A Diagnostic Imaging (DI) solution maintains and manages information about orders and results for DI tests, which constitute a vital part of a client electronic health record (EHR).
DI solutions allow for the centralized capture and sharing of information across a large distributed network. These networks include Picture Archiving Communication Systems (PACS) and Radiology Information Systems (RIS) implemented in hospitals or diagnostic centres, as well as diagnostic modalities used to produce such pictures. Typically, there are two key pieces of data associated with a diagnostic imaging test: a written report outlining the conclusions of a study, and the imaging artefact(s) which may take different forms such as video or sound but most often take the form of one or more pictures.
The Diagnostic Imaging (DI) domain is made up of several certification classes:
- RIS, and
- DI-r components:
- Imaging Document Repositories,
- Document Registries and/or
- RIS Repositories.
The Infoway pre-implementation DI certification is relevant to health information technology solutions involved in PACS, RIS or DI-r components at the national, jurisdictional, regional or local level, providing comprehensive and unambiguous diagnostic imaging information.
The interoperability criteria of the DI domain certification apply specifically to interoperability between PACS and the DI-r, and between RIS and the DI-r. Although it is clearly the case that there are many points of interaction in operational DI settings, the criteria for interoperability are designed to certify an application class for interoperability with an EHR system, and so most points of operational interaction are not in scope for certification, important though they are for operational DI services.
The DI pre-implementation certification allows for assessment of these component applications alone, or as application-based service offerings.
The pre-implementation assessment criteria include:
- Generic Criteria, applying to all classes of health information technology application or service (for example, requirements having to do with privacy and security)
- Interoperability Criteria, which specifically apply to a PACS, RIS or DI-r.
The criteria have been developed in consideration of diagnostic imaging systems being available in one of two ways:
- As an application component to be integrated into an EHR system, and operated by the implementing jurisdiction; or
- As an application-based service hosted by a vendor, integrated with a jurisdiction’s EHR systems.
When the criterion states: “Organizations providing applications or services must…” or “applications or services must…” then the criterion applies whether the application is hosted (ASP model) or operated by the end-user.
When the criterion states: “Organizations providing services must…” then the criterion only applies when the organization is providing an ASP model service, and the criterion applies to the organization itself, rather than the application.
The key factor, which in most cases determines the applicability of a criterion, is whether or not the organization seeking certification will become a custodian of personal information. If not, then many of the organization-related generic criteria are not applicable.
These criteria use the phrase “personal information” to mean any personal information maintained by the application or service about the subjects of health care. Therefore even basic demographic information falls into the category of “personal information” and is therefore subject to the requirements of these criteria.
The framework for the assessment criteria is shown in the table below. It consists of two classes of criteria:
Solution – Refers to the aspects of privacy, security and interoperability that need to be assessed.
Management – Refers to how the organization providing the product manages risk, data, system security, as well as third party solutions and services.
|Diagnostic Imaging Systems Assessment Criteria|
Identifying purposes & limiting collection
Limiting use, disclosure & retention
User identity management
Third party services