MIRC Clinical Trials Software Medical Imaging Resource Center
Technical Issues 1.Image acquisition 2.Anonymization 3.Data transport 4.Image management 5.Non-image data 6.Configuration management
FC DICOM FC DICOM PI DICOM MIRC Clinical Trial Dataflow Database HTTP Internet HTTP / HTTPS
Typical MIRC Dataflow PrincipalInvestigator PACS MIRC Modality Field Center Database Work- stations PACS FieldCenter Storage SCP HTTP Server Anonymizer Storage SCU S/W Update DICOM HTTP(S) DICOM
Image Acquisition DICOM Images from Modalities or from PACS Images contain clinical PHI plus trial IDs ModalityPACS FieldCenter DICOM Storage SCP DICOM
AnonymizationAnonymization –Removal of PHI –Replacement of PHI with values that are the same for all patients PseudonymizationPseudonymization –Replacement of PHI with values that are specific to the patient and the trial but which are not meaningful anywhere else Anonymization and Pseudonymization
The HIPAA 18 1.Name 2.Location; all geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes. 3.Dates (all dates related to the subject of the information, e.g. birth dates, admission dates, discharge dates, encounter dates, surgery dates, etc.) 4.Telephone numbers 5.Fax numbers 6.Electronic mail addresses 7.Social security numbers 8.Medical record numbers 9.Health plan beneficiary numbers 10.Account numbers 11.Certificate / license numbers 12.Vehicle identifiers and serial numbers, including license plate numbers 13.Device identifiers and serial numbers 14.Web Universal Resource Locators (URLs) 15.Internet Protocol (IP) address numbers 16.Biometric identifiers, including finger and voice prints 17.Full face photographic images and any comparable images 18.Any other unique identifying number, characteristic, or code
Pseudonymization Element types –Patient ID –Dates (Birth / Study) –UIDs –Accession, non-unique IDs Central vs distributed remapping Hashing vs remapping
Mapping / Hashing Central vs local mappingCentral vs local mapping –Central mapping is more controlled, but it requires that PHI be kept at the PI’s site. –Local mapping is more susceptible to data loss, but has a different security profile. HashingHashing –Very convenient in a multi-center trial and very secure, but inversion can only be done through a dictionary attack.
Anonymizer Scripting Modality-specificModality-specific Manufacturer-specificManufacturer-specific MIRC-defined script languagesMIRC-defined script languages –DICOM –XML Shared remapping tablesShared remapping tables –Self-consistency Script language documentationScript language documentation –
Data Transport Principal issue: securityPrincipal issue: security –HTTP – data is in the clear –HTTPS – data is encrypted –VPN – data and IPs are encrypted FirewallsFirewalls FCPI Internet HTTP / HTTPS
Negotiating Firewalls Connections and ports Inbound vs outbound connections Connection streams WWW example: –How the web page gets back to the browser BrowserWeb Site Internet 80
Firewalls in Clinical Trials Minimize the need for support at acquisition sites Acquisition site: –Only make outbound connections PI site: –Allow inbound connections on 8443 FCPI Internet HTTP / HTTPS 8443
Additional Security: the DMZ Receive data in the DMZ Poll the DMZ to import to the data manager Data Manager PI 8443 DMZ Internal Network
Image Management ProcessingStorage Export to participating systems –Other PIs –PACS / workstations Database
Processing Pipeline Import ServiceImport Service –HTTP / DICOM / HTTP with polling PreprocessorPreprocessor –Anonymizer Storage ServiceStorage Service Export ServiceExport Service –HTTP / HTTPS –DICOM –Database
The RSNA MIRC Software for Clinical Trials FieldCenterFieldCenter –Acquisition sites MIRCsiteMIRCsite ClinicalTrialProcessorClinicalTrialProcessor –Highly configurable –More flexible and extensible –Includes all types of stages –To be released 1Q2008 See the wiki for documentationSee the wiki for documentation
XMLServer OS File System InputQueue StorageServiceMIRCIndex AdminService AuthorServicesFileService Object Processor MIRCAnonymizerDICOMImport QueryService MIRC Site Services SubmitService ZipService TCEService HTTPExport HTTPImport DICOMExport DICOMImport MIRCAnonymizerDatabaseExport
MIRC Clinical Trial Data Types ImagesImages –DICOM, multi-media Text dataText data –XML Trial-specific file collectionsTrial-specific file collections –Zip (with manifest) Undefined file typeUndefined file type
Configuration Management IT support at field centers is almost unavailable.IT support at field centers is almost unavailable. Initial software installation requires a human being, but it should be simple.Initial software installation requires a human being, but it should be simple. Software updates should require a person to trigger them.Software updates should require a person to trigger them. Anonymizer scripts should be automatically updated.Anonymizer scripts should be automatically updated.
MIRC Update Service MIRCUpdateServlet HTTP(S) FieldCenter Storage SCP HTTP Server Anonymizer Storage SCU S/W Update S/W Config 1 Config 2 Config n FieldCenter Sites
The RSNA MIRC Software Runs on Windows, Mac, Linux, Solaris Three components: Java / Tomcat / MIRC All components are free MIRC Users Group meetings: 11/25 1:30 - 3:30E251 11/2912:15 - 2:15E257
Questions/Answers & Help The MIRC Wiki – RSNA Forums: – –User Comments, Questions and Answers –RSNA MIRC Software Announcements –MIRC Implementers’ Corner Subscribe on the Forums site