Tuesday, May 10, 2011

The Need of the Few to Annoy the Many

My last post was controversial and even provocative, and maybe I made it so deliberately. Obviously, there is a huge gap in attitude between my outlook and that of some in the IT world. I would like to thank the gentleman (or lady?) from Vital Images (read my Privacy Policy...I DO track visitor's IP's) , who added the following comment to the preceding post, quite nicely clarifying the divide:
"You are assuming that EVERY disk has a virus on it that will bring down your precious system, and I'm assuming that every disk has life-saving information on it. I win. Period."

I am assuming no such thing. You are simply too narrow-minded to understand that there is a middle ground. It's not black and white. There are solutions that best serve the patient first and foremost, the radiologist second, and IT third without creating undue risk.

You're arrogant like most doctors. You can't see that there are options out there that accomplish your goals through a different method. If you want to be head of IT, do it. But being an arrogant armchair quarterback who thinks he knows better like a teenager doesn't serve to better patient care, it just serves to inflate your already large ego.
My dealings with Vital Images have not been stellar over the years, as mentioned in this old entry, but I'm still a bit surprised that this shot across the bow comes from their Minneapolis HQ. Perhaps my favoring of TeraRecon over Vital has earned me a little animosity, but I think VitalMan has a bit more deep-seated resentment. I wonder if Toshiba will embrace and encourage this attitude in their new employees.

Read the post and my comments. I am in favor of safe-PACSing. I want to use those "solutions that best serve the patient first and foremost, the radiologist second, and IT third without creating undue risk." But where are they? VitalMan, as well as Comrade Stonn, offer only the vaguest suggestion of a fix for this, but they have no shortage of indignation over a the thought of interference with their domain.

"You're arrogant like most doctors." Here it is in all its glory. THIS is the core of the problem. When some folks don't like what is being said about our current President's policies, they bellow "RACIST"! I suppose the next best epithet would be "ARROGANT". Sadly, VitalMan probably does hold us docs in such low regard. Which is really funny, as those who know me will tell you that I am about the least arrogant doc they've ever met. But I am a fierce advocate for my patients, and a bit of an S.O.B. when it comes to false bravado and empty rhetoric.

We "arrogant doctors" with "large egos" are responsible for patients' lives. I hate to remind everyone of this, but it is so. The information coming in on foreign CD-ROM's is critical to the health of the patient involved. It MUST be made viewable. Quit carping about how there might possibly be viruses on the disk and therefore we shouldn't load them. And don't demonize me for pointing out the obvious. Rather, acknowledge the necessity of acquiring this data, and work together with us to find a safe way to do so. But as Dr. Sardonicus commented on the last post, many would rather just say, "We don't do that," and go out for coffee.

The real answer to this particular problem is direct connections between hospitals, and a safe way to import data from foreign PACS, limiting the need to fool with CD's. As an aside, I think LifeImage has a good beginning on the solution. But the problem of IT's resentment of physicians is going to take some stronger medicine to solve.

7 comments :

Aaron Glover said...

I can empathise with PACS users venting frustrations about IT Dept policies which impact on their ability to use the PACS (and provide good patient care). I do not believe however that it is constructive for PACS users to be ignorant of the need for security in a Network.

It is entirely plausible that a virus could enter a network via a third party CD - particularly through autorun/autoplay. PACS Users should not be ignorant of this fact.
Consider a virus which brings down your PACS server, or cripples the network making it impossible to use your PACS. This certainly does not help patient care.

PACS users and IT Departments need to work together finding a solution.

About the only point from the highlighted post that I do agree with is:

"there are options out there that accomplish your goals through a different method."

There are many ways to skin a cat, perhaps a workable solution to the specific problem in the original article could have been:

1. Provide a quarantined workstation in which CD's can be viewed from.
2. A simple configuration to the PACS software to read CD's - giving PACS users access to only the DICOM data.

Many PACS that I have supported and supplied have the ability to read a DICOM CD, without the need to run the "CD Viewer" contained on the CD. Most DICOM CD's store the critical DICOM information in DICOM PART 10 compliant way making this method achievable and mostly reliable

The above solutions may not be suitable, but to address the bigger point of the "divide" between PACS Users and IT Departments I would like to say the following:

The animosity that often exists between PACS Users and IT Departments serves no one - it particularly does nothing toward providing good patient care.

The "divide" is not that IT Departments do not care about Patient care, quite the opposite in fact. IT Departments care greatly about Patient care and I doubt you will find an IT Department where it would not be a cornerstone principle. The "divide" as I see it is that often there are silo's between the two - with inadequate consultation, communication and respect between both groups.

Both groups need to accept responsibility for the animosity and often need to be more open to jointly developing solutions which address both groups' requirements.

In the real world there may indeed be a level of arrogance on both sides, but this could be overcome with greater co-operation, consideration for each other's needs and avoiding the need to public bash one another - it is not an impassable "divide" of ideological beliefs. For some people, it may be hard to swallow; but IT Departments and vendors actually do care about the delivery of good Patient Care.

Anonymous said...

VERY well stated, Mr. Glover.

I do use our AMICAS PACS to open foreign disks, not so much for security purposes as to provide a usable viewer, which most CD's don't have.

I HOPE you are correct as to the Patient-centric motivation of most IT departments. Sadly, some IT departments, or at least some of their staff, give the impression that they ONLY care about their precious network and computers, which should never be disturbed by the likes of filthy arrogant doctors. You have several examples right here.

Martin P said...

Unless....... it wasn't someone from VitalImages but someone else posting though a Zombie computer created by a virus-inflected PC inside VitalImages? Irony at work. :-)

Seriously, one point that I think is relevant to the 'life and death' side of the debate is that we must remember Radiology isn't the only service on a network. Viruses are capable of DoS attacks on whole networks - including Lab, ER, ICU etc systems.

One answer would be to go back to the days of an entirely separate network for PACS. IMO that would be a serious step backward.

Anonymous said...

There has to be some middle ground here. I too would love to believe that the IT departments care about the patients but honestly in practice I just don't see it. Additionally not all disks have DICOM images on them, Amicas,Stentor, Philips I-site to name a few, so importation into the host PACS isn't always an option. While having an isolated PC to view outside disks IS and option, any Radiologist will tell you trying to compare images on 2 different computers and sets of monitors is difficult because of workspace layouts and monitor differences.
The bottom line as I see it is that these images need to be looked at to give patients the quality care they expect, demand and deserve. Perhaps a system where the disk first goes to IT to be scanned would work. This process would have to happen immediately for it to work ( in other words when handed a disk drop what you are doing and scan the disk).
As a PACS admin I understand the issues for both side but agree with Dr Dalai when he says the pts health and safety come before the network's health and safety ( at least that is what i think he meant).

Anonymous said...

GPOs aren't socialist, and you went right to name-calling here--you frankly didn't comport yourself very well. Nothing in Mr. Stonn's first quoted comment warranted your juvenile characterization of his comments. If you think it's paranoid to have GPOs in a clinical setting, then you are truly naive and unqualified to discuss security matters.

Such policies are arguably totalitarian (perhaps that was the -ism you were looking for, as it makes more sense than socialism), but they are absolutely necessary, especially within the context of medicine and other fields where safety, privacy, and security (in the sense of state security) are critical.

I'd consider a GPO inhibiting autoplay to be plainly necessary. Then again, I actually have a security and computer science background and follow cybersecurity and see all the advisories about autoplay Trojans; I'm qualified to discuss the topic. If you wanted to get into a debate about reading CTs, then I'd withdraw and defer to your expertise. Yet for some reason, you've decided you can talk down to specialists who are simply trying to secure digital assets.

Yes, you can go too far in that regard, making usability entirely too onerous for radiologists and techs to do their jobs efficiently. Yes, a balance has to be struck. No, that doesn't involve discarding sensible GPOs such as the inhibition of autoplay.

You can still import the CDs. THIS is putting the patient AND the responsible radiologist first. NOT having GPOs is putting the lazy, impulsive, or impatient radiologist first. If it costs people who get paid by the case a few seconds to eliminate a very commonly exploited attack vector, so be it.

I agree with the previous poster that your diatribes often smack of arrogance. Be arrogant in the fields you have expertise in, such as radiology, if you must. There's no call for it here.

Anonymous said...

GPOs aren't socialist, and you went right to name-calling here--you frankly didn't comport yourself very well. Nothing in Mr. Stonn's first quoted comment warranted your juvenile characterization of his comments. If you think it's paranoid to have GPOs in a clinical setting, then you are truly naive and unqualified to discuss security matters.

Such policies are arguably totalitarian (perhaps that was the -ism you were looking for, as it makes more sense than socialism), but they are absolutely necessary, especially within the context of medicine and other fields where safety, privacy, and security (in the sense of state security) are critical.

I'd consider a GPO inhibiting autoplay to be plainly necessary. Then again, I actually have a security and computer science background and follow cybersecurity and see all the advisories about autoplay Trojans; I'm qualified to discuss the topic. If you wanted to get into a debate about reading CTs, then I'd withdraw and defer to your expertise. Yet for some reason, you've decided you can talk down to specialists who are simply trying to secure digital assets.

Yes, you can go too far in that regard, making usability entirely too onerous for radiologists and techs to do their jobs efficiently. Yes, a balance has to be struck. No, that doesn't involve discarding sensible GPOs such as the inhibition of autoplay.

You can still import the CDs. THIS is putting the patient AND the responsible radiologist first. NOT having GPOs is putting the lazy, impulsive, or impatient radiologist first. If it costs people who get paid by the case a few seconds to eliminate a very commonly exploited attack vector, so be it.

I agree with the previous poster that your diatribes often smack of arrogance. Be arrogant in the fields you have expertise in, such as radiology, if you must. There's no call for it here.

Dr. Sardonicus said...

arrogance - offensive display of superiority or self-importance; overbearing pride.

This word gets tossed around a lot when a person feels that his or her authority is being challenged. Or when a person tries to force through a solution to a problem on an unwilling person.

There are times when this term might be used to describe what I am doing. Without exception, those times involve me trying to push IT to get something done in order that a patient is cared for. I think some in IT don't recognize that the actual point of care is my microphone. If nothing happens there, the patient is not cared for. They also don't seem to appreciate at times that we have an overview of the clinical situation that they do not, and, frankly, the good IT people will recognize this and when we say something is vital, they will do everything in their power to correct the situation immediately. Even breaking some rules at times.
When an IT person does not respond immediately and unquestioningly to an urgent request from a physician, this is de facto putting their clinical judgement above a physicians. THAT is the arrogant action.
When I get an unhelpful, lazy, or "I'm too busy" response from an IT, I push as hard as I can (as pleasantly as I can). I have already determined that something important must be done, and I don't bluff.
No one in IT has ever had the experience of putting your name on a report that you know may contain incomplete or even misleading information, that you know could be improved significantly with the help of IT. When this happens, you are keenly aware someone may be hurt and that you may be sued as a result. Those in IT don't have that sort of first person anxiety. Maybe this makes me arrogant. Oh well.... someone has to be the point of the sword, so to speak, and in this situation, it is we the physicians. This point seems to be lost among adminstrative types.

Aaron - we are all aware of the chaos and expense and injury that a virus can inflict. My complaint is that, in many cases the discussion is not: I will do anything to get you the information you need. It is more: Oh, yes, that is a problem.........

The other problem is that IT people are not employed by us, and their supervisors, IMHO, are more attuned to the review they will get from their supervisors, and less attuned to the concerns of the physicians.