Overall Flashcards
What are some areas where clinical scientists may work with medical IT?
Access patient records, patient calculations, patient reports, system management, R&D, software development, data acquisition and analysis, computer modelling, procurement, corporate user (emails etc)
The role of the clinical scientist is in every part of the life cycle of a system, what are the stages of the lifecycle?
Planning, specification, procurement, installation, acceptance, commissioning, QA, maintenance, clinical user, decommissioning
Instead of a comprehensive electronic health/patient record that includes all information, what typically happens?
Subset of a patients record focussed on a particular discipline (eg radiology system) that communicate data with each other, could all look like one system from the outside
How do we ensure that the system knows patient A in one system is the same as patient B in a different system?
Master patient index (MPI), links a unique identifier (eg NHS number) and the real patient (links patient data across various sources)
What is a patient administration system (PAS)?
Central admin system that knows about the patients new into the organisation and their appointments. Might include basic info of test results and their doctors. (could include master patient index but not always)
What are the main radiology systems?
Radiology Information System (RIS) and Picture Archive and Communications System (PACS)
What is the purposes of a Radiology Information System (RIS)?
Scheduling of imaging, resource management, inventory tracking, reporting of imaging, presentation of reports, report sign-off, billing
What is the purposes of a Picture Archive and Communications System (PACS)?
Storage of images and other data, visualisation of images and data transfer between systems
Instead of having a PACS workstation to access the PACS server and a RIS workstation to access the RIS server, what do we usually have instead?
Have a web server that collects information from the PACS and RIS servers, then a workstation accesses this central point to show the end user both together
What is a modality in medical IT?
Any computer controlled clinical equipment (eg scanners, workstations, potentially software packages)
What does it mean that most imaging equipment (eg scanners) are standalone equipment?
Not reliant on other components so they can work in isolation and perform their basic function (eg could scan without workstation working)
Is a server (could be one or multiple machines) a virtual central point that everything is going through?
Yes
What is connected to a server (eg for PACS or OMS) in medical IT?
A database, storage, client applications and modalities (client = using data, modality = adding to data, could be the same thing)
What does a database tend to store?
Basic text data and numbers (eg records, file names of images)
What does ‘storage’ from a server tend to store?
Images (binary type data) - larger files than database
What are the main radiotherapy systems?
Treatment Planning System (TPS), dose checking system, Record and Verify (RV or VR) System (at linac) and Oncology Management System (OMS) (equivalent to EHR, RIS, PACS and PAS together)
What does networking allow?
- A complex system to be made up of connected individual components
- One clinical system to communicate with another
- Multiple systems to be used in the care of a patient
What are the two ways that a network can be represented diagramatically?
Logical diagram (how systems link to each other and focuses on flow of data) and physical diagram (physical connections between components)
What are different types of architecture of network applications?
Client/server, standalone, hybrid and peer to peer
What is the client-server architecture of network applications?
Separates tasks between the providers of a resource or service called servers and service requester called clients
What is the peer to peer architecture of network applications?
One system sends direct to another without going through some sort of intermediary (like a server)
Why should we be sceptical of client-server architectures?
It can be confusing as to where the client is
What is an extreme form of the client/server architecture?
Application servers (applications presented via a web browser and all processing performed on server)
What does the acronyms in the ISO OSI model of networking stand for?
ISO = International Standards Organisation
OSI = Open Systems Interconnection
Why is a model of networking like the ISO OSI model required in order to transfer data instead of sending data directly?
It wouldn’t work because there’s different operating systems, different suppliers and different protocols
What is the ISO OSI model of networking for?
Standardised model of transferring information by breaking the data down until you can physically transfer the data (eg cable, microwave transfer etc) before rebuilding the data until it can be interpreted on the other side
What are the 7 stages on each side of the ISO OSI model of networking?
Application layer, presentation layer, session layer, transport layer, network layer, data link layer and physical layer
What model has replaced the ISO OSI model of networking and the one we typically use for hospital networks?
TCP/ IP model (Transmission Control Protocol/ Internet Protocol)
How many layers are in the TCP/ IP model?
5
What are the layers of the TCP/ IP model?
Application layer, transport layer, internet layer, data link layer and physical layer
Which layer does the Transmission Control Protocol (TCP) operate in the TCP/ IP model?
Transport Layer
What layer does the Internet Protocol (IP) operate in the TCP/ IP model?
Internet Layer
What could be counted as the Application Layer of TCP/ IP model?
What we interact with on the computer (PACS or email client for example)
The Internet Protocol (IP) in the TCP/ IP model is implicitly referring to what version?
4
What other version is sometimes used in the Internet Protocol (IP) in the TCP/ IP model?
6
Why was version 6 of the Internet Protocol introduced?
There was a concern that we would run out of addresses with version 4
What is the Internet Protocol (IP) in the TCP/ IP model for?
It is a way of uniquely identifying a device’s interface on a network to facilitate data transfer to that interface
An IP version 4 address is how many bits and represented by how many bytes?
32 bit number represented by a series of 4 bytes. (4 lots of 3 numbers)
A byte in an IP v4 address is a number in what range?
0 to 255 (2^8=256 values)
How is an IP v4 address usually represented?
aaa.bbb.ccc.ddd
How many possible address are there for the IP v4 format?
2^32 (4 billion)
What restrictions must an IP address have?
It must be unique on a network, each byte between 0-255 and other devices know how to reach each
Two computers on a network will both have what?
Each have a network card with an IP address on
There’s a rule with the Internet Protocol that network devices are only allowed to accept what information?
Information that has been intended for that network device (so information may get sent along a network connection but get rejected at the device)
What are methods of transferring data between devices in a network with IP address?
Direct connection, connection via hub, connection via switch, connection via gateway
What is the connection via hub method of transferring data to different connected devices with IP addresses?
The hub passes data to all connected devices, which gets rejected by all except the one that it is intended for (don’t often see hubs today)
Why did switches replace hubs for transferred data between devices?
It is inefficient to send large volumes of data to every device so the network can easily be paralysed
What is the connection via switch method of transferring data to different connected devices with IP addresses?
The switch passes data on to the intended device in the network
What is the benefits of using a connection via switch to transfer data to different connected devices with IP addresses?
More secure and efficient
Do switches have an IP address itself and why?
Yes because bigger networks have multiple switches for each subnet that send data between them before going to a different device
What number do switch IP addresses use as the final number?
1 by convention (not always)
With multiple switches in a bigger network, how do they communicate with each other to transfer data to a connected device?
Via the ‘gateway’ of the first switch (or router) before going to the next switch
When is a gateway required when transferring data with IP addresses?
When you need to transfer data outside of your network
What is a router?
A special class of a switch and its job is to connect lots of networks together so connected to lots of other routers or switches
What is the group name for these devices: hub, switch, gateway, router?
Infrastructure components or network devices
What is a subnet?
It is a sub-network that is part of a larger network
What two pieces of information defines a subnet?
Subnet address (any address in the range but usually the first one) and a netmask
What do the numbers in the netmask represent?
Which numbers are allowed to change or not
What is the purpose of a network?
It allows us to work out what’s on the same network
Do you ever have a zero in the middle of a net mask?
No
If a netmask is 255.255.255.0, what does this mean?
The first three sets of numbers of an IP address aren’t allowed to change in order to be in the same network but the fourth number is
In technical documentation, a representation of an IP address will have a / sign then the number of bits, how is this calculated?
In the netmask, each 255 is 8 bits and 128 is 1 bit (240 is 4 bits) so add them up
What are private subnets?
Private IP address ranges which can be allocated at will but must not appear on the internet
How many private subnets are there?
3 (technically 4)
Why are private subnets used? (could be at home or internally within organisations)
Convenient as can allocate at will and secure as they do not appear on the internet
What are the 3 IP addresses that are private subnets?
10.0.0.0 (class A)
172.16.0.0 (class B)
192.168.0.0 (class C)
What is the netmask for the private subnet 10.0.0.0 (class A) and how many bits are in it?
255.0.0.0 and 8
What is the address range for the private subnet 10.0.0.0 (class A)?
10.0.0.0 - 10.255.255.255
What is the netmask for the private subnet 172.16.0.0 (class B) and how many bits are in it?
255.240.0.0 and 12
What is the address range for the private subnet 172.16.0.0 (class B)?
172.16.0.0 - 172.31.255.255
What is the netmask for the private subnet 192.168.0.0 (class C) and how many bits are in it?
255.255.0.0 and 16
What is the address range for the private subnet 192.168.0.0 (class C)?
192.168.0.0 - 192.168.255.255
What is Network Address Translation (NAT)?
A mechanism by which traffic from a host on a private subnet can be directed to the Internet and it allows ranges of addresses to be reused
What handles Network Address Translation (NAT)?
Switches and other network infrastructure components
How do you get replies when using a private subnet and network address translation?
The traffic from your address is tagged in transit so replies are routed back to your private address
What is the 4th type of private subnet called?
Loopback address
What is the IP address for the loopback address?
127.0.0.1
What is the purpose of the loopback address?
It directs traffic back to the local computer without it reaching any ‘real’ network interface so it allows network services to operate without a network being present
What is the address range for the loopback address 127.0.0.1?
Any address in 127.0.0.0/8 (so any address starting with 127)
How many bits is an IP version 6 address?
128
Why are IPv6 sometimes not used in a healthcare environment?
Compatibility issues
In an IP version 6 address, how many sections are there that are bounded by a colon?
8 (8 lots of 4 characters)
What is the Transmission Control Protocol (TCP)?
It manages data transfer as a series of bundles of information called packets, which each have a series of bytes, instead of all the data and these are sent across a network then reassembled
What is the structure of a TCP packet from top to bottom?
TCP header, length, source port, destination port, sequence number, checksum, other information and data
What does the TCP header in the TCP packet do?
It identified it as a TCP packet (useful for a switch)
What do the sequence number in the TCP packet do?
It allows assembly of the data block by describing what order the packets should be place in
What is the checksum in the TCP packet?
It is a number generated from a calculation of the data and if it is repeated with a different result, we will know corruption has occurred
Behind every IP address, there could be multiple applications communicating on that device, what are these called?
Ports or internet sockets
What is the form of a port number?
Any 16 bit integer (0 - 65,535)
How is the port number identified for a certain IP address?
It is following a colon after the IP address
Below what port number is reserved for specific applications?
1024
Other than TCP packets, what other type of packet could there be?
Universal Datagram Protocol (UDP)
For TCP packets, are packets acknowledged as they are received?
Yes
What is the structure of UDP packets?
UDP header, source port, destination port, checksum, and data
Are UDP or TCP packets more simple?
UDP
When are UDP packets used?
Streaming information when data integrity is not as important but it is quicker
For UDP packets, are packets acknowledged as they are received?
No
Who allocates the standard reserved ports?
Internet Assigned Numbers Authority (IANA)
What is the Media Access Control (MAC) Address and what is its format?
Physical address of a physical device eg the hardware (IP address is a virtual address on a network). 6 lots of 2 separated by colons
What layer of the IP/TCP model does the Media Access Control (MAC) address operate?
Data Link Layer
How is the Media Access Control (MAC) Address represented?
By 6 bytes with a unique prefix for the manufacturer
Typically, does every network interface have a globally unique MAC address or can they be reused?
Globally unique
What terms are used to describe the scale of a network?
Local Area Network (LAN), Wide Area Network (WAN) and Metropolitan Area Network (MAN)
What does a Local Area Network (LAN) refer to?
Small geographical area (could be a hospital or a room, difficult to define exactly)
What is a Metropolitan Area Network (MAN)?
Special case of a WAN (Wide Area Network) distributed over a city
What is the Health and Social Care Network (HSCN)? (used to be N3)
Private network linking NHS and special care organisations (can include private suppliers)
What does the Directory Name Service (DNS) do?
They link hostnames (eg website address) to IP address
What do Virtual Private Networks (VPN) do?
Allow secure connections to networks from external locations
How do VPNs work in hospitals?
It creates an encrypted tunnel from the network device (eg home PC) back to the hospital server
What is the ethernet?
A family of wired computer networking technologies used in LANs, WANs, MANs.
What is network bandwidth sometimes referred to as?
Maximum throughput
What is the network bandwidth?
The rate at which data can be transferred in one direction
What is the units for network bandwidth?
Data volume per unit time, eg Megabits per second (Mbps)
What factors could affect the network bandwidth?
Data transport process speed (eg a packet must be acknowledged every time it is received for TCP), connection may be half or full duplex
What does it mean for a network connection to be half or full duplex?
Half duplex is when only one party can communicate at a time whereas full duplex, both parties can communicate simultaneously
How many bytes are in one kilobyte?
2^10 bytes = 1024 bytes
How many bytes are in one megabyte?
2^10 x 2^10 bytes
How many bytes are in one gigabyte?
2^10 megabytes
What is the definition of network latency and its units?
The time taken for a packet to travel from the sender to receiver. Units of time, usually milliseconds
What are some of the purposes of a ping?
It verifies a route between source and destination exist, measures network latency, for example
What are the main two data exchange standards that we are concerned with?
DICOM and HL7
Why are data exchange standards required?
Standardised language is important so that different components (with different manufacturers) can communicate with each other
What is an open standard?
A standard that is available to everyone (may be free or not) that anybody who wants to implement that standard is able to follow the rules
Are DICOM and HL7 open standards?
Yes
Are TCP/IP and UDP open standards?
Yes
What are the different levels of sources of standards and an example of each?
International Standards Organisations (eg ISO), National Standards Organisations (eg BSI), Professional Standards (eg IPEM, NEMA) and Corporate/Organisational Standards (eg NHS DAPB)
Is adherence to standards voluntary or mandatory?
Generally voluntary but it may be written in law eg Health and Social Care Act (depends on the country whereas the standard is the same regardless of where its implemented)
What does DICOM stand for?
Digital Imaging and COmmunications in Medicine
What does DICOM cover?
Digital images and associated data (eg date and time, name of operator, respiratory motion)
What body coordinates DICOM?
NEMA
Who is DICOM mainly for?
Mostly manufacturers but also users
What version of DICOM are we on?
3.0 (different years after but always 3.0)
What is the scope of DICOM?
Standard data types and services, transfer of data across a network, storage onto media, compatibility between systems (conformance with standards), data compression, security, image display and output
What is a data element according to DICOM?
Unit of information with defined data type and structure. Standard elements are uniquely indexed by a tag and name (eg patients name, slice position)
What is an information object according to DICOM?
Set of elements which together describe a physical entity (eg CT slice, digital radiograph). Subcategory of this is an instance
What is a service class/ group according to DICOM?
Action that can be performed on information objects (eg transferring data, archiving, printing)
What is a Service Object Pair (SOP) in DICOM?
A defined action which can be performed on a particular object (eg storage of a CT slice)
What is the name and its acronym for the group of service classes in DICOM?
DICOM Message Service Element (DIMSE)
What are the most common DIMSE service classes under DICOM?
Verification, storage, query, retrieve, printing
What three pieces of information is needed to uniquely identify a system in a DICOM environment?
IP address or hostname, port for receiving data, Application Entity Title (AET)
Under DICOM, service classes can by implemented by application software by who?
Service Class User (SCU) or Service Class Provider (SCP)
What could be an example of Query/Retrieve under DICOM?
A user querying a piece of information from PACS and then PACS sending it back
What are Unique Identifiers (UIDs) that are used in DICOM (not only DICOM uses this)?
String of up to 64 characters (0-9 and full stops) in length that are assigned to SOP (Service Object Pair) classes and assigned to instances of objects. Globally unique
What does each part for the Unique Identified (UID) under DICOM represent?
DICOM. country, root owner (eg manufacturer) and any numbers to make it unique
A DICOM file has what prefix to show it is a DICOM file?
DICM
What is an example form of a tag in a DICOM file that is unique to the data type?
Example (0010, 0010)
What is the Endian in DICOM?
Transfer syntax - the way in which bytes are numerically stored
What are the different types of Endian?
Implicit VR Little Endian, Explicit VR Little Endian and Explicit VR Big Endian
What form of Endian must every system be able to speak?
Implicit VR Little Endian
What is DICOM conformance?
How a system has been designed to implement a standard
What is a DICOM conformance statement?
It specifies supported information objects, service classes, SOPs. communication protocols and storage protocols (says what it does, not what it doesn’t do)
What are the benefits of DICOM?
Widely accepted standard format (improve compatibility and well defined standard objects/ services), robust, reliable format
What are the limitations of DICOM?
Conformance does not guarantee compatibility, complex standard and very broad scope, may require complex local configuration
What could be some issues with DICOM?
Incompatibility between systems, configuration problem, unexpected results, proposed development of service
What does HL7 stand for?
Health Level 7
Whereas DICOM is more in the realm of clinical scientists, who manages HL7 in a healthcare organisation?
IT and informatics departments
Who manages HL7?
HL7 Consortium
What type of data is HL7 concerned with?
Communication of message between clinical information systems (text or numerical data, not image) eg patient demographics, scheduling infor, lab results, radiology results
If PACS looks at DICOM mostly (not strictly), what standard does RIS use typically?
HL7
What is the name of how to convert an appointment list in HL7 to DICOM?
DICOM worklist format from PACS
What is the HL7 message format?
A message is a series of segments which themselves contain a series of composites (fields)
What versions of HL7 do we typically use?
Version 2.x (2.6 most commonly used) or Version 3 (mostly NHS)
What is the form of HL7 version 2.x messages?
Binary or ASCII
What is the form of HL7 version 3 messages?
XML
What are Integration Engines (also called Trust Integration Engines/ TIEs in the NHS)?
Convert one HL7 feed into multiple feeds by data mapping between input feed and outputs (eg change NHS number to hospital number for a particular system)
When is the only time physicists are involved with HL7?
If it affects a physics managed system (eg radiotherapy OMS)
What does the organisation with the acronym IHE stand for?
Integrating the Healthcare Enterprise
What do IHE do?
They work with manufacturers to improve compatibility between systems
What are IHE Profiles?
Standard ways of communicating between systems, typically using DICOM and HL7, for particular real-world applications
What are the ‘Integration Statements’ that manufacturers release?
Which IHE Profiles they meet with a particular product
What is information governance?
Rules to keep data safe
What could happen if we do not have information governance?
Lack of trust from patients leads to them withholding vital information for their care and reseacrh
What does the IAO role stand for and who is usually in this role in an NHS Trust?
Information Asset Owner and department heads
What does the SIRO role stand for and who is usually in this role in an NHS Trust?
Senior Information Risk Owner and board level member
What does the IAA role stand for and who is usually in this role in an NHS Trust?
Information Asset Administrator and operational staff responsible for set information assets
What UK laws matches with the EU General Data Protection Regulation (GDPR) 2016?
Data Protection Act 2018 and UK GDPR
Who administers both the Data Protection Act (DPA), GDPR and Freedom Of Information Act (FOIA)?
Information Commissioner’s Office (ICO)
Does the Freedom Of Information Act (FOIA) 2000 allow people to access their own personal data or information about an organisation and what it is doing?
General and specific information about the organisation and what it is doing. Not about personal data to people
Does DPA and GDPR refer to general information about an organisation or personal information about a specific individual?
Personal information about a specific individual
What does Personal Data refer to under GDPR?
Information than can identify a person either directly or indirectly
Under GDPR, what is the difference between the Data Controller and the Data Processor?
The data controller determines the purposes and means of the processing of personal data, whereas the data processor processes the data on behalf of the controller
What are the 7 +1 principles for processing personal data in Article 5 of GDPR?
(a) Lawfulness, fairness and transparency. (b) Purpose limitation. (c) Data minimisation. (d) Accuracy. (e) Storage Limitation. (includes disposal) (f) Integrity and confidentiality. (g) Security. (+1) (a) Accountability
What is Article 6 of GDPR concerned with?
Lawful bases
What is Article 7 of GDPR concerned with?
The prohibiting of processing special categories of personal data (eg racial, political etc), and permissions of when this is allowed
Data can be stored via Retention Policies and sometimes can be transferred to a PoD, what is this?
Place of Deposit, which is a secure location where data can be kept forever
What is a Data Protection Impact Assessment under GDPR?
A process to identify and minimises data protection risks
What is the DPO role under GDPR?
Data Protection Officer
When is a Data Protection Impact Assessment required and who may be involved?
Any new processing that is likely to result in a high risk to individuals. DPO should be consulted and topic experts
What should be included in a Data Protection Impact Assessment (DPIA)?
Nature, scope and context of processing. Assess necessity. Identify risks (likelihood and severity). Identify measures for mitigation
What is the right of access under GDPR?
Individuals have the right to obtain a copy of their personal data, also called subject access
What is the right of erasure under GDPR?
Individuals have the right to have personal data erased. Request can be declined but have to have a reason
What is a personal data breach under GDPR and DPA?
Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
Who should be notified when there has been a personal data breach that is likely to be a risk, as identified by an assessment?
ICO
What is the difference between the Caldicott principles and GDPR? (they are quite similar)
Caldicott is only for the best interest of the patient, not legal
What are the Caldicott principles for?
Ensure people’s information is kept confidential and used appropriately. Refers to patient-identifiable information.
What are the 7 Caldicott principles?
Justified purpose. Only when necessary. Only use minimum. Access restricted (need-to-know). Understand your responsibility. Comply with law. Duty to share can be as important as duty to protect patient confidentiality
Should the Caldicott be different or the same person as the SIRO?
Different
Do all NHS Trusts need a Caldicott Guardian?
Yes
What is the Computer Misuse Act?
Criminalises unauthorised access to data
What is the aim of the Freedom of Information Act?
Drive transparency in the affairs of public authorities with publication schemes and gives people access to information
Whereas as GDPR request can be by any means, how do Freedom of Information Act request have to be?
In writing (including email) with a clear description of the information required
What are absolute exemptions to Freedom of Information Act requests?
Personal information, accessible by other means, security, court records
What is the only criminal offence under the Freedom of Information Act?
Alter, deface, block, erase or conceal any record with the intention of preventing disclosure
In GDPR, under the article 5 principle about storage limitation (e), what does it say about identification?
Data should be kept in a form that permits identification of data subjects for no longer than is necessary for the intended purpose
Where are the retention guidelines for data storage limitation?
NHS Code of Practice
What is anonymisation?
Process of de-identifying data so that the data subject cannot be identified (can’t go back - extreme de-identification)
Does GDPR apply to anonymised data?
No, it is no longer personal data but still under other rules
What is de-identification?
Identity of an individual removed from a dataset (doesn’t need full de-identification, can be partial)
What is functional anonymisation?
De-identification performed such that the risk of re-identification is deemed acceptable (as it is impossible to prove no risk)
What is pseudonymisation?
Dataset de-identified with a link maintained back to the individual (can look anonymous superficially)
What is the risk appetite?
Level of risk that is acceptable
What is the risk assessment process for data-related tasks?
Consider the data situation, risk appetite and sensitivity. Do risk assessment using this information, decide if risk is acceptable and mitigate risks if not. Perform task and verify original requirements are met. Record it all
According to the ICO, is consent required for the process of deidentification?
No, if there is no likelihood that anonymisation will causes unwarranted damage or distress
What does it mean when patient data is ‘de-identified to the point of publication’?
Data does not contain direct or indirect identifiers and no reasonable prospect of the patient being identifiable
What is the difference between pseudonymisation and anonymisation?
Whether there is other data (like a mapping table) that links patient to pseudonym or is some way recoverable (eg decryption or finite number of codes). Pseudonymisation is reversible or some way able to link back but anonymisation is not
Is pseudonymised data covered by GDPR?
No
What is data reduction?
Data processed to extract only what is required for subsequent study (eg radiomics - method that extracts features from medical images)
Why is it important to have at least 3-5 people in a category of de-identified data and what is a good way of doing this?
A small cohort makes it easier to identify a person. Use ranges for characteristics (eg age or height in a range)
What are the three key principles of information assurance?
CIA triad: Confidentiality, integrity and availability. (article 5 (f) GDPR)
What is an information assurance audit?
Regularly reviewing performance against standards, codes of practice and/or best practice
What practical element for clinical systems may lead to having to compromise on it being a robust IT system?
It also needs to fulfil a clinical function effectively, so needs to balance both
What toolkits are there for top management to use for information security management?
Information Governance Toolkit and Data Security and Protection Toolkit
What does NCSC stand for?
National Cyber Security Centre
There are data security standards from the National Data Guardian. They are split into groups called what and what are do each of these groups address?
Leadership obligations is the name of the groupings. People, process and technology issues.
What is the Digital Technology Assessment Criteria (DTAC) and what is it used for?
Brings together legislation and best practice during procurement of digital technology (health IT systems) and can be used by the NHS or manufacturers
Are you allowed to use equipment if it doesn’t pass the DTAC?
Yes but have to accept the risk
What is a medical image?
Representation of the human body that depends on the physics of the imaging process
Is data lost in a processed image (including image fusion)?
Yes
What is ImageJ used for?
Mainly direct image processing applications and troubleshooting
What is IQWorks used for?
Evaluation of image quality
What does MHRA stand for, which is an agency of the UKs Department of Health and Social Care?
Medicines and Healthcare products Regulatory Agency
Who manages the public access register of medical devices on the UK market?
MHRA
What does IEC stand for? (similar to ISO)
International Electrotechnical Commission
What is the EU regulation name for medical device regulation?
Medical Device Regulations (MDR)
What is the UK regulation name for medical device regulation?
Medical Device Directive (MDD)
What is the UK’s version of the EU CE mark?
UKCA
What is in the scope of the Medical Device Directive (MDD)?
Any apparatus, appliance, or software, whether used alone or in combination, intended by the manufacturer to be used by human beings for a medical purpose (includes in vitro diagnostic devices)
What is out of scope of the Medical Device Directive?
Research use only and in-house manufacture
What do the MDR add to what is considered a medical device?
They are intended to be used for prediction, prognosis and products for cleaning/disinfecting medical devices
What agency advises the UK as to whether software is a medical device (SaMD)?
MHRA
What counts as ‘software’, when considering Software as a Medical Device (SaMD)?
Computer programmes or functional documents (eg pdf with treatment decision flow chart, spreadsheets for calculations, docs with macros)
What determines whether a device has a medical purpose?
It is determined by what the manufacturer states in the device’s labelling, instructions for use and any promotional materials
Why would a manufacturer not want a product to not be classed as a medical device?
Cost (eg accreditation) and bounded by law
How do manufacturers of Software as Medical Devices (SaMD) meet regulation?
Ensure it is safe and effective with these stages: design, evidence collection (clinical evaluation), Conformity assessment, registration (with MHRA), labelling, place on the market or put into service, post market surveillance
What are the classes for medical devices for a UKCA mark?
Class I (low risk), IIa, IIb, III (high risk)
When are clinical calculators likely to be considered a medical device?
When the calculation/result cannot be easily verified
Is software likely to be a medical device if it is an accessory to a specific medicine/device, intended to influence actual treatment or results in a diagnosis or prognosis?
Yes
Are general fitness/wellbeing monitors likely to be considered to be for a medical purpose?
Not typically
If the regulations are the ‘what’, standards are the …?
How
What is the risk management international standard for medical devices?
ISO 14971 Medical Devices - Application of Risk Management To Medical Devices
What are the clinical risk management standards for the NHS?
DCB0129 and DCB0160
Why do we do software development?
Enhance or add functionality, research and development, automate processes, implement control systems, and manage instruments
When is a Quality Management System required for software development?
When developing a medical device, but good practice otherwise
What stages are in the ‘prerequisite’ section of software development?
Software planning, requirements analysis, architectural and detailed design
What stages are in the ‘Construction/programming/coding’ section of software development?
Unit implementation and verification, integration and integration testing, and system testing
What stages are in the ‘maintenance and governance’ section of software development?
System testing, software release, maintenance plan, risk management, change control
What is the Unified Modelling Language (UML)?
It is a standardised graphical language with its own syntax and semantics
What is the purpose of Unified Modelling Language (UML)?
Representing design entities and relationships, like a system’s architectural blueprint diagram. Useful for software development
Why is it important that the Unified Modelling Language (UML) is standardised?
It supports common understanding in communicating design ideas
What are the 6 stages of the software development lifecycle (SDLC)?
Plan, design, implement (code), test, deploy, maintain
What are SDLC (software development lifecycle) models for?
It presents the lifecycle in an organised fashion to help organisations implement it
What are some SDLC (software development life cycle) models?
Waterfall model, V-model and agile model
What is the waterfall model for SDLC?
It is a linear and sequential model, where the next development phase cannot begin until the previous phase is completed with no overlap
What is the V-model for SDLC also called?
Verification and validation model
What is the V-model for SDLC?
It is sequential with an associated testing phase with each development phase at the same time. Where one side of the V is design and the other side is testing and the bottom is implementation (coding)
What is the difference between validation and verification?
Validation is whether it matches the users requirements and verification is whether it matches the design and it works as planned
What is the agile model for SDLC?
Quick development cycle with incremental improvements (iterations) with regular testing and lots of iterations as only small and few changes each time
What are the main types of software development testing?
Verification and validation
What are sub-categories of verification testing?
Unit tests (restricted to a block of code), integration testing (modules working together), system testing
What are sub-categories of validation testing?
User acceptance testing (meets specification) and clinical validation testing (does it benefit as expected)
What other types of software development testing are there? (other than verification and validation)
Usability, compatibility, security, compliance, accessibility, and performance and stress testing
What is continuous integration in software development?
A set of tests automatically running at each build
What is test driven development for software?
Developers start by writing a test which verifies that the intended functionality outcome is achieved and then work to make sure the software passes the test
What is behaviour driven development for software?
It focusses on behaviour of an application from the end users perspective. It creates a specification and acceptance criteria first
What organisational requirement documentation is needed for software development?
Software development policy, style guide and training records
What project specific documentation is needed for software development?
Justification document, medical device assessment, risk assessments/ hazard log, software requirements spec, software-specific design documentation, verification/ validation evidence, version tracking, user manual, clinical safety report
What is pseudocode?
Informal language a human could speak for describing how an algorithm or a program will work
What is the name for the specific approach to using pseudocode to streamline the creation of code within routines?
Pseudocodes Programming Process (PPP)
What are some of the rules that should be followed with pseudocode?
Natural language, avoid programming language, write at the level of intent (meaning rather than how it will be implemented), low level with more detail, pseudocode should be comments of code
What should the layout of code be?
Self-documenting (eg appropriate names of variables and procedures), process flow should e clearly identified and written in files that can easily navigated
What is debugging?
The process of identifying the root cause of an error and correcting it
What are the steps of the debugging process?
Error identification (either in testing or using the software), error analysis, and fix and validation
What is a relational database?
A type of database that stores and provides access to data points that are related to one another in the form of tables
What is a database?
An organised collection of data or a type pf data store based on the use of a database management system (DBMS)
What are the two types of traditional data processing systems of databases?
On-Line Transaction Processing (OLTP) and On-Line Analytical Processing (OLAP)
What does ACID stand for (about databases)?
Atomicity, Consistency, Isolation, Durability
If a database transaction is compliant with the properties of ACID, what does it guarantee?
Data validity and integrity despite errors, power failures and other mishaps with transactions
What is a transaction in terms of databases?
A sequence of database operations (single logical operation) that satisfies the ACID properties
When is online transaction processing (OLTP) used?
Transactional processing and real-time updates. Handles a large number of small transactions. ‘Line of business’ applications
What type of database does online transaction processing (OLTP) use?
Relational databases
Is online transaction processing (OLTP) and online analytical processing (OLAP) ACID compliant?
OLTP is but OLAP is not necessarily
What is online analytical processing (OLAP) used for?
Data warehousing. It is used for analysing and extracting insights from large volumes of data
What type of data processing system is typically used for PACS and RIS systems (and other clinical systems)?
OLTP
Are OLAP and OLTP databases normalised on denormalised?
OLTP = normalised
OLAP = de-normalised
What does it mean that OLTP databases are normalised?
Each piece of information is only stored once to minimise redundancy by reducing duplication that takes up storage
What are the benefits of normalised databases and is it good for querying?
Quick to work on and updating all parts at the same time. Not good for querying
The Kimball Star Schema model is what type of database?
OLAP database
What are facts and dimensions in the Kimball Star Schema OLAP model?
Facts = events that have taken place and/or something we can measure and dimensions = information related to facts
What is a Enterprise Bus Matrix? (made by Kimball)
A data warehouse planning tool, where the relationship between facts and dimensions are the matrix rows and columns
What is the Extract, Transform and Load (ETL) process?
The process of combining data from multiple sources (extract), standardising it (transform - maybe deidentifying or reconciling) and putting it into a data warehouse (load)
What sort of document do data warehouses tend to look like?
Excel spreadsheet
What does granularity mean in relation to data warehousing?
How subdivided the information should be recorded. More granular = more detail. Should record in smallest grain possible
What is the structured data type?
Anything standardised (eg numbers, results of calculations, codified text)
What is the unstructured data type?
Not standardised (eg free text, hand written/ dictated document, images, tumour/OAR outlines)
What type of database is suited for structured data types?
Regular data warehouse (OLAP)
What can be done with unstructured data types?
More processing to make it structured to put in a data warehouse or put in NoSQL database
What is the Structured Query Language (SQL)?
A standard programming language designed for accessing, modifying and extracting information from relational databases
What are some database analysis tools?
Straight SQL queries (eg access, excel, matlab), business reporting tools, data exploration tools, ‘big data’ tools and data mining
What is an alternative to data warehousing?
Data virtualisation
What is data virtualisation?
For a query request from a client application, translating the query to a virtual database to pass on to retrieve information from a particular system, without requiring technical details about the data
What is artificial intelligence?
Computers and machines to mimic the problem-solving and decision-making capabilities of the human mind
What is machine learning?
A branch of artificial intelligence that focuses on the use of data and algorithms to imitate the way that humans learn, gradually improving its accuracy
What are applications of AI in medical imaging?
Automating laborious or time-intensive tasks (eg automatic image segmentation, identifying images for further review, auto-contouring), accelerate MRI, patient scheduling
What are general classes of AI models?
Image or data classification, regression (predict output based on input), object detection, generative AI
What is the Turing test?
Measures the maturity of AI by seeing if a computer’s output is distinguishable from that of a human, then it passes the test
What are reverse Turing tests being made for?
To distinguish between AI and humans
What does the feedback loop do after an algorithm performs processing? (assuming it has a feedback loop)
Changes the outputs, whereas without a feedback loop, the model should always produce the same outputs for the same inputs
Why can outputs be degraded when an AI model has a feedback loop?
The bias of the person submitting the inputs
When training an AI model, what is each complete learning cycle called?
An epoch (internal feedback loop)
When training an AI model, what do more epochs do?
Make the model more accurate but its longer to train
What should the training inputs of an AI model be?
A broad range of data
After an AI model has been trained, what type of parameters are saved?
Hyperparameters
What different types of datasets are used for AI models?
Dataset for model development split into a training set, tuning set, and internal validation data set (unseen data) and dataset for model validation, which is an external validation set (unseen data)
What is a confusion matrix as applied to AI models?
It is a matrix with the actual value (positive/negative) on one side and the output predicted value based on the model. Each square is then true/false positive and true/false negative
What is the Receiver Operator Characteristic (ROC) curve and what would be ideal?
A graph of true positive against false positive, where ideally the area would be 1 (ie only true positives)
What does each point on the Receiver Operating Characteristic (ROC) represent?
The true positive vs false positive rate at one decision threshold
What are clinical scientist roles in AI?
User of AI, specifying applications for AI, training models, implementing and testing models, developing QA programme
Why is bias an issue in AI models compared to humans?
Humans are adept at recognising situations not previously encountered and adapting accordingly, whereas models are not
How do we reduce bias in AI models?
Sufficient breadth of training data. Maybe have different models for different groups. Test pre-trained models using data representative of local population. Ability to re-train model using local data
What are some challenges with adopting AI?
Who can access the data, who is responsible for decision making, how to preserve transparency and inform patients accurately (GDPR article 5)
What does GDPR article 22 say about the data subject’s rights in related to AI?
They have the right not to be subject to a decision based solely on automated processing, unless there is explicit consent
Under IRMER, does the operator have to be a person or can it be AI?
Has to be a person
What is a real-time system?
Any information processing system which must respond to externally generated input stimuli within a finite and specified period
In a real-time system, is the failure to respond in time better or worse than a wrong response?
Equally bad
What is an embedded system?
A combination of computer hardware and software designed for a specific function (embedded computer system - can include real-time components like a real-time computer)
What are the levels of criticality in the classification of real-time systems?
Hard = imperative responses occur within deadline
Soft = deadlines are important but will still function if occasionally missed
Firm = soft but no benefit from late delivery of service
What are examples of hard, soft and firm real-time systems?
Hard = flight control system or defibrillator
Soft = data acquisition system
Firm = on demand streaming of a videa
What is the different roles of time in the classification of real-time systems?
Time-aware = system operation references absolute time values (eg starts when it turns on or certain wall clock time)
Reactive = system produces output within deadline as measured from input and references relative time values (eg control systems)
What are the different structures of real-time systems?
Time-triggered (eg computation triggered by set time or periodic activity).
Event-triggered (computation triggered by an external or internal event)
For event-triggered real-time systems, what is the difference between sporadic and aperiodic tasks?
Sporadic tasks have a known minimum inter-arrival time, whereas aperiodic can arrive at any time
Why is guaranteed response times an important feature of real-time systems?
Need to know the worse case response times, as predictability is essenetial
What are some characteristics of a real-time system?
Guaranteed response times, interacts with special purpose hardware, numerical computation, large and complex, extreme reliability and safety
Do typical embedded configurations for real-time systems have an operating system?
No, the programme includes the operating system components
What is the operating system for in real-time systems?
It acts as a translation layer between the user programme and the hardware
Is an operating system (OS) configuration better or worse than an embedded configuration for real-time operation?
Worse, embedded is more simplified for real-time systems
What are some real-time programming languages?
Java is commonly used, C, Ada
What are the key concepts with reliability of a real-time system?
Faults, errors and failures, failure modes, fault prevention and fault tolerance, and redundancy
What is the difference between safety and reliability with systems?
Safety is about avoiding harm and is the probability that conditions that can lead to mishaps do not occur.
Reliability is a measure of how well the system performs to its specification. Linked but different
What is the link between failure, errors and faults of a system?
When a system deviates from its specified behaviour, this is a failure, and these are a result of errors (unexpected problems internal to the system) and their mechanical or algorithmic cause are called faults
What are the different types of faults in a system?
Transient fault, permanent faults, intermittent fault (transient faults that occur from time to time)
What are the two types of real-time system bugs?
Bohrbugs = reproducible and identifiable.
Heisenbugs = only active under rare conditions
Does software deteriorate over time?
No it is either correct or incorrect but faults can remain dormant for long periods
What is a bug?
A design defect in an engineered system that causes an undesired result.
What are two approaches to faults?
Fault prevention (aims to eliminate possibility of faults before it goes operational) and fault tolerance (enables system to function in the presence of faults)
What are the two stages of fault prevention?
Fault avoidance and fault removal
What is failure modes and effects analysis (FMEA)?
A structured method to identify potential failure modes in a system and their causes and effects during the early design stages
What are failure modes?
The ways, or modes, in which something might fail.
What categories of failure modes are there and example of each?
Value domain (eg constraint or value error), timing domain (early, late, omission - fail silent, fail stop) and arbitrary (fail uncontrolled)
How does fault avoidance attempt to limit the introduction of faults during system construction?
Reliable hardware components, refined techniques for interconnection of components, rigorous specification, proven design methodologies (software and hardware)
What are examples of procedures for fault removal (finding and removing the causes of errors)?
Design reviews program verification, code inspections and system testing
Why is system testing never able to be exhaustive and remove all potential faults?
Tests should the presence of faults, not absence. Realistic testing conditions difficult. Accuracy of simulation mode.
What are the levels of fault tolerance?
Full fault tolerance, graceful degradation, fail safe, catastrophic failure (unacceptable)
What is full fault tolerance?
System operates with faults with not significant loss of functionality of performance)
What is gradual degradation? (level of fault tolerance)
Fail soft, system continues to operate in the presence of errors with partial degradation of functionality or performance during recovery or repair
What is fail safe? (level of fault tolerance)
The system maintains its integrity whilst accepting a temporary halt in its operation
What level of fault tolerance do most safety critical systems ideally have and what do many have in practice?
Ideally full fault tolerance but many settle for graceful degradation
What is redundancy as a fault-tolerant technique?
Extra elements in a system to detect and recover from faults that are redundant as they are not required in a perfect system (called protective redundancy)
Why is it difficult to know how much redundancy to include in systems for fault tolerance?
They are restrained by cost and size of the system, and also lead to more complexity, which can make it less reliable
What is exception handling with errors in systems and software development?
An error recovery mechanism that happens when an anomalous event (exception) occurs in a programme. It avoids the system crashing and stops the disruption of the normal operation.
What is the Directory Name Service (DNS)?
Phonebook of the internet, which translates domain names to IP addresses
What is a domain name?
Human readable name thats associated with a physical IP address on the internet
On a domain name, is the left or right hand sections (between full stops) a bigger group that controls the other side?
Right
What does the Internet Assigned Numbers Authority (IANA) do?
Manage root DNS, coordinate allocation of IP addresses, protocol assignments
What does https stand for?
Hypertext transfer protocol secure
What is HTML?
The standard markup language that is used to structure a web page and its content.
What does a web browser do?
Interprets HTML to render web page and calls HTTP methods against web server
What is HTTP (hypertext transfer protocol)?
It is an application layer in the IP suite model (TCP/IP) for data communication on the world wide web and is used to load webpages using hypertext links
What does HTML stand for?
HyperText Markup Language
How is HTML written?
In the form of HTML elements, which include tags written between angled brackets. These tags are usually paired with the content located between a start and end tag
Is HTML traditionally a programming language?
No, it is a markup language
What number HTML is the current version?
5
What tag indicates a document is HTML 5?
<!DOCTYPE html>
What symbol is used at the start of an end tag in HTML?
\
What is scripting?
It is a type of coding that makes websites interactive and automates tasks a human would normally complete
What are the two types of scripting?
Client-side scripting = processed entirely by browser on the client device
Server-side scripting = processed at the server level and resultant HTML passed back to browser
What is the difference between a web browser and web server?
A web browser is a software program used to access the world wide web (internet) and displaying pages, whereas a web server is the software that provides its users with the documents they request via their web browsers
What is connected to a web server?
Database and storage on on side and web browswer on the other
In client-side scripting, the web browser requests a page with embedded client-side script to the web server, what happens next?
Web server delivers requested web page with embedded script. Browser processes script and displays
What are some client-side scripting languages?
JavaScript (can be used for both scripting types), HTML, CSS
What are the advantages of client-side scripting?
Speed, simplicity, versatile, reduced server load
What are the disadvantages of client-side scripting?
Less secure, difficulty in maintaining compatibility as a variety of client browsers
In serve-side scripting, the client requests page with embedded client-side script to the web server, what happens next?
Web server processes script and delivers resulting page
What are some server-side scripting languages?
Javascript, PHP, python
What are the pre-requisites to server-side scripting?
Web server has appropriate scripting engine installed and web page name must have the correct file extension
What are the advantages of server-side scripting?
Better to work with databases, no issues with client browser compatibility, can be run independently of client PC settings, more security for the data
What are the disadvantages of server-side scripting?
Requires scripting software to be installed on the server and can be slower if server is busy
What does XML stand for?
eXtensible Markup Language
What is XML?
A markup language that is used for storing data as structured information and defines a set of rules to describe the content and structure of data in a document
Does XML use tags (like HTML)?
Yes but the author invents these (in HTML, these are pre-defined)
What is data encryption?
A security method that translate data into a code that can only be read by people with access to a secret key or password
What types of data need to be encrypted?
Any sensitive information that could be: Data at rest, data in transit and data in use
Does data encryption prevent interception of data in transit?
No, it denies the message content to the interceptor by making it unreadable
What are the two main types of data encryption?
Symmetric and asymmetric
What is symmetric encryption?
The same key is used for encryption and decryption. The key changes the content in some way
What standard is currently being used as a symmetric encryption algorithm?
Advanced Encryption Standard
What is the disadvantage of symmetric encryption?
Key must be kept secret, which can be difficult if exchanging over the internet or large network. Less secure than asymmetric
What is a key used in cryptography?
A long, random and unpredictable string of letters and numbers used to encrypt or decrypt data
What is asymmetric encryption?
A pair of mathematically linked keys (key pair) is used to encrypt and decrypt the data. One is a public key freely available to anyone and the private key is kept secret
What are the different keys in asymmetric encryption used for?
The public key is used for encryption and the private key is used for decryption
What are the disadvantages of asymmetric encryption?
Slower than symmetric encryption (more processing power). Concern of loss of private key
What is a public key certificate?
An electronic document from the certificate authority to prove the validity of a public key and verifies the identity of its owner
What is meant by a ‘good quality’ medical image?
Appropriate for the clinical application, optimised (image quality vs dose) and not necessarily the highest quality image possible
What is undersampling/aliasing and how can it be avoided?
Not sampling data frequently enough, leading to an inability to resolve small details and artefacts. Solution = use a sampling frequency twice the frequency of the signal
What does the ‘A’ in ACID mean?
Atomicity = each transaction is a single unit that either succeeds or fails - all or nothing process
What does the ‘C’ in ACID mean?
Consistency = only data that follows database rules can be added
What does the ‘I’ in ACID mean?
Isolation = multiple transactions at once don’t affect each other
What does the ‘D’ in ACID mean?
Durability = Stable through system failure (eg power outage), ie once a transaction has been committed to a database, it will remain so
What are the different categories of medical devices? (not classes)
Non-invasive, invasive (inserted into body’s orifices), surgically invasive, active (requires external power source) and implantable
When is software as a medical device classified as class IIa?
When intended to provide info to make decisions for diagnosis or therapeutic purposes and if it is intended to monitor physiological processes (unless vital and lead to patients in danger for both instances = IIb)
What are keys for in relational databases?
They maintain the relationship between the tables and also uniquely identifies the data from a table
What is a primary key in relational databases?
It is a field (column) used to uniquely identify every record in the database
What is a foreign key in relational databases?
A foreign key is a column or columns in a table that references the primary key of another table
How many primary keys are allowed in a relational database table?
Only one
In relational databases, is the primary key in one table a foreign or primary key in another table?
Foreign key
In relational database tables, what is a typical primary key?
An identifier, like a patient ID or a car licence plate
What is a data warehouse?
A type of database that stores highly structured information from various sources, and it contains both current and historical data to analyse large amounts of data
What are data exchange standards?
They define a common format and give shared rules for data exchange
