In addition to ensuring security for iPads, institutions need to weigh appropriate use cases for the technology and decide on technical matters such as whether to use a native image viewing application or a Web-based viewer based on HTML5, Miller said.
"At Hopkins, we have found the iPad to be a secure and clinically usable platform, both for radiologists and nonradiologists," Miller said. "We've also implemented a Web-based clinical viewer to maximize the value of mobile technology."
After the institution decided to purchase iPads for its radiology residents, it needed to figure out how to secure the devices and what applications to use it for. Miller shared the Hopkins experience of implementing iPad use during a hot topic session at the recent Society for Imaging Informatics in Medicine (SIIM) annual meeting.
The institution divided residents into teams to examine iPad issues, including security. Surprisingly, the iPad's security is actually very good, Miller said.
The iPad's enterprise-level security policy can be implemented through Exchange Server, and many institutions are already doing this to support access to email on iPhones, Miller said. This enables institutions to require the use of a passcode, as well as password expiration and minimum password requirements. The policy also supports the forced use of Auto-Lock, and the iPad can also be remotely wiped through the Exchange Server.
"It's pretty powerful, and it's very accessible as well," he said. "If you don't have an Exchange Server at your institution, there's a number of cloud providers now, including Google, where you can deploy an Exchange Server in a very affordable way."
iPad also includes 256-bit, AES-encoding, hardware-based, "at-rest" encryption, which can't be disabled by users, he said. Via the iPad's "Find my iPad" functionality, lost devices can be remotely secured, wiped, or located.
"Don't you wish your department's laptops could do that?" Miller said. "Most of you probably have [protected health information] on laptops in your department, and those are not nearly as secure as [the iPad]."
It's important to have the right applications for the right people, Miller said.
Use cases for iPad image viewing include the radiologist away from the workstation, radiologists in a conference setting, and, yes, even radiologists on clinical rounds, Miller said.
"A lot of people might look at this say, 'What do you mean? Radiologists don't go on rounds,' " he said. "But they can because of this device ... it creates new opportunities for radiologists to do new things, to become more embedded in the clinical care setting."
Clinicians can use the iPad to view images at the bedside as well as in and out of the office, Miller said.
It's also helpful to think in terms of diagnostic and clinical use cases for medical image viewing; diagnostic use would be by radiologists, while clinical use would include a viewer embedded in the electronic medical record (EMR) or a viewer on a tablet device at a patient's bedside, he said.
All of these use cases can be supported via native apps or Web apps, he said. To determine what would be the best choice for Hopkins, the team began by testing all available native viewer apps as of December 2011. The clear winner was OsiriX, Miller said.
There are some drawbacks to OsiriX and to using some image viewers as native apps, however. For example, it caches images locally on the device and may require archive read/write access, he said.
"The only way for us to get our images out of our archive was to give the devices full access to the archive, which creates a security issue," he said. "It also doesn't handle dynamic IP [addresses] well."
The institution initially tried to develop a workaround solution, creating an intermediary that handles requests from the iPad without giving the device access to the archive. This would have allowed handling of dynamic IPs and provided an additional layer of security, but ultimately this attempt was unsuccessful, he said.
Overall, OsiriX is a robust viewer, but it has its limitations, Miller said.
The team also favored another option: Web-based image viewers based on HTML5. This is an emerging technology that is device-independent and typically doesn't require local caching, Miller said.
These applications also don't require registration of DICOM Application Entity (AE) titles, granting archive access to individual users, or management of IP addresses, Miller said.
"So it's much easier to support," he said. "It can provide universal clinical access; it doesn't matter who you are, where you are, or what device you are on. If you have the appropriate credentials, you can get access to those clinical images. And that is profound."
The downside to Web viewers is that they require upfront institutional investment -- although probably less maintenance costs down the road, he said. It's also a young technology, with often less-than-perfect functionality and a limited feature set.
"They are not full-blown viewers," he said.
After not succeeding with creating the workaround for OsiriX, the team also experimented with a thin-client model utilizing Remote Desktop Protocol (RDP) to workstations. However, after receiving overwhelming clinical demand for image access, the group elected instead to purchase a HTML5 Web viewer (Vitrea View, Vital). Deployment is in progress, but this has not yet been rolled out for clinical use, Miller said. Some clinical users are also currently using syngo Web Viewer (Siemens Healthcare) to access to images on their iPad.
Another option available for the iPad is using iPad remote-desktop applications to remotely connect to PACS workstations with full image viewers. It's not elegant, but it's cheap, easy, and it works, he said. This approach can be used for image viewing, as well as RIS and EMR access.