Resources

Enabling BoneMRI: Integration, Data Exchange and Cloud

Enabling BoneMRI: Integration, Data Exchange and Cloud

By: Dacina Crainic

Seamless and secure integration in clinical workflow

In the ever-evolving landscape of medical imaging, technological advancements continue to redefine the way healthcare professionals diagnose and treat patients: one such breakthrough is the discovery of BoneMRI.

In the previous posts we’ve seen how using deep learning can transform an MRI image where the bone structure is not visible into a 3D CT-like image, a BoneMRI image, which shows the bone structures. And this without harmful radiation! This “magical” transformation is at the core of our BoneMRI product. But there is more to the BoneMRI solution: the “magic” of making the BoneMRI image available to the healthcare professionals using it, the “magic” of integrating our solution into the clinical workflow of the healthcare institutions. This is the focus of the MRIguidance Application Team, delivering the integration solutions for the BoneMRI algorithms.

An example of how the BoneMRI solution can be integrated in clinical workflows is depicted below:

 

In this picture we see a clinical workflow involving two departments of the hospital: the Radiology and the Surgical departments. In this scenario the BoneMRI image is used by the radiologist to diagnose the patient and after that, the same image is used by the surgeon for the surgical planning and possibly navigating the surgery itself. The BoneMRI application is a fully automatic application designed to work seamlessly in the background, in the hospital network, without disrupting the workflow. The BoneMRI protocol, once deployed on the MRI scanner, is used for the MRI acquisition. When an MRI image is acquired it is stored on the hospital’s Picture Archiving and Communication System (PACS). Then using an automatic forwarding mechanism the PACS forwards the MRI image to the BoneMRI Gateway module. This Gateway module is a lightweight piece of software that can be installed in a Windows environment in the hospital infrastructure, which de-identifies the MRI data. The de-identified MRI image is sent securely to the BoneMRI Cloud application. Once there, the MRI image is converted into a BoneMRI image, which, via the same Gateway, is re-identified and returned to the PACS. Now there are two images available in the PACS: the original MRI image showing the soft tissues, and the BoneMRI image showing the bony structures. During the reading step both images are available on the reading workstation: the radiologist is able to visualise both the soft tissues and the bony structures at the same time without waiting for another examination (CT examination). Once available in the PACS, the aligned MRI and BoneMRI images can be loaded in the surgical planning tool and be used for the surgical planning. Later, the same images can be used during the surgical navigation.

Secure and Regulatory Compliant Data Exchange

For the seamless integration of the BoneMRI product into a clinical workflow a primary challenge lies in ensuring the secure exchange of data between the healthcare institution and the BoneMRI cloud application, while adhering to data protection regulations. Let’s specifically concentrate on the area where these interactions take place:

Throughout the data flow, the focus of the Application Team is to minimise cybersecurity risks by minimising both the amount of data that needs to be processed and the respective attack surface. In the BoneMRI Cloud data is exclusively utilised for BoneMRI processing, being stored only temporarily and only for processing and support purposes.

Protected Health Information (PHI) stays on the hospital premises. The exchange of data for BoneMRI reconstruction is done using the DICOM Web standard over a secure HTTPS connection, is limited to specific information, and is initiated only through the Gateway. Before transferring the data to the cloud, the Gateway ensures data de-identification: this involves the removal of all identifying tags. The data communication between the PACS and the Gateway happens on the local network of the hospital, using the so called DICOM Message Service Element (DIMSE DICOM) which is just as secure as the hospital network.

The installation, configuration, and maintenance play a crucial role in enhancing the security of the BoneMRI product. The Gateway is installed on the hospital premises in a Windows environment that can be fully controlled and managed by the hospital IT service, assuring a secure and controlled deployment. Moreover, with a single cloud endpoint and only outgoing connections, the firewall configuration is reduced to a minimum. The PACS auto forwarding rules from PACS to the Gateway are defined using information from the BoneMRI source sequence, ensuring that only relevant authorised data is transferred from the hospital PACS to the BoneMRI Cloud. Access control to the Gateway is ensured by configuring trusted DICOM nodes, using IP addresses, ports and Application Entity Titles (AET): this means only configured nodes are allowed to communicate with the Gateway. Finally, the BoneMRI Cloud and Gateway only keep the data for a limited time, after which the data is deleted as the images are already stored for viewing and other purposes in the PACS. Even with all directly identifying information removed, we strive to minimise the data stored and as such any risk to it.

Cloud-Powered Solution

The BoneMRI application leverages Graphics Processing Units (GPUs) processing power: this is required for deep learning algorithms to function on data as big as 3D MRI images.

Initially, our solution relied on having direct access to a GPU in a physical server on the hospital premise. It was easy to implement but it quickly became clear it wasn’t a workable solution as we scaled, both for customers having to manage an additional physical server and for us in servicing them.

This challenge got us to the cloud solution presented above. This is already quite a bit better than physical hardware: easier to upgrade to newer GPU models for higher computational power or efficiency, and also easier to scale to use multiple GPUs at the same time: both ensure BoneMRI images get to our customers in time!

However, having a GPU access enabled all the time incurs cost, especially if we want to have multiple GPUs available. The cost is firstly monetary, but also environmental: GPUs consume some power even when idle and their production has a significant environmental footprint, and that’s before taking into account the datacenter infrastructure they are placed in.

The solution is to only use GPUs “on-demand” when they are actually required to perform work. Of course this is easier said than done, and our application had to be architected to support requesting access to GPUs at the right time and “disconnecting” from them after. Once these challenges were addressed it proved to be a reliable solution, allowing to scale the computing resources very easily for cost efficient and timely BoneMRI images.

Conclusion

We have seen that the integration, the core of the MRIguidance Application Team, involves a number of skills: from working with medical imaging standards to information security knowledge, all now using cloud technologies.

In an orchestra all the instruments are needed in addition to the lead singer to deliver a musical piece correctly: similarly the BoneMRI algorithms need all the other application components to work together to deliver BoneMRIs to our customers in the best fashion.