PDF in Healthcare: Personal Health Records and DICOM Images—The Future Is Now

John E. Colangelo, RT, MSRS, PMP

^*Technical Project Manager, Intel Corporation, Albuquerque, New Mexico.
Address correspondence to: John Colangelo, RT, MSRS, PMP, Technical Project Manager, Intel Corporation, 40 San Francisco Hills Road, Placitas, NM 87043. E-mail: jcolang@yahoo.com.

Healthcare Information Technology Lags Behind Other Industries
Healthcare has enjoyed the distinction of being a technology leader for the past several decades. Advances in imaging technologies, such as computed tomography (CT) scanning and multimodality image fusion, have provided physicians with unprecedented image quality. Physicians and healthcare technologists have experimented with emerging technologies, and through peer review and scientific methodology, they have developed into standard practices. Large hospital systems have leveraged the benefits of Health Level 7 (HL7) standards to provide succinct and real-time information to their caregivers.¹ These physicians, nurses, radiologic technologists, and pharmacists—who once waited for delivery of paper records—now enjoy almost real-time delivery of patient data and images. As a result, their patients have benefited from the propagation of real-time healthcare data inside these large institutions.

Unfortunately, sharing healthcare information outside of a hospital's corporate organization has not kept pace with other industries, such as the banking and financial industries. For example, a consumer can open a consumer credit account and in minutes the transaction is seamlessly sent to credit bureaus. Any authorized user can access that data and make informed decisions. The healthcare industry, on the other hand, does not have a process like this in place and is slowly forming its own information technology sharing paradigm. Challenges, such as the Health Insurance Portability and Accountability Act (HIPAA) with its privacy constraints, and other privacy issues, inhibit the pace of this paradigm shift. Nevertheless, the paradigm continues to shift toward portable and ubiquitous medical records for patient consumers. For instance, some pioneering American corporations have banned together to create a new public infrastructure for sharing medical records, which will give the patient custodianship of his or her medical records. The system, which is currently in development, is called DOSSIA. In the DOSSIA model, the patient will be able to grant other individuals access to view his or her medical records. DOSSIA subscribers will enjoy full and immediate access to all of their medical data. DOSSIA promises to operate similar to the credit bureau model, with the exception that after a healthcare "transaction" occurs, only the patient (and the patient's authorized providers or delegates) will have access to the data.²

Challenges for Primary Care and Smaller Entities
Whereas large healthcare enterprises learned early on how to manage information technology inside their organizations using the HL7 standard, outside of the large medical enterprises, there still is not a universally-accepted standard or model for securely exchanging medical data and images between authorized users. Medical data are currently "stove piped" inside large healthcare enterprises, insurance companies, and pharmacy benefit management companies. Family physicians, pediatricians, internists, and other providers of primary care lack an accepted standard for sharing electronic data. This has led to information gaps in the important area of primary care. In fact, many of the smaller practices still do not have electronic medical records, and even fewer have converted to digital radiology.

This places some of our most important medical data—our primary care data—out of reach for the new paradigm of seamless, secure, ubiquitous healthcare data exchange. Although regional health information organizations are beginning to spring up all over the nation, few have "connected" yet to form a national network, and fewer still have a viable business model in place to ensure their longevity in the ecosystem.

Barriers to Securely Exchanging Medical Data Between All Providers in the Healthcare Universe
The obstacles to widespread adoption of securely sharing medical records are not technological. They are social, economic, and political. Healthcare providers are slow to accept the fact that the patient/consumer actually has a right to his or her data, despite the HIPAA protections enacted to mandate access to our medical records. Corporations are reluctant to share data outside of their infrastructure, and there are few incentives for them to do so. Privacy, security, and liability issues continue to slow the progress.

Whilst large enterprise hospital information systems have cultivated reliable and secure solutions and standards, primary care physicians and smaller practice clinics are faced with hundreds of vendors offering electronic medical records solutions without the benefits of a standard. The HL7 standard, which works well in the large enterprise, is probably too comprehensive for private practice physicians, many of whom are reluctant to invest in a short-term solution that may or may not be able to easily adapt to an emerging standard.

The Need for Unique Identifiers and Standards
In addition to the lack of communication standards for smaller practices, Americans have not yet adopted a universal healthcare identification number. This complicates any record location service because disparate medical record and account numbers are used throughout the healthcare universe. Unlike the banking and finance ecosystems, which have benefited from use of the social security number to uniquely identify their members, healthcare information technologists are forced to use composite data elements to discretely identify participants using complicated record location algorithms. Without this universal identification number, we could face the "that's not me" issues that keep privacy advocates awake at night.

Once the record identification issue is resolved, the next obstacle is the development and propagation of a primary care healthcare digital information standard combined with an easily implemented document encapsulation practice. The widespread adoption of the HL7 standard has worked well for large enterprises, using complex communication standards, but the majority of America's healthcare providers (ie, primary care medicine) have been left out in the cold with few affordable or agile options.

Portable Document Format in Healthcare
The portable document format (PDF) in healthcare effort promises to offer a solution to facilitate a trusted and secure means through which healthcare information could be captured, exchanged, preserved, and protected. Several healthcare industry leaders are working with the Association for Information and Image Management (AIIM) to define a best practice for using PDF as a secure container for medical data.³ The PDF Healthcare working group, in conjunction with AIIM, have published a "Best Practices Guide" for PDF in healthcare (titled PDF in Healthcare Best Practices Guide) and an accompanying implementation guide. The Continuity of Care Record (CCR) form will be used as a document object that is a virtual "container" for data objects. The CCR will support the detailed parsing of any specific data object into its structured and tagged components. Specialists in this field are working on CCR "profiles," which will be tailored to meet the specific needs of various practice types. The PDF will be used as a secure container to hold the CCR or any other medical document object. PDF allows password protection and can be digitally signed to promote authenticity.

The PDF in Healthcare Best Practices Guide will provide methods to help technologists implement the CCR in a wide variety of clinical settings, including small- to medium-sized practices, clinics, and solo practices, to capture primary care data, such as history and physical data, medications, allergies, and medical images, and then wrap them in a secured PDF file. Once wrapped in PDF, the file can be given to the patient or the referring physician in electronic format.³ Until a standard is deployed and in widespread use, private practice healthcare providers and clinics will be at risk for implementing a solution that may or may not be adaptable to future requirements for data exchange.

Using PDF to Transport DICOM Images
Digital Image Communication Object Method (DICOM) images (eg, diagnostic images, such as chest films and CT scans) are rigidly structured objects that lend themselves to being transformed into well-formed Extensible Markup Language (XML) schema. The DICOM elements consist of patient demographics, details of the study and medical imaging device, and actual image layout data. Mapping between DICOM elements (from a CT scan, for example) can be made to elements within a user defined XML Forms Architecture (also known as XFA forms), which allows the PDF form to create a portable "patient chart" complete with embedded DICOM images. The secure PDF document can include the source DICOM image files as PDF attachments so that the data can be transmitted or exported locally to where diagnostic reading of the images is performed. This breakthrough allows the PDF healthcare document to play a central role in health information workflow.⁴

Private physicians, small clinics, and even solo practitioners will soon have the ability to use PDF in healthcare, in conjunction with the CCR, to create a secure and portable container for storing and transporting the full medical record, including DICOM images. An example of a typical use case may be a patient who presents to his primary care physician. The physician can create electronic records using generic technologies to create structured XML and then render the CCR. The CCR could be converted into a secure PDF document (including DICOM image objects). The workflow use case could then allow the patient/consumer to become the custodian of his or her records using the secure, password protected, and digitally signed PDF object. This PDF could then be sent via e-mail to the referring physician or to any other authorized recipient. Recipients of this "smart PDF" document could then import the original diagnostic quality DICOM data into their picture archiving and communication systems system and render the image.

It is expected that the PDF in healthcare effort will spur the health informatics software and systems vendors to add or enhance PDF functionality in their own applications to promote interoperability. DICOM and PDF expert, Hugh Lyshkow, who is President and CEO of DesAcc Inc, says, "Whether this is in the form of supporting the DICOM Encapsulated PDF standard, as is now being required by the Veterans Administration within their facilities, or for third party plug-ins to existing commercial applications, such as Adobe Acrobat for directly integrating DICOM image object network transmission, PDF remains the core enabling factor in providing cross-enterprise health record compatibility."

Publication of the PDF in Healthcare Best Practices Guide and its accompanying implementation guide occurred in early 2008. It is expected that this best practice and implementation guide will help propagate the widespread use of the CCR and PDF to convey key primary care data and medical images (with all of the associated DICOM data) throughout disparate healthcare providers. This will be an important first step toward forming a basis for an eventual standard for non-enterprise healthcare information technologists. Resources are also available to help healthcare information technologists make informed decisions. The Medical Records Institute hosts an annual conference called TEPR (Toward the Electronic Patient Record), which provides information and resources for healthcare information technologists, physicians, and others. Details of the May TEPR conference, which is to be held in Fort Lauderdale, Florida, are available at http://www.medrecinst.com/index.shtml.

References
1. Health Level 7 (HL7). HL7 version 2.3.1 standard. Available at: http://www.hl7.org/. Accessed January 2, 2008.

2. Dossia. Home-Dossia. Available at: http://www.dossia.org. Accessed January 2, 2008.

3. AIIM—The Enterprise Content Management Association. PDF Healthcare Overview: A Guide to Safe Access and Transport of Health Information. Available at: http://www.aiim.org/documents/standards/pdfhealthcareoverview.pdf. Accessed January 2, 2008.

4. Adobe. Developer Resources. http://partners.adobe.com/public/developer/xml/index_arch.html. Accessed February 22, 2008.