EP1844398A2 - Method and apparatus for two-way transmission of medical data - Google Patents

Method and apparatus for two-way transmission of medical data

Info

Publication number
EP1844398A2
EP1844398A2 EP05855661A EP05855661A EP1844398A2 EP 1844398 A2 EP1844398 A2 EP 1844398A2 EP 05855661 A EP05855661 A EP 05855661A EP 05855661 A EP05855661 A EP 05855661A EP 1844398 A2 EP1844398 A2 EP 1844398A2
Authority
EP
European Patent Office
Prior art keywords
site
data
component
firewall
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05855661A
Other languages
German (de)
French (fr)
Inventor
David Chen
Dennis O'connor
M. Weston Chapman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
M2S Inc
Original Assignee
M2S Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by M2S Inc filed Critical M2S Inc
Publication of EP1844398A2 publication Critical patent/EP1844398A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H30/00ICT specially adapted for the handling or processing of medical images
    • G16H30/20ICT specially adapted for the handling or processing of medical images for handling medical images, e.g. DICOM, HL7 or PACS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/168Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Definitions

  • This invention relates to the two-way transmission of medical data in general, and more — 9 —
  • HIPAA Health Insurance Portability and Accountability Act
  • VPNs Virtual Private Networks
  • Tl lines can be cost prohibitive in many situations.
  • SSH secure shell
  • rsync rsync protocol
  • medical institutions e.g., hospitals
  • firewalls to limit outside access to their internal computer networks.
  • hospital firewalls will typically block outside attempts to access any medical data on their internal radiology networks.
  • a healthcare provider e.g., a hospital
  • an outside third party e.g., a service provider
  • CT scan data must be transmitted from a hospital to Medical Metrx Solutions of West Lebanon, NH (MMS) , where that CT scan data is converted into patient-specific computer models and then returned to the hospital for viewing by medical personnel.
  • MMS Medical Metrx Solutions of West Lebanon, NH
  • the present invention provides for a secure, two-way transmission of medical data over the Internet and through the hospital's firewall using push and pull mechanisms. More particularly, the present invention utilizes standard SSH technology and the rsync and scp (secure copy) protocols to enable secure, cost-effective data transmission over the Internet.
  • the hospital firewall is traversed through the use of an agent located behind the hospital's firewall.
  • the agent utilizes a push mechanism to push the raw scan data through the firewall and over the Internet to the outside third party; and the agent uses a pull mechanism to reach through the firewall and over the Internet to retrieve the data processed by the outside third party.
  • the present invention transfers data from the hospital to the third party by initiating a data push mechanism from behind the hospital firewall; and transfers the processed data from the outside third party back into the hospital by initiating a data pull mechanism from behind the hospital firewall.
  • the aforementioned agent acts as a broker for the foregoing data transmission and also encodes how the data should be handled once it is received on the hospital side.
  • an agent for transmitting data between a first site and a second site wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fourth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
  • a system comprising: a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; an agent for transmitting data between the first site and the second site, the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fouth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
  • a method for transmitting data between a first site and a second site wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall, comprising: receiving data from the first site; pushing a verification query through the firewall and over the Internet to the second site; pulling a verification over the Internet and through the firewall from the second site; and upon receipt of the verification, pushing data through the firewall and over the Internet to the second site.
  • Fig. 1 is a schematic view showing the transmission of DICOM data from the hospital to a third party and the retrieval of processed data from the third party back to the hospital;
  • Fig. 2 is a schematic view showing the transmission of DICOM data from the hospital to a third party and the retrieval of DICOM data from the third party back to the hospital;
  • Fig. 3 is a schematic view showing remote 3D imaging in accordance with the present invention.
  • Fig. 4 is a schematic view showing an expanded form of the DAC system having order verification.
  • DICOM Digital Imaging and Communications In Medicine
  • MMS West Riverside, NH
  • the DAC Pro is designed to allow the secure transfer of DICOM image data over regular Internet connections without using Virtual Private Networks.
  • the DAC Pro preferably comes pre-configured to work on the hospital network behind the firewall, and contains all of the hardware and software necessary to (i) send data across the firewall and through the Internet to a third party (e.g., MMS) for 3D processing, and (ii) retrieve the processed data (e.g., 3D patient-specific studies) back through the Internet and across the firewall for use in surgical planning by medical professionals at the hospital.
  • MMS third party
  • retrieve the processed data e.g., 3D patient-specific studies
  • the DAC Pro is not designed for long-term data storage; it is integrated into the hospital network so that data can be stored in hospital systems for long-term storage.
  • the DAC Pro preferably runs a customized version of the Red Hat Linux operating system and boots from a CD-ROM.
  • all of the system software runs from the CD-ROM, and no system software needs to run from the hard drive of the DAC Pro.
  • the DAC Pro has added security and is easily upgraded.
  • the DAC Pro resides within the healthcare institution's firewall. It pushes medical data through the firewall and over the Internet to MMS (or other third party) and/or pulls medical data back over the Internet and back through the firewall. Significantly, the third party (e.g., MMS) never sends data directly to the DAC Pro. Thus, the remote healthcare institution's firewall requires little modification and data is easily secured through encryption.
  • the DAC Pro can be used to transfer data in various formats.
  • the DAC Pro can be used to transfer DICOM data to MMS, and to retrieve
  • 3D model data (e.g., MMS Preview ® data) from MMS. See
  • the DAC Pro conforms with established radiology standards.
  • the DICOM data is sent to the DAC Pro unit in the same manner as it would be transfered to another DICOM device within the hospital, e.g., a Picture Archiving System (PACS) , a printer or a workstation.
  • PACS Picture Archiving System
  • the DICOM protocol is not handled directly by the DAC Pro. Rather, protocol communications are forwarded securely by using 768-bit RSA public key authentication and 256- bit Advanced Encryption Standard (AES) data encryption through a secure shell (ssh) tunnel to a DICOM server at the third party, where the DICOM communication is handled. This ensures HIPPA compliance.
  • AES Advanced Encryption Standard
  • This outgoing data transmission is handled as a push through the firewall and over the Internet.
  • DICOM data e.g., the 2D CT slice data
  • MMS modeling technicians retrieve the DICOM data
  • the patient-specific model is stored on a server at MMS.
  • it is placed on the MMS server in an appropriate folder specifically set up for a particular hospital, and is preferably stored in an industry standard compressed format, e.g., single gzip'ed tar file.
  • This single compressed file format is preferred, since it makes transfer times much faster than sending many uncompressed files.
  • the DAC Pro at the receiving hospital is in constant contact with the MMS server through the aforementioned ssh tunnel connection. Once the DAC Pro at the receiving hospital sees the completed study in its remote folder on the MMS server, it pulls the data back over the Internet and through the firewall to its local hard drive. At the hospital side the DAC Pro decrypts and decompresses the pulled data.
  • the DAC Pro preferably runs a version of the Samba file server so that the data is easily available for
  • the incoming data transmission is handled as a pull initiated from inside the firewall, which permits the data to be passed from MMS into the secure healthcare facility.
  • the DAC Pro can also be used to transfer DICOM data to MMS and to retrieve DICOM data back from MMS. See Fig. 2.
  • the DAC Pro might send DICOM data to MMS for processing on 3D workstations using software other than the MMS
  • the data in this directory is gzip'ed and tar' ed as described previously. However, this time the data has additional information pertaining to the receiving institution's PACS encoded in it.
  • the DAC Pro located inside the firewall at the remote site pulls the processed DICOM data from the MMS server once it sees data in its specific directory. This processed DICOM data is pulled over the Internet and through the firewall to the DAC Pro unit located at the remote site. With the encoded information and a trigger in the file name, the DAC Pro will know that this is DICOM data and not Preview ® data. The DAC Pro will be used.
  • the remote hospital acts as an SCU to send data to the DAC Pro, which then forwards the data, using a push transfer, through the firewall and then across an ssh tunnel established over the Internet to the MMS server.
  • the 3D workstations Upon arriving at the MMS Image Archive server, the 3D workstations query the server for studies which need processing (preferably utilizing the DICOM general purpose worklist) . Once the studies are complete, the 3D workstations act as an SCU to send the completed studies to the MMS outgoing DICOM server. This server receives the DICOM data and does the work of creating the gzip'ed tar file. The gzip'ed tar file is then
  • the DAC Pros located at their respective remote institutions are continually polling their respective "drop boxes" at the MMS server for data to retrieve. Once it is determined that there is data in the "drop box", the DAC Pro pulls the data, using rsync or scp through a new ssh tunnel, to bring the data back over the Internet and through the firewall.
  • the DAC Pro uses the pre-configured information pertaining to that hospital's PACS (IP Address, port, and AE Title) to act as an SCU to push the data to the hospital's PACS. This is all completed using ssh connections over the Internet. All data is pushed to MMS, or pulled from MMS, from within the sending institution's firewall, keeping the data secure at all times.
  • the ssh tunnel can be established with an appropriate command such as:
  • DAC Pro Digital Imaging and Communications Standards in Medicine
  • MMS Medical Metrx Solutions of West Lebanon, NH
  • DAC Pro Digital Imaging and Communications Standards in Medicine
  • MMS Medical Metrx Solutions of West Lebanon, NH
  • the DAC Pro device is essentially a two-way transfer device comprising computer hardware and software for enabling the secure, cost-effective transmission of data through a firewall (e.g., a hospital firewall) and across the Internet.
  • the DAC Pro device is designed to allow the secure transfer of DICOM image data over regular Internet connections without using Virtual Private Networks.
  • the DAC Pro device is preferably pre- configured to work on the hospital network behind the firewall, and contains all the software necessary to: (i) send data across the firewall and through the Internet to MMS for 3D processing (i.e., "modeling”); and (ii) retrieve the processed data (e.g., 3D patient-specific "studies”) back through the Internet and across the firewall for use in surgical planning by medical professionals at the hospital.
  • 3D processing i.e., "modeling”
  • retrieve the processed data e.g., 3D patient-specific "studies”
  • the data is stored for a default term (e.g., 30 days, 35 days, etc.) on the hard drive of the DAC Pro device.
  • the DAC Pro device is not designed for long-term storage; rather, the DAC Pro device is integrated into the hospital network so that data can be stored in hospital systems for long-term storage.
  • the DAC Pro device preferably runs a customized version of the Linux operating system (e.g., Fedora Linux or Red Hat Linux) and boots from a CD-ROM drive.
  • the DAC Pro device resides inside the hospital's firewall.
  • the DAC Pro device pushes medical data through the firewall and over the Internet to MMS and/or pulls medical data back over the Internet and back through the firewall.
  • MMS never sends data directly to the DAC Pro device. Rather, the DAC Pro device pulls data back into the hospital.
  • the hospital's firewall remains intact and the hospital's data is secure.
  • the DAC Pro device can be used to transfer DICOM data to MMS, and to retrieve 3D model data (e.g., MMS
  • the DAC Pro device conforms with established radiology standards.
  • the DICOM data is sent to the DAC Pro device in the same manner as that data would be transferred to another DICOM device located within the hospital, e.g., a Picture Archiving System (PACS), a printer, a workstation, etc.
  • PACS Picture Archiving System
  • the DICOM protocol is not handled directly by the DAC Pro device. Rather, protocol communications are securely forwarded from the DAC Pro device at the hospital to a DICOM server at MMS (where the DICOM communication is handled) by using, for example, a 768-bit RSA public key authentication and a 256-bit Advanced Encryption Standard (AES) data encryption procedure implemented through a secure shell (ssh) tunnel. This ensures HIPPA compliance.
  • AES Advanced Encryption Standard
  • the outgoing data transmission (i.e., from the DAC Pro device to MMS) is handled as a "push" through the hospital's firewall and over the Internet.
  • the DICOM data (e.g., the 2D slice data from the CT scanner) arrives at MMS
  • MMS modeling technicians retrieve the data and create a patient-specific 3D model.
  • the patient-specific 3D model is stored on a server at MMS.
  • the 3D model is placed on the MMS server in an appropriate folder specifically set up for a particular hospital, and is preferably stored in an industry standard compressed format, e.g., in a single gzip'ed tar file. This single compressed file format is preferred, since it makes transfer times much faster than sending many uncompressed files.
  • the DAC Pro device (at the receiving hospital) is in constant contact with the MMS server through the aforementioned ssh tunnel connection. Once the DAC Pro device at the receiving hospital sees the completed study in its remote folder on the MMS server, the DAC Pro device "pulls" the data back over the Internet and through the firewall to its local hard drive. At the hospital side, the DAC Pro device decrypts and decompresses the data file pulled back across the firewall. The DAC Pro device runs a LINUX version of the SMB file server so that the data is easily available for viewing (i.e., using the MMS
  • the system utilizes the same general configuration as the "DAC Pro" system discussed above.
  • the expanded version of the system (which will sometimes hereinafter be referred to as the "DAC 3" system) adds an order verification component to the system.
  • This order verification component verifies a hospital order prior to the DAC 3 device pushing the DICOM data to the MMS server for processing.
  • This order verification component allows MMS to verify that the DICOM data sent from hospital personnel to the DAC 3 device was in fact intended to be sent to MMS for modeling.
  • Such verification can be advantageous for a variety of reasons, e.g., order confirmation and control, third party payer (e.g., insurer) considerations, patient privacy controls, cost controls, etc.
  • FIG. 4 there is shown a schematic illustration of the DAC 3 system and its operation, which essentially consists of a series of dataflows between system elements.
  • Dataflow 1 The process is initiated when a user at a CT PACS workstation sends 2D CT scan data to the DAC 3 device located on the internal side of the firewall.
  • the DAC 3 device pushes a request for verification through the hospital firewall to the MMS U104 transaction database.
  • This request for verification is pushed to the U104 transaction database as a psql communication through a secure shell (ssh) tunnel.
  • the request for verification essentially advises MMS that the DAC 3 device is holding 2D scan data and requires verification that this 2D scan data should be sent to MMS for modeling.
  • This request for verification also provides the U104 transaction database with information regarding the request, e.g., hospital identification, department identification, physician identification, patient identification, scan date, delivery information, etc.
  • the U104 transaction database sends a request for verification to the MMS, Patient Evaluation And Management System ("PEMS") component.
  • Dataflow 4 The MMS PEMS component sends a request for verification to the appropriate hospital coordinator. This request is sent via e-mail.
  • the MMS PEMS component advises the U104 transaction database that it has received appropriate verification from the hospital coordinator.
  • the U104 transaction database notes this fact in its database.
  • the DAC 3 device which is in communication (e.g., constant or periodic) with the U104 transaction database, looks for the requested verification in the U104 transaction database. Such verification is pulled from the U104 transaction database as a psql communication through a secure shell (ssh) tunnel.
  • ssh secure shell
  • the DAC 3 device If the DAC 3 device has received the requested verification from the U104 transaction database, the DAC 3 device "pushes" the 2D scan data (in encrypted form) to the MMS DICOM server through a secure shell (ssh) tunnel.
  • ssh secure shell
  • the 2D scan data is pulled from the DICOM server via the MMS downloading component.
  • the MMS downloading component sends processed 2D scan data to the MMS data repository and order confirmation information to the U104 Relational Database.
  • the MMS data repository sends the 2D scan data to the modeling processor, where the patient-specific 3D model is created.
  • the modeling processor sends the patient-specific 3D model (i.e., the study) back to the MMS data repository.
  • the MMS shipping component pulls the finished patient-specific 3D model from the MMS data repository.
  • the MMS shipping component queries the U104 transaction database for delivery information.
  • delivery information includes, among other things, the "drop box" location on the ftp server (see below) where the patient-specific 3D model will be held for pick-up.
  • the U104 transaction database sends the appropriate delivery information to the MMS shipping component.
  • the MMS shipping component sends the patient-specific 3D model to the appropriate "drop box" location on the ftp server.
  • the DAC 3 device which is in communication (e.g., constant or periodic) with the ftp server, looks for the patient-specific 3D model in the appropriate "drop box" location on the ftp server.
  • the patient-specific 3D model is "pulled” from the ftp server to the DAC 3 device via an rsync communication.
  • the patient-specific 3D model is stored on the DAC 3 device until a user accesses it for viewing.
  • Elements DAC 3 Device ssh Tunnels are established for webmin (-R) , postgres (-L) and dicom (-L) . These tunnels are initiated (and kept open) through the inittab mechanism. In one preferred configuration, the webmin tunnel is turned off, and only enabled by the remote site on request.
  • Crontab Scripts run on the DAC 3 device as two different users: the local DAC UNIX user (e.g., mmstest) and root.
  • the outgoing.sh procedure preferably operates 11 times an hour, pulling from FTP server, checking CHECKSUM, unpacking the data and updating the database element armorcar_outgoing. start_date and database element armorcar_outgoing.end_date.
  • a database lock prevents multiple processes from interfering with each other.
  • the remove_preview. sh procedure calls delete_outgoing.pi, preferably once a day at midnight, and removes Preview ® studies after 35 days (default condition) . The actual expiration time is set in armorcars.expire_outgoing__studies.
  • the incoming. sh procedure calls check_incoming.pl (preferably 2 times an hour, e.g., at "3 minutes” and "33 minutes"), checks /mnas/incoming for new data, and updates the U104 armorcar_incoming_uids database element.
  • the vsend.sh procedure preferably operating every 5 minutes, uses send_image to do a DICOM send of a file to the DICOM server sorted by study_instance_uid.
  • the remove_incoming.sh preferably operating once a day at midnight, deletes studies from the DAC 3 device once they have been received by the DICOM server at MMS.
  • the report_disk_usage.pl procedure preferably running once every half hour, updates the amount of free space in the Preview ® data SMB share.
  • cron.daily procedure updates from ftp: /home/drop/dac_software into /mms/bin/scripts, /mms/bin/dicom and /var/spool/cron. This happens once a day via rsync.
  • Dicom Server (dicom.medicalmetrx.com) simple_storage. DICOM Storage SCP from Mallinckrodt Institute of Radiology. request_verfication.pl. This is the verification requesting script, and is preferably run once every 30 minutes. This element sends an email to the coordinator asking for verification after the DAC 3 device has received data. The "meta information" for this data in transferred to the U104 database and is utilized by PEMS. mark_mms_received.pl. (every 5 minutes) When the Dicom Server has fully received the study after verification, this procedure sends an E-mail to the coordinator by looking for the files in /b/DICOM/incoming. delete_incoming.pl.
  • This procedure preferably run every 10 minutes, emails the coordinator when the DAC has retrieved a Preview study (by asking the U104 transaction database) .
  • delete_outgoing.pl This procedure, preferably run everyday at midnight, deletes files that have been fully downloaded from both the dropbox and the dac repository.
  • Postgresql Database U104 Transaction Database
  • mms_matrix This is a database connection for the DAC 3 device which operates via a ssh tunnel through the DICOM server.
  • the server scripts connect via the user dac_server.
  • the DAC available views are: armorcar_incoming (INSERT), armorcar_storage_space (UPDATE) , armorcar_log_view (INSERT), armorcar_incoming_uids (SELECT, UPDATE), armorcar_outgoing (SELECT) , armor_outgoing__updates (SELECT, UPDATE) .
  • the CT technician sends data to the DAC 3 device by selecting the correct IP address, port and AE_TITLE to access the DAC 3 device on the hospital's network.
  • the DAC 3 device notifies the mms_matrix database that it has received a CT scan for processing by writing a new row into the armorcar_incoming data file.
  • the request_verfication.pl procedure which runs on the Dicom Server, sends an email to the appropriate hospital coordinator, requesting verification that the CT scan should be processed.
  • the hospital coordinator logs onto PEMS and verifies that the CT scan data should be processed, updating the 'verified' column in the armorcar_incoming data file. This action also creates a row in the armorcar_orders data file that associates a model number to the Study Instance UID of the incoming set of CT scan files.
  • the DAC 3 device sends the actual CT image data to MMS via the send_image (Mallinckrodt) program. This CT image data is received at the DICOM Server.
  • the mark_mms_received.pl procedure sets the armorcar_incoming.mms_received flag and emails the hospital coordinator.
  • MMS downloads the image files from the dicom: /b/DICOM/incoming data file and sets the "ready for modeling" status for the study.
  • the CT scan data is then processed (i.e., modeled) .
  • the processed data is removed from the /b/DICOM/incoming by delete_incoming.pl data file.
  • the MMS Shipper runs the ac_create procedure on a Preview CD to complete the study fulfillment.
  • This tar s and compresses the Data directory into a TGZ file, which is secure copied to the FTP server at ftp: /home/drop/dac_repository.
  • the virtual_mirror procedure creates a hard link of the TGZ file into the appropriate dropbox.
  • the DAC 3 device polls the U104 database transaction database, preferably about 11 times an hour, to determine which studies have been completed and are available. If the DAC 3 device finds a study (i.e., completed model) in the dropbox, the DAC 3 device scp' s the contents locally, verifies the checksum (md ⁇ sum) and unpacks the TGZ file to the /mms_preview SMB mount directory on the DAC 3 device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Nuclear Medicine, Radiotherapy & Molecular Imaging (AREA)
  • Epidemiology (AREA)
  • Computer Hardware Design (AREA)
  • Public Health (AREA)
  • Primary Health Care (AREA)
  • General Engineering & Computer Science (AREA)
  • Radiology & Medical Imaging (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides for a secure, two-way transmission of medical data over the Internet and through the hospital's firewall using push (2) and pull (7) mechanisms. More particularly, the present invention utilizes standard SSH technology (8) and the rsyrtc and scp protocols to enable secure (17), cost-effective data transmission over the Internet. The hospital firewall is traversed through the use of an agent located behind the hospital's firewall. The agent utilizes a push mechanism to push the raw scan data through the firewall and over the Internet to the outside third party (2); and the agent uses a pull mechanism to reach through the firewall and over the Internet to retrieve the data processed by the outside third party (7).

Description

METHOD AND APPARATUS FOR TWO-WAY TRANSMISSION OF MEDICAL DATA
Reference To Pending Prior Patent Applications This patent application:
(1) is a continuation-in-part of pending prior U.S. Patent Application Serial No. 10/994,730, filed 11/22/2004 by Dennis O'Connor et al. for METHOD AND APPARATUS FOR TWO-WAY TRANSMISSION OF MEDICAL DATA (Attorney's Docket No. MMS-28); and
(2) claims benefit of pending prior U.S. Provisional Patent Application Serial No. 60/638,578, filed 12/23/04 by David Chen et al. for METHOD AND APPARATUS FOR TWO-WAY TRANSMISSION OF MEDICAL DATA (Attorney's Docket No. MMS-35 PROV).
The two above-identified patent applications are hereby incorporated herein by reference.
Field Of The Invention This invention relates to the two-way transmission of medical data in general, and more — 9 —
particularly to the HIPAA-compliant transfer of patient-specific image data between a healthcare provider and a third party.
Background Of The Invention
The sharing of patient image data between healthcare providers (e.g., hospitals) and third parties (e.g., specialized imaging services such as Medical Metrx Solutions of West Lebanon, NH) presents a myriad of challenges. These challenges include privacy, expense and accessibility, among others.
In 1996, President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) . Among other things, this law (i) ensures the continuity of healthcare coverage for individuals changing jobs; (ii) includes a provision that impacts the management of health information; (iii) seeks to simplify the administration of health insurance; and (iv) aims to combat waste, fraud and abuse in health insurance and healthcare. The Department of Health and Human Services has issued various regulations to implement these new requirements. These regulations impact all healthcare organizations that electronically create, store and/or transmit healthcare data. Among other things HIPAA requires the secure storage and transmission of electronic healthcare data.
Setting up Virtual Private Networks (VPNs) or running point-to-point Tl lines can provide the necessary secure transmission of electronic healthcare data. However, VPNs and Tl lines can be cost prohibitive in many situations.
Alternatively, the so-called secure shell (SSH) technology and rsync protocol can be used to provide a suite of network connectivity tools which enable secure transmission of electronic healthcare data by creating a minimal subset of a many-to-one virtual network running over the public Internet.
In addition to the foregoing, medical institutions (e.g., hospitals) typically implement firewalls to limit outside access to their internal computer networks. Among other things, and of particular significance to the present invention, hospital firewalls will typically block outside attempts to access any medical data on their internal radiology networks.
Unfortunately, in many situations it can be important for a healthcare provider (e.g., a hospital) to share data with an outside third party (e.g., a service provider) . By way of example, and of particular application to the present invention, it may be desirable to pass raw scan data from the hospital to an outside imaging service for specialized processing and return. Thus, for example, CT scan data must be transmitted from a hospital to Medical Metrx Solutions of West Lebanon, NH (MMS) , where that CT scan data is converted into patient-specific computer models and then returned to the hospital for viewing by medical personnel. In circumstances such as these, the aforementioned security systems for storing and transmitting electronic healthcare data can impede the electronic transfer of the data. Summary Of The Invention
The present invention provides for a secure, two-way transmission of medical data over the Internet and through the hospital's firewall using push and pull mechanisms. More particularly, the present invention utilizes standard SSH technology and the rsync and scp (secure copy) protocols to enable secure, cost-effective data transmission over the Internet. The hospital firewall is traversed through the use of an agent located behind the hospital's firewall. The agent utilizes a push mechanism to push the raw scan data through the firewall and over the Internet to the outside third party; and the agent uses a pull mechanism to reach through the firewall and over the Internet to retrieve the data processed by the outside third party. In other words, the present invention transfers data from the hospital to the third party by initiating a data push mechanism from behind the hospital firewall; and transfers the processed data from the outside third party back into the hospital by initiating a data pull mechanism from behind the hospital firewall. The aforementioned agent acts as a broker for the foregoing data transmission and also encodes how the data should be handled once it is received on the hospital side.
In one preferred form of the invention, there is provided an agent for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fourth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
In another embodiment of the present invention, there is provided a system comprising: a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; an agent for transmitting data between the first site and the second site, the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fouth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
In another embodiment of the present invention, there is provided a method for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall, comprising: receiving data from the first site; pushing a verification query through the firewall and over the Internet to the second site; pulling a verification over the Internet and through the firewall from the second site; and upon receipt of the verification, pushing data through the firewall and over the Internet to the second site.
In another embodiment of the present invention, there is provided a method for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall, comprising:
(1) sending data from the first site to a communications unit located on the internal side of the firewall;
(2) pushing a verification request from the communications unit through the hospital firewall to a transaction database;
(3) sending a verification request from the transaction database to a verification component;
(4) sending a verification request from the verification component to an appropriate coordinator;
(5) sending a verification from the coordinator back to the verification component; (6) noting in the transaction database that the verification component has received appropriate verification from the coordinator;
(7) pulling the verification from the transaction database;
(8) upon receipt of verification from the transaction database, pushing data from the communication device to a DICOM server;
(9) pulling data from the DICOM server via a downloading component;
(10) sending data from the downloading component to a data repository;
(11) sending data from the data repository to a modeling processor, where a model is created;
(12) sending the model from the modeling processor to the data repository;
(13) sending the model from the data repository to a shipping component;
(14) sending a delivery query from the shipping component to the transaction database; (15) sending the appropriate delivery information from the transaction database to the shipping component;
(16) sending the model from the shipping component to an appropriate drop box location on an ftp server;
(17) operating the communication device so as to pull the model from the appropriate drop box location on the ftp server; and
(18) storing the model on the communication device until accessed by the first site.
Brief Description Of The Drawings
These and other objects and features of the present invention will be more fully disclosed or rendered obvious by the following detailed description of the preferred embodiments of the invention, which is to be considered together with the accompanying drawings wherein like numbers refer to like parts, and further wherein: Fig. 1 is a schematic view showing the transmission of DICOM data from the hospital to a third party and the retrieval of processed data from the third party back to the hospital;
Fig. 2 is a schematic view showing the transmission of DICOM data from the hospital to a third party and the retrieval of DICOM data from the third party back to the hospital;
Fig. 3 is a schematic view showing remote 3D imaging in accordance with the present invention; and
Fig. 4 is a schematic view showing an expanded form of the DAC system having order verification.
Detailed Description Of The Preferred Embodiments
The Digital Imaging and Communications In Medicine (DICOM) Standard was established in 1992 and is the standard for exchanging medical images in a digital format. DICOM was initiated by the American College of Radiology to address the need for connectivity between imaging equipment. In accordance with the present invention, there is provided the aforementioned agent, which is essentially a two-way transfer device comprising computer hardware and software for enabling the secure, cost-effective transmission of data (including DICOM data) through a hospital's firewall and across the Internet. For convenience, the aforementioned agent may hereinafter sometimes be referred to as "DAC Pro", which is an acronym for the DICOM ArmorCar Pro™ product of Medical Metrx Solutions of West Lebanon, NH (MMS) , which constitutes one preferred implementation of the present invention.
The DAC Pro is designed to allow the secure transfer of DICOM image data over regular Internet connections without using Virtual Private Networks. The DAC Pro preferably comes pre-configured to work on the hospital network behind the firewall, and contains all of the hardware and software necessary to (i) send data across the firewall and through the Internet to a third party (e.g., MMS) for 3D processing, and (ii) retrieve the processed data (e.g., 3D patient-specific studies) back through the Internet and across the firewall for use in surgical planning by medical professionals at the hospital. Once the DAC Pro retrieves the data from MMS, it is stored for 30 days on a hard drive of the DAC Pro. The DAC Pro is not designed for long-term data storage; it is integrated into the hospital network so that data can be stored in hospital systems for long-term storage. The DAC Pro preferably runs a customized version of the Red Hat Linux operating system and boots from a CD-ROM. Preferably, all of the system software runs from the CD-ROM, and no system software needs to run from the hard drive of the DAC Pro. By having all software run from the CD-ROM, the DAC Pro has added security and is easily upgraded.
The DAC Pro resides within the healthcare institution's firewall. It pushes medical data through the firewall and over the Internet to MMS (or other third party) and/or pulls medical data back over the Internet and back through the firewall. Significantly, the third party (e.g., MMS) never sends data directly to the DAC Pro. Thus, the remote healthcare institution's firewall requires little modification and data is easily secured through encryption.
The DAC Pro can be used to transfer data in various formats. By way of example, the DAC Pro can be used to transfer DICOM data to MMS, and to retrieve
3D model data (e.g., MMS Preview® data) from MMS. See
Fig. 1.
By using the DICOM standard for data transfer, the DAC Pro conforms with established radiology standards. The DICOM data is sent to the DAC Pro unit in the same manner as it would be transfered to another DICOM device within the hospital, e.g., a Picture Archiving System (PACS) , a printer or a workstation. To reduce complexity, the DICOM protocol is not handled directly by the DAC Pro. Rather, protocol communications are forwarded securely by using 768-bit RSA public key authentication and 256- bit Advanced Encryption Standard (AES) data encryption through a secure shell (ssh) tunnel to a DICOM server at the third party, where the DICOM communication is handled. This ensures HIPPA compliance.
This outgoing data transmission is handled as a push through the firewall and over the Internet.
Once the DICOM data (e.g., the 2D CT slice data) arrives at MMS, MMS modeling technicians retrieve the
data and create a patient-specific 3D Preview model.
Once modeling is complete, the patient-specific model is stored on a server at MMS. Preferably it is placed on the MMS server in an appropriate folder specifically set up for a particular hospital, and is preferably stored in an industry standard compressed format, e.g., single gzip'ed tar file. This single compressed file format is preferred, since it makes transfer times much faster than sending many uncompressed files.
The DAC Pro at the receiving hospital is in constant contact with the MMS server through the aforementioned ssh tunnel connection. Once the DAC Pro at the receiving hospital sees the completed study in its remote folder on the MMS server, it pulls the data back over the Internet and through the firewall to its local hard drive. At the hospital side the DAC Pro decrypts and decompresses the pulled data. The DAC Pro preferably runs a version of the Samba file server so that the data is easily available for
viewing using the Preview® Planning software.
Significantly, the incoming data transmission is handled as a pull initiated from inside the firewall, which permits the data to be passed from MMS into the secure healthcare facility.
The DAC Pro can also be used to transfer DICOM data to MMS and to retrieve DICOM data back from MMS. See Fig. 2. By way of example but not limitation, the DAC Pro might send DICOM data to MMS for processing on 3D workstations using software other than the MMS
Preview® software (e.g., software from Vital Images,
Voxar, etc.) and then forward this processed DICOM data back to the institution's PACS system for viewing by radiologists and clinicians. More specifically, data is pushed to MMS with the same security measures described above. Technicians at MMS, using 3rd party workstations, query the MMS DICOM server to retrieve the patient data. 3D image rendering is then effected by MMS technicians using the 3rd party workstations. Once the 3D rendering is complete, the technicians need to return the processed DICOM data from their workstations to the sending institution. In this scenario, the data is first sent to the MMS DICOM server and placed in a separate directory based upon the receiving institutions DICOM AE TITLE (the AE Title is a unique identifier in the DICOM realm) . The data in this directory is gzip'ed and tar' ed as described previously. However, this time the data has additional information pertaining to the receiving institution's PACS encoded in it. Again, the DAC Pro located inside the firewall at the remote site pulls the processed DICOM data from the MMS server once it sees data in its specific directory. This processed DICOM data is pulled over the Internet and through the firewall to the DAC Pro unit located at the remote site. With the encoded information and a trigger in the file name, the DAC Pro will know that this is DICOM data and not Preview® data. The DAC Pro will
then use the AE Title, IP Address, and port number it retrieves and send the DICOM data to the hospital's PACS. Once on the hospital's PACS, the data is available to all clinicians who have access to the PACS.
Looking next at Fig. 3, the remote hospital acts as an SCU to send data to the DAC Pro, which then forwards the data, using a push transfer, through the firewall and then across an ssh tunnel established over the Internet to the MMS server. Upon arriving at the MMS Image Archive server, the 3D workstations query the server for studies which need processing (preferably utilizing the DICOM general purpose worklist) . Once the studies are complete, the 3D workstations act as an SCU to send the completed studies to the MMS outgoing DICOM server. This server receives the DICOM data and does the work of creating the gzip'ed tar file. The gzip'ed tar file is then
transferred to an ftp "drop box" that is unique for the receiving institution. The DAC Pros located at their respective remote institutions are continually polling their respective "drop boxes" at the MMS server for data to retrieve. Once it is determined that there is data in the "drop box", the DAC Pro pulls the data, using rsync or scp through a new ssh tunnel, to bring the data back over the Internet and through the firewall. Upon arriving at the DAC Pro, the DAC Pro uses the pre-configured information pertaining to that hospital's PACS (IP Address, port, and AE Title) to act as an SCU to push the data to the hospital's PACS. This is all completed using ssh connections over the Internet. All data is pushed to MMS, or pulled from MMS, from within the sending institution's firewall, keeping the data secure at all times.
The ssh tunnel can be established with an appropriate command such as:
/usr/bin/ssh-Fssh_config dicom.medicalmedia.com-q-N where the file ssh_config points to the MMS Image Archive .
Host *
Port 22
LocalForward 104 imagearchive.medicalmedia.com:104
User mms customer
Expanded System With Order Verification Component
(i ) Overview
In the foregoing description, there is described a Digital Imaging and Communications Standards in Medicine (DICOM) device of the type made by Medical Metrx Solutions of West Lebanon, NH ("MMS") . This device is sometimes referred to as "DAC Pro". The DAC Pro device is essentially a two-way transfer device comprising computer hardware and software for enabling the secure, cost-effective transmission of data through a firewall (e.g., a hospital firewall) and across the Internet.
The DAC Pro device is designed to allow the secure transfer of DICOM image data over regular Internet connections without using Virtual Private Networks. The DAC Pro device is preferably pre- configured to work on the hospital network behind the firewall, and contains all the software necessary to: (i) send data across the firewall and through the Internet to MMS for 3D processing (i.e., "modeling"); and (ii) retrieve the processed data (e.g., 3D patient-specific "studies") back through the Internet and across the firewall for use in surgical planning by medical professionals at the hospital. Once the DAC Pro device retrieves the data from MMS, the data is stored for a default term (e.g., 30 days, 35 days, etc.) on the hard drive of the DAC Pro device. The DAC Pro device is not designed for long-term storage; rather, the DAC Pro device is integrated into the hospital network so that data can be stored in hospital systems for long-term storage. The DAC Pro device preferably runs a customized version of the Linux operating system (e.g., Fedora Linux or Red Hat Linux) and boots from a CD-ROM drive. The DAC Pro device resides inside the hospital's firewall. The DAC Pro device pushes medical data through the firewall and over the Internet to MMS and/or pulls medical data back over the Internet and back through the firewall. Significantly, MMS never sends data directly to the DAC Pro device. Rather, the DAC Pro device pulls data back into the hospital. Thus, the hospital's firewall remains intact and the hospital's data is secure.
The DAC Pro device can be used to transfer DICOM data to MMS, and to retrieve 3D model data (e.g., MMS
Preview data) . By using the DICOM standard for data
transfer, the DAC Pro device conforms with established radiology standards. The DICOM data is sent to the DAC Pro device in the same manner as that data would be transferred to another DICOM device located within the hospital, e.g., a Picture Archiving System (PACS), a printer, a workstation, etc. To reduce complexity, the DICOM protocol is not handled directly by the DAC Pro device. Rather, protocol communications are securely forwarded from the DAC Pro device at the hospital to a DICOM server at MMS (where the DICOM communication is handled) by using, for example, a 768-bit RSA public key authentication and a 256-bit Advanced Encryption Standard (AES) data encryption procedure implemented through a secure shell (ssh) tunnel. This ensures HIPPA compliance.
The outgoing data transmission (i.e., from the DAC Pro device to MMS) is handled as a "push" through the hospital's firewall and over the Internet.
Once the DICOM data (e.g., the 2D slice data from the CT scanner) arrives at MMS, MMS modeling technicians retrieve the data and create a patient-specific 3D model. Once modeling is complete, the patient-specific 3D model is stored on a server at MMS. Preferably the 3D model is placed on the MMS server in an appropriate folder specifically set up for a particular hospital, and is preferably stored in an industry standard compressed format, e.g., in a single gzip'ed tar file. This single compressed file format is preferred, since it makes transfer times much faster than sending many uncompressed files.
The DAC Pro device (at the receiving hospital) is in constant contact with the MMS server through the aforementioned ssh tunnel connection. Once the DAC Pro device at the receiving hospital sees the completed study in its remote folder on the MMS server, the DAC Pro device "pulls" the data back over the Internet and through the firewall to its local hard drive. At the hospital side, the DAC Pro device decrypts and decompresses the data file pulled back across the firewall. The DAC Pro device runs a LINUX version of the SMB file server so that the data is easily available for viewing (i.e., using the MMS
Preview® Planning software) .
In accordance with the present invention, in an expanded version of the system, the system utilizes the same general configuration as the "DAC Pro" system discussed above. Significantly, however, the expanded version of the system (which will sometimes hereinafter be referred to as the "DAC 3" system) adds an order verification component to the system. This order verification component verifies a hospital order prior to the DAC 3 device pushing the DICOM data to the MMS server for processing. This order verification component allows MMS to verify that the DICOM data sent from hospital personnel to the DAC 3 device was in fact intended to be sent to MMS for modeling. Such verification can be advantageous for a variety of reasons, e.g., order confirmation and control, third party payer (e.g., insurer) considerations, patient privacy controls, cost controls, etc.
(ii) The DAC 3 System
Looking now at Fig. 4, there is shown a schematic illustration of the DAC 3 system and its operation, which essentially consists of a series of dataflows between system elements. Dataflow 1. The process is initiated when a user at a CT PACS workstation sends 2D CT scan data to the DAC 3 device located on the internal side of the firewall.
Dataflow 2. The DAC 3 device pushes a request for verification through the hospital firewall to the MMS U104 transaction database. This request for verification is pushed to the U104 transaction database as a psql communication through a secure shell (ssh) tunnel. The request for verification essentially advises MMS that the DAC 3 device is holding 2D scan data and requires verification that this 2D scan data should be sent to MMS for modeling. This request for verification also provides the U104 transaction database with information regarding the request, e.g., hospital identification, department identification, physician identification, patient identification, scan date, delivery information, etc.
Dataflow 3. The U104 transaction database sends a request for verification to the MMS, Patient Evaluation And Management System ("PEMS") component. Dataflow 4. The MMS PEMS component sends a request for verification to the appropriate hospital coordinator. This request is sent via e-mail.
Dataflow 5. The hospital coordinator logs onto the MMS PEMS website component and verifies the study using standard https communication.
Dataflow 6. The MMS PEMS component advises the U104 transaction database that it has received appropriate verification from the hospital coordinator. The U104 transaction database notes this fact in its database.
Dataflow 7. The DAC 3 device, which is in communication (e.g., constant or periodic) with the U104 transaction database, looks for the requested verification in the U104 transaction database. Such verification is pulled from the U104 transaction database as a psql communication through a secure shell (ssh) tunnel.
Dataflow 8. If the DAC 3 device has received the requested verification from the U104 transaction database, the DAC 3 device "pushes" the 2D scan data (in encrypted form) to the MMS DICOM server through a secure shell (ssh) tunnel.
Dataflow 9. The 2D scan data is pulled from the DICOM server via the MMS downloading component.
Dataflow 10. The MMS downloading component sends processed 2D scan data to the MMS data repository and order confirmation information to the U104 Relational Database.
Dataflow 11. The MMS data repository sends the 2D scan data to the modeling processor, where the patient-specific 3D model is created.
Dataflow 12. The modeling processor sends the patient-specific 3D model (i.e., the study) back to the MMS data repository.
Dataflow 13. The MMS shipping component pulls the finished patient-specific 3D model from the MMS data repository.
Dataflow 14. The MMS shipping component queries the U104 transaction database for delivery information. Such delivery information includes, among other things, the "drop box" location on the ftp server (see below) where the patient-specific 3D model will be held for pick-up.
Dataflow 15. The U104 transaction database sends the appropriate delivery information to the MMS shipping component.
Dataflow 16. The MMS shipping component sends the patient-specific 3D model to the appropriate "drop box" location on the ftp server.
Dataflow 17. The DAC 3 device, which is in communication (e.g., constant or periodic) with the ftp server, looks for the patient-specific 3D model in the appropriate "drop box" location on the ftp server. The patient-specific 3D model is "pulled" from the ftp server to the DAC 3 device via an rsync communication.
Dataflow 18. The patient-specific 3D model is stored on the DAC 3 device until a user accesses it for viewing.
(iii) Additional Details Regarding the DAC 3 System
Elements DAC 3 Device ssh Tunnels. ssh tunnels are established for webmin (-R) , postgres (-L) and dicom (-L) . These tunnels are initiated (and kept open) through the inittab mechanism. In one preferred configuration, the webmin tunnel is turned off, and only enabled by the remote site on request.
Crontab Scripts. Crontab scripts run on the DAC 3 device as two different users: the local DAC UNIX user (e.g., mmstest) and root.
With respect to the mmstest, which regulates the DAC 3 dialogue with the ftp server, the outgoing.sh procedure preferably operates 11 times an hour, pulling from FTP server, checking CHECKSUM, unpacking the data and updating the database element armorcar_outgoing. start_date and database element armorcar_outgoing.end_date. A database lock prevents multiple processes from interfering with each other. Furthermore, with respect to mmstest, the remove_preview. sh procedure calls delete_outgoing.pi, preferably once a day at midnight, and removes Preview® studies after 35 days (default condition) . The actual expiration time is set in armorcars.expire_outgoing__studies.
With respect to root, which regulates the DAC 3 dialogue with the DICOM server, the incoming. sh procedure calls check_incoming.pl (preferably 2 times an hour, e.g., at "3 minutes" and "33 minutes"), checks /mnas/incoming for new data, and updates the U104 armorcar_incoming_uids database element. The vsend.sh procedure, preferably operating every 5 minutes, uses send_image to do a DICOM send of a file to the DICOM server sorted by study_instance_uid. The remove_incoming.sh, preferably operating once a day at midnight, deletes studies from the DAC 3 device once they have been received by the DICOM server at MMS. The report_disk_usage.pl procedure, preferably running once every half hour, updates the amount of free space in the Preview® data SMB share.
The cron.daily procedure updates from ftp: /home/drop/dac_software into /mms/bin/scripts, /mms/bin/dicom and /var/spool/cron. This happens once a day via rsync.
Dicom Server (dicom.medicalmetrx.com) simple_storage. DICOM Storage SCP from Mallinckrodt Institute of Radiology. request_verfication.pl. This is the verification requesting script, and is preferably run once every 30 minutes. This element sends an email to the coordinator asking for verification after the DAC 3 device has received data. The "meta information" for this data in transferred to the U104 database and is utilized by PEMS. mark_mms_received.pl. (every 5 minutes) When the Dicom Server has fully received the study after verification, this procedure sends an E-mail to the coordinator by looking for the files in /b/DICOM/incoming. delete_incoming.pl. (10, 2, 6 and midnight every day) - Once a study has been marked "ready to model" (or cancelled) , the 2D scan data is deleted from the server. FTP (ftp.medicalmetrx.com) virtual_mirror.pi. This procedure parcels ac_create output TGZ files into dropboxes based on when they were shipped, whether the DAC 3 device is actively responding (e.g., pulling) and the priority setting. The limit is currently set to 2 concurrent outgoing DAC 3 datasets. keepitup.pl. This procedure preferably runs at 6:00 pm to ensure that the virtual_mirror process is running. This script uses "ps" to determine if the virtual_mirror job is alive or dead. download_complete.pl. This procedure, preferably run every 10 minutes, emails the coordinator when the DAC has retrieved a Preview study (by asking the U104 transaction database) . delete_outgoing.pl. This procedure, preferably run everyday at midnight, deletes files that have been fully downloaded from both the dropbox and the dac repository. Postgresql Database (U104 Transaction Database) mms_matrix. This is a database connection for the DAC 3 device which operates via a ssh tunnel through the DICOM server. The server scripts connect via the user dac_server.
DAC available views. The DAC available views are: armorcar_incoming (INSERT), armorcar_storage_space (UPDATE) , armorcar_log_view (INSERT), armorcar_incoming_uids (SELECT, UPDATE), armorcar_outgoing (SELECT) , armor_outgoing__updates (SELECT, UPDATE) .
(iv) Additional Details Regarding the DAC 3 System
Dataflow
Customer Sends DICOM Data To MMS Via DAC 3 Device The CT technician sends data to the DAC 3 device by selecting the correct IP address, port and AE_TITLE to access the DAC 3 device on the hospital's network.
The DAC 3 device notifies the mms_matrix database that it has received a CT scan for processing by writing a new row into the armorcar_incoming data file.
The request_verfication.pl procedure, which runs on the Dicom Server, sends an email to the appropriate hospital coordinator, requesting verification that the CT scan should be processed.
The hospital coordinator logs onto PEMS and verifies that the CT scan data should be processed, updating the 'verified' column in the armorcar_incoming data file. This action also creates a row in the armorcar_orders data file that associates a model number to the Study Instance UID of the incoming set of CT scan files.
The DAC 3 device sends the actual CT image data to MMS via the send_image (Mallinckrodt) program. This CT image data is received at the DICOM Server.
The mark_mms_received.pl procedure sets the armorcar_incoming.mms_received flag and emails the hospital coordinator. MMS downloads the image files from the dicom: /b/DICOM/incoming data file and sets the "ready for modeling" status for the study.
The CT scan data is then processed (i.e., modeled) .
The processed data is removed from the /b/DICOM/incoming by delete_incoming.pl data file.
Preview Data Is "Pulled" Back To Hospital
Institution Via The DAC 3 Device
The MMS Shipper runs the ac_create procedure on a Preview CD to complete the study fulfillment. This tars and compresses the Data directory into a TGZ file, which is secure copied to the FTP server at ftp: /home/drop/dac_repository.
The virtual_mirror procedure creates a hard link of the TGZ file into the appropriate dropbox.
The DAC 3 device polls the U104 database transaction database, preferably about 11 times an hour, to determine which studies have been completed and are available. If the DAC 3 device finds a study (i.e., completed model) in the dropbox, the DAC 3 device scp' s the contents locally, verifies the checksum (mdδsum) and unpacks the TGZ file to the /mms_preview SMB mount directory on the DAC 3 device.
Finally, the delete_outgoing.pl procedure runs on the FTP Server and removes downloaded studies.
Further Modifications
It will be understood that many changes in the details, materials, steps and arrangements of elements, which have been herein described and illustrated in order to explain the nature of the invention, may be made by those skilled in the art without departing from the scope of the present invention.

Claims

What Is Claimed Is:
1. An agent for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fourth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
2. An agent according to claim 1 wherein the agent further comprises a fifth component, the fifth component being configured for pulling processed data over the Internet and through the firewall from the second site and for holding the pulled processed data for access by the first site.
3. An agent according to claim 1 wherein the first component is configured to receive scan data from the first site.
4. An agent according to claim 1 wherein the second component is configured so that the verification query includes information about the raw data received by the first component from the first site.
5. An agent according to claim 1 wherein the first component is configured to receive scan data from the first site, and the second component is configured so that the verification query includes information about the scan data received by the first component from the first site.
6. An agent according to claim 1 wherein the second component is configured to push the verification query using psql via an ssh tunnel.
7. An agent according to claim 1 wherein the third component is configured to pull the verification using psql via an ssh tunnel.
8. An agent according to claim 1 wherein the fourth component is configured to push DICOM data through the firewall and over the Internet to the second site.
9. An agent according to claim 2 wherein the fifth component is configured to pull non-DICOM data through the firewall and over the Internet to the second site.
10. An agent according to claim 2 wherein the fifth component is configured to pull DICOM data through the firewall and over the Internet to the second site.
11. An agent according to claim 1 wherein the raw data is pushed using an ssh tunnel.
12. An agent according to claim 2 wherein the processed data is pulled using an ssh tunnel.
13. An agent according to claim 1 wherein the raw data is pushed using either an rsync or scp protocol.
14. An agent according to claim 2 wherein the processed data is pulled using either an rsync or scp protocol.
15. An agent according to claim 1 wherein the raw data is encrypted prior to pushing through the firewall.
16. An agent according to claim 2 wherein the processed data is decrypted after pulling through the firewall.
17. An agent according to claim 1 wherein the raw data is compressed prior to pushing through the firewall.
18. An agent according to claim 2 wherein the processed data is decompressed after pulling through the firewall.
19. A system comprising: a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall; an agent for transmitting data between the first site and the second site, the agent being located behind the firewall and being connected to the first site and to the Internet, the agent comprising first, second, third and fourth components; the first component being configured for receiving raw data from the first site; the second component being configured for pushing a verification query through the firewall and over the Internet to the second site; the third component being configured for pulling a verification over the Internet and through the firewall from the second site; and the fourth component being configured for, upon receipt of the verification, pushing the raw data through the firewall and over the Internet to the second site.
20. A system according to claim 19 wherein the system further comprises a fifth component, the fifth component being configured for pulling processed data over the Internet and through the firewall from the second site and for holding the pulled processed data for access by the first site.
21. A system according to claim 20 wherein the second site comprises a verification module configured to: (i) receive the verification query pushed by the second component; (ii) communicate with the first site so as to obtain the desired verification; and (iii) provide the verification to be pulled by the third component.
22. A system according to claim 21 wherein the verification module further comprises a transaction database relating to the raw data received by the first component from the first site.
23. A method for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall, comprising: receiving data from the first site; pushing a verification query through the firewall and over the Internet to the second site; pulling a verification over the Internet and through the firewall from the second site; and upon receipt of the verification, pushing data through the firewall and over the Internet to the second site.
24. A method according to claim 23 wherein the method comprises the further step of pulling data over the Internet and through the firewall from the second site and for holding the pulled data for access by the first site.
- A l -
25. A method for transmitting data between a first site and a second site, wherein the first site and the second site are connected to the Internet, and further wherein the first site is located behind a firewall, comprising:
(1) sending data from the first site to a communications unit located on the internal side of the firewall;
(2) pushing a verification request from the communications unit through the hospital firewall to a transaction database;
(3) sending a verification request from the transaction database to a verification component;
(4) sending a verification request from the verification component to an appropriate coordinator;
(5) sending a verification from the coordinator back to the verification component;
(6) noting in the transaction. database that the verification component has received appropriate verification from the coordinator; (7) pulling the verification from the transaction database;
(8) upon receipt of verification from the transaction database, pushing data from the communication device to a DICOM server;
(9) pulling data from the DICOM server via a downloading component;
(10) sending data from the downloading component to a data repository;
(11) sending data from the data repository to a modeling processor, where a model is created;
(12) sending the model from the modeling processor to the data repository;
(13) sending the model from the data repository to a shipping component;
(14) sending a delivery query from the shipping component to the transaction database;
(15) sending the appropriate delivery information from the transaction database to the shipping component; (16) sending the model from the shipping component to an appropriate drop box location on an ftp server;
(17) operating the communication device so as to pull the model from the appropriate drop box location on the ftp server; and
(18) storing the model on the communication device until accessed by the first site.
EP05855661A 2004-12-23 2005-12-23 Method and apparatus for two-way transmission of medical data Withdrawn EP1844398A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US63857804P 2004-12-23 2004-12-23
PCT/US2005/047142 WO2006071894A2 (en) 2004-12-23 2005-12-23 Method and apparatus for two-way transmission of medical data

Publications (1)

Publication Number Publication Date
EP1844398A2 true EP1844398A2 (en) 2007-10-17

Family

ID=36615492

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05855661A Withdrawn EP1844398A2 (en) 2004-12-23 2005-12-23 Method and apparatus for two-way transmission of medical data

Country Status (2)

Country Link
EP (1) EP1844398A2 (en)
WO (1) WO2006071894A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100146595A1 (en) * 2007-04-05 2010-06-10 Invicta Networks, Inc Networking computers access control system and method
US9800550B2 (en) 2008-01-31 2017-10-24 International Business Machines Corporation Method and system for pervasive access to secure file transfer servers
WO2015116540A1 (en) * 2014-01-31 2015-08-06 Quick Release Lifescan, LLC System and method for communicating protected health information

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092198A (en) * 1997-02-25 2000-07-18 International Business Machines Corporation System and method for enabling and controlling anonymous file transfer protocol communications
US6711678B2 (en) * 2002-04-05 2004-03-23 Expand Beyond Corporation Pre-authenticated communication within a secure computer network
US7299364B2 (en) * 2002-04-09 2007-11-20 The Regents Of The University Of Michigan Method and system to maintain application data secure and authentication token for use therein
US7523505B2 (en) * 2002-08-16 2009-04-21 Hx Technologies, Inc. Methods and systems for managing distributed digital medical data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006071894A2 *

Also Published As

Publication number Publication date
WO2006071894A3 (en) 2009-04-09
WO2006071894A2 (en) 2006-07-06

Similar Documents

Publication Publication Date Title
US20230017310A1 (en) Cloud based viewing, transfer and storage of medical data
US7660413B2 (en) Secure digital couriering system and method
US6574742B1 (en) Method for storing and accessing digital medical images
US8099307B2 (en) Methods, systems, and devices for managing medical files
US7653634B2 (en) System for the processing of information between remotely located healthcare entities
US20060190999A1 (en) Method and apparatus for two-way transmission of medical data
US20100122336A1 (en) Method and apparatus for two-way transmission of medical data
US8627107B1 (en) System and method of securing private health information
US20120070045A1 (en) Global medical imaging repository
US20110110568A1 (en) Web enabled medical image repository
US20160210408A1 (en) Methods, systems, and devices for managing medical images and records
US20050197860A1 (en) Data management system
WO2010126797A1 (en) Methods, systems, and devices for managing medical images and records
US20070083615A1 (en) Cross-enterprise wallplug for connecting internal hospital/clinic imaging systems to external storage and retrieval systems
US20050257257A1 (en) Method and apparatus for two-way transmission of medical data
WO2006071894A2 (en) Method and apparatus for two-way transmission of medical data
US20050187787A1 (en) Method for payer access to medical image data
US8261067B2 (en) Devices, methods, and systems for sending and receiving case study files
WO2009065043A1 (en) Method and apparatus for two-way transmission of medical data

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070723

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK YU

DAX Request for extension of the european patent (deleted)
R17D Deferred search report published (corrected)

Effective date: 20090409

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 9/00 20060101ALI20090508BHEP

Ipc: H04L 9/32 20060101ALI20090508BHEP

Ipc: H04L 9/00 20060101AFI20090508BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110701