Developing policies and procedures for a picture archiving and communication system

B Gaytos
DOI: https://doi.org/10.1007/BF03190293
Abstract:Policies and procedures (P&P) constitute the mechanism for planning, standardizing, and documenting the provision of clinical services. Upon approval by hospital management, the P&P is an official statement of hospital rules and regulations. Each P&P establishes organizational responsibility for providing services. P&P are a mechanism for communicating standard operating procedures to hospital and medical staff. P&P serve as a reference document for unusual events, as well as routine procedures. P&P are often reviewed by inspection teams from the Joint Commission on Accreditation of Hospital Organizations (JCAHO) to determine whether the hospital has documented systematic practices. A picture archival and communications system (PACS) provides a new vehicle for providing radiology services. P&P that were designed for conventional film-based imaging are often not appropriate for electronic imaging. Because PACS is new and not yet widespread, good examples of PACS P&P are not yet available. JCAHO has no official requirements for PACS: PACS is viewed only as a means for the hospital to accomplish its work. Successful P&P development is a team effort, drafted by personnel responsible for executing the procedure, assisted by staff proficient in PACS technology, and tested in the field. The P&P should be reviewed and approved by management personnel knowledgeable about hospital and imaging operations. P&P should be written in clear and concise language. Successful P&P development is an ongoing effort. P&P must be periodically reviewed and updated to reflect changes in PACS technology and changes in clinical operations. New P&P must be developed when a deficit is noted. PACS security is a good example of a topic worthy of P&P development, especially in the face of the Health Insurance Portability and Accountability Act (HIPAA) legislation of 1996. What are the provisions for access control? Does the system include a feature for automatic shut-off of the software? Are there "generic" passwords and log-ins shared by a community of users? How are passwords assigned and how frequently are they changed? What security measures are in place to assure passwords are given to the appropriate user? Who grants and denies access? Service calls are another topic for P&P. Who initiates a service call? What is the process for escalating a service call from the operator level to the vendor? What immediate actions are expected by the operator in order to restore PACS services? How are service events documented? Who is responsible for determining when "downtime" procedures should be initiated or suspended? When our hospital's total electrical system had to be shut down for an extended period, we found that a P&P was lacking for a task as mundane as shutting down and restarting our PACS components. What is the sequence for the shutdown? Who is responsible for shutting down and restarting? How long can the devices operate on uninteruptible power supplies (UPS)? What components are on emergency power? Should we expect the components to survive the switchover to generator power? Developing this P&P was worth the effort: it made the PACS more fault-tolerant and served as a reference document 3 years later when expansion of our physical plant required two more power outages.
What problem does this paper attempt to address?