Maximizing the Power of Centricity PACS Audit Data

Document Sample
Maximizing the Power of Centricity PACS Audit Data Powered By Docstoc
					 Maximizing the Power of
Centricity PACS Audit Data
    Bill Gregg, MS, CIIP, CPSA
      PACS Administrator/IIP
    LSU Health Sciences Center
           Shreveport, LA
 The materials, presentations and content
  herein are the opinions and experiences,
  and represent the views, of the specific
  authors and presenters and are not
  statements of advice, opinion or
  information of GE Healthcare. Neither
  the materials, presentations nor content
  therein have been prepared, screened,
  approved, reviewed or endorsed by GE
   Start Simple
   Historical perspective
   Basic concepts regarding events and data
   Look at basic data with the PACS Auditor
   Finish up with workflow analysis
   Goal is to give everyone something to take
    home today
       Getting Started
 HIPAA (2004) – audit access to PHI
 With Centricity 2.0 GE started
  providing XML audit log files
 Direct conversion of XML to Excel
  wasn’t working for me
 Wanted to work in the .NET
 Used Visual Basic .NET to read audit
  files and load into MS Access
       Getting Started
 First version of the PACS Auditor
  application Nov 2004
 IHE value growing, looked at ATNA
 Used this platform for a poster
  presentation at SCAR/SIIM 2005 that
  was later published in the JDI
 Found data useful for QC as well
 What else can we do with this?
                Time Line
 11/04 Created first iteration of Audit Log app
 4/05 SCAR/SIIM GE/Eric Feingold talk
 7/06 Offered PACS Audit Log app as open
  source to GE User Community
 11/07 Added workflow analysis
           Talk Objectives
 Objective 1: Understand how to get
  Centricity audit log files and what is in
 Objective 2: Understand ways to access
  and manipulate the data
 Objective 3: Understand how to utilize
  this data to support HIPAA requirements
  and QC efforts
               Term Definitions
   Database                 MS Visual Basic .NET
   Audit Log                MS Visual Studio
   XML file                 MS Access
   Elements/Attributes      MS SQL Server/SSE
   Events                   Oracle, Sybase
   ENM Table
Why Care About Audit Data?
– To satisfy HIPAA requirements
     Who looked at what
– To support QC projects
     Who verified/dictated that exam?!
     Who rejected those images?
     How long does it take to verify an exam?!
– To Monitor DICOM events (not implemented)
     Who created/changed KIN, ED, PGI
– To support ILM (Information LifeCycle
  Management) (not yet implemented)
     Who created/implemented/changed rules
     What exams were deleted/moved
Hugged Your Audit Data Today?
 Audit data has a lot of value today
 As more information is added to it, more
  value will be derived tomorrow
      Level I: The Basics
– GE documents on audit data,
  events and fields (documentation
– What does this show us
– How can we utilize the data (xml,
  spreadsheets, db)
              Centricity 2.0
 Centricity RA1000, some Exam Manager
  events logged
 Start with initial set of audit data
 Order event is not included
 Must set 4 of the events in CA Tool
  – LogIn/Out, Exam Print, Exam View
              Centricity 2.1.x
 Started capturing events from Centricity Web
  connections also
 Added additional events in 2.1.3 that must be set
  in the CA Tool
  – User\ Created, LoginFailure, RoleChanged,
    StatusChanged, PasswordChanged,
    ExamPresentationSaved, ReportViewed
 Some quirks where didn’t complete the XML file
 Order event not included
             Centricity 3.0
 Added additional data events/elements that
  must be set in CA Tool
 Order event now included giving the
  complete picture
 Important shift in architecture to a DICOM
  view in v3.x
 This allows us to start capturing data
  regarding DICOM events
 Take a look at the events
 Note that in Exam Manager, EM
  and PM events are logged, as
  well as status changes (such as
  verify, unverify etc.), but no event
  if change patient name or MR
 Also note that my app now
  includes the 2.x/3.x events and
  data fields.
               Audit Files
 XML files
 File structure
 How do you get them? (your FE)
 Be aware that the ENM table only holds a
  set number of days of data, it is NOT a
  permanent repository
 That is why they give it to you
 Also be aware that the event data is 2 days
             Level I Summary
   Basic terms
   PACS Audit Events/data from ENM
   Getting the audit log files from GE
   Discussed version differences
   Looked at XML file
               Level II: Tools
   Have basic understanding of the audit data
   Multiple ways to access the data
   Multiple tools to access the data
   PACS Auditor tool on SupportCentral site
       Installing the Audit Logger
   Documentation (go ahead, read it…)
   Need to have .NET 2.0 installed
   File location structure
   Issue with fixed db locations
   Fix using UDL files
   Need to change driver for Access 2007
   Just need to re-link tables in Access fe
         Auditor Trivia Game!
 Frontend/Backend database
 Access allows a file size of about 2 Gb
 This holds approximately 2.9 million audit
  records (currently on my 3rd)
 You can create front ends that limit access
 You can implement some reasonable
              Your ‘PAL’
 Loading files
 Safeguards
 Troubleshooting
    The ‘PACS Auditor’ Database
   Basic front end (GUI) for immediate queries
   Search fields
   How the date fields work
   Report buttons
   Exam 2020, Patients 1228, 2003
          Level III: Workflow
 Have basic reporting capabilities that can
  help address HIPAA requirements
 Can answer basic questions about who did
  what using discrete event data
 Take the data and extract more information
  from it by looking at time spans between
           Workflow Reports
 Going past event data to look at workflow
 Time Reports
 Issues with data
  – Start and end dates can caused partial spans
  – Accession range more complete
  – Skipped status levels (Arrived-Dictated etc.)
  – Manual manipulations (Unverify, Verify)
  – How these affect counts
       Update for 2.x/3.x Data
 Completed the update to include 2.x/3.x
  data fields
 Requires a database conversion
 Will need to load prior archived db’s into a
  new empty database
 New db won’t hold entire old ‘full’ db
 Created routine to help import, but
  IMPORTANT to follow the documentation
                 Future Work
 Create new reports/views based on 2.x/3.x data
  – Login Failures
  – Image rejects
  – Any other suggestions?
 Move from Access to SQL Express/SQL Server
 Build in creation of summary data for use with
  pivot tables
 Create de-identified data sets for research use
 Centricity PACS audit data
 Satisfying HIPAA requirements
 Satisfying basic QC needs
 Using the Time Reports to satisfy
  advanced QC needs
We Can Maximize the Power
of Centricity PACS Audit Data
               Where is it?
 Both the documentation and the application
  can be downloaded from GE’s
  SupportCentral site or our Radiology site
 Everything we talked about today is in the
 You get it all as an open source app, but it
  can be used ‘out of the box’.
 No logo’s in it, you can put in your own!
Protected Healthcare Information
 Have proper policies and procedures set up
  for access to this data
 Limit user access where you can with
  specific front end forms
         Contact Information
 Do have a day job, there is documentation
  ment/pacs/downloads (look at end of list)
 Also have a forum on the GE
  SupportCentral site
Thank you for joining this presentation today.

Any Questions?

Shared By: