.S. or EU entity that handles the data, so that you can assess how much of a risk the U.S. authorities are monitoring. 

The solution: Hosting European patient data on European servers using European providers

It is clear that it will be almost impossible to prevent the US authorities from monitoring EU-US data transfers and that it will take years, if ever possible, to resolve these issues legally.

Therefore, for the security of the privacy of our patients in Europe in the context described above, it is strongly recommended to ensure that the data is hosted in Europe by a European company as data processor – only then will the US authorities not have access to the data.

And guess what, yes, that is exactly what we offer at ClinFlows: ClinFlows only uses dedicated servers located in Europe to process data – because the security of the patient data we process is our top priority.

And we promise you: We will continue to monitor the recommendations of data protection authorities to ensure that appropriate mechanisms are implemented and that our services remain secure for all parties involved.

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open heart surgery back in the 90ties. In more than 25 years he gained experience in the medical device industry in various positions, covering clinical research, as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows, which offers e-solutions for clinical workflows.

Categories
Online Proctoring

When patient selection is key

How a leading global device company successfully uses digital review processes to launch a new TMVI system

In our first blog post, Uwe Gladbach, a biomedical engineer and Head of ClinFlows, gives us an introduction to how digital review processes can help companies from the medical sector in the area of structural heart disease. Specifically, how this can be used to launch new treatments and medical devices cross-locationally and saving time while meeting GDPR requirements. In this article, he discusses the challenges that stakeholders face when launching a new transcatheter mitral valve implantation (TMVI) system in cross-locational settings. He explains how these complex processes can be realized by using customized web-based solutions. He gives a practical step-by-step example on a digital review process and stimulates some thoughts on data privacy aspects.

How to leverage the precious medical expertise gained during clinical studies

When developing breakthrough treatment modalities for the clinical market, conducting clinical studies and trials represents an essential aspect of the process. During the different study phases, increasing numbers of patients are enrolled, and the number of participating sites increases. But still, the expertise, handling a new device by implanting physicians, is only carefully built and remains limited to the participating physicians. Furthermore, it typically starts with more straightforward cases before more anatomically or clinically complex cases are approached. Hospitals that have not participated in the early clinical trials have to build their expertise once the product is launched to the market and need to become trained to be able to handle a new device correctly and treat patients successfully. Especially in TMVI, it is crucial to select the right patients, as well as selecting the correct size for the implanted valve. Medical companies undertake enormous efforts during the product launch to support physicians to build up their skills regarding patient selection, the treatment procedure, and the handling of new devices. One of the challenges they face during these processes is that they need to continuously communicate with physicians and hospitals across the globe as well as to review patient data and DICOM images to give advice.

Extensive experience of clinical specialists and proctors plays a vital role in the success of a product launch

Now you may ask yourself, why is it so important for experts of medical companies to review all the data and images and give advice to hospitals and physicians when launching new treatments or products? Well, the answer is simple; because of their extensive and precious expertise and knowledge that is indispensable for a successful product launch, for the training of everyone involved, and, in the end, for the successful treatment of the patient.

Let me give you an example:

During last year’s PCR congress in Paris, I was talking to a clinical imaging analyst from one of the major clinical device companies who is very valued by his colleagues. During his professional career, he has been present during uncountable procedures and has contributed to a great number of successful launches and introductions of new treatments like TAVI or recent TMVR interventions. Now, on a daily basis, he reviews and measures TAVI/TMVR cases from countries all over the world and gives advice to physicians and hospitals. When being asked how many cases he had already reviewed so far, he replied: “Probably more than 10,000.” This extensive experience definitely makes him an expert in this field and enables him to give advice that many stakeholders, and patients can benefit from. We are proud that he is a seasoned user of our decidemedical platform.

From CD/DVD courier shipments to safe and efficient online processes

About ten years ago, I had a discussion with a Clinical Director from the TAVI industry, who had the task of building and organizing an infrastructure to manage the review of about 3,000 TAVI cases on an annual basis in Europe. With his team, he started reviewing CDs/DVDs of Echocardiographs, Angios, and CT images that he had received via courier shipments – you remember those plastic bag envelopes? Documenting the receipt and status of review in Excel sheets – you can imagine how time-consuming that was.

I remember thinking that there needs to be an easier way to exchange clinical data and medical images, so that sites receive a reply from medical experts more quickly and safely. So we came up with ClinFlows and started to provide our online service allowing sites to upload their medical DICOM images, (which can sometimes be volumes of several gigabytes) online via our platform decidemedical. Since then, the digital workflow and platform capabilities have evolved as browser technology has continuously progressed, offering new features and programming possibilities.

Today, our solutions enable all stakeholders of clinical projects and studies to easily exchange pseudonymized clinical data, evaluate and review them, and to communicate with each other. Thus, they can finally benefit from remote expertise and launch new products and treatment options much quicker and easier than they used to in the past.

In practice: Step-by-step-example of a digital review process of the product launch of a new TMVI system

But how does this work? Let’s make this more practical.

In a project for a global leading medical device company that recently started to launch a new transcatheter mitral valve implantation (TMVI) system, we realized a customized workflow on our platform DecideMedical, which is used by hospitals in 87 countries worldwide. The task was to set up a workflow that allows review of several thousand cases per year while being in line with GDPR. As well as involving the industry partner with its administrative team, the Field Clinical Specialist (FCS), external medical proctors (physicians) and the sites uploading their clinical cases. Now, the working process is as follows:

  1. Site creates an account. The administrative team sends an access code to the site, allowing the heart team at the hospital to create an account on decidemedical and to create and submit cases to the project.
  2. Enter the clinical data. The site enters clinical data and uploads echocardiographs in DICOM format and submits the case to the expert team (FCS) of the medical device company. DICOM headers are automatically de-identified during upload. The experts are automatically notified by email when a new case is submitted.
  3. Review the data. The FCS responsible reviews the data (preview or download) and informs the site if the case is or is not eligible for TMVI and asks the site to continue with providing CT imaging. When the site adds the multiphase CT imaging, the expert is notified and downloads the CTs from DecideMedical and runs an analysis on a specialized image analyzing software, like 3Mensio (Esaote).
  4. Get the expertise of a medical proctor. Optionally, the FCS can push the case to one of their medical proctors to receive his or her opinion assisting in the review process. The proctor is notified automatically by DecideMedical when a case is available for review, and the proctor can respond to the FCS within DecideMedical.
  5. Receive a final judgement. Based on the review outcome, the FCS sends the final reply and judgment about the patient’s eligibility for the treatment back to the site, which is notified about the availability of the review by email.

Thanks to web-solutions the patient is ready for treatment within hours

This review process can be carried out – depending on the party’s availability – in just hours. Hence, the patient can probably be treated the same or next day. The hospital can now proceed with the intervention, considering the opinion of the reviewer. Of course, at all times, the treating physician remains responsible.

Embedded discussion tools enhance the communication between the parties and store all case information centrally and safely.

We are convinced the time is over for sending CDs via couriers or having field force personnel from the industry picking up CDs at the hospital by car. We know it still happens… it’s like picking up paper letters by hand instead of using email. Obviously, this is very inefficient and not regulatory-compliant at all.

Watch out and protect patient privacy in line with GDPR

Talking of which, since May 2018, the General Data Protection Regulation (GDPR) has been in force, especially protecting the privacy of EU patients.

GDPR is worth a separate article and will be covered on this blog in more detail in the near future. However, I would like to give you some food for thought about dealing with patient data.

  • Are you aware of the fact that you are not allowed to forward patient data to anyone if the patient has not provided and signed their informed consent? And do you know which information the consent form must contain?
  • Do you know the difference between the “anonymization” and “pseudonymization” of data and the consequences with regard to GDPR?
  • Do you know about DICOM headers and its difference to burned in annotations on DICOM data?
  • Do you know in which country your patient data is stored and that the USA is a third-party country with regard to data storage according to GDPR, leading to certain requirements?

Yes, we know, these regulatory questions can be quite confusing and demanding, but please be cautious about them. Physicians, medical experts, as well as the different stakeholders of the medical device industry dealing with sensitive health data, must understand their role and be aware of their legal responsibilities and consequences.

Exchanging sensitive data within seconds can be done – while meeting GDPR requirements

We love the field of new treatment options with its tremendous drive for innovation, with wonderful, passionate people and a mature clinical study culture. And we work ambitiously to make the development of new, innovative, and helpful treatments as easy and fast as possible.

That’s why our online tools allow us to configure the required and individual workflows needed for the various clinical projects and to work in compliance with the GDPR. ClinFlows, as a data processor, provides the certified IT infrastructure, is ISO 9001 certified, and has been successfully audited by numerous companies.

We are excited and grateful that due to these reasons, our services are used all over the globe and connect the clinical community for the patient’s benefit.

And to conclude this article, I would like to promise you one thing. We will keep on doing what we love the most. That is supporting the launch of new treatment modalities and breakthrough technologies, by making the workflow of clinical studies and proctoring projects in multiple market segments, easier, faster, and regulatory-compliant.

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open-heart surgery back in the 90s. Over more than 25 years, he gained experience in the medical device industry in various positions, covering clinical research as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows.