My house is so secure that even I can’t get in

In order to understand my key comments in this post, it is important that certain technical concepts be understood. With your indulgence, I wish to take about half of this blog post to explain some basic concepts behind a technology called “PACS”.

Recently, I was at an excellent conference on the state of affairs of PACS systems across Israel. The term “PACS” is an acronym for Picture Archiving and Communication System. PACS systems are used to manage all of the digital imaging that is done these days. So whenever you have a regular x-ray of your leg after a fall, or a CT of your abdomen because of belly pain, or an angiography because of chest pain, all of these studies are stored in a PACS system. PACS systems manage terabytes to petabytes of data, and are fundamental to the proper functioning of the hospital. Needless to say then, it is critical to find and then implement the best PACS system that one can find.

A major element of PACS systems is security. Understandably, one does not wish to have their personal radiology studies being distributed across YouTube just like the latest Katy Perry video. So, on top of all of the technology that is required to handle all of the various imaging studies, a PACS system must also excel in security. A PACS system must also be able to interact with the electronic medical record system [EMR] that a particular healthcare service is using. In this way, when a physician is reviewing a case of a patient, the physician can also access all of the imaging studies for that patient. When a cardiac surgeon is trying to decide whether a patient needs to have bypass surgery to deal with blockages in the arteries that feed blood to the heart, it is understandable that access to old angiogram studies [which display the form and patency of the arteries to the heart] is critical.

One key feature of PACS systems is that they must respond quickly. A physician who is reviewing the medical records of a patient within an EMR system, wants to be able to view all imaging studies very quickly. If the doctor needs to wait a long time for every x-ray or CT to show up, this would waste valuable time and discourage doctors from looking at these studies. Therefore, PACS systems have to be able to manipulate huge quantities of data very quickly, while maintaining security of the data. Ultimately, PACS systems need to make the information easily accessible by the EMR system. This combination of features is problematic and is often the basis of many discussions by the people who manage PACS systems, often referred to as PACS administrators.

I was very fortunate in that I had the opportunity to develop my own electronic medical record system. When the time came for incorporating a PACS system, I was able to find a free, readily available tool called MyFreePACS. This piece of software allowed me to fully manipulate all of the collected x-rays and ultrasounds and other studies done at my previous workplace. Because I had full access to both the internal code of my EMR and MyFreePACS, I was able to link these two systems together in a way that was quite unique. In my system, the PACS images were totally integrated into the EMR, as if the EMR and PACS were really one larger program. This made it much easier for the doctors using my EMR to readily access any image for a given patient. It did not matter if the images were five years old or had just been done yesterday. It was easy to retrieve the whole list and quickly review all of the studies.

Also, because of my control over the MyFreePACS system, I was able to create a version of the images that would easily be viewed via the Internet. This became a critical tool because it allowed for remote consultation even via a smart phone. In fact, my previous place of employment was from the first healthcare services in the world to have remote x-ray consultation via smartphones. This is a perfect example of what happens when software developers have access to the internals of a given system.

I had to concern myself with security just as much as anyone else dealing with PACS systems. We created a system which effectively held to universal standards of security and privacy. In a presentation delivered at the recent Israeli PACS conference I referred to above, my colleague in developing the combined EMR/PACs systems, demonstrated a newer version of the combined system that included a special new component. This new component allows for advanced viewing of the x-ray and other imaging studies stored in the EMR/PACs system. This viewer component is fast and easy to use and had a special characteristic of being “zero footprint”. What this means is that it is the kind of software that can run on a regular computer, an android tablet or phone, and Apple machines like the iPhone and iPad.

Now that I have explained the basics of PACS systems, I can proceed to my essential comments. I hope that you feel as strongly about these comments as I do.

During the PACS conference, I heard another PACS administrator speaking with his colleagues about the effectiveness of their PACS security system. They spoke about how careful they were not to allow random access to their system. At one point, they entered into a discussion about patient access to the patient’s own images. The person leading this discussion noted that patients could not readily access their own images because of the tight security built into the system. The discussants appreciated the fact that this could be problematic, but it was understood by the people sitting around the table (excluding myself and my colleague) that this was a necessary evil.

Actually, I had a very strong negative reaction to this discussion. As I heard this discussion, I was dumbfounded. There has been a tremendous amount written in the medical world about “freeing” medical information so that patients could have access to their own records. This stems from the basic question of who owns medical information.

When a doctor writes up a chart, after having examined a patient, to whom does this medical record belong? Intuitively, one would think that the patient should, at the very least, have the option of viewing this medical record. The same holds true for any imaging studies. When an x-ray is done on a patient, the patient should be able to access that x-ray at any time and anywhere. This, however, has by no means been the universal practice amongst healthcare services. At times, despite paying significant amounts of money for access to previous medical records, patients are still hindered from extracting their entire medical record. Understandably, things become even more difficult when that medical record is spread amongst multiple institutions.

In my design of my EMR, I made it possible from day one that patients should be able to access their entire medical record online, with of course the appropriate security parameters. I had heard many times that patients would purposely be sent to my previous employer, simply because this would ensure that there would be ready access to the medical records and imaging studies.

Thanks to the input of one of the senior family physicians who still works at my previous employer, we designed an entire utility that would allow family physicians to see the medical records of their patients. In this way, a family physician could send his or her patient to one of the clinics of my previous employer, have an entire workup be done (including cardiograms and special blood tests and x-rays and ultrasounds and even an echocardiogram), and then be able to access all of this information when the patient would return to the family physician for follow-up.

It strikes me that this is a fundamental responsibility of anyone designing an EMR – make the information accessible to the patient. From my experience, the system I designed was incredibly unique in the way it made it possible to view a medical record by the patient and by the patient’s family physician. And that is not right. My system should not be unique on this point.

It is very easy to build a fortress if the intent is for nothing to ever leave. The designers and builders can erect four walls that are impenetrable. The obvious problem though is that nothing can get in to be stored and nothing can get out to be accessed later on. This would basically be a useless construction.

Designing security systems that are so tight that they block a patient from accessing his or her medical information is nothing less than ridiculous. It is very easy to imagine a scenario where a patient could literally die because there is no access to heavily secured previous medical information.

In fairness to the PACS administrator who was speaking about his system’s security, he and his colleagues were not physicians. From their perspective, there is simply a technical specification to ensure the highest degree of security possible. But as a physician, I listened to this discussion and shuttered. There is no use to such a high level of security if it interferes with the ultimate goal of any computerized medical system, which is to improve the quality of healthcare delivered to the patient.

There is no question that it is possible  to build a secure system that still provides access for the patient to the entire medical record. I’ve done it. Physicians and healthcare services need to begin to demand that such accessibility be part of the basic package of services in any EMR and any PACS system. Will this make things more difficult for the designers? Absolutely. As a physician, do I care? Absolutely not. When I drive a car, ultimately, I don’t care how long it took for the engineers to build a car that is both safe and effective. The same goes for EMRs and PACS systems.

After this conference, it became evident to me that EMR and PACS designers need to receive clear instructions from healthcare directors, that medical information has to be accessible to patients. Patients need to start to demand access to their medical information based on the fundamental right that all collected medical information is the property of the patient. There are doctors who are concerned that with direct access to the entire medical chart, patients might look for fault and errors. Once again, this is not my concern. A patient must have complete access to anything in the medical chart. Any doctor or any healthcare service that finds patient access to be problematic, is working in the wrong field.

Thanks for listening

My website is at

About the Author
Dr. Nahum Kovalski received his bachelor's of science in computer science and his medical degree in Canada. He came to Israel in 1991 and married his wife of 22 years in 1992. He has 3 amazing children and has lived in Jerusalem since making Aliyah. Dr. Kovalski was with TEREM Emergency Medical Services for 21 years until June of 2014, and is now a private consultant on medicine and technology.
Related Topics
Related Posts