AuntMinnie.com is pleased to present an excerpt from PACS Policy Manual, a book recently published by education and consulting firm OTech Health Care Technology Solutions in Aubrey, TX.
A PACS network is more than just hardware and software -- it requires a set of policies that govern and describe what the users should do, not only for routine operations (such as QA/QC, merging images, and burning CDs), but even more importantly for exception cases (such as backup procedures, system shutdown, downtime procedures, etc.).
A proper set of PACS procedures should be derived from a policy that includes a mission statement, governance with well-defined responsibilities, and clearly defined boundaries for the projects. These policy and procedures are vendor/system independent and would match a set of detailed vendor-specific instructions that detail the various actions and steps to perform these procedures. In certain cases, they might also result in records that document the proper procedure.
If a PACS network lacks proper policies and procedures, it will often operate suboptimally, or even poorly, and this could ultimately impact patient care. PACS networks are rather flexible and are not necessarily "self-maintaining." If there isn't a procedure for regularly checking certain error logs, exception files, and audit trails, and if someone doesn't clean the CR cassettes and computer fans, calibrate the monitors, and back up the database and images, one can only expect disaster to strike.
The procedures should cover:
- Operations: This covers the day-to-day operations of the PACS. One can divide this by:
Image and information management: Anything that maintains the integrity of the PACS, particularly the database, is part of these procedures. This would include, for example, making sure the exams match the orders, merging and splitting them accordingly, checking for incomplete exams, ED abnormal workflow, tracking patients, etc.
Image and document import and export: This would cover, for example, which documents are to be scanned (e.g., requisition forms, questionnaires, release forms, and other documents) and into which system: RIS and/or PACS. It would also handle how outside films are handled, if they will they be digitized, and how they are identified as well as stored. Electronic media policies should also be defined, i.e., how to import CDs and how to resolve the potential mismatch between patient IDs and accession numbers (assuming the names match). Export policies would cover situations such as how legal requests for images are handled, and who can burn CDs for whom and with what information.
Clinical documentation: Some modalities, especially ultrasound and cardiology, provide drawings and/or measurements that need to be made available in the PACS through structured reports and documents, comments, notes, etc.
Diagnostic reporting and billing: Discrepancies between PACS and RIS often result in erroneous billing. Policies need to describe how these are resolved and who performs this job.
HIPAA compliance: Many procedures that deal with patient privacy and security fall into this category, including passwords and user authentication procedures, user account management, discarding of equipment and media, audit trails, and auto log-off settings. One HIPAA requirement that's often overlooked is the emergency access procedure for physicians. Deployment of virtual private networks (VPNs) and wireless access should be documented, and procedures should be documented on how to deal with major equipment malfunctions that require notifying the U.S. Food and Drug Administration (FDA).
Maintenance: This section covers any preventive maintenance activity, including the following:
QA/QC: This includes hardware (cleaning PC fans and keyboards), items such as CR cassettes that require regular cleaning, and monitors that need to be calibrated. It should also cover procedures for tracking rejects, such as from CR or DR studies. Radiologist peer review is also a requirement.
Service access: After-hours access and proper documentation and tracking of service access is a requirement.
System integrity: Patch management (i.e., when to upgrade the operating system for security gaps), virus scanners, and regular process checking as well as error logs need to be managed.
Configuration management: New upgrades are to be verified and checked; a process for upgrades and recordkeeping procedures is critical.
Disaster recovery, backup, and downtime procedures: This covers the procedures to make sure the system can be properly restored and what to do when the system is down. It includes scheduled and unscheduled downtime procedures for the PACS, modalities, and RIS.
Purchasing requirements: These are not often generated and, even if available, are often not followed. For example, the requirement that every new modality has DICOM Modality Worklist seems obvious but is not always followed by the people defining the requirements. IHE requirements are another important component. In addition, there are requirements required by HIPAA such as business associate agreements.
Policies and procedures provide the "glue" that makes a PACS work efficiently and effectively. It appears that many institutions are generating them from scratch and, in the process, are forgetting or overlooking certain critical components. Adopting comprehensive PACS policies, such as those provided in PACS Policy Manual, would prevent this from happening.
By Herman Oosterwijk
AuntMinnie.com contributing writer
April 19, 2006
OTech's PACS Policy Manual, which includes a set of customizable PACS policies and procedures and an electronic database, is available for purchase in AuntMinnie.com's Bookstore.
Related Reading
Enterprise archive yields care, efficiency gains, April 10, 2006
Workflow analysis yields process improvements, March 17, 2006
Digital dashboard eases radiology IT operation, March 16, 2006
Russian teleradiology network meets needs, exceeds expectations, March 6, 2006
Higher monitor luminance levels may hinder performance, February 27, 2006
Copyright © 2006 OTech Health Care Technology Solutions
