September 2011

Making Images More Accessible to Researchers
By David Yeager
Radiology Today
Vol. 12 No. 9 P. 6

Medical images are often used to provide evidence of treatment response for new drugs or therapies, but it can be a headache for medical researchers to access those images. Although research is a vital source of medical knowledge, helping researchers do their work efficiently is not always on the radar at academic institutions.

“What we found is that it was increasingly unwieldy not only to be able to be compliant with HIPAA but also just the general hassle,” says Paul J. Chang, MD, FSIIM, a professor of radiology and the vice chair of radiology informatics at the University of Chicago Medical Center. “How do you get images from a PACS? PACS systems were designed to support clinical workflow.”

Chang says although institutions have well-developed infrastructures to support clinical workflow, researchers rarely receive the same type of assistance. Most researchers have no idea how to anonymize the DICOM elements in medical images, send those images to a third party, or securely store them on a flash drive or laptop. Yet performing those tasks in a way that meets HIPAA and institutional review board (IRB) requirements is essential.

HIPAA and IRB concerns can turn a basic research project into a maze of permissions and regulations, but many institutions provide little guidance on how to proceed.

However, failure to comply with these rules can have disastrous consequences. For example, in 2007 at the University of North Carolina, hackers accessed a server containing the personal information of 180,000 mammography patients—including 114,000 Social Security numbers—that was part of the National Institutes of Health Carolina Mammography Registry. When the breach was discovered in 2009, the primary investigator was demoted and her pay cut in half.

Show, Don’t Tell
Chang says the University of North Carolina incident should serve as a wake-up call to investigators and institutions alike. Most researchers are not versed in the nuances of HIPAA and IRBs, and it’s not enough to simply outline the dos and don’ts of privacy and security. Researchers need to be taught how to comply with the rules and use the tools available to them.

“Just because the IRB at your institution says yes—your research protocol is accepted, you are allowed to be exposed to personal health information—that only addresses the patient privacy aspect,” says Chang. “It doesn’t protect you from breaches [or] from a security lapse. And that’s a fundamental misconception that people have.”

To help address these issues and make images more accessible, the University of Chicago’s department of radiology and Imaging Research Institute developed the Human Imaging Research Office (HIRO). While HIRO automatically anonymizes medical images, replacing personal health information with an investigator’s research ID, that’s only part of its mission. HIRO also provides a helpful human interaction to walk researchers through the technicalities of handling the images. Chang says some researchers have called just to learn how to get an IRB approved.

Such training is frequently lacking at medical institutions. While many institutions are willing to devote resources and IT staff to ensure safe, efficient clinical workflow, researchers are often left on their own. Chang believes research workflow, although different from clinical workflow, can benefit from a similar institutional investment.
“I’m not expected to solve my PACS problem myself; my institution does that for me,” Chang says. “Researchers should not be expected to deal with all these issues with respect to security and privacy and research workflow alone. The institution should provide similar infrastructure and services. HIRO is more than just software we’ve written; it’s a group of dedicated people who will hold you by the hand and, gently and in a friendly way, help you navigate through the complexities of modern-day research.”

43 Million Images
This service-oriented approach has been well received at the University of Chicago. Most of the clinicians who use HIRO come from outside the radiology department, particularly physicians who are researching cancer drugs, and Chang says they have been appreciative of the HIRO staff’s efforts. To date, the service has fulfilled more than 1,130 clinical image requests, delivering more than 43.2 million images and associated reports. It is currently assisting with the imaging for more than 139 active research protocols.

Chang believes an investment in research workflow is money well spent. In addition to reducing the likelihood of a data breach, an efficient research workflow infrastructure can be a selling point. Companies that do a significant amount of research in pharmacology and therapeutic treatments are more apt to give research money to institutions that have an infrastructure in place. And providing this type of support to medical investigators allows them to focus on their strength—their research—rather than on clerical and regulatory issues.

“If you’re an academic institution doing research, you need to leverage the same kinds of electronic-based orchestration that we’ve used successfully in the reading room for clinical service, and we need to apply the same thing for research,” says Chang. “[A data breach is] usually not solely the investigator’s fault; the institution must share the blame.”

— David Yeager is a freelance writer and editor based in Royersford, Pa., and a frequent contributor to Radiology Today.