The member who submitted our Question of the Month will receive a copy of the group’s textbook Clark’s PACS, RIS and Imaging Informatics. Send your questions to [email protected]
Question of the Month: We’ve seen several security alerts this year from the USA FBI, UK NHS Digital etc. regarding radiology equipment vulnerabilities. It's been a wakeup call. Are these serious? Should we worry about patient safety from cyberthreats?
A: Knowing about these issues is better than not knowing. healthcare institutions were once seen as ‘off-limits’ to hacking groups or digital extortion gangs but recently this attitude is said to have changed and hospitals now viewed as potentially ‘good’ targets for attack.
Although presently confined to movies, with state level attacks on power plants and water treatment centres having already taken place it is in theory technologically possible to cause, for example, a CT scanner to deliberately overexpose a child or for a therapy machine to deliver a fatal dose of treatment.
To a degree of lesser harm to patients, images can be corrupted, deleted or exchanged by bad actors (a normal image exchanged for a ‘fake’ cancerous one would prompt unnecessary treatment). Radiographers in charge of equipment should be aware of this. PACS Teams should audit their likely IT security risks and correlate with the wider department security and integrity plan.
Overall, the importance of good governance and IT security practice is crucial at the moment and considered good practice – at its most basic level, does your department receive the standard NHS Digital cyberalerts to review?
From the modality supplier side, how is your routine patching managed for each machine? Did your Trust undertake or commission a security assessment of the software you are running patient treatments or diagnosis on?
When considering a modality purchase, modality suppliers generally can provide details of their ongoing security hardening procedures but a hands-on penetration and resilience test prior to purchase is (in theory!) the gold standard. All suppliers should have a regular patching programme in practice to avoid exposure to risk.
We’ll cover basic cybersecurity tips for radiographers in a future edition of Synergy.
Q: Connecting for Health used to be very active, promoting the National Programme for IT and putting out a lot of guidance, training and very useful information. There seems to lesser help available from NHS Digital, NHSX, and now from something called NHSd. What can we in radiology gain from them?
A: Connecting for Health was renamed the HSCIC as part of the Andrew Lansley NHS reforms. NHS Digital is an operating name of HSCIC. NHSd is simply an abbreviation of this operating name (a nickname). NHSX is a new arms-length body charged with developing strategy around IT healthcare.
After the National PACS deployment projects were complete in the late 2000s, NHS Digital shifted focus to data flow and analytics rather than individual products. Local trusts then became responsible for local systems.
NHS Digital has responsibility for national products, such as the Spine, the Covid-19 booking system, child health, NHS111 and Prescription Transfer Services. For imaging, NHS Digital handles the Diagnostic Imaging Dataset (DID) due to its relation to national data flow. Data and analytics are therefore the primary link between radiology departments and NHS Digital.
Questions on February’s topic: Career development in informatics
Q: At what point in my career should I consider whether informatics is for me?
A: Any time is the right time! There are opportunities at any stage. Treat informatics like any other specialty of imaging (CT, MR, US, NM, Angio etc). The ways in which you get involved are almost the same for all these, there’s just different characters running each department and varying queues for training depending on the funds and vacancies available in your area.
Q: I have recently taken over the management of two junior PACS team members. What top things should I be doing to advance their knowledge?
A: Key areas to focus on: core standards (HL7, DICOM etc), project management, database principles and general IT (Windows and server administration, security, networks and hardware management). These areas can be developed by academic courses, learning on the job, or via wider/previous experience.
Q: Are there differences in the makeup and working practices of PACS teams across the four countries of the UK?
A: Yes. And even within regions. For example, radiographers working more rurally typically undertake more of the initial fault diagnostics and equipment maintenance themselves.
Q: Is it advantageous to have been a radiographer before aspiring to be a PACS Team member?
A: It is certainly very helpful to have a clear understanding of the clinical processes, particularly anatomical terminology and orientation concepts but not mandatory if there is departmental support to cover this. However, at the last survey in 2018, around 80% of the PACS Team workforce at Band 6 or above held a radiography qualification. Experience is golden but raw aptitude and drive is equivalent.
Q: Do PACS Team members normally still do clinical work?
A: This is both personal preference and down to local choice and contractual considerations. We have not surveyed this question for a definite answer but believe a good number of PACS team members still contribute clinically in some way – even just on the occasional weekend or night shift. Just as with office-based radiology managers, licensing with the HCPC remains possible without constant hands-on patient contact.