A Diagnostic Imaging (DI) solution maintains and manages information about orders and results for DI tests, which constitute a vital part of a patient electronic health record (EHR).
DI solutions allow for the centralized capture and sharing of information across a large distributed network. These networks include Picture Archiving Communication Systems (PACS) and Radiology Information Systems (RIS) implemented in hospitals or diagnostic centres, as well as diagnostic modalities used to produce such pictures. Typically, there are two key pieces of data associated with a diagnostic imaging test: a written report outlining the conclusions of a study, and the imaging artefact(s) which may take different forms such as video or sound but most often take the form of one or more pictures.
The Diagnostic Imaging (DI) domain is made up of several certification classes:
- RIS, and
- DI-r components:
- Imaging Document Repositories,
- Document Registries and/or
- RIS Repositories.
The Infoway pre-implementation DI certification is relevant to health information technology solutions involved in PACS, RIS or DI-r components at the national, jurisdictional, regional or local level, providing comprehensive and unambiguous diagnostic imaging information.
The DI pre-implementation certification evaluates and assesses these solutions offered as a hosted service and/or a product to be deployed at client sites.
The pre-implementation certification requirements include:
- Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
- Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
- Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
- Interoperability requirements (optional) apply specifically to interoperability between PACS and the DI-r, and between RIS and the DI-r. Although it is clearly the case that there are many points of interaction in operational DI settings, the requirements for interoperability are designed to certify an application class for interoperability with an EHR system, and so most points of operational interaction are not in scope for certification, important though they are for operational DI services.