[On whether Kirk should assume command from Spock]
Spock: If I may be so bold, it was a mistake for you to accept promotion. Commanding a starship is your first, best destiny; anything else is a waste of material.
Kirk: I would not presume to debate you.
Spock: That is wise. Were I to invoke logic, however, logic clearly dictates that the needs of the many outweigh the needs of the few.
Kirk: Or the one.
Spock: You are my superior officer. You are also my friend. I have been and always shall be yours.
from: www.imdb.com
I peek in at a number of websites and groups on Google and Yahoo to glean PACS material for this blog as well as my own edification. Recently, I stumbled upon a conversation that really got me going, as it illustrates the audacity of dopes, in this case some IT arrogance and paranoia that certainly goes above and beyond. I'm not going to link to it, so just read the following and laugh, or weep, as the mood strikes you.
We open with a simple question:
Up to recently most users were able to autoplay an outside CD in order to view the PACS images. Something changed (could be IT-Dept’s group policy) and now nobody’s CD drive auto-plays. Does anyone know the steps on a PC to enable the Autoplay feature in the Windows permissions/policy? Would Corporate Group Policy over-ride the local PC policy once the PC re-booted or logged off?Many posters tried to answer the question objectively, as we see here:
Re: CD's do not autoplayBut then, Mr. Stonn, with a significant dose of paranoia (or maybe a bit of Socialism?) intrudes on the discussion:
Most cases, the auto-play has been disabled.
http://support.microsoft.com/kb/971029
Assuming you have desktop administrative privileges, hiding a workstation in another OU and adjust the GPedit to make it automatically run outside CD's (even USB drives) is still endangering your corporate network as it could easily be bringing in a Trojan or other mal-ware on it. You may think there is nothing on it but I know for sure that there can and will be. The infection is silent to those inserting the CD but it lights up the control panels in the back end and infects other workstations everywhere in a very short time requiring scores of hours eradicating it from where it spread. It can also disable many workstations it hits and the lost productivity time for your other care providing colleagues is incalculable.Wow. This IT giant does actually make sense with the last paragraph, and actually shows some vague realization of the scope of the situation. Unfortunately, the preceding prose makes it clear that his priorities are completely those of the network and the IT department, with zero regard to the needs of the individual patient. I guess they should all be assimilated into the collective, eh?
If it were to infect an unprotected computer in a nuclear medicine camera gantry, it could lead to crushing and killing a patient, so you should think long and hard before you boldly insert any outside data into your workstation. Hope is not a security strategy and trust is not a control. Everyone is responsible for protecting your own network. As Spock would have told you himself: "The Needs of the many outweigh the needs (desires really) of the comparison images of the single patient. Work closely with your IT department, there are solutions that bring a balance between flexibility and security. Don't substitute deliberate ignorance for thoughtful planning.
We specifically push a GP disabling the auto-run feature as most CDs that come in are unknown and recently one had a Trojan virus on it. We have recently upgraded the enterprise to the new Symantec Endpoint protection software that when the local auto-run policy is re-enabled - will scan the CD first before running it which is much more secure and yet flexible model. Works for film rooms and OR's but does require some custom tailoring with the administrator running the Symantec systems. That would be the thoughtful planning phase.
Fortunately, someone with a good dose of common sense (who happens to be a friend of mine, too!) stepped in:
While I sympathize with the need to protect the network, (and yes other patient's records which are backed up somewhere as well)...I have never bought into Spock's (Dr. or Mr.) socialist musings that sanctions mob rule to override the needs of individuals. Ah, nothing like some more sci-fi metaphors to address an issue. Why should some ficitional character's philosophy be brought to bear on this issue as though there was no question that they would be correct? Why should anyone give a damn what Spock would think?Well said.
Perhaps if that "single patient" were the writer himself, or a member of their family, and the comparison images were of utmost importance in the diagnosis, they might think a bit differently. Never dismiss the needs of a single patient! Perhaps stepping out of the sci-fi world and into the real, medical one for a period of time, would be helpful for some.
Thoughtful planning and communication does indeed negate the need to endanger any lives. It is a shame that in order to save the life of one patient, a physician or resourceful pacs admin might have to thwart and possibly endanger a network. Gasp!
Now, Mr. Stonn had this to say in response:
Lighten up and get a grip. We are all entitled to our opinions. I respect yours also. Clearly you don't know your Star Trek and don't know what viruses and malware can do to a network. I would also pose that you probably don't know how the modalities physically and electrically work and what safeties are in play to prohibit them from over radiating or killing the patient. As an example, have you ever seen where a Nuc Med gantry crushed and killed a patient? I have. Was it due to a network virus or technologist neglect?, that is unknown. Hmmm, how do you call that really? Destroy a person's career or blame it on a virus. If it was caused by the gantry computer losing software control due to a virus that some patent care flag-waving rationalizer failed to engage proper outside image ingest protection procedures, then how do you feel when this give a damn about the network attitude wins over and you bypass the needs of other patients safety for that one single patient? Put you own family member under the gantry as you load an un-scanned outside CD. Again, just because you can't see it infect doesn't mean it is not happening, you will never know. It like shooting bullet straight up into the air while in a crowd, maybe it will come down without hitting someone and killing them, maybe it won't. That's hope. Not a good plan.This is how he respects other opinions? Yeah, right. THIS is why I have harped on the necessity of Radiology control or co-control of PACS. Medicine is a business unlike any other, and the lives of individuals are at stake here. We CANNOT cavalierly dismiss the needs of the individual patient. As a radiologist, I can state unequivocally that having a prior exam that might be encased on a CD-ROM is critical, and yes, it IS worth risking a virus infestation to have that data. Really. And just two nights ago, I read a trauma CT series including scans of the head, c-spine, t-spine, l-spine, chest, abdomen, and pelvis. The resident looking over my shoulder casually remarked that the patient had undergone the exact CT series three hours before. Why were we rescanning? Because the outside hospital "didn't send a disk." So we have just double-irradiated the patient for someone's omission. Mr. Stonn would approve, as long as his precious network wasn't compromised. Here's the balance: someone's LIFE vs. damage to the network and inconvenience to some IT folks. This one isn't even close.
Sci fi references make us all take a step back and try to look at things from another and different even perhaps comical perspective. References to Spock were taken from one of the full length Star Trek Movies where Mr. Spock (not Dr. Spock) sacrificed his life in order to save the entire crew of the ship. I will omit the details but summarize this by saying that the philosophy in play was "The needs of the one outweigh the needs of the many." Based on what you have said, in reality, you are actually sanctioning using this philosophy you recently professed against by allowing viruses (always potentially) brought in by a CD, into a network. You seem to say is "okay" to blindly get ingested what are essentially just comparison images in front of the next care provider. Put it into perspective. Can anyone really demonstrate where a CD not ingested into PACS will "save the life" of any patient? Come on. Doctors, Nurses and other providers save lives. Images that "save lives" start in the ER/ED and those go into PACS immediately after scanning. Patient care flags need to be carried with respect on both sides of the fence.
The solution that satisfies both "needs" is to ensure that whatever you plug into a hospital/clinic workstation is scanned for virus and malware as it is being inserted. Free software is not the solution, you get what you pay for and nobody will support free software in any organization (except efilm). Just encourage your IT group to invest into the software.
And by the way, friends, I have spent hours searching through the web for any tale of a "nuclear medicine" camera that went haywire and crushed a patient BECAUSE of a computer virus. I've dug into the FDA complaint list, and Googled till the cows came home. Nothing. Nada. This was either an out-and-out lie, an exaggeration, or maybe the poster was simply delusional or just quite gullible. This incident never happened. It can't happen with a modern machine. Maybe, possibly, some pervert could write a STUXNET-like virus designed specifically to disable a gamma camera, but come on.
The utter arrogance is galling. The sad fact is, Mr. Stonn's solution is really ideal, security software that preempts a virus before it can be admitted (or "ingested") into the network. We can all agree that this is a great solution, favorable to all involved. Why couldn't Mr. Stonn acknowledge the necessity of receiving outside information rather than dissing the concept before presenting his answer? I expect he has been indoctrinated by the usual IT attitude that their precious computers and networks would be ever so much better off without being polluted by grimy non-IT types. Sorry, pal. We all work for the patients, and in the great scheme of things, YOUR job is to help me do MY job, not stand in my way. If you worked for me, you wouldn't work for me long.
And besides...
Captain Spock: My father says that you have been my friend. You came back for me.Sometimes, saving the individual saves the entire Enterprise, yes?
Kirk: You would have done the same for me.
Captain Spock: Why would you do this?
Kirk: Because the needs of the one... outweigh the needs of the many.
Captain Spock: [pacing] I have been and ever shall be your friend.
Kirk: Yes. Yes, Spock.
Captain Spock: Ship, out of danger?
Kirk: You saved the ship. You saved us all. Don't you remember?
Captain Spock: Jim. Your name is Jim.
Kirk: Yes.
6 comments :
What if that CD you loaded for that one patient had a virus that caused the PACS to go down subsequently causing harm to other patients who could be in the same medical situation?
Sorry, you're wrong on this. What you need is a process to be able to safely load these CDs, not a John Wayne attitude where you think you know better, because you don't.
sorry Dr. Dalai. Mr Stonn is absolutely correct about the security danger of having autorun enabled. A viral infection of your PACS system would inconvenience you and your patients far more than what you are experiencing now. The auto scanning of your incoming CD's is a good and much safer alternative (though even that is not perfectly safe either....)
Sorry. You guys and Comrade Stonn are not grasping the reality of the life and death situation you are outlining. You are assuming that EVERY disk has a virus on it that will bring down your precious system, and I'm assuming that every disk has life-saving information on it. I win. Period.
Now, if you had actually read what I posted, instead of going off on a Socialist IT rant (We know far better what you need than you do..) you would see that I actually agree with all of you in the end. By all means, make this process safe. Install virus detecting software (although you will still have to deal with the scenario of important data on an infected disk.)
If (God forbid) your child was brought in to the ER with a disk that had information critical for her survival (and I'm in a better position to determine that than you are), would you voice these same objections? Answer honestly, now...
A simpler solution to the problem might be to have a standalone computer. absolutely no network attachments, to open these disks on and review. Comrade Stonn might even have one lying around in his office gathering dust.
The problem that you will next encounter is that some disks are not readable, defectively burned. Sorry, can't help you there.
Maybe in 20 years we'll all be storing data in the "cloud". Then this thread can be deleted.
"audacity of dopes" _ LOVE it. this phenomonon needed a moniker. It is very widely applicable.
Here is the problem IMHO - there is a potential virus problem - the response is to shut the system. The response should have been to get their butts in gear and protect the system while at the same time allowing access. Much easier to simply say "we don't do that" and go for coffee.
In our system, though, we do not (usually) look at outside CD's on the workstation. They are taken to a central place and quickly placed in PACS. I assume there is virus protection enabled during the data download. This way, there is protection AND we can read the OS studies much more efficiently with the software we are accustomed to.
"You are assuming that EVERY disk has a virus on it that will bring down your precious system, and I'm assuming that every disk has life-saving information on it. I win. Period."
I am assuming no such thing. You are simply too narrow-minded to understand that there is a middle ground. It's not black and white. There are solutions that best serve the patient first and foremost, the radiologist second, and IT third without creating undue risk.
You're arrogant like most doctors. You can't see that there are options out there that accomplish your goals through a different method. If you want to be head of IT, do it. But being an arrogant armchair quarterback who thinks he knows better like a teenager doesn't serve to better patient care, it just serves to inflate your already large ego.
Post a Comment